WELCOME TO THE FIRETRUST
CUSTOMER CARE CENTRE

FIRETRUST CUSTOMER CARE CENTRE

MY ACCOUNT

PRODUCT HELP

ASK A SUPPORT QUESTION

TOP FREQUENTLY ASKED QUESTIONS

I've installed MailWasher Server but it does not filter inbound email.

There are some possible reasons for this.

1. Old conduit version not properly uninstalled
If the old conduit version has not been properly uninstalled, it may cause conflicts and prevent mail being delivered through the MWES proxy.

Follow these instructions to remove the conduit version:
• Uninstall conduit Start->Program->Mailwasher Enterprise server->Uninstall conduit.
• Using Task Manager, kill process inetinfo.exe to make MS Exchange release and remove the existing conduit (inetinfo.exe will restart automatically)
• Uninstall MWES from the Control Panel->Add/Remove Programs

2. The MTA has not been moved to port 26
Change the listening SMTP port from 25 to 26 for your MTA

3. No domains defined
You will need to add any domains used at Settings >> Setup >> Domains, to prevent your network appearing as an open relay.

4. Router configured to present an internal IP address

When an external router or connection to the internet does not translate the external address properly, any incoming mail seems to be presented from an internal LAN address.

This will prevent any spam checks from being performed as the incoming mail is deemed to be from an internal source. ie, Services like RBL's and Greylisting won't work because they rely on checking external IP addresses.

Please reconfigure your router so it translates the external IP addresses.

Which mail servers are supported?

MailWasher Server works with all mail servers because it runs as a proxy, meaning that it sits in front of your mail server, filtering the email first.

Eg, for Windows you can use Microsoft Exchange (all versions), IMail, SmarterMail etc. For Linux you can use Sendmail, Postfix, Exim, QMail etc.

What filtering mechanisms does MailWasher Server use?

Message Signatures:
FirstAlert! Global Spam Database. Adding to MWES’s comprehensive, multi-layered approach, MWES uses the FirstAlert! global spam database – a 24/7 operation which makes use of a global network of users reporting unsolicited email.

Real-time blackhole list servers:
RBL's can be used to block the origin of known spam by IP address or the URL in the message body.

Greylisting:
Greylisting is an effective tool to stop spam by sending a temporary fail back to the sender of the message. If the sender is sent via a valid MTA, the message is re-sent and MWES will let it through. If the message is not sent from a valid MTA it is not delivered and left in the MWES greylisting quarantine area.

Blacklists and Whitelists:
IT administrators have the ability to set and control blacklists and whitelists, through the MWES online web control panel. Email addresses of legitimate senders added to the white list will automatically bypass the antispam filters.

Custom filters:
Custom filters can be added using text or regular expressions to block unwanted email based on words and other characteristics of an email. Bayesian filters:
Bayesian filters are learning filters, so they learn based on an initial learning phase where the administrator lets emails in to the training screen and marks emails as good and spam. Any other incoming emails after that can be reported as spam, or when rescued will be makred as good.

How do I upgrade my version?

See the instructions for:
Windows Install Instructions
Linux Install Instructions

How can I change settings outside the admin panel?

You can change some options in the 'configure' table of the MWES database (mwes.db) and add some settings to the Windows Registry or Linux /etc/conf file

There's a couple of easy ways to access the database.

1. Get the free http://www.sqliteexpert.com/download.html and navigate to the configure table.

2. Navigate to the installed program directory and locate mwes.db, then navigate to the configure table.

Windows If changed, restart the MailWasher Enterprise Server Service (Go to Start>>Run>>Type 'services.msc' and locate MailWasher Enterprise Server, and restart).

Linux users If changed, restart service/daemon.

Database location
Windows: C:\Program Files\MailWasher Enterprise Server\data
Linux: \opt\mwes

Location of installed files
C:\Program Files\MailWasher Enterprise Server

Location of user interface
C:\Program Files\MailWasher Enterprise Server\site

Location of logs
Windows: C:\Program Files\MailWasher Enterprise Server\logs
Linux: \var\log\mwes

WINDOWS REGISTRY OR LINUX ETC/CONF FILE
(you will need to add these in, but ignore any existing entries related to the settings above as these are now configured from the database)

Windows Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Firetrust Limited\mwes
Linux: \etc (mwes.conf)

Restart MWES service/daemon after changes.

Number of incoming emails handled per second.
Default is 5, but can be changed to a higher number if you have a large number of incoming emails AND you have the computing power to handle it.
max_smtp_channel=5


FirstAlert cache size information.
This is used to cache already checked spam to reduce the number of external checks.
cfs_max_cache_size=20000

RBL cache size information.
This is used to cache already checked spam to reduce the number of external checks.
rbl_max_cache_size=20000

Use working domains to stop open relay
use_check_domains=1
# If set = 1 this stops your MTA appearing as an open relay by checking the list of your working domains.
# If set = 0 will let all email through without checking your working domains. (ie. it will filter everything instead of distinguishing between internal and external email). You'll just need to make sure your MTA is configured to not appear as an open relay.

Ignore MTA Authentication
use_mta_authentication=1
# If set =1 then all emails authenticated by MTA are safe and will not be filtered.
# If set =0 then MTA Authentication is ignored and all emails pass through filters.

Do not check local email
use_is_routable=1
# If set = 1 to not check your local mail going out.
# If set = 0 to check your local mail going out.

Discard empty emails.
Emails without a body are discarded.
discard_empty_emails=1
# If set = 1, emails with empty bodies are discarded
# If set = 0, emails with empty bodies are passed through for filtering

Timeout
client_read_timeout=5000 (this is the default value)

Turn on verbose SMTP logging
Set logging to 'High' in Settings>>Action, then add to registry/mwes.conf
use_raw_client_smtp=1

INSTALLATION

What are the minimum / reccommended specs for a server to run MailWasher Server?

You can get away with a single CPU and 1GB of RAM if your mail server is not too busy, but mail servers like MS Exchange require a lot of resources so increasing the CPU count to 2 or more with 4GB of RAM is desirable. Enabling SPF increases the work load (if using an external DNS server) so an additional CPU is desirable.

Ultimately a recommended system is a quad core CPU with 4GB Ram.

If your mail server is under a heavy load, MWES will throttle the connection.

MWES is set by default to handle 5 emails per second and this suits most scenarios, especially where more and more virtual environments are used where cpu's are being shared and clock cycles time sliced. If you have a dedicated server and a high work load, this parameter (max_smtp_channel=5) can be changed to a higher value in the Windows registry or Linux conf file. See here: Change settings outside the admin panel
If you do occasionally receive more than 5 emails per second, then MWES will throttle the connection until the backlog is cleared, so those extra emails may be delayed by a few seconds.

Is there an installation guide I can follow?

Yes, just follow the guides at:

Windows Installation Instructions
Linux installation Instructions

What settings do I use for Proxy Hostname, MTA Hostname, Web Hostname?

Most of the time you can leave these settings blank, and they will bind to all interfaces. Proxy Hostname: This is your primary Machine IP and the one which is currently being used by your MTA on port 25 MTA Hostname: Localhost (Make sure your MTA is bound to localhost on port 25 before MWES is restarted). Web Hostname: Where you will access the web gui.

Do I have to enter all my domains in the domain list?

Yes, domains not in the list will be ignored so you don't act as an open relay. Email to those any domain not listed will be sent a 'Please try again later' message to the originating server.

Windows and Ports

Regarding ports, I haven't specifically closed 4044, 4051, or 4088. Would I still need to explicitly open them or will the System Check determine that for me? Yes, windows by default blocks all unknown ports.

My users can't send send email out after installing MailWasher Server

MWES only deals with incoming email, so your users will have to change their settings to authenticate when sending email via port 25 or 587.

Alternatively, if they are inside the network, or on a common subnet, add the IP address to the trusted IP's in MWES>>Settings>>Bypass>>Trusted IPs

I've installed MailWasher Server, but it does not filter inbound email

There are some possible reasons for this.

1. Old conduit version not properly uninstalled
If the old conduit version has not been properly uninstalled, it may cause conflicts and prevent mail being delivered through the MWES proxy.

Follow these instructions to remove the conduit version:
• Uninstall conduit Start->Program->Mailwasher Enterprise server->Uninstall conduit.
• Using Task Manager, kill process inetinfo.exe to make MS Exchange release and remove the existing conduit (inetinfo.exe will restart automatically)
• Uninstall MWES from the Control Panel->Add/Remove Programs

2. The MTA has not been moved to port 26
Change the listening SMTP port from 25 to 26 for your MTA

3. No domains defined
You will need to add any domains used at Settings >> Setup >> Domains, to prevent your network appearing as an open relay.

4. Router configured to present an internal IP address

When an external router or connection to the internet does not translate the external address properly, any incoming mail seems to be presented from an internal LAN address.

This will prevent any spam checks from being performed as the incoming mail is deemed to be from an internal source. ie, Services like RBL's and Greylisting won't work because they rely on checking external IP addresses.

Please reconfigure your router so it translates the external IP addresses.

Error: Cannot connect to CFS

This is telling you that there is a connectivity issue, and MWES cannot talk to the FirstAlert! ( aka Content Filtration System or CFS ). As well as it being exactly what it says, and there are problems with routing somewhere, this could be caused by DNS or firewalling issues. We use port 4051 to talk between MWES and the FirstAlert gateways. A quick test is as follows:

The command

telnet native.first-alert.net 4051

should result in the following response ( IP address may vary depending on which gateway you connect to )

Trying 209.213.221.138...
Connected to native.first-alert.net.
Escape character is '^]'.
200 CFS service ready

In one step, this has proved that DNS is working, and there's no firewalling in the way. Depress Ctrl-] do return to the telnet> prompt, then quit to exit.

OVERVIEW

Which mail servers are supported?

MailWasher Server works with all mail servers because it runs as a proxy, meaning that it sits in front of your mail server, filtering the email first.

Eg, for Windows you can use Microsoft Exchange (all versions), IMail, SmarterMail etc. For Linux you can use Sendmail, Postfix, Exim, QMail etc.

How does MailWasher Server work?

MailWasher Server sits in front of an existing mail server to process all incoming messages before entering the user’s mailbox.

Using a multi-layered approach to identify spam. MailWasher Server provides a combination of algorithm, connection filtering and content filtering to provide a robust approach to solving an organization’s spam problem. This approach substantially reduces the number of unwanted emails which are passed on to the email accounts serviced. MailWasher Server filters email before the mail server, thereby reducing the load on the mail server, then scans all incoming email to see whether each email matches a known unwanted email, or if they have the characteristics of an unwanted email.

Combining content identification and sender identification, MailWasher Server blocks a very high proportion of unwanted email while maintaining an extremely low false positive rate.

In addition, MailWasher Server uses a centrally controlled database of known unwanted e-mail messages. If the incoming message matches a known unwanted e-mail message, it is deleted and quarantined. For messages not found in the database, origin checking is performed to see whether the message has come from known spam senders and finally, unknown incoming email is temporarily failed (greylisted) to remove spoofed email.

The MailWasher Server system is a combination of software products and managed services for reducing spam.

The following diagram shows how MailWasher Server is integrated and works.

What filtering mechanisims does MailWasher Server use?

Message Signatures:
FirstAlert! Global Spam Database. Adding to MWES’s comprehensive, multi-layered approach, MWES uses the FirstAlert! global spam database – a 24/7 operation which makes use of a global network of users reporting unsolicited email.

Real-time blackhole list servers:
RBL's can be used to block the origin of known spam by IP address or the URL in the message body.

Greylisting:
Greylisting is an effective tool to stop spam by sending a temporary fail back to the sender of the message. If the sender is sent via a valid MTA, the message is re-sent and MWES will let it through. If the message is not sent from a valid MTA it is not delivered and left in the MWES greylisting quarantine area.

Blacklists and Whitelists:
IT administrators have the ability to set and control blacklists and whitelists, through the MWES online web control panel. Email addresses of legitimate senders added to the white list will automatically bypass the antispam filters.

Custom filters:
Custom filters can be added using text or regular expressions to block unwanted email based on words and other characteristics of an email. Bayesian filters:
Bayesian filters are learning filters, so they learn based on an initial learning phase where the administrator lets emails in to the training screen and marks emails as good and spam. Any other incoming emails after that can be reported as spam, or when rescued will be makred as good.

FILTERING

What filtering mechanisms does MailWasher Server use?

Message Signatures:
FirstAlert! Global Spam Database. Adding to MWES’s comprehensive, multi-layered approach, MWES uses the FirstAlert! global spam database – a 24/7 operation which makes use of a global network of users reporting unsolicited email.

Real-time blackhole list servers:
RBL's can be used to block the origin of known spam by IP address or the URL in the message body.

Greylisting:
Greylisting is an effective tool to stop spam by sending a temporary fail back to the sender of the message. If the sender is sent via a valid MTA, the message is re-sent and MWES will let it through. If the message is not sent from a valid MTA it is not delivered and left in the MWES greylisting quarantine area.

Blacklists and Whitelists:
IT administrators have the ability to set and control blacklists and whitelists, through the MWES online web control panel. Email addresses of legitimate senders added to the white list will automatically bypass the antispam filters.

Custom filters:
Custom filters can be added using text or regular expressions to block unwanted email based on words and other characteristics of an email.

Bayesian Filtering:
Bayesian filters are learning filters, so they learn based on an initial learning phase where the administrator lets emails in to the training screen and marks emails as good and spam. Any other incoming emails after that can be reported as spam, or when rescued will be makred as good.

Can you provide a summary of each filtering mechanism?

The following provides a summary of MWES's filtering features.

Whitelist
The whitelist includes email addresses from which all emails are accepted, regardless of their content. None of MWES's junk mail filters are applied to messages from addresses on the whitelist, therefore care must be taken when adding addresses. It is possible to avoid false negatives by ensuring that you do not add entire domain names to your whitelist, for example, *@aol.com.

Blacklist
MWES filters all messages from addresses that appear on the Address blacklist. All users are affected by the Address blacklist, therefore it is recommended that entire domains are not added to the blacklist as this prevents all end users from receiving possible legitimate messages from any address at that domain.

IP-based RBLs
Real-time blackhole lists (RBLs) are used to list the servers and domains of organisations that have been identified as senders of junk emails. IP-based RBLs (ip4r RBLs) are lists of IP addresses of servers that have been identified as sending or relaying junk mail. Firetrust recommends that you carefully investigate each RBL service for accuracy, before you begin using them. Inaccurate RBLs can result in a high false positive rate.

URI-based RBLs
A URI RBL is an RBL that lists the domain names and IP addresses which are found in the "clickable" links contained in the body of spams, but generally not found inside legitimate messages.

FirstAlert!
FirstAlert! is a database of reported and known junk mail messages that is used to eliminate future circulation of junk mail. FirstAlert! provides real-time spam signature updates.

Greylisting
Greylisting is an effective tool to stop spam by sending a temporary fail back to the sender of the message. If the sender is sent via a valid MTA, the message is re-sent and MWES will let it through. If the message is not sent from a valid MTA it is not delivered and left in the MWES greylisting quarantine area.

NOTE: Valid messages can be delayed by up to 15 minutes using this method since the sending MTA has to re-send the message. You can always check the quarantine>>greylisting area to see which messages are due to be resent, and thus rescue them in which case they will be added to the whitelist. See below, the three light grey messages at the top are within the 15 minute time period to be re-sent. One an email sender has been let through, they are let through instantly next time they send something.

Custom filters
Custom filters can be added using text or regular expressions to block unwanted email based on words and other characteristics of an email.

Bayesian Filtering
Learns from good and spam email based on the administrator initially training it, becomes very accurate after a short while.

In what order are messages filtered?

Email is filtered in the following order.

White filters section
---------------------
Trusted IP
Authenticated
Rout-able
White Listed (email address)
(Optional) Custom white filter (default sits in-front grey listing)
Black Filters section
---------------------
First Alert (cache)
First Alert (internet)
RBL's (cache)
RBL's (internet)
Custom black filter
Black listed (email address)
Black listed (IP)
Grey listing section
--------------------
Custom white filter
White Listed (IP)
White Listed friend (email address)
Grey listing process

Bayesian Filtering

How can we filter incoming and outgoing mail?

You'll need to add the configuration entry use_is_routable=0

Windows
Go to the Windows Registry: "HKEY_LOCAL_MACHINE\SOFTWARE\Firetrust Limited\mwes"

After you have added use_is_routable=0, restart the MailWasher Enterprise Server Service (Go to Start>>Run>>Type 'services.msc' and locate MailWasher Enterprise Server, and restart).

Linux
Add use_is_routable=0 in the mwes.conf file

At: /etc/mwes.conf

When changed, restart service/daemon.

IP Blacklist range

For the IP Blacklist, can you enter IP Ranges or must you enter individual IP addresses?

Yes, eg 94.168.102.63/16

Why can't I add my own email address to the whitelist?

In the beginning we had a lot of people add their own email address to the whitelist, but this had the unintended result of letting a lot of spam through which was faked to use the recipients own email address.

We blocked this as a result, but you can still add the first part of the email address before the @ in to the whitelist. You just can't add the domain.

WEB INTERFACE

How can I access the admin panel from outside the office?

The control panel is accessed by navigating to your machines domain/IP, on port 4044 – similarly to when accessesing the panel locally.

Example: if the mail server has an external address of: mail.company.com, then you would navigate to: http://mail.company.com:4044.

You can also use IP addresses: ie: http://123.456.789.123:4044 (obviously you would use the real IP address)

The only caveat is that any firewall in place must allow TCP access through port 4044 to the mail server.

How do I retrieve my admin username and password?

The default username/password is admin/password, so try this first.

The username and password is stored in an SQL Lite database. There's a couple of easy ways to retrieve them from the database.

1. Get the free http://www.sqliteexpert.com/download.html and navigate to the configure table.

2. Install the Firefox SQL lite browser: https://addons.mozilla.org/en-US/firefox/addon/5817

Navigate to the installed program directory and locate mwes.db (you might need to 'Show all Files' when browsing), then navigate to the configure table >> name, and locate the username and password fields.

How many days are message kept in quarantine?

7 days at present. These can be changed in Settings >> General

How can I setup https for the user interface?

HTTPS for login is also an option by adding these to the Windows Registry/Linx conf file:

Parameters:
certificate_file = location of the .pem file
private_key_file = location of the .key file

Windows: Open the Windows Registry and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Firetrust Limited\mwes and right click, select New>>String Value, and add the parameters above.

Linux: in \etc open the mwes.conf and at the end of the file add the parameters above.

Restart the MailWasher Enterprise Server Service to implement this change.

NOTE: Webhost name can't be blank as it has to bind to an IP address or domain

MISCELLANEOUS

Can I install MailWasher Server in an Exchange Cluster?

MWES is fully compatible with an Exchange 2007/2010 cluster (Front end with Mail stores behind)

There are a couple of caveats however:

• Version 2.80 of MWES or later needs to be installed (it has specifics to handle Exchange clustering)
• SMTP Replay needs to be switched off (registry key 'use_replay' with a value of 0, or create this key if it doesn't exist) - Microsoft use an extended proprietary SMTP command set between the FE and MS servers which is not handled by Replay.
• MWES needs to be installed on the Front end server, and communicate to the front end exchange server - not with the Mail stores.
• All domains accepted by the front end server need to be added into the MWES Domains list (otherwise they will be immediately rejected)

What is the url for accessing the quarantine or admin tool?

The login screen is located at http://[company.site]:4044

How can I change settings outside the admin panel?

You can change some options in the 'configure' table of the MWES database (mwes.db) and add some settings to the Windows Registry or Linux /etc/conf file

There's a couple of easy ways to access the database.

1. Get the free http://www.sqliteexpert.com/download.html and navigate to the configure table.

2. Navigate to the installed program directory and locate mwes.db, then navigate to the configure table.

Windows If changed, restart the MailWasher Enterprise Server Service (Go to Start>>Run>>Type 'services.msc' and locate MailWasher Enterprise Server, and restart).

Linux users If changed, restart service/daemon.

Database location
Windows: C:\Program Files\MailWasher Enterprise Server\data
Linux: \opt\mwes

Location of installed files
C:\Program Files\MailWasher Enterprise Server

Location of user interface
C:\Program Files\MailWasher Enterprise Server\site

Location of logs
Windows: C:\Program Files\MailWasher Enterprise Server\logs

Linux: \var\log\mwes

WINDOWS REGISTRY OR LINUX ETC/CONF FILE
(you will need to add these in, but ignore any existing entries related to the settings above as these are now configured from the database)

Windows Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Firetrust Limited\mwes
Linux: \etc (mwes.conf)

Restart MWES service/daemon after changes.

FirstAlert cache size information.
This is used to cache already checked spam to reduce the number of external checks.
cfs_max_cache_size=20000

RBL cache size information.
This is used to cache already checked spam to reduce the number of external checks.
rbl_max_cache_size=20000

Use working domains to stop open relay
use_check_domains=1
# If set = 1 this stops your MTA appearing as an open relay by checking the list of your working domains.
# If set = 0 will let all email through without checking your working domains. (ie. it will filter everything instead of distinguishing between internal and external email). You'll just need to make sure your MTA is configured to not appear as an open relay.

Ignore MTA Authentication
use_mta_authentication=1
# If set =1 then all emails authenticated by MTA are safe and will not be filtered.
# If set =0 then MTA Authentication is ignored and all emails pass through filters.

Do not check local email
use_is_routable=1
# If set = 1 to not check your local mail going out.
# If set = 0 to check your local mail going out.

Discard empty emails.
Emails without a body are discarded.
discard_empty_emails=1
# If set = 1, emails with empty bodies are discarded
# If set = 0, emails with empty bodies are passed through for filtering

Timeout
client_read_timeout=5000 (this is the default value)

Turn on verbose SMTP logging
Set logging to 'High' in Settings>>Action, then add to registry/mwes.conf
use_raw_client_smtp=1

Is it possible to configure MailWasher Server with multiple NICs?

MWES doesn't bind to a NIC per se, it binds to an ip address.

The difference is that a NIC can have multiple addresses, but MWES can only listen on one per service.

The address that MWES binds/listens on is set in the configuration.

How can I setup the receive daily/hourly digests of blocked spam?

Please see Program Help >> Daily digests

Accepting mail on 2 different IP's on the same server

MWES can be configured to listen on ALL interfaces, or a single interface.

It can't be configured to listen a selection of the IP's on a server .. i.e.: server has 5 IP's, but bind MWES only to 2.

If you leave the ProxyHostname IP address empty, it'll bind to 0.0.0.0

What location are the MailWasher Server files installed to?

Database: (mwes.db)
Windows: C:\Program Files\MailWasher Enterprise Server\data
Linux: \opt\mwes

Logs:
Windows: C:\Program Files\MailWasher Enterprise Server\logs
Linux: \var\log\mwes

Configuration file: (mwes.conf)
Linux: \etc

TROUBLESHOOTING

I've installed MailWasher Server but it does not filter the inbound email

There are some possible reasons for this.

First, perform a couple of quick tests.

Perform these ON the machine MWES is installed on:
1) telnet to the MWES proxy port: telnet [external IP address] [port] - should result in a HELO string with (MP) on the end.
2) telnet to the MTA port: telnet [IP address] [port] - should result in the above, minus the (MP)

Perform the same test from a PC outside the network.

Make sure all firewalls have allowances for MWES. - this is rather important, as windows auto provisions firewall rules, and removes them when you disable a MTA service such as Exchange.

1. The MTA has not been moved to port 26
Change the listening SMTP port from 25 to 26 for your MTA

2. Old conduit version not properly uninstalled.
If the old conduit version has not been properly uninstalled, it may cause conflicts and prevent mail being delivered through the MWES proxy.

Follow these instructions to remove the conduit version.

Uninstall conduit Start->Program->Mailwasher Enterprise server->Uninstall conduit.

Using Task Manager, kill process inetinfo.exe to make MS Exchange release and remove the existing conduit (inetinfo.exe will restart automatically).

Uninstall MWES from the Control Panel->Add/Remove Programs

Error: Cannot connect to CFS

This is telling you that there is a connectivity issue, and MWES cannot talk to the FirstAlert! ( aka Content Filtration System or CFS ). As well as it being exactly what it says, and there are problems with routing somewhere, this could be caused by DNS or firewalling issues. We use port 4051 to talk between MWES and the FirstAlert gateways. A quick test is as follows:

The command

telnet native.first-alert.net 4051

should result in the following response ( IP address may vary depending on which gateway you connect to )

Trying 209.213.221.138...
Connected to native.first-alert.net.
Escape character is '^]'.
200 CFS service ready

In one step, this has proved that DNS is working, and there's no firewalling in the way. Depress Ctrl-] do return to the telnet> prompt, then quit to exit.

I can't rescue email

There's two options to fix this.

1. Go to Exchange System Manager and locate SMTP properties.
You will likely have an IP address specified. If you change this to 'All Unassigned' then rescue will work. Stop and start the service (wait a minute for it to work). If you want to keep the IP address specified then go to option 2.

2. Make sure you're using version 2.68 or later and go to the Windows Registry setting (Start>>Run>>regedit) - "HKEY_LOCAL_MACHINE\SOFTWARE\Firetrust Limited\mwes"

Locate the key 'mta_hostname' and enter the IP address you're using above.

Restart MailWasher Enterprise Server in the services (go to Start>>Run>> type 'services.msc' and locate MailWasher Enterprise Server)

Why do messages in the tracker not appear in the quarantine screen?

The reason for this is that MWES doesn't store duplicates of quarantined messages, because there’s no point in storing the same spam email (this is only specific to emails blocked by FirstAlert), but you will still see them in the tracking screen.

The quarantine only holds email for 7 days, but it’s actually cached in the background as a signature (until it reaches 20,000 emails in the cache, then the oldest blocked emails get dropped off).

You can change these parameters if you wish as below.

Windows users can add/change these options in the registry
Windows Registry: "HKEY_LOCAL_MACHINE\SOFTWARE\Firetrust Limited\mwes" or HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Firetrust Limited\mwes (64 bit OS) If changed, restart the MailWasher Enterprise Server Service (Go to Start>>Run>>Type 'services.msc' and locate MailWasher Enterprise Server, and restart).

Linux users can add/change these options in the mwes.conf file Linux: /etc/mwes.conf If changed, restart service/daemon. ------------------------------------ FirstAlert Cache: cfs_max_cache_size=20000 RBL cache rbl_max_cache_size=20000 Quarantine days: (You’ll need to add these in) housekeeping_quarantine=7 housekeeping_gray_listing=7 housekeeping_gray_listing_friends=35 housekeeping_track=7

Email addresses in the blacklist are not being blocked

MWES uses the email address which it receives via the SMTP conversation, which is not necessarily the same as the one in the header (since it can be forged). If you look at the header of an email which has passed in via MWES, it will have a header item X-MWES which shows the correct email address used for the whitelist/blacklist etc

Linux: error while loading shared libraries: libgcc_s.so1: cannot open shared object file: No such file or directory

This means your're running Debian 6 - 64bit, with the 32bit version of MWES and don't have the 32bit additional libs installed.

Either download the 64bit version of MWES and install that ... or run these commands as root:
apt-get install libstdc++5 lib32gcc1
apt-get install lib32stdc++6 lib32gcc1
apt-get install lib32ncurses5 lib32gcc1
apt-get install libsdl1.2-dev lib32gcc1
apt-get install ia32-libs lib32gcc1

These will install the 32bit libs

Where can I look at the logs?

MWS creates logs, by default at a low logging level. To change these logs to 'High' and get more information from the logs about the running processes of MWS.

In Settings >> Action, change the Log Level = High, then restart the service/daemon.

The logs are located in
Windows - C:\Program Files\MailWasher Enterprise Server\Logs
Linux - \var\log\mwes

When I telnet to my server with MailWasher Server installed, it times out

MailWasher Server will drop the connection after 5 seconds so as to reduce held connections tying up resources

In the logs I see - max sockets reached, throttling

A likely scenario is that the server the MTA is running on is under powered or being flooded with email, so the MTA is not responding in a timely manner, creating a backlog of work for MailWasher Server.

UPGRADING

UNINSTALLING