GFI MailEssentials: Mail Protected
GFI's MailEssentials product is well known to many Exchange administrators, especially in small and medium-sized companies. It protects Exchange servers or another SMTP-based email system from spam and malware. For those who are not familiar with this product, we will try to briefly describe what it is and how it can be useful for your organization.
GFI MailEssentials has been famous for many years for providing the highest accuracy in spam filtering. This is achieved through the use of Bayesian analysis methods and other spam identification technologies. According to estimates, GFI MailEssentials blocks more than 99% of spam and at the same time demonstrates a record low level of false positives, which is achieved through the use of automatically updated white lists, as well as provides recognition and filtering of phishing, which uses a special database of phishing resources and search according to
MailEssentials is quickly installed on an enterprise email server or email gateway and requires almost no additional configuration. Thus, protection against spam and phishing is implemented at the mail gateway level. Consequently, you can refuse the expensive deployment and maintenance of e-mail protection systems on enterprise workstations, you do not need to educate users on the specifics of anti-spam and regularly configure filtering rules, mail junk will not litter the disk subsystem of the e-mail server.
Moreover, GFI MailEssentials flexibly adapts to the features of enterprise email traffic without administrator intervention and offers a number of useful server-level message management features: automatic text insertion into the message body, monitoring and analyzing email system usage, a mailing server, auto answer functions and downloading messages from the provider's multi-user mailbox using the POP3 protocol. For example, the auto answer function along with the usual answer allows you to use custom templates and add an attachment.
')
Bayesian filtering technology and feature analysis
According to research, Bayesian filtering leads in spam recognition accuracy; it provides the highest filtering accuracy — more than 98%. It is far ahead of identification methods based on signatures and keywords. It uses probabilistic assessment methods based on the found characteristic features - words and phrases. GFI MailEssentials calculates the probability that a message is spam, using a complex formula and using sets of attributes.
The product includes numerous spam filtering features.
Setting filtering rules
Configure actions when filtering mail
The product analyzes in detail the service fields of e-mails and identifies forged headers, attempts to hide IP addresses, spam mutations, falsified domains and other signs of spam.
The anti-spam engine is complemented by a custom content filtering engine for keywords and attachment types, including the ability to prohibit unpacking of ZIP files.
A useful tool is SpamTag, a plugin for MS Outlook that allows users to participate in the product configuration by tagging spam filters directly from the Outlook interface. It also creates a button in Outlook for user access to quarantine - no need to remember how to get there. He simply presses a button and sees the letters sent to him blocked letters.
SpamTag Setup
Other advanced anti-spam mechanisms include SpamRazor, which uses email message fingerprints to detect common spam and URI DNS block lists for checking suspicious messages.
GFI MailEssentials can update a set of spam features by referring to the GFI website, which allows you to quickly adapt the system to change the characteristics of spam and successfully resist the new tricks of the masters of mass mailings. GFI specialists continuously improve Bayesian databases in collaboration with leading spam collection and research organizations.
The set of “bad” signs is regularly updated by GFI experts and downloaded by GFI MailEssentials from the Internet. GFI MailEssentials Bayesian filter generates a set of signs of “bad” and “good” messages by analyzing the contents of the corresponding public folders. To improve the accuracy of spam recognition, users can also replenish these folders along with administrators of the system who are granted the necessary access rights.
Protection against selection of email addresses
Sometimes spammers send letters to randomly generated addresses of the enterprise's email domain. GFI MailEssentials verifies recipient addresses against an Active Directory database or LDAP directory, and if the number of invalid addresses exceeds the specified value, it is marked as spam.
The analysis of e-mail messages also provides for verification that the letter received on behalf of an organization was sent from its authorized mail server. This function is performed by the Sender Policy Framework (SPF) module.
White and black lists
Guided by white lists, GFI MailEssentials skips mail from specified senders or mail domains. Since these lists are automatically replenished with the addresses of the recipients of outgoing letters, the level of false positives (false positives) is significantly reduced. White lists can also be generated using domain names, individual email addresses and keywords.
Finally, GFI MailEssentials checks email addresses contained in spam sites (Spam URI Realtime Blocklists, SURBL). The administrator can independently set the SURBL servers and determine the order of their use. Users can also be involved in the process by giving them access to public folders, which are used to set black and white lists in GFI MailEssentials.
GFI MailEssentials also supports third-party blacklists and communities such as ORDB, SpamHaus, and Spamcop. In addition, the administrator can independently specify servers that provide blacklist services.
Setting up lists
Gray lists
Another way to protect against spam is the so-called gray lists. It is especially effective because it assumes that the spammer software does not follow the same rules that apply to a regular email server. The engine tells the mail server that you need to "try again." At the second attempt, the message will be received, and the engine will skip subsequent emails from this sender. In general, this has little effect on email delivery time, but can significantly help protect against spam.
Where to put spam?
GFI MailEssentials offers the flexibility to handle suspicious messages classified as spam. You can set to automatically delete such messages, move to a special shared folder, forward to a specified email address, or transfer to a folder for suspicious messages in the recipient's mailbox to avoid losing emails mistakenly classified as spam. At the same time, actions can be configured individually for each filter.
Finally, GFI MailEssentials creates a special folder called New Senders in the user's mailbox and places messages in it that are not in the spam category, but received from correspondents with whom the user has not previously contacted.
To protect against GFI MailEssentials phishing attacks, email links contain links to web sites using the Phishing URI Realtime Blocklist phishing resources database. In case of coincidence the letter is blocked.
The anti-phishing module in GFI MailEssentials detects and blocks threats not only from a database of phishing URLs that are constantly updated: for additional protection, each email message is checked for consistency with the keywords.
To protect against spyware and viruses, GFI MailEssentials uses a whole arsenal of technologies, including several antivirus engines, as well as other tools designed specifically to protect against attacks through e-mail systems, such as analysis of exploits, Trojans scanner and executable files, and cleaning HTML to remove dangerous content like javascript.
HTML cleanup
Setting antivirus engines
Configuring antivirus email scanning policies
All in all, MailEssentials includes five anti-virus engines - VIPRE, BitDefender, Kaspersky, Avira and McAfee. Each of them is automatically updated. In the standard configuration, GFI MailEssentials comes with VIPRE and BitDefender engines, and you can add others if necessary. For example, optionally, GFI MailEssentials allows you to check mail with the Kaspersky anti-virus engine with a built-in database of adware and spyware signatures of well-known Trojans.
As practice shows, different anti-virus kernels protect against various threats. This is clearly seen in the screenshots of one of the Russian users of the product:
Troyan was caught by Kaspersky and BitDefender engines
Troyan was floodplain engine Kaspersky
Troyan was caught by Kaspersky and BitDefender engines
Vipre caught html exploit
Quarantine is configured quite thinly, you can give access to the individual quarantine for each user. In the case of a distributed installation of the product on the network, the quarantine is synchronized between copies of the product.
Configuring quarantine for malware
Built-in reporting tools allow you to analyze the intensity and nature of the use of corporate e-mail, as well as monitor the effectiveness of the spam filtering system.
GFI MailEssentials Reports
Blocked Mail Summary Statistics
A typical installation of GFI MailEssentials is a Windows Server with an SMTP service and MailEssentials, or an Exchange server with MailEssentials. The latest version of MailEssentials is aimed at medium and large organizations: the deployable configuration can be “clustered” with replication and centralized reporting. This option is suitable for customers with multiple Exchange servers that do not want to use anti-spam cloud services, or this is contrary to corporate policy.
When installed on a Microsoft Exchange server, GFI MailEssentials automatically imports the SMTP service settings. Additional configuration of the mail gateway is not required. Using the SMTP protocol provides support for standard SMTP / POP3 mail servers.
It also integrates with the Exchange server a mailing server with subscription and cancellation functions (as required by anti-spam legislation). It can use Microsoft Access or Microsoft SQL Server as a repository of DBMS information.
The 2015 version focuses on multi-server installations and has new, simple configuration tools that allow you to use general configuration settings, quarantine and centralized reports. The product integrates well with the current version of Exchange.
Although the installation of a product involves more than 20 steps, including preparation, the actual installation and the final stage, this is a very simple process. You just need to make sure that the system requirements are met .
Installing MailEssentials on the Exchange server is actually done in two basic steps. First you need to select several options for integrating the product with Active Directory and Exchange. The User Mode selection determines how many users MailEssentials will recognize. On the Exchange Server, it makes sense to join an Active Directory domain. Next, a website is installed for the MailEssentials control panel. You can select multiple sites for different roles. After this, MailEssentials installs various components. Once the process is complete, MailEssentials provides an opportunity to perform final configuration and integrate the software with the underlying Exchange platform.
For integration, several software agents are installed that intercept messages at the transport level. At the final stage, an account is created for accessing mailboxes.
After installation on the first server, MailEssentials will be available on the Exchange Server at http: // servername / MailEssentials . For login is used Active Directory.
The browser interface is used to work with MailEssentials. Administrators can manage both Exchange and MailEssentials without additional tools.
In the tree menu, you can configure anti-malware, anti-spam, content filtering, use the mail system management tools, set the quarantine folder and select general settings.
In the Multi-Server section, you can set up a “cluster” MailEssentials. One server is defined as primary, the other as subordinate. To the latter, you can add new, additional servers.
You can then configure black and white lists, keywords, and content filtering rules. When installed on multiple servers, GFI MailEssentials automatically synchronizes the configuration data and settings between them, including filtering rules, keywords, and black / white lists. All these settings are replicated between servers. You can also select specific servers for quarantine and reports.
In May 2016, a new version of the product was released - 20.1, in which a number of features were improved and bugs were fixed . Let us list in conclusion the main features of version 20, presented in January 2015.
Today, anti-spam and malware protection products are widely used and are used in organizations of very different profiles and sizes. Among them - Sophos, McAfee, Barracuda and IronPort. Similar features are offered by email systems that are deployed locally or in the cloud. GFI MailEssentials is a worthy alternative to Forefront Protection for Exchange, offering additional functionality. The product has earned a good reputation and received four VBSpam + awards.
MailEssentials is a useful, multi-functional tool for the mail server, complementing it not only with anti-spam and malware protection tools, but also offering a whole range of other functions that are usually implemented by stand-alone products.
As the name “Essentials” suggests, the product includes features that are very important for many organizations and have not yet been implemented by Microsoft in Exchange. And this is the reason for its more than 15-year commercial success.
Download the free fully functional version (demo, 30 days) here:
gfi-software.ru/downloads/gfi-mailessentials
At the time of use, technical support is provided in Russian in accordance with the policy:
gfi-software.ru/support/policy
Post 1 - GFI LanGuard - virtual security consultant >>
Post 2 - GFI Archiver: storage for mail >>
GFI MailEssentials has been famous for many years for providing the highest accuracy in spam filtering. This is achieved through the use of Bayesian analysis methods and other spam identification technologies. According to estimates, GFI MailEssentials blocks more than 99% of spam and at the same time demonstrates a record low level of false positives, which is achieved through the use of automatically updated white lists, as well as provides recognition and filtering of phishing, which uses a special database of phishing resources and search according to
MailEssentials is quickly installed on an enterprise email server or email gateway and requires almost no additional configuration. Thus, protection against spam and phishing is implemented at the mail gateway level. Consequently, you can refuse the expensive deployment and maintenance of e-mail protection systems on enterprise workstations, you do not need to educate users on the specifics of anti-spam and regularly configure filtering rules, mail junk will not litter the disk subsystem of the e-mail server.
Moreover, GFI MailEssentials flexibly adapts to the features of enterprise email traffic without administrator intervention and offers a number of useful server-level message management features: automatic text insertion into the message body, monitoring and analyzing email system usage, a mailing server, auto answer functions and downloading messages from the provider's multi-user mailbox using the POP3 protocol. For example, the auto answer function along with the usual answer allows you to use custom templates and add an attachment.
')
MECHANISMS OF PROTECTION AGAINST SPAM
Bayesian filtering technology and feature analysis
According to research, Bayesian filtering leads in spam recognition accuracy; it provides the highest filtering accuracy — more than 98%. It is far ahead of identification methods based on signatures and keywords. It uses probabilistic assessment methods based on the found characteristic features - words and phrases. GFI MailEssentials calculates the probability that a message is spam, using a complex formula and using sets of attributes.
The product includes numerous spam filtering features.
Setting filtering rules
Configure actions when filtering mail
The product analyzes in detail the service fields of e-mails and identifies forged headers, attempts to hide IP addresses, spam mutations, falsified domains and other signs of spam.
The anti-spam engine is complemented by a custom content filtering engine for keywords and attachment types, including the ability to prohibit unpacking of ZIP files.
A useful tool is SpamTag, a plugin for MS Outlook that allows users to participate in the product configuration by tagging spam filters directly from the Outlook interface. It also creates a button in Outlook for user access to quarantine - no need to remember how to get there. He simply presses a button and sees the letters sent to him blocked letters.
SpamTag Setup
Other advanced anti-spam mechanisms include SpamRazor, which uses email message fingerprints to detect common spam and URI DNS block lists for checking suspicious messages.
GFI MailEssentials can update a set of spam features by referring to the GFI website, which allows you to quickly adapt the system to change the characteristics of spam and successfully resist the new tricks of the masters of mass mailings. GFI specialists continuously improve Bayesian databases in collaboration with leading spam collection and research organizations.
The set of “bad” signs is regularly updated by GFI experts and downloaded by GFI MailEssentials from the Internet. GFI MailEssentials Bayesian filter generates a set of signs of “bad” and “good” messages by analyzing the contents of the corresponding public folders. To improve the accuracy of spam recognition, users can also replenish these folders along with administrators of the system who are granted the necessary access rights.
Protection against selection of email addresses
Sometimes spammers send letters to randomly generated addresses of the enterprise's email domain. GFI MailEssentials verifies recipient addresses against an Active Directory database or LDAP directory, and if the number of invalid addresses exceeds the specified value, it is marked as spam.
The analysis of e-mail messages also provides for verification that the letter received on behalf of an organization was sent from its authorized mail server. This function is performed by the Sender Policy Framework (SPF) module.
White and black lists
Guided by white lists, GFI MailEssentials skips mail from specified senders or mail domains. Since these lists are automatically replenished with the addresses of the recipients of outgoing letters, the level of false positives (false positives) is significantly reduced. White lists can also be generated using domain names, individual email addresses and keywords.
Finally, GFI MailEssentials checks email addresses contained in spam sites (Spam URI Realtime Blocklists, SURBL). The administrator can independently set the SURBL servers and determine the order of their use. Users can also be involved in the process by giving them access to public folders, which are used to set black and white lists in GFI MailEssentials.
GFI MailEssentials also supports third-party blacklists and communities such as ORDB, SpamHaus, and Spamcop. In addition, the administrator can independently specify servers that provide blacklist services.
Setting up lists
Gray lists
Another way to protect against spam is the so-called gray lists. It is especially effective because it assumes that the spammer software does not follow the same rules that apply to a regular email server. The engine tells the mail server that you need to "try again." At the second attempt, the message will be received, and the engine will skip subsequent emails from this sender. In general, this has little effect on email delivery time, but can significantly help protect against spam.
Where to put spam?
GFI MailEssentials offers the flexibility to handle suspicious messages classified as spam. You can set to automatically delete such messages, move to a special shared folder, forward to a specified email address, or transfer to a folder for suspicious messages in the recipient's mailbox to avoid losing emails mistakenly classified as spam. At the same time, actions can be configured individually for each filter.
Finally, GFI MailEssentials creates a special folder called New Senders in the user's mailbox and places messages in it that are not in the spam category, but received from correspondents with whom the user has not previously contacted.
PROTECTION AGAINST PHISHING
To protect against GFI MailEssentials phishing attacks, email links contain links to web sites using the Phishing URI Realtime Blocklist phishing resources database. In case of coincidence the letter is blocked.
The anti-phishing module in GFI MailEssentials detects and blocks threats not only from a database of phishing URLs that are constantly updated: for additional protection, each email message is checked for consistency with the keywords.
PROTECTION AGAINST HARMFUL PROGRAMS
To protect against spyware and viruses, GFI MailEssentials uses a whole arsenal of technologies, including several antivirus engines, as well as other tools designed specifically to protect against attacks through e-mail systems, such as analysis of exploits, Trojans scanner and executable files, and cleaning HTML to remove dangerous content like javascript.
HTML cleanup
Setting antivirus engines
Configuring antivirus email scanning policies
All in all, MailEssentials includes five anti-virus engines - VIPRE, BitDefender, Kaspersky, Avira and McAfee. Each of them is automatically updated. In the standard configuration, GFI MailEssentials comes with VIPRE and BitDefender engines, and you can add others if necessary. For example, optionally, GFI MailEssentials allows you to check mail with the Kaspersky anti-virus engine with a built-in database of adware and spyware signatures of well-known Trojans.
As practice shows, different anti-virus kernels protect against various threats. This is clearly seen in the screenshots of one of the Russian users of the product:
Troyan was caught by Kaspersky and BitDefender engines
Troyan was floodplain engine Kaspersky
Troyan was caught by Kaspersky and BitDefender engines
Vipre caught html exploit
Quarantine is configured quite thinly, you can give access to the individual quarantine for each user. In the case of a distributed installation of the product on the network, the quarantine is synchronized between copies of the product.
Configuring quarantine for malware
REPORTS
Built-in reporting tools allow you to analyze the intensity and nature of the use of corporate e-mail, as well as monitor the effectiveness of the spam filtering system.
GFI MailEssentials Reports
Blocked Mail Summary Statistics
INSTALLATION AND INTEGRATION WITH MICROSOFT EXCHANGE SERVER
A typical installation of GFI MailEssentials is a Windows Server with an SMTP service and MailEssentials, or an Exchange server with MailEssentials. The latest version of MailEssentials is aimed at medium and large organizations: the deployable configuration can be “clustered” with replication and centralized reporting. This option is suitable for customers with multiple Exchange servers that do not want to use anti-spam cloud services, or this is contrary to corporate policy.
When installed on a Microsoft Exchange server, GFI MailEssentials automatically imports the SMTP service settings. Additional configuration of the mail gateway is not required. Using the SMTP protocol provides support for standard SMTP / POP3 mail servers.
It also integrates with the Exchange server a mailing server with subscription and cancellation functions (as required by anti-spam legislation). It can use Microsoft Access or Microsoft SQL Server as a repository of DBMS information.
The 2015 version focuses on multi-server installations and has new, simple configuration tools that allow you to use general configuration settings, quarantine and centralized reports. The product integrates well with the current version of Exchange.
Although the installation of a product involves more than 20 steps, including preparation, the actual installation and the final stage, this is a very simple process. You just need to make sure that the system requirements are met .
Installing MailEssentials on the Exchange server is actually done in two basic steps. First you need to select several options for integrating the product with Active Directory and Exchange. The User Mode selection determines how many users MailEssentials will recognize. On the Exchange Server, it makes sense to join an Active Directory domain. Next, a website is installed for the MailEssentials control panel. You can select multiple sites for different roles. After this, MailEssentials installs various components. Once the process is complete, MailEssentials provides an opportunity to perform final configuration and integrate the software with the underlying Exchange platform.
For integration, several software agents are installed that intercept messages at the transport level. At the final stage, an account is created for accessing mailboxes.
After installation on the first server, MailEssentials will be available on the Exchange Server at http: // servername / MailEssentials . For login is used Active Directory.
The browser interface is used to work with MailEssentials. Administrators can manage both Exchange and MailEssentials without additional tools.
In the tree menu, you can configure anti-malware, anti-spam, content filtering, use the mail system management tools, set the quarantine folder and select general settings.
In the Multi-Server section, you can set up a “cluster” MailEssentials. One server is defined as primary, the other as subordinate. To the latter, you can add new, additional servers.
You can then configure black and white lists, keywords, and content filtering rules. When installed on multiple servers, GFI MailEssentials automatically synchronizes the configuration data and settings between them, including filtering rules, keywords, and black / white lists. All these settings are replicated between servers. You can also select specific servers for quarantine and reports.
GFI MAILESSENTIALS 20: WHAT'S NEW?
In May 2016, a new version of the product was released - 20.1, in which a number of features were improved and bugs were fixed . Let us list in conclusion the main features of version 20, presented in January 2015.
- Multi-threaded spam protection to increase email system throughput on systems with multiple processors or multi-core CPUs, as well as in cluster configurations.
- Support for 64-bit systems, allowing GFI MailEssentials to more efficiently handle large volumes of email.
- Remote Active Directory (AD) support allows you to install GFI MailEssentials on non-AD systems, such as IIS SMTP or Edge servers. In this case, Active Directory will still be used, despite the lack of local access to it.
- Support for scanning storage of Exchange 2013 and older for malware using Exchange Web Services.
- Support Exchange 2016, Windows 10 and Office 2016.
FINDINGS
Today, anti-spam and malware protection products are widely used and are used in organizations of very different profiles and sizes. Among them - Sophos, McAfee, Barracuda and IronPort. Similar features are offered by email systems that are deployed locally or in the cloud. GFI MailEssentials is a worthy alternative to Forefront Protection for Exchange, offering additional functionality. The product has earned a good reputation and received four VBSpam + awards.
MailEssentials is a useful, multi-functional tool for the mail server, complementing it not only with anti-spam and malware protection tools, but also offering a whole range of other functions that are usually implemented by stand-alone products.
As the name “Essentials” suggests, the product includes features that are very important for many organizations and have not yet been implemented by Microsoft in Exchange. And this is the reason for its more than 15-year commercial success.
Download the free fully functional version (demo, 30 days) here:
gfi-software.ru/downloads/gfi-mailessentials
At the time of use, technical support is provided in Russian in accordance with the policy:
gfi-software.ru/support/policy
Post 1 - GFI LanGuard - virtual security consultant >>
Post 2 - GFI Archiver: storage for mail >>
Source: https://habr.com/ru/post/304276/
All Articles