Mail Gateway quarantine

This document is about the Web Administration section Quarantine; a sub-section of Mail Gateway. The quarantine is used to temporary store suspect messages on the appliance, instead of sending them to the recipient. Halon Security however recommends that you to reject messages that are detected as spam or viruses instead of placing them in a quarantine, but we offer the quarantine as a complement.

Contents 1 Getting started with the quarantine 1.1 Adding additional administrators 2 Settings (Quarantine-global preferences) 2.1 Clustering 2.2 Authentication using LDAP 2.2.1 Microsoft Exchange 3 Branding (Personalizing) 4 Quarantines (Folders) 4.1 Administrators 4.2 Folder visibility 4.3 Retention policies

Getting started with the quarantine

These steps are required to get a functional quarantine, using the default configuration as starting-point.

1. Sign into the Web Administration
2. Add a Web Interface of type "Quarantine":
   1. Go to the Administration section, and select the Interfaces tab
   2. Press the + button on the Web Interfaces table
   3. Choose a port that is not occupied, for example 8080 (you can use port 80, if you change the Web Administration to use another port, or if you have additional IP addresses on the appliance)
   4. Set Type to "Quarantine"
   5. Press Save as New
3. Add a quarantine Branding
   1. Go to the Quarantine section, and select the Branding tab
   2. Press the + button on the table
   3. Type an URL; it will be used in links in automatically sent e-mail messages, and to choose the correct branding when users visit the quarantine using different hostnames (so-called virtual host domains). If you choose 8080 as port in step 3-3, you should use type an URL like http://antispam.example.com:8080.
   4. Press Save as New
4. Add a Quarantine
   1. Select the Quarantines tab
   2. Press the + button on the table
   3. Type a Name, such as "Maybe spam"
   4. Press Save as New
5. Use the quarantine in a mail content flow
   1. Go to the Mail Gateway's sub-section Content Flows
   2. Choose a mail content flows that is being used
   3. Change you mail content flow to use the Quarantine() function (or Quarantine Mail block) somewhere
   4. Press Save
6. Try the quarantine
   1. Go to your quarantine (for example http://antispam.example.org:8080) and sign in using your Web Administration account

Messages that are placed in the quarantine by the mail content flow will appear there, since Web Administration users can see, and handle, the whole quarantine. The quarantine you just created has automatic account creation. That is; when a message is placed in quarantine, an account is opened for the recipient of the message. The username and a random password for the account is sent to the recipient, which can then access the quarantine.

You have now created a very basic mail quarantine. Please read on, to discover all the advanced possibilities beyond what you have seen.

The quarantine can be configured to sent quarantine reports, containing a list of unread quarantined messages, on a regular basis. If available, the quarantine can be synchronized and authenticated with an LDAP server, for example a Microsoft Active Directory with Exchange extensions. Using LDAP has the advantage of allowing users to sign in using their ordinary usernames and passwords.

Adding additional administrators

Domain and quarantine administrators, with less privileges than the Web Administration users, can be created. These users must append @local to their username when signing on to the quarantine interface. Eg.

Username: admin@local
Password: secretpassword

Settings (Quarantine-global preferences)

This section describes the Settings tab, which contains global settings which affect all quarantines on the entire appliance.

Clustering

In order to achieve higher performance, or better reliability, you might run multiple appliances in parallel. In most aspects, you can allow these appliances to work alone; as separate units. Simply create additional MX-records for your domains, pointing at the other appliances.

Regarding the quarantines, it is however vital to maintain the illusion of one single quarantine. That is where clustering becomes interesting. Irrespective of which of the appliances' quarantine you sign in to, you will see the same messages, maintain the same settings, et cetera.

To cluster two appliances read our Clustering documentation.

Finally, for the sake of consistency, make sure that the quarantines are configured alike. The two quarantines will mirror any activity; visual unity. Please note that the messages are in fact only stored on one of the appliances' quarantine. Should one appliance fail; a message informing the users that some messages are currently unavailable due to maintenance is shown.

Authentication using LDAP

Microsoft Exchange

If your LDAP Environment is based on Microsoft Exchange (and selected as Environment) users will be authenticated using their UPN (User Principal Name) and password. Manageable aliases and addresses are collected from their "proxyAddresses" objects (prefixed smtp:), where the first proxyAddress acts as their account e-mail, and should be unique per-user.

Branding (Personalizing)

This section describes the Branding tab, which provides the tools necessary to customize the quarantine interface and quarantine information and report mail messages.

To completely brand the entire "quarantine experience", follow these steps:

1. Sign into the Web Administration
2. Go to the Mail Gateway Domains section
3. Select one domain that you want to "brand" and press the Advanced Options check-box
4. Choose one of the listed templates from Template (You can also create your own mail templates by reading the mail branding manual)
5. Press Save: the "new quarantine user" and "quarantine report" messages are now branded!
6. Continue by going to the Mail Gateway Quarantine section
7. Go to the Branding tab
8. Select one of the "brandings" (you have created at least one branding in the Getting started section above)
9. The URL field has two uses; first of all it is included as a link in all auto-generated quarantine mail messages, but it is also used for selecting a branding when accessing the quarantine web interface (by matching the domain name or IP address in the user's browser with the URL). Simply put; the appliance uses so-called "Name Virtual Hosts" to select among multiple quarantine "brandings".
10. The Title is shown in the quarantine web interface, as web page title
11. The Language allows you to choose from the included translations (can be overridden by quarantine users)
12. From Advanced Options your can set the default time zone (can be overridden by quarantine users), a logotype (enter the path to a PNG file, relative to the FTP root) and the mail template used when requesting a new password (same templates as in step 4)
13. Press Save: this template will now be used when accessing the quarantine on an URL matching the URL!
14. Go to the Quarantines tab
15. For each quarantine (folder), you can select which "branding" (from the previous step) to use (the branding's URL will be used in quarantine messages)
16. You are done! You have now branded the quarantine mail messages (step 2-5), quarantine web interface (step 7-13), and also chosen which branding a certain quarantine folder belongs to (step 14-15).

Quarantines (Folders)

You should have at least one quarantine, created in the Getting started section above. Having multiple quarantines allows you to:

• Have different quarantine web interface "brandings" for different domains, by creating different Mail Gateway Content Flows, placing the messages in different Quarantines, linked to different Brandings.
• Have multiple quarantine folders visible to the users; such as "Maybe spam", "Viruses", et cetera.
• Having an "archive" quarantine folder, which is managed by an administrator and invisible to users.

Administrators

By specifying an administrator, that user can sign in on the quarantine and view all messages in that quarantine folder.

• By typing just a name, for example "admin", everyone with the e-mail admin@a-domain will become an administrator for that messages to a-domain in that quarantine.
• By typing a full e-mail address, that user (with that e-mail address) becomes the administrator for all messages (irrespective of domain) in that quarantine.

Folder visibility

By un-checking Visible to Users, only the quarantine administrator can see the messages. If un-checking Visible to Users without an administrator specified, only Web Administration users can see the messages.

Retention policies

Since mail cannot, and should not, be stored in the quarantine forever, you want to apply a retention policy. The retention policy lies within the Advanced Options panel, and states when a mail should be deleted from the quarantine or when a user should be deferred (that is; when a user is denied to receive more mail until he has cleaned up his quarantine, or the age parameter has done it for him). The syntax for a policy is

Parameter	Value	Default	Action	Explanation
age	seconds	no default	Delete Message	If a quarantined message is older than "age"
size	bytes	no default	Defer User	If the total size of his quarantine exceeds, defer all new mails
count	number	no default	Defer User	If the total count of messages in his quarantine exceeds, defer all new mails
warnlevel	number	90	Warn User	If the quarantine has reached the number percentage of current resouces, (size or count) warn user to empty quarantine.

All these parameters may be combined, like in the example below;

age=604800,count=1000,size=10485760

It's always recommended to use an "age" parameter in order to let the system clean up the system for you. If a user is deferred and he cleans up his quarantine he will be accepted again within 15 minutes.