USING MAILWASHER ENTERPRISE SERVER

Contents

• Running MWES for the first time
• Setup Wizard
• System Check
• Monitor and System screens
• Action screen
• Adding users
• Quarantine screen
• Greylisting
• Whitelists
• Blacklist, RBL's and custom filters
• Product License
• Admin details
• Trusted IP's

Running MailWasher Enterprise Server for the first time.

By default a 30 day trial period is setup on installation. This can be changed on the license screen. Please note, you do not need to enter any Customer ID and Password for the trial account screen (Settings>>License) during the trial.

Important: When first using MWES, for the first few weeks just let it process email without adding entries to the whitelist and blacklist. It will learn by by you rescuing items from the greylist or any other lists if any emails are blocked.

Setup Wizard

After installation you are taken through a 5 step setup wizard as shown.

First you are asked to change your administrator password. This account will allow you to control the administration privileges. Do not give this out to users

Next, enter all the domains you want to filter email through.

Next, change any of the default settings if needed. Note: If you want to provide a daily emailed digest of blocked email to users, you'll need to enter a domain for the Web Hostname. Users will then be able to retrieve email from http://youcompany.com:4044 for example.

Finally, you are shown the thank you screen. Press Finish to begin the System Check.

Upon completing the wizard you will be taken to the System Check screen to ensure you have setup your system correctly to work with MWES.

System Check

Press the Start system check button and MWES will run through its connectivity tests.

If there is a problem, MWES will notify you and suggest a fix. See Installation Instructions for step by step instructions or contact us at support.

If your setup is correct, MWES will notify you it has 'Passed' all tests.

You can now proceed to learn about the rest of the software below.

Monitor screen

The monitor screen shows statistics of how mail is processed

• Processed: Indicates how many emails have been processed.
• Emails(ok): Emails which have passed through all filters except graylisting.
• FirstAlert: Emails stopped by Firetrust's FirstAlert signature database.
• RBL: Emails stopped by real-time blackhole lists.
• Blacklisted: Emails stopped by the blacklist.
• Custom filter: Emails stopped by custom filters.
• Gray listed: Emails which have been gray listed.
• Empty Email Body: Emails stopped with an empty body.
• Reported: Emails caught by RBL's and greylisted older than 2 hours are uploaded to FirstAlert for analysis.

Tracking screen

The tracking screen lets you trace emails as they go through MWES. This is useful for tracknig emails to see if they have been delivered to the MTA or how they are quarantined if people complain about losing email.

If you move the mouse over any part of the email it will give you more detail about it

Check screen

The system checks screen will determine if MWES has been configured correctly and suggest changes if any.

Configuration screen

The configuration screen lets you change the configuration of how MWES talks to the MTA and on what ports. The Web Hostname is the location where users login to view their quarantined email. If you want to use Digest Reports, the a domain or IP address will need to be used for users to login.

Action screen

You'll need to decide on these user options and spam options.

1. Auto Generate Users: If this is enabled, when an email is first received for a user, MWES will automatically set that user up with a username and password (default: password) so the user will be able to login to view their quarantined spam.
2. Quarantine: Sent straight to a quarantine section and managed inside a web browser, or
3. Pass through: Spam headers are marked with 'X-MWES-status: Spam' and delivered to end-users to be filtered in their email client.
4. Reverse Lookup If the sending server is setup correctly, it will bypass greylisting and be sent to the users inbox. All other email will be sent to greylisting if selected. This is useful where greylisting causes too many false positives or unacceptable delays in delivery of email, although you may receive slightly more spam due from legitimate servers being compromised.
5. Greylisting is another option and stops a lot of spam. Greylisting works by temporarily failing an email and once the sending MTA re-sends the email, it is let through. Since much spam is forged and sent via compromised computers, it is not re-sent and thus does not get past the grey listing filter. See the greylisting section for more information.
6. Digest Report Sends a formatted email to users on a periodic basis showing them email which has been blocked by MWES. It allows a user to rescue the email by clicking a link 'rescue' from within the digest. It is recommended to select greylisting as it is the most common reason a legitimate email would be blocked due to non standard MTA's being used around the world and it also limits the amount of information the end user has to look at.
7. Clear all cache Clears out memory cache
8. Clear all greylisted friends Clears out the list of greylisted email addresses. Useful if users have increasingly being letting through spam email.
9. Auto crash report Sends a log to Firetrust if MWES crashes so this can be investigated

Quarantine and greylisting options are enabled by default.

Adding Users

Adding users allows end-users access to the quarantine and greylisting screens via a web browser so they can view their blocked email and if necessary, rescue the blocked email so it is delivered to their inbox.

You'll need to decide if you want to enable:

1. Global quarantine access: All users are given the same login to the quarantine area to search for their blocked email. Only the from: and subject: are visible and any rescued email is sent to the original recipient.
2. Individual quarantine access: Each user has their own unique login to the quarantine area and they can only search for their own blocked email and any aliases which have been setup for them. Any rescued email is sent back to their inbox.

Setup a global user login

If a user account is created with a username and password, but with no email address, that account becomes a global quarantine account and all users will use that same quarantine screen to search for their blocked email.

One global user is setup (no email addresses are entered)

Anyone can search for their email from the same quarantine screen

Setup an individual user login

Individual user logins are created by creating a username and password, along with adding the users email address and any other aliases they use. When a user logs in to the quarantine area they will only be able to search for blocked email addressed to themselves.

User setup with aliases

Individual User Quarantine Account Login - User can view their quarantined email

Users can move their mouse over the subject line to view the body (first 200 characters by default, can be changed)

Quarantine screen

After login, you'll be taken to the Quarantine screen where you can search for emails and if necessary, rescue them. All rescued emails are sent to the original recipient.

This quarantine screen is available to the end-users via login to a web browser so they can search for blocked email using a number of search criteria:

• The From: field
• The To: field
• The Subject
• The date

By default, when a user logs in they will see the last 50 emails which have been blocked. They can either change the number of emails to view on one page, or move through the pages by clicking the 'Previous' or 'Next' links.

You can move the mouse over the subject line to view the body (first 200 characters by default, can be changed)

If a user finds an email which they want to rescue, they click the 'rescue' link and that email is delivered to their inbox. If the mouse hovers over the link, it will show who the rescued email will be sent to.

The from: email address is automatically added to the friendlist so it is not blocked in the future. The rescued email is shown in green in the quarantine screen for easy reference.

Greylisting

Greylisting is an effective tool to stop spam by sending a temporary fail back to the sender of the message. If the sender is sent via a valid MTA, the message is re-sent and MWES will let it through. If the message is not sent from a valid MTA it is not delivered and left in the MWES greylisting quarantine area.

Greylisting is enabled by default in Settings>>Action

NOTE: Valid messages can be delayed by up to 15 minutes using this method since the sending MTA has to re-send the message. You can always check the quarantine>>greylisting area to see which messages are due to be resent, and thus rescue them in which case they will be added to the whitelist. See below, the three light grey messages at the top are within the 15 minute time period to be re-sent. Once an email sender has been let through, they are let through instantly next time they send something.

NOTE: If you enable SPF lite, then most email is let through instantly and never makes it to greylisting. Some users may prefer this but slightly more spam may slip through.

Users can move their mouse over the subject line to view the body (first 200 characters by default, can be changed)

Whitelists

You can setup a whitelist which will allow any email address on the whitelist to bypass all the spam filters.

Note: You don't need to add your email address or domain to the whitelist, as MWES will detect that you're working from a local LAN. Spammers frequently use your own email address to bypass filters, so leave your email addresses off the whitelist.

Note:You can also use wildcards like '@company.com' in the whitelist.

The IP Whitelist is automatically populated by the greylisting feature when an email is rescued. In this case the domain and IP address is added so those emails are let through automatically next time. Alternatively you can add your own.

Yuo can setup a custom filter for good email, so for example, email with a certain subject line won't be subjected to the spam filters.

Blacklist, RBL's and custom filters

Blacklist

You can setup a blacklist which will stop any email with that blacklisted email address from passing to end users inboxes.

Note:You can also use wildcards like '@company.com' in the blacklist.

Blacklist

You can add IP addresses to the IP blacklist which will stop any email with that blacklisted IP address from passing to end users inboxes.

Real-time blacklist services (RBL's)

RBL's are used to block known sources of spam. MWES supports both URL and IP based lists and includes an RBL from www.spamhaus.org by default (zen.spamhaus.org).

Custom filters

You can also add custom filters using text or regular expressions to block unwanted email. You'll find some sample filters in the intallation directory called 'CustomSpamFilter.xml' which you can import. (Importing will not create duplicates).

Regular Expression engine from www.regexlab.com

Product License

After the 30 day free trial is finished, if you want to keep MWES you must purchase a user license appropriate for the number of users you have.

Once you have purchased the license you will be sent a 12 digit license key. Enter these details in to the Settings>>Product License screen to continue using MWES.

Admin details

The Admin Details screen is used for the administrator to change their username and password to access the software.

Trusted IP's

A trusted IP allows mail sent from the specified IP to pass through without the need to authenticate - it's often called a 'relay client'.
In Linux installations, no more needs to be done, as MWES will be trusted by the MTA.
In Exchange installations, you may need to adjust the exchange receive connector to trust MWES explicitly.