Sophos Email Appliance User Guide Product Version 4.3 Sophos Limited 2018 ii | Contents | Sophos Email Appliance Contents Chapter 1:About Your Email Appliance..........................................................................9 1.1 Email Appliance Features...............................................................................9 1.2 The Email Appliance User Interface..............................................................11 1.3 Sophos Proactive Monitoring........................................................................12 1.4 Getting Support.............................................................................................12 1.4.1 Hardware Support............................................................................13 Chapter 2:Getting Started............................................................................................14 2.1 Mail Routing..................................................................................................14 2.1.1 Simple Mail Routing.........................................................................14 2.1.2 More Complex Mail Routing.............................................................16 2.2 Policy............................................................................................................18 2.3 Quarantine....................................................................................................19 2.4 Administrator and User Accounts.................................................................20 2.5 Email Appliance Updates..............................................................................21 2.6 Clustering......................................................................................................21 Chapter 3:Email Appliance Hardware..........................................................................23 3.1 Hardware Troubleshooting............................................................................23 3.1.1 Audible Alarms [ES4000/5000/8000 Only].......................................23 3.1.2 Hardware Alerts...............................................................................23 3.2 Replacing an ES5000/8000 Hard Drive........................................................23 3.3 Replacing an ES5000/8000 Power Supply...................................................27 3.4 Replacing an ES4000 Hard Drive.................................................................28 3.5 Replacing an ES4000 Power Supply............................................................31 Chapter 4: Dashboard..................................................................................................35 Chapter 5:Configuration...............................................................................................39 5.1 Accounts.......................................................................................................39 5.1.1 Administrators..................................................................................40 5.1.2 User Groups.....................................................................................41 Sophos Email Appliance | Contents | iii 5.1.3 User Preferences.............................................................................44 5.2 Policy............................................................................................................47 5.2.1 Policy Message Flow........................................................................48 5.2.2 Threat Protection..............................................................................49 5.2.3 Anti-Spam........................................................................................61 5.2.4 Data Control.....................................................................................70 5.2.5 Additional Policy...............................................................................86 5.2.6 Allow/Block Lists..............................................................................97 5.2.7 Filtering Options...............................................................................98 5.2.8 Sandstorm......................................................................................100 5.2.9 Encryption......................................................................................100 5.2.10 SMTP Authentication...................................................................150 5.2.11 SMTP Options..............................................................................151 5.3 System........................................................................................................156 5.3.1 Updates..........................................................................................156 5.3.2 Alerts & Monitoring........................................................................158 5.3.3 Backup...........................................................................................165 5.3.4 Directory Services..........................................................................166 5.3.5 Certificates.....................................................................................175 5.3.6 Clustering.......................................................................................184 5.3.7 Time Zone......................................................................................190 5.3.8 Configuration Sync.........................................................................190 5.4 Routing.......................................................................................................196 5.4.1 Adding/Removing Mail Delivery Servers........................................196 5.4.2 Adding/Removing Mail Domains....................................................197 5.4.3 Internal Mail Hosts.........................................................................198 5.4.4 Setting an Outbound Mail Proxy....................................................199 5.4.5 Adding/Removing Trusted Relays..................................................199 5.4.6 About Address Rewriting...............................................................204 5.5 Network.......................................................................................................207 5.5.1 Configuring Interface Settings........................................................207 5.5.2 Setting a Hostname and Proxy......................................................209 iv | Contents | Sophos Email Appliance 5.5.3 Testing Network Connectivity.........................................................210 Chapter 6: Reports.....................................................................................................212 6.1 Report Categories......................................................................................212 6.2 Creating and Running Reports...................................................................213 6.3 Printing Reports..........................................................................................214 6.4 Exporting Reports.......................................................................................214 6.5 Adding Trusted Relays from a Report.........................................................215 Chapter 7:Search.......................................................................................................216 7.1 Quarantine Search......................................................................................216 7.1.1 Searching the Quarantine..............................................................216 7.1.2 Viewing Quarantine Search Results...............................................217 7.1.3 Managing Quarantined Messages.................................................217 7.2 Logs Search................................................................................................218 7.2.1 Searching the Mail Logs................................................................218 7.2.2 Viewing Logs Search Results.........................................................219 7.2.3 Analyzing Message Logs...............................................................219 7.3 Mail Queues Search...................................................................................220 7.3.1 Searching the Mail Queues............................................................221 7.3.2 Viewing Mail Queues Search Results............................................221 7.3.3 Deleting Queued Messages...........................................................222 7.3.4 Releasing or Rescanning Queued Messages................................222 Chapter 8:System Status...........................................................................................223 8.1 Mail Flow.....................................................................................................223 8.2 Quarantine..................................................................................................224 8.3 Software......................................................................................................225 8.4 Hardware....................................................................................................226 8.5 License.......................................................................................................227 Chapter 9: Using Help................................................................................................228 9.1 Searching the Documentation....................................................................228 Appendix A:Setup and Configuration Guide..............................................................229 A.1 Initial Configuration.....................................................................................229 A.1.1 Activating the Email Appliance......................................................229 Sophos Email Appliance | Contents | v A.1.2 Network Interface...........................................................................230 A.1.3 Hostname and Proxy.....................................................................231 A.1.4 Network Connectivity.....................................................................232 A.1.5 Register and Update......................................................................233 A.1.6 Clustering......................................................................................234 A.1.7 Time Zone......................................................................................234 A.1.8 Mail Delivery Servers.....................................................................235 A.1.9 Incoming Mail Domains.................................................................236 A.1.10 Internal Mail Hosts.......................................................................236 A.1.11 Anti-Virus Settings.......................................................................237 A.1.12 Anti-Spam Settings......................................................................239 A.1.13 Appliance Alerting........................................................................241 A.1.14 Appliance Support Contact..........................................................242 A.1.15 Summary.....................................................................................243 A.2 Post-Installation Configuration/Integration..................................................243 A.2.1 Testing Appliance Mail Flow...........................................................244 A.2.2 Configuring Directory Services......................................................247 A.2.3 Configuring User Preferences.......................................................248 A.2.4 Configuring Internal Mail Hosts/Outbound Mail Proxy...................250 A.2.5 Configuring Trusted Relays............................................................250 Appendix B:Configuring Ports....................................................................................252 Appendix C:Supported Browsers...............................................................................254 Appendix D:Creating a Custom Web Service for SPX...............................................255 Appendix E: Template Variables.................................................................................256 Appendix F:Password Option/Template Variable Mismatches...................................260 Appendix G: Dialog Box Help.....................................................................................261 G.1 Directory Services Groups.........................................................................261 G.2 Add Certificate Authorities.........................................................................261 G.3 Complete CSR...........................................................................................262 G.4 Add User or Modify User............................................................................262 G.5 Add Message Attribute...............................................................................263 G.6 Advanced System Updates........................................................................264 vi | Contents | Sophos Email Appliance G.7 Alias Map Editor.........................................................................................265 G.8 Alert Contacts............................................................................................266 G.9 Appliance Support Contact........................................................................266 G.10 Additional Message Actions.....................................................................267 G.11 Additional Policy Example........................................................................269 G.12 Advanced Backup Schedule....................................................................269 G.13 Calendar..................................................................................................270 G.14 Certificate Details.....................................................................................270 G.15 Upload Certificate....................................................................................271 G.16 Edit notification email...............................................................................271 G.17 Edit SPX Recipient Instructions...............................................................272 G.18 Email Password List.................................................................................273 G.19 Configure End User Web Quarantine Ports.............................................273 G.20 Forward....................................................................................................273 G.21 Group Editor.............................................................................................274 G.22 Global Function History............................................................................274 G.23 Upload a Header/Footer Image for the SPX Portal..................................275 G.24 Additional Network Routes.......................................................................275 G.25 List Editor.................................................................................................276 G.26 List Selector.............................................................................................277 G.27 Upload......................................................................................................277 G.28 Message Details......................................................................................278 G.29 Modify User..............................................................................................278 G.30 Rule Caution Indication............................................................................279 G.31 Notify........................................................................................................279 G.32 Paste List.................................................................................................280 G.33 Upload a PDF Cover Page.......................................................................280 G.34 Postmaster Address.................................................................................280 G.35 CCL Configuration....................................................................................280 G.36 Setting Expiry Times and Passwords.......................................................281 G.37 Configuring the SPX Portal......................................................................282 G.38 System Alerts...........................................................................................282 Sophos Email Appliance | Contents | vii G.39 Trusted Certificate Authorities..................................................................283 G.40 Verify Settings..........................................................................................283 Appendix H: Glossary.................................................................................................285 H.1 Active Directory..........................................................................................285 H.2 allow list......................................................................................................285 H.3 block list......................................................................................................285 H.4 bulk mail.....................................................................................................285 H.5 Cluster........................................................................................................285 H.6 Content Control List (CCL).........................................................................286 H.7 denial of service (DOS) attack...................................................................286 H.8 DHCP.........................................................................................................286 H.9 disk mirroring..............................................................................................287 H.10 DNS A Records........................................................................................287 H.11 DNS MX Records.....................................................................................287 H.12 domain controller......................................................................................287 H.13 End User Web Quarantine.......................................................................287 H.14 gateway....................................................................................................287 H.15 groups......................................................................................................287 H.16 hub...........................................................................................................288 H.17 internal hosts............................................................................................288 H.18 latency......................................................................................................288 H.19 malware....................................................................................................288 H.20 MTA..........................................................................................................288 H.21 network mask...........................................................................................288 H.22 phishing....................................................................................................289 H.23 policy........................................................................................................289 H.24 proxy.........................................................................................................289 H.25 quarantine................................................................................................290 H.26 RAID.........................................................................................................290 H.27 RAID controller.........................................................................................290 H.28 relay..........................................................................................................290 H.29 SCP..........................................................................................................290 viii | Contents | Sophos Email Appliance H.30 SMTP.......................................................................................................291 H.31 Sender Genotype.....................................................................................291 H.32 SNMP.......................................................................................................291 H.33 SophosLabs.............................................................................................291 H.34 spam........................................................................................................291 H.35 spam score...............................................................................................292 H.36 spambot...................................................................................................292 H.37 SPX..........................................................................................................292 H.38 spyware....................................................................................................292 H.39 SSH..........................................................................................................292 H.40 Syslog Monitoring.....................................................................................293 H.41 TLS...........................................................................................................293 H.42 virus..........................................................................................................293 Appendix I:Submit a Spam Sample...........................................................................294 Appendix J:Sophos Outlook Add-in...........................................................................296 J.1 Using the Outlook Add-in............................................................................298 Appendix K:Copyrights and Trademarks....................................................................300 K.1 IBM ICU License........................................................................................301 K.2 SEE License...............................................................................................301 K.3 UNICODE License.....................................................................................303 K.4 NGINX License...........................................................................................304 K.5 ipfilter License............................................................................................305 K.6 Mootools License.......................................................................................306 K.7 SSDB License............................................................................................306 Appendix L: Contact Sophos......................................................................................308 Sophos Email Appliance | About Your Email Appliance | 9 1 About Your Email Appliance The Sophos™Email Appliance offers the best and most reliable gateway protection, while setting a new standard for effective and efficient management.Sophos appliances draw on twenty years of experience in enterprise threat management, delivering world-class threat protection in a compact and easy-to-manage format. The SophosEmail Appliance extends the power and performance of Sophos gateway security software into the appliance form-factor.Sophos appliances provide award-winning integrated threat management and a superior overall customer experience to deliver powerful, effective and reliable gateway solutions for the enterprise. 1.1 Email Appliance Features Enterprise-scale solution for organizations with up to 25,000 users ■ On-Board Quarantine:The email quarantine resides on the same appliance where the mail is filtered, translating into fewer infrastructure requirements, easier message handling, and a lower total cost of ownership. ■ Powerful Message Tracking: A multi-parameter search capability for tracking messages in system logs and quarantine means that it’s easy to find and retrieve messages or trace their routing, with less time spent searching for lost emails. ■ Powerful Dashboard: Offers quick and comprehensive appliance management, monitoring and reporting, making it easy to execute key tasks and run key reports. ■ Built-In Hardware Redundancy:The ES4000, ES5000 and ES8000 come with dual hard drives, power supplies and processors. Administrators can be confident that vital email systems will remain running. Threat Protection ■ Reliable Protection Against Viruses, Spam, Spyware and Other Malware: Single-vendor solution for better performance of all mission-critical functions, and one source for updates and 24/7 support. ■ Powered by SophosLabs™: Proactive protection from an industry-leading worldwide network of threat detection and analysis labs helps keep networks safe and clean 24/7, with reduced costs of disinfection and repair. 10 | About Your Email Appliance | Sophos Email Appliance ■ Optimized Operating System and Mail Transfer Agent:The entire infrastructure is tuned to work seamlessly with the Email Appliance software, providing an integrated, hardened, and reliable system. ■ Preset Policy Choices:The ability to easily choose from several standardized email policy rule sets means that less time is spent on system setup and administration. ■ Sender Genotype service: Employs connection management technology to block email from bad senders. Includes traditional IP reputation filtering as well as proactive connection control, which blocks suspicious hosts. Sender Genotype eliminates up to 85% of inbound spam, substantially increasing message throughput without the need for additional infrastructure investments. ■ Real-Time Remote System Monitoring:Sophos continuously monitors the system health and status of all installed appliances to guarantee that your appliance is always up to date and functioning properly. ■ On-Demand Remote Assistance: A customer-enabled Secure Shell (SSH) connection provides SophosTechnical Support with direct access to individual appliances for specific troubleshooting. ■ Superior Support: Award-winning web-based, email and live telephone support available 24/7/365. Glossary terms quarantine on page 290 spam on page 291 spyware on page 292 malware on page 288 SSH on page 292 virus on page 293 Sender Genotype on page 291
Description: