iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Content
Quickstart
Installation Administration Other topics Installlation of iQ.Suite Getting Started Imprint Installation von iQ.Suite WebClient General Configuration Preface Multi-tenant solution iQ.Suite Monitor Glossary iQ.Suite Watchdog iQ.Suite Wall iQ.Suite Trailer iQ.Suite Clerk iQ.Suite Crypt iQ.Suite PDFCrypt iQ.Suite Convert iQ.Suite Copy To Mailbox iQ.Suite Connect iQ.Suite Bridge iQ.Suite DLP
QuickStart
Quickstart Important: Parallel operation of several security solutions Installation on one server Installation on multiple servers On SMTP: Setting up Active Directory access Starting the iQ.Suite Management Console Basic Configuration Policy Configuration: Configuration of Mail Transport Jobs Policy Configuration: Scanning Information Store objects Observing data in iQ.Suite Monitor On SMTP: Monitoring the mail flow status
Installation:
Installation of iQ.Suite
Installation of iQ.Suite 1 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
System requirements SMTP installation scenarios Installation of virus scanners Setup of iQ.Suite Update to iQ.Suite 20.0 Uninstallation of iQ.Suite
Installation of iQ.Suite WebClient
Installation of iQ.Suite WebClient WebClient – Overview Installation
Multi-tenant solution
Multi-tenant solution System requirements Unavailable features in the multi-tenant solution Licenses Important definitions Setting up a multi-tenant environment Tenant Administration in iQ.Suite WebClient iQ.Suite Management Consoles
Administration:
Getting Started
Getting Started Technical description User interface iQ.Suite Basics Standard tabs of Mail Transport Jobs Standard tabs of Information Store Jobs Standard tab 'Jobs' Job types
General Configuration
General configuration
2 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Configuration reports Settings for iQ.Suite Servers Settings for an individual iQ.Suite Server Proxy servers Address Lists Creating notification templates Creating a database connection to a SQL database server Configuring Quarantines Password Management
iQ.Suite Monitor
iQ.Suite Monitor Server Status Quarantines Password Management Bridge Quarantines Clerk Quarantines CORE Classifiers iQ.Suite Reports Protocol of the processed emails
iQ.Suite Watchdog
iQ.Suite Watchdog Watchdog – Overview Virus scanning Virus Scanners File restrictions Jobs for virus scanning Jobs for File restrictions Scanning email bodies for suspicious URLs PDF Protection: Checking PDFs for undesirable elements
iQ.Suite Wall
iQ.Suite Wall Spam Protection – Overview Address Filtering: Blocking certain sender addresses Creating and validating DKIM signatures 3 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Searching and replacing text by using regular expressions Limiting the number of recipients Spam filtering without Spam Analyzer Spam filtering with Spam Analyzer Text analysis with Dictionaries Text analysis for Credit Card numbers CORE Classification Advanced Action: Text analysis with regular expressions Email Cleaning: Deleting HTML bodies and mail headers Extract the content of an email header and save as a variable
iQ.Suite Trailer
iQ.Suite Trailer Trailer – Overview Configuring Trailer elements (optional) Configuring a Trailer Document Configuring a Trailer Job
iQ.Suite Crypt
iQ.Suite Crypt Crypt – Overview PGP - General information Automatic key import with GnuPG Encryption with GnuPG Decryption with GnuPG S/MIME - General information Automatic certificate import with S/MIME Encryption with S/MIME Decryption with S/MIME Signing with S/MIME Verifying S/MIME signatures Using iQ.Suite KeyManager Encrypting emails with WebCrypt Pro Migration from S/MIME to S/MIME2
iQ.Suite PDFCrypt
iQ.Suite PDFCrypt 4 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
PDFCrypt – Overview PDFCrypt Engine Verifying signatures of PDF Files Signing and/or encrypting PDF attachments Methods of password transmission
iQ.Suite Convert
iQ.Suite Convert Convert – Overview Sample Job: Compress attachments as ZIP Sample Job: Extract attachments from archives and PDFs (Decompression) Sample Job: Converting attachments to PDF Converting TNEF mail to MIME Sample Job: Conversion via Command Line
iQ.Suite Connect
iQ.Suite Connect Connect – Overview Connect Engines Storing file attachments in SharePoint Storing file attachments in HCL Connections Connecting iQ.Suite to GBS Workflow Manager
iQ.Suite Copy To Mailbox
Copy To Mailbox: Update sent items in the sender's mailbox
iQ.Suite Bridge
iQ.Suite Bridge Bridge – Overview Job: RPost Registered Email Job: Bridge PST Journaling
iQ.Suite DLP
iQ.Suite DLP DLP Review 5 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
DLP Anomaly Detection
6 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Preface
Hotline
To give you the best possible support, we need the following information from you in the event of a fault:
Product version License number Exchange server version, including any service pack Operating system and version, including any service pack Configuration files Log files
This Information and other data which may be required by the GBS Support Team can be collected by means of the Support Collector. Refer to The Support Collector.
The GBS Support Team is available from 8:30 AM to 6:00 PM (time zone: EST).
Europe, Asia, other Tel.: +49 (0)1806 49 01 11 Email: [email protected] USA & Canada: Tel.: +1 877-228-6178 Email: [email protected]
Copyright
GBS Europa GmbH, hereafter referred to as GBS, is the owner of the full commercial copyright of this documentation protected by law. All rights not explicitly granted remain the property of GBS.
Copyright 1992-2021 GBS Europa GmbH, All rights reserved.
Warranty
GBS assumes no liability, express or implied, for the documentation. This includes quality, design, adherence to commercial standards, or suitability for a specific purpose.
The product descriptions are general and descriptive in nature. They can be interpreted neither as a promise of specific properties nor as a declaration of guarantee or warranty. The specifications and design of our products can be changed at any times without prior notice, especially to keep pace with technical developments. For up-to-date information, 7 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
please contact the GBS Sales Department.
License terms
The GBS license terms are available on the product CD and the GBS website. Any license agreements from third-party software manufacturers are included with the software product as a PDF file.
Third-Party Copyright notes
The package includes third-party products listed in the "Third Party License Agreements" document. This document is available in the program directory. In addition, the following applies:
Microsoft, MS, Windows and the Windows Logo are registered trademarks of Microsoft Corporation in the Unites States of America and/or other countries.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Details on the documentations
Freely accessible documentation is available on www.gbs.com.
If you have any suggestions on how we can make further improvements, we would be happy to get your feedback. Send an email to: [email protected].
Personal designations
Our documentations are addressed equally to both genders. Therefore, we make every effort to use gender-neutral language. Since it is not entirely possible to avoid personal designations, we use the word forms he/she, his/hers or him/her in these cases.
8 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
QuickStart
Topics:
Important: Parallel operation of several security solutions Installation on one server Installation on multiple servers On SMTP: Setting up Active Directory access Starting the iQ.Suite Management Console Basic Configuration Policy Configuration: Configuration of Mail Transport Jobs Policy Configuration: Scanning Information Store objects Observing data in iQ.Suite Monitor On SMTP: Monitoring the mail flow status
9 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Important: Parallel operation of several security solutions
Important: We do not recommend to install several security solutions on one server. This could affect the functionality of your security solutions.
For any questions, please contact the GBS Support.
10 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Installation on one server
Make sure that all required programs have been installed and system requirements are met. Refer to System requirements.
Be sure to install (double-click) the correct installation package for your operating environment.
Follow the Installation instructions. Unless you specify a different installation directory, iQ.Suite is installed in the default directory, i.e.: C:\Program Files\GBS\iQ.Suite
Important: Disable any real-time or on-access scan functions of your scan engines for the ...\iQ.Suite\GrpData directory. For further information on installing the software, refer to Installation of iQ.Suite.
11 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Installation on multiple servers
For further information, refer to Installation of iQ.Suite in multi-server environments.
12 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
On SMTP: Setting up Active Directory access
For further Information, refer to SMTP Installation scenarios.
13 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Starting the iQ.Suite Management Console
iQ.Suite is a server product that is configured through iQ.Suite Management Console.
For iQ.Suite to work, the iQ.Suite service must be running. For further Informationen on the iQ.Suite service, refer to iQ.Suite Services.
To start the console select Programs > GROUP Business Software > iQ.Suite > iQ.Suite Management Console.
Before the iQ.Suite Management Console exits, you are prompted to save any changes.
Note: Pending changes are indicated by an asterisk (*) at the top node. To save your
configuration, click . The configuration is saved in the ConfigData.xml file located under GBS\iQ.Suite\Config.
14 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Basic Configuration
Following the installation, use the iQ.Suite Management Console to perform the following settings.
Required Basic Configuration steps
The Basic Configuration is used to define the valid servers, email addresses, shared templates and utility settings.
1. Under Basic Configuration > General Settings > 'Email Addresses' tab, check the entries for the iQ.Suite administrators and the internal domains. Refer to iQ.Suite Server Settings.
2. To use the iQ.Suite Watchdog virus scanner functions, enable the virus scanners installed on your server under Utility Settings > Virus scanners. Refer to Enabling Virus Scanners.
Recommended Basic Configuration steps
In the Basic Configuration, it is recommended to define individual settings for address lists, templates, etc. However, these settings are not necessary for simply testing the system.
1. Under General Settings, proceed as follows:
1. When required, define the proxy servers settings. Refer to Proxy Servers. 2. Configure the Address lists (for selections in job rules) and Trailers (for iQ.Suite Trailer). 3. When required, change the texts of the standard templates.
2. Under Utility Settings, configure any additional components required, e.g. CORE classifiers, dictionaries, fingerprints and virus scanners (for iQ.Suite Watchdog) and the Crypt Engines (for iQ.Suite Crypt).
For further Information on Basic Configuration, refer to Basic Configuration. Module- specific settings are described in the corresponding sections.
For Information on further customizing options, refer to General Configuration.
15 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Policy Configuration: Configuration of Mail Transport Jobs
Use the Policy Configuration feature to define and enable selected Mail Transport Jobs according to the company’s policies.
1. Under Sample jobs, locate the template you wish to use. 2. To create a new Mail Transport Job, select the template and drag it to the Mail Transport Jobs folder. Give the job a name and edit its properties. Then, under Properties, activate the job. 3. Make sure that the jobs are performed in the correct order. Refer to Processing order of iQ.Suite Jobs. 4. Save your changes. Also refer to Starting the iQ.Suite Management Console.
For further Information on setting up jobs and company policies, refer to iQ.Suite Jobs (Policy Configuration).
16 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Policy Configuration: Scanning Information Store objects
Under Policy Configuration, you can create Scan Configurations and based on them Information Store Jobs of the type Watchdog and the type Wall for scanning Information Store objects.
Scan Configuration for Information Store Jobs
To create an Information Store Scan Configuration, click on: Policy Configuration > Information Store Scan Configurations > New > Information Store Scan Configuration.
General settings and Schedule
1. Open the General tab:
2. In the Stores to scan field, select the type of Information Store which contains the objects to be scanned: Private and/or Public Information Store. 3. In the Schedule mode field, determine when to scan the Information Store. For this, define either time periods or start times:
Time periods:
Click Add and specify in the Schedule Settings dialog time periods for the Information Store scan. With this, determine whether to scan weekly or monthly (calendar days/weekdays). Also refer to Important Notes.
17 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
By specifying the time periods or duration, note that the duration of the Information Store scan cycle depends on the application environment in use (e.g. size of the Information Store, number of objects in the Information Store). Indicators for appropriate settings may be found in the Windows Event log.
The scan is terminated when the specified time period ends - regardless of whether all objects have been scanned or not. The scan cycle will restart when the next time period begins. In private Information Stores, the mailboxes which could not be processed during the last scan (maybe due to a too short duration) are first scanned. This applies not to the mailboxes which have been partially processed. In public Information Stores, all objects are scanned during the next scan cycle, i.e. also the objects which have been already scanned during the previous scan cycle.
Start times:
Click Add and specify in the Schedule Settings dialog times at which a scan of the complete Information Store (IS) shall be automatically started. Here, no end time can be defined. The scan ends when the last IS object has been processed.
Scan reports are created, not depending on the selected schedule mode. Refer to Scan Reports.
Important notes
Please note that Information Store scans may take a long time and use a lot of processor capacity. To reduce delays in responding to client queries, we recommend to scan during periods of low system usage (at the beginning or end of days or on weekends) and, in case of virus check, during virus scanner updates. Beside this, you can use the Limits tab to restrict the scope of the objects to be scanned. Refer to Limits.
In parallel or as an alternative to the automatic scans which have been configured here, the Information Store scan can be manually started at any date and time. Refer to Starting Information Store Scan Manually.
Limits
Use the Limits tab to restrict the scope of the items to be scanned:
Refer to Limit by type and Limit by time.
Exceptions
In the Exceptions tab, define which types of mailboxes, mailbox objects and archive 18 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
mailboxes should be excluded from the scan:
For information on the types of mailboxes and mailbox objects, please refer to the Microsoft documentation.
Tab: Server
Determine on which iQ.Suite servers the Scan Configuration shall be used:
Information Store Jobs
At each Scan Configuration, Information Stote Jobs can be created for scanning Information Store objects, e.g. for virus check.
To create an Information Store Job, click on Policy Configuration > Information Store Scan Configurations > Information Store Scan Configuration > New > Information Store Job.
The following Information Store Jobs can be configured:
Watchdog Virus Scanning
Refer to Virus scanning in the Information Store.
Watchdog Attachment Filtering 19 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Refer to Jobs for File restrictions.
Wall Content Filtering
Refer to Text analysis with Dictionaries.
Wall Credit Card Attachment Filtering
Refer to Text analysis for Credit Card numbers.
Wall Advanced Action
Refer to Advanced Action: Text analysis with Regular expressions.
20 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Observing data in iQ.Suite Monitor
After having saved your settings, use the iQ.Suite Monitor to monitor the operation of iQ.Suite. With iQ.Suite Monitor, you can view current data in real-time and manage, for instance, the Quarantines of the configured iQ.Suite servers.
For further Information, please refer to iQ.Suite Monitor.
21 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
On SMTP: Monitoring the mail flow status
With iQ.Suite hosted in Microsoft Azure, you can operate your complete email environment in the Cloud. Emails from your Microsoft 365 mailboxes can be transported by email routing to your iQ.Suite for SMTP. For further information on iQ.Suite in MS Azure, refer to the separate document (techDoc). Download on www.gbs.com.
Through the automated PowerShell setup of the Azure VM, an internal iQ.Suite monitoring task will also be activated. This task by default will run every 10 minutes to monitor the mail flow. This includes the monitoring of the following directories:
C:\inetpub\mailroot\Badmail C:\inetpub\mailroot\Queue Each time the task is executed, Event log entries are created by default. These entries can be used to verify the current status of the mail flow. Each monitored directory has its own Event log entry and Event ID.
The default threshold settings for the creation of Event log entries for the Queue are as follows:
Less than 25 items in a directory => Event log entry with Information level More than 25 items, but less than 50 items in a directory => Event log entry with Warning level More than 50 items in a directory => Event log entry with Error level
The default threshold settings for the creation of Event log entries for the Badmail are as follows:
Less than 10 items in a directory => Event log entry with Information level More than 10 items, but less than 20 items in a directory => Event log entry with Warning level More than 20 items in a directory => Event log entry with Error level
If you want to change those thresholds, you can do so within the registry under the following key: HKEY_LOCAL_MACHINE\SOFTWARE\GBS\iQ.Suite\ControlService\
SMTPMonitoring You can also change the time interval, in which the monitoring checks the directories. For this you have to change the decimal value of the CheckTimeout registry key to another value. Per default, it is set to '600', which means 600 seconds / 10 minutes.
Email notification can be sent in case a monitored threshold for a directory is met. By default, no notification is sent. To enable the sending of notifications, adjust the registry
22 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
under the following key: HKEY_LOCAL_MACHINE\SOFTWARE\GBS\iQ.Suite\ControlService\
MailReporting Add the data of an email account, e.g. a Microsoft 365 or Google account.
Set the Enabled registry key to '1' to activate the sending of email notifications. This way, email notifications can be sent in case the error threshold is met.
In some cases, the SMTP queue might have some stuck emails which are left without actually being sent. To resolve such a situation, the SMTP service has to be restarted. The restart action is activated by default in the monitoring task. So, if you encounter an increasing amount of stuck emails in the SMTP queue directory, the SMTP service will be restarted automatically. The restart action will only be executed in case the error threshold of the Queue is met.
You can disable the automatic restart of the SMTP service by setting the value of the AutoRestartSMTPSvcEnabled registry key to '0’'.
23 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Installation of iQ.Suite
Topics:
System requirements SMTP installation scenarios Installation of virus scanners Setup of iQ.Suite Update to iQ.Suite 20.0 Uninstallation of iQ.Suite
24 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
System requirements
Important: The following system requirements apply to iQ.Suite for Exchange/SMTP 20.0. If installing an iQ.Suite Version > 20.0, requirements may be different. Please read the product changes described in the Readme.html file. By default, the Readme.html file is displayed on screen after the installation.
System requirements of iQ.Suite:
RAM: Minimum 8 GB Note that additional RAM is needed for third-party systems such as virus scanners as well as for database access (SQL driver).
Hard disk: Minimum 4 GB In addition to the space needed for installation, please note that the quarantines also need space.
Windows Scripting (for installation only)
Microsoft.Net Framework 4.5.2 or higher (Client Profile and Microsoft Redistributable Packages) If not installed yet, the components are installed in the course of the iQ.Suite installation.
Windows PowerShell: as of Version 3.0
Supported operating systems: Windows Server 2012 (64-bit) Windows Server 2012 R2 (64-bit) Windows Server 2016 Windows Server 2019 ("Server Core" as well)
For iQ.Suite SMTP, the Windows SMTP Service must be installed.
Supported Exchange Servers:
For further information on the operating systems supported for the listed Exchange Server versions, please refer to our readme file or the Microsoft supportability matrix.
Exchange Server 2013 as of SP1 / 2016 with the 'Mailbox Server’ role Exchange Server 2019 25 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Supported languages: German, English
Supported SQL database servers:
iQ.Suite WebClient requires an SQL database server. Furthermore, for some features of iQ.Suite, an SQL database server can be used. The following SQL database servers are supported:
Microsoft SQL Server: as of Version 2012 PostgreSQL: as of Version 10.6
The desired SQL database server has to be installed manually. The database driver OLE-DB for Microsoft SQL Server is installed automatically if the 'SQL Server Support' is selected in the iQ.Suite setup. For PostgreSQL, the database driver has to be installed manually.
If using the SASI Engine, refer to the separate SASI document for additional requirements. Download on www.gbs.com.
Important: Disable any real-time or on-access scan functions of your scan engines for the ...\iQ.Suite\GrpData directory.
Optional: iQ.Suite Connect
iQ.Suite can be connected to the Collaboration platforms HCL Connections and Microsoft SharePoint as well as to GBS Workflow Manager via the iQ.Suite Connect module.
HCL Connections: as of version 4.5 Microsoft SharePoint: versions 2013, 2016 and Online
26 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
SMTP installation scenarios
iQ.Suite for SMTP can be used in various system environments. Due to security policies, it may not always be possible access the Active Directory (AD). Therefore, a distinction between two scenarios is made for the iQ.Suite installation.
Installing iQ.Suite without access to Active Directory
In environments in which iQ.Suite is installed on an SMTP gateway isolated by an internal network, it will normally not be possible to access the Active Directory. Therefore, the standard procedure for installing iQ.Suite consists of using local address resolution. Simple address resolution mechanisms will normally be sufficient on SMTP gateways.
Using iQ.Suite, the email traffic is subdivided into messages from/to:
all senders and recipients internal senders and recipients only manually entered addresses
For further Information on using addresses, please refer to Address lists.
In cases where more sophisticated rule sets have to be configured at the SMTP gateway and groups/user addresses are to taken from internal mail systems, you can use a local LDIF file. Select 'LDIF Mode' at setup and, after the installation, create the LDIF file:
Creating an LDIF file from the Active Directory
With the Active Directory available, proceed as follows:
1. Install the iQ.Suite. Refer to Setup. 2. Log in to the server that has access to the Active Directory. 3. Open the .../iQ.Suite/Bin directory and run the LDIF.bat file located on this server. The file iqsuite.ldf and a log file are created. 4. Copy the iqsuite.ldf file to the .../iQ.Suite/Config directory on the iQ.Suite installation server.
Note: In multi-server environments, the LDIF file scan be synchronized. Refer to Synchronizing Configuration, License and LDIF in a multi-server environment.
Installing iQ.Suite with access to the Active Directory
If your SMTP gateway has access to the Active Directory and a resolution of user/group addresses is to be performed according the internal directory, select in the iQ.Suite setup dialog the feature 'LDIF Mode'. Refer to Installation of iQ.Suite.
27 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
28 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Installation of virus scanners
Optionally, during iQ.Suite installation the virus scanners of our business partners Avira, Sophos, Kaspersky and McAfee are installed as integrated scanners.
The Avira Scan Engine with APC is fully preconfigured and ready for immediate use. For using the McAfee or Sophos virus scanner additional configurations are required.
For further Information on the supported virus scanner (Avira, McAfee, Sophos), refer to the separate documents (techDocs). Download on www.gbs.com.
iQ.Suite allows to use virus scanners from other third-party manufacturers as well. However, these virus scanners are not supplied with iQ.Suite and must be installed on the server before. Refer to Enabling virus scanners.
Important: Disable any real-time or on-access scan functions of your scan engines for the ...\iQ.Suite\GrpData directory.
29 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Setup of iQ.Suite
iQ.Suite requires Visual Studio Runtimes being installed. Its installation is done automatically in the first phase of the setup.
Microsoft Access Database Engine 2016 (64 Bit) is installed automatically if you select the feature option 'iQ.Suite Server Components’ during setup.
Microsoft SQL Server Native Client is installed automatically under ...\iQ.Suite\Support\Installer\SQL if you select the feature option 'SQL Server Support’. Even if you deselect this feature, the installation files are saved in the path mentioned above, to allow installation in the future.
Installation of iQ.Suite
This secrion describes the iQ.Suite installation by using the installation wizard. As an alternative to the dialog-based setup, iQ.Suite can be installed via silent installation (refer to techDoc from the GBS download page: www.gbs.com).
1. Select the desired installation package (Exchange or SMTP).
For the installation of iQ.Suite for Microsoft Exchange, a unique installation package is available for all supported Exchange Server versions.
On Exchange Server = 2013/2016, iQ.Suite will be installed on the Exchange 2013/2016 Mailbox role in order to provide scanning of emails in SMTP Transport and Information Store Scanning. Installation on Exchange 2013 Edge Transport role is also supported. Naturally, only SMTP Transport scanning is possible on Edge Transport role.
Note: Due to changed standard permissions (UAC), we recommend to use administrator rights for the administration tasks as well the configuration of iQ.Suite, in order to ensure access to the iQ.Suite installation folder.
2. Start the installation package by a double click. To be able to install the iQ.Suite, a number of Microsoft software components must have been installed. If these components are missing on your system, they will be installed by the installation package. Without these components, the iQ.Suite installation cannot be started. Confirm the corresponding installation message when prompted to do so. During installation a system restart might be required. 3. Select the desired language. The selected language applies to the iQ.Suite Management Console and configuration elements such as the notifications sent to the users. The latter are included in the standard configuration. 4. Accept the License Agreement and click Next to continue. 5. Select the features to be installed: 30 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
On SMTP: Please note that the default setting for LDIF support depends on using an Active Directory. Keep the default setting to ensure iQ.Suite works in the proper way.
6. Click Next.
On SMTP: In case you have defined two or more virtual servers, you will now be prompted for the active virtual server on which iQ.Suite is to be registered. Select the desired server and click Next:
7. If you are not running iQ.Suite on multiple servers and wish to use a central configuration file for administration purposes, confirm the default setting and click Next:
Refer to Installation of iQ.Suite in multi-server environments.
8. In the next dialog, specify the administrator’s email address:
31 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
9. If you are using a proxy server, select Enable Proxy Server and enter the proxy settings (IP address, port, user, password). All of the proxy server settings can later be changed under the Basic Configuration (refer to Proxy servers).
10. Click Next. The screen displays a summary of your settings. Check your configuration settings and make sure that the on-access scanner for the ...\GrpData directory is disabled.
32 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
The configuration settings are added as default entries to the configuration of iQ.Suite servers. For further information, refer to iQ.Suite Server settings.
11. Confirm the summary by clicking on Install. The iQ.Suite is then installed to the following directory: C:\Program Files\GBS\iQ.Suite
12. To complete the iQ.Suite installation, click Finish in the final dialog.
By default, the area iQ.Suite Reports (Reporting and Statistics function) is not displayed on the iQ.Suite Management Console. For further information, refer to iQ.Suite Reports.
Installation of iQ.Suite in multi-server environments
If installing iQ.Suite on multiple Exchange/SMTP servers, you can control both the administration and configuration centrally. The iQ.Suite distinguishes between three areas:
iQ.Suite Management Console Start > Programs > GBS Europa GmbH > iQ.Suite > iQ.Suite Management Console
The iQ.Suite is administrated with the iQ.Suite Management Console, which is used for basic configuration settings and the configuration of the iQ.Suite policies as well as for monitoring server functions and quarantines. The iQ.Suite Management Console can be installed on the iQ.Suite servers or separately, for instance on separate administrator workstations. The graphical user interface corresponds to a Microsoft Management Console (MMC).
Also refer to Installation of the iQ.Suite Management Console on a workstation.
Server components
The server components and the iQ.Suite Windows service are installed on the server (Exchange/SMTP). As central elements of the iQ.Suite, the server components require access to your local iQ.Suite configuration.
Configuration
The iQ.Suite configuration is saved as an XML file (ConfigData.xml). This configuration is created, updated in case of changes and distributed to the iQ.Suite 33 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
server components by means of the iQ.Suite Management Console.
Synchronisation of License, Configuration and LDIF File
Refer to Synchronizing Configuration, License and LDIF in a multi-server environment.
Administration
iQ.Suite administration can be performed either from any iQ.Suite server with an iQ.Suite Management Console installed or from a separate administration workstation. To avoid a loss of configuration data through mutual overwriting, make sure that the configuration is never edited in more than one iQ.Suite Management Console at any one time.
Running the multi-server installation
Please observe the following when installing the first server:
1. At least install the iQ.Suite server component on the first server. A configuration file will be created, unless it already exists.
If the first server is to be used for administration, install the entire iQ.Suite, including a local Management Console. If you wish to administrate iQ.Suite for all servers from a workstation, only install the server component locally.
2. During setup, define how to proceed with configuration data:
Create local configuration: A new configuration will be created. Use this option for the first server. iQ.Suite administration will be performed from this first server. Use existing configuration: If a configuration already exists the configuration settings will remain. Use this option when updating the iQ.Suite. Specify path to configuration manually: The path can be configured manually.
Installation of the iQ.Suite Management Console on a workstation
34 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
The iQ.Suite Management Console on the workstation can also be operated under Windows. In the product selection dialog, select iQ.Suite for Exchange or iQ.Suite for SMTP.
Install the 'iQ.Suite Management Console’ only, by deactivating all other features:
Under the settings for the configuration file, select Specify path to configuration manually.
35 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Update of iQ.Suite
General
After having updated to a major version of iQ.Suite, you need a new license file.
By updating iQ.Suite, your previous configuration settings and quarantine data are kept.
If you had already installed the iQ.Suite Report Engine (additional package for iQ.Suite Reports) before updating iQ.Suite, the Engine will not be uninstalled during the iQ.Suite update. Only if the additional package contains changes (refer to Release Notes), download the new additional package from www.gbs.com for installation. For more information on the iQ.Suite Reports, refer to iQ.Suite Reports.
The following sections for updating apply to the single-tenant case.
Update in a single-server environment
In environments with a single iQ.Suite server, the installation procedure is largely the same as for a new installation (refer to Setup of iQ.Suite). After clicking the iQ.Suite setup file, follow the installation wizard.
Update in a multi-server environment
Important: In a multi-server environment with servers which share a common configuration file, you need to perform the update on all iQ.Suite servers. Also update your iQ.Suite Management Console.
To update your iQ.Suite servers in a multi-server environment, proceed as follows:
1. Upload your new iQ.Suite license to all iQ.Suite servers of your environment. Refer to Synchronizing Configuration, License and LDIF in a multi-server environment.
2. If you are using SQL databases, update your SQL databases if needed. Download the SQL update scripts from www.gbs.com and execute only the scripts which are newer than the SQL scripts you are using until now (SQL_
3. If you are using DAG (Database Availability Group), take the iQ.Suite servers out of the DAG cluster. Start with the slave servers and take the master server out at the end. For this, refer to the Microsoft documentation. 36 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
4. Stop the Transport Service: Microsoft Exchange Transport Service (Exchange) or Simple Mail Transfer Protocol Service (SMTP).
5. Update your slave servers since they still may use the old iQ.Suite configuration. For updating, run the setup of the newer iQ.Suite version and follow the Installation Wizard.
6. Update your master server by running the setup of the newer iQ.Suite version.
7. Restart the updated iQ.Suite servers.
8. Send the new iQ.Suite configuration from the master server to the slave servers. Refer to Synchronizing Configuration, License and LDIF in a multi-server environment.
9. Take your servers in the DAG Cluster again. For this, refer to the Microsoft documentation.
10. If you are using iQ.Suite WebClient, update your WebClient installation. Refer to Installation of iQ.Suite WebClient > Update.
37 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Uninstallation of iQ.Suite
Run the uninstall program:
1. Click Settings > Control Panel > Software. 2. Select 'iQ.Suite
If you wish to delete all iQ.Suite components, enable the Delete all user and Registry data option. Conversely, if you wish to keep your configuration and quarantine data, simply click Finish. In this case, you can use the existing data for a new iQ.Suite installation (same or higher version).
38 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Installation of iQ.Suite WebClient
Themen:
Overview – WebClient Installation
39 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
WebClient – Overview
In a single-tenant environment, iQ.Suite WebClient (short "WebClient”) is installed only on one server. Once it has been installed successfully, all authorized users can open the WebClient in the web browser.
For information on installating iQ.Suite WebClient in a multi-tenant environment, refer to Multi-tenant solution.
The WebClient offers different possibilities, depending on the assigned roles and rights. iQ.Suite WebClient consists of the following components:
Tenant Administration: This component is only available in the multi-tenant solution. It is used to manage tenants, servers and master configurations. Quarantines: Administrator Quarantine: Access emails in regular quarantines. User Quarantine: Access emails in regular quarantines User Lists: The own Blacklist/Whitelist entries can be displayed. Entries can be added and existing entries can be deleted. Reviewer Quarantine: Access emails in Review quarantines.
The displayed quarantined emails and the possible actions on quarantined emails depend on the user rights.
By default, file attachments can be downloaded from emails of the Administrator Quarantine and of the Review Quarantine.
Cockpit: In the Cockpit, the following information can be viewed: Statistics (Statistic Widgets), e.g.: Configured iQ.Suite jobs and their statuses (active/inactive) Found viruses, spam Real-time statistics, e.g.: Processed Emails Event Log
The Windows service 'iQ.Suite Live Data Provider' that is installed with the WebClient and is started automatically provides data to the WebClient for real-time statistics.
Roles & Rights:
Standard roles are available via templates. Besides this, additional roles can be
40 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
defined (custom roles). The rights which can be assigned are component-specific.
Contrary to the rights of the custom roles, the rights of the standard roles cannot be modified.
Users and groups can be assigned to roles.
Configuration: Trailer: Trailer documents, images and file attachments can be created, processed or deleted. Trailer policies, simplified Trailer jobs, can be configured. Quarantines: Display the available quarantines and get information on whether the options 'Encrypt data’ and 'Quarantine is mission critical’ are enabled for the respective quarantine. Password Manager: View the passwords generated by the iQ.Suite Password Managers. Delete passwords or mark them as obsolete. Generate new passwords. Jobs: Display the status of the iQ.Suite jobs. Possibility to change the status of these jobs (enable/disable). Trailer Preview: Before sending her email, the user can view how her email would look like after processing by the Trailer jobs. The trailer valid for the respective recipient is displayed in the email preview. Password Manager: The configured Password Managers are displayed with their complexity settings. DLP: View the collected data and calculated Baselines for the DLP Anomaly Detection. Clerk: Central email absence management, enabling to redirect or forward emails in case of one-time absences (e.g. for the time of a vacation or a business travel) and in case of periodic absences on certain weekdays (e.g. for part-time employees). User Licensing: Licenses for iQ.Suite modules like Clerk and Trailer can be assigned to selected users and can be managed here. Refer to the WebClient online documentation. Tasks: Tasks (e.g. Clerk tasks) are displayed. You will see the running tasks, finished tasks, and tasks with another status (e.g. failed tasks).
Important: To be able to use the WebClient functions Cockpit and User Lists, the Statistics database and the database for the User Lists must be global SQL databases. To configure the iQ.Suite accordingly, please refer to Creating a database connection to a SQL Database server.
41 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Installation of iQ.Suite WebClient
Installation prerequisites
System requirements
iQ.Suite WebClient supports the following operating systems:
Windows Server 2012 (64 Bit) Windows Server 2012 R2 (64 Bit) Windows Server 2016 Windows Server 2019
iQ.Suite und iQ.Suite WebClient can be installed on different servers.
iQ.Suite WebClient requires the installation of the following products:
iQ.Suite for Microsoft Exchange/SMTP Microsoft.NET Framework 4.7 or higher Supported SQL database servers: Microsoft SQL Server: as of Version 2012 PostgreSQL: as of Version 10.6
IIS (Internet Information Server) as of version 8.0 and the following associated Windows features: .NET Extensibility 4.5 oder.NET Extensibility 4.6 ASP.NET 4.5 or ASP.NET 4.6 ISAPI Extensions ISAPI Filters
iQ.Suite WebClient is integrated in the IIS.
Supported web browsers: Google Chrome Mozilla Firefox Internet Explorer 11 / Microsoft Edge
We support these web browsers in their latest version at the time when this manual was issued.
Installation
42 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Note: The quarantine data has to be collected for being accessible via the WebClient. Therefore, some prerequisites have to be met. Refer to iQ.Suite Data Collector Service on page 67. Make sure these prerequisites are met before you run the setup file. During setup, read the Notes on the Installation Wizard carefully.
To install the iQ.Suite WebClient, proceed as follows:
1. Execute the setup file: iQ.Suite-
The Installation Wizard guides you through the installation process.
2. To be able to use the iQ.Suite Clerk Outlook Add-In, select the corresponding feature. For detailed information on this feature, refer to a separate documentation (techDoc). Download under www.gbs.com.
3. Select the desired setup type: Complete: The default installation path is used: C:\Program Files\GBS\iQ.Suite WebClient\ Customize: This allows you to modify the default installation path.
4. Perform the IIS settings:
If you have activated the iQ.Suite Clerk Outlook Add-in feature, an additional field for the name of the add-in is displayed. Refer to separate techDoc.
Specify the website type according to your corporate strategy and your needs:
Default Web Site: Use this option to create the web application needed for the WebClient within the IIS default website. Usually the default port (HTTP: 80; HTTPS: 443) is used. The transmission protocol set in the IIS for the default website is used.
The default website is recommended if you want to grant WebClient access to people outside of your enterprise network. In this case, the port does not need to be entered explicitly and you do not need to share any port for outside.
New Web Site: Use this option to create a separate website on the IIS. Select this 43 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
option if you are already using the default port (HTTP: 80; HTTPS: 443) for another web application or if you want the users of your WebClient to access the WebClient only from within the enterprise network (in the intranet). Custom Port: Enter the port to be used by the WebClient. If you do not enable the SSL option in addition, only the access via HTTP is used. Prepare SSL binding on port: If you want to use HTTPS, enable this option and enter the number of the port to be used. Access via HTTP is not affected by this. It is only used to prepare the website for SSL. For HTTPS to be used, in addition, a certificate has to be included in the bindings manually.
Web Application Name/Web Site Name: Enter a name for the WebClient.
URL for iQ.Suite WebClient (after successful installation):
For Default Web Site: http(s)://
5. Click Next and perform the settings that allow the iQ.Suite WebClient and the iQ.Suite to communicate with each other:
iQ.Suite Server: Enter the name of a server of the iQ.Suite domain that can be accessed via the communication port. Global password: Enter the global password that is set in the iQ.Suite under Properties of iQ.Suite Servers > 'Global Options' tab:
For further information, refer to Global Password.
44 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Communication Port: Enter the communication port that is set under Properties of iQ.Suite Servers > 'General' tab.
Login expires after: By default, a user who has logged in is automatically logged out once the web interface has been inactive for 10 minutes (session timeout). If required, modify the default value.
6. Click Next and select the directory type to be used for the authentication of users in iQ.Suite WebClient and for the resolution of group memberships:
7. Click Next. The dialog which is then displayed depends on the selected directory type:
Active Directory (default): Make the settings for the Active Directory access:
45 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Domain User name/User password: Enter the name and the password of a user who can access the domain's Active Directory (AD). Let the domain name precede the user name:
This authentication information lets the WebClient access the AD and there check the group membership for every user. This is to determine if the user can access the WebClient.
Note: When entering the user, we recommend not to enter the domain's administrator but instead, especially for the WebClient, to create a user whose password does not expire and to enter this user here.
Local Users and Groups with LDIF file
If your iQ.Suite WebClient is installed on a server which has no access to an Active Directory or Azure Active Directory, you can export your users and groups to an LDIF file.
If the LDIF feature was selected when installing iQ.Suite, then an empty LDIF file was created in the iQ.Suite's Config folder (path: ...\iQ.Suite\Config\iQSuite.ldf ). If you export your users and groups to this default file, the LDIF file can also be used by the iQ.Suite.
For further information, please refer to the separate document "iQ.Suite on Microsoft 365 & Azure" (techDoc). Download on www.gbs.com.
In the WebClient Setup dialog, specify the absolute path (including filename) to the LDIF file mentioned above:
46 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Azure Active Directory
To be able to resolve group memberships, WebClient requires access to the Azure Active Directory. For this access, the following information has to be specified:
For further information, please refer to the separate document "iQ.Suite on Microsoft 365 & Azure" (techDoc). Please contact the GBS Sales team.
Tenant Name: Specify the domain name of the Azure Active Directory to be used. Application ID: Specify the application ID of the WebClient application in Azure (Web-App). Secret Key: Specify the secret access key of the WebClient application.
7. Click Next. 8. The information on which users have which rights in iQ.Suite WebClient is available in the SQL database which contains the configuration objects used for the WebClient. In order to create the required database objects, run the WebClient_Config.sql script on the database intended for the WebClient. You will find the SQL Scripts under ...\GBS\iQ.Suite\Support\Scripts\ The following procedure applies if you are using MS SQL Server:
47 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
1. Open the SQL file mentioned above under: \GBS\iQ.Suite\Support\Scripts\SQL 2. Copy the content of this file to the Query window of the SQL Server Enterprise Manager: SQL Server Enterprise Manager > Tools > SQL Query Analyzer 3. Run the command (query) by selecting Execute Query (F5). 4. Grant appropriate access rights to a user.
For PostgreSQL, refer to the documentation of PostgreSQL, if required.
9. Configure the connection to the desired SQL database:
SQL Database: Select the type of your SQL database: 'MS SQL' or 'PostgreSQL'. SQL Server name: Name / IP address of the SQL database server on which the database containing the WebClient configuration is located. SQL Database name: Name of the corresponding SQL database. SQL User name: Enter the name of a user who has read and write access to the database. SQL User password: Enter the password of the user.
Important: Test connection: The database connection test can be used to check whether the database can be accessed with the specified user. With this test, it is not possible to check whether the required tables exist in this database.
10. Click Next:
48 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Directory group(s) for administrative access
In the directory to be used (e.g. Active Directory or Azure Active Directory), at least one user group whose members shall have initial unrestricted administrative access rights in iQ.Suite WebClient must exist.
In the Setup dialog, specify at least one administrator group if no entry exists in the table SecurityContext of the used database. If an entry already exists in this database table, the administrator group specified in the setup dialog is ignored.
Roles are affected to the administrator groups specified here. By means of these roles, access permissions in WebClient are granted to these administrators. They can then log on initially to the WebClient user interface and are authorized to grant access permissions to additional Active Directory users via the WebClient component Roles & Rights.
With the Reset security settings option enabled, all roles and rights configured in WebClient will be reset.
Important: Resetting the security settings cannot be undone.
11. Click on Next > Install > Finish.
Important note before using iQ.Suite WebClient
Beofre making configuration changes in iQ.Suite, use the icon from the toolbar to lock the iQ.Suite configuration (ConfigData.xml). When configuration changes are made in Webclient (e.g. in Trailer documents), only restarting the iQ.Suite administration console will update the ConfigData.xml. Without locking you might risk data collisions.
Use icon to unlock the iQ.Suite configuration.
Update
Run the setup of the newer iQ.Suite version:
49 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Follow the instructions in the installation wizard.
50 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Multi-tenant solution
iQ.Suite supports multi-tenancy. This means that iQ.Suite can be operated for multiple tenants which may have various requirements concerning the email processing.
This chapter describes how to set up a multi-tenant environement. Additionally, you will find other important definitions and general information on the iQ.Suite multi-tenant solution.
The WebClient online documentation contains information concerning the configurations you can make on the WebClient user interface.
Topics:
System requirements Unavailable features in the multi-tenant solution Licenses Important definitions Setting up a multi-tenant environment Tenant Administration in iQ.Suite WebClient iQ.Suite Management Consoles
51 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
System requirements
Multi-tenancy is possible with iQ.Suite for SMTP and iQ.Suite for Microsoft Exchange and requires the installation of the following servers:
SQL database server: The following database servers are supported: Microsoft SQL Server: as of Version 2012 PostgreSQL: as of Version 10.6 iQ.Suite WebClient. Refer to Installation of iQ.Suite WebClient. iQ.Suite: At least one iQ.Suite server must be installed after the WebClient installation. Refer to System requirements.
The section Setting up a multi-tenant environment describes when the WebClient and iQ.Suite have to be installed and what must be observed. Furthermore, you will find information about the required SQL databases.
Additionally, the following requirements apply:
One of the following directory services must be used: Active Directory Azure Active Directory The used Port must be released on the WebClient server and on all connected iQ.Suite servers in the firewall. If required, the default port '8008’ can be changed in the WebClient when creating an iQ.Suite server.
52 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Unavailable features in the multi-tenant solution
Basically, the multi-tenant solution does not allow to configure external programs and command line calls.
In detail, the following features/functionalities are not available in the multi-tenant solution:
General functionalities The Quarantine user access is only possible by web link (WebClient), not by email. The action 'Start external program’ is not available in all jobs
iQ.Suite Bridge Quarantines Bridge Connector PST Journaling
iQ.Suite Convert Command Line Job
iQ.Suite Crypt Crypt is only available in connection with iQ.Suite KeyManager. No local cache (e.g. Windows certificate store) can be used. If PGP ist used, only the 'PGP synchronized with KeyManager’ Engine can be used.
iQ.Suite Wall Advanced Action: The Options tab doesn't exist since no external programs can be called. CORE (Content Recognition Engine)
iQ.Suite Watchdog Uploading Non-Portable-Executable files (e.g. MS Office, HTML, JavaScript, VBScript, PDF) into the Avira Protection Cloud is not possible.
Information Store scans
53 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Licenses
The iQ.Suite servers and tenants need different licenses. The iQ.Suite servers may use the same server license (license for a domain), but each tenant needs its own license. All modules which the tenant want to use must be available in the server license and in the tenant license.
The server license will be automatically active on the iQ.Suite server as soon as it is uploaded to the WebClient server.
The iQ.Suite server checks in regular intervals whether a license exists for the known tenant on the WebClient server. If yes, the license is automatically downloaded to the iQ.Suite server.
Note: When requesting a tenant license, please note that the assigned domains needed to create the license are case-sensitive. The license file contains the assigned domains as TenantID.
54 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Important definitions
This chapter contains the definitions of terms which are used in the context of the multi- tenant solution and need to be explained.
Administrator users
An administrator user is a person which exists in the Active Directory or Azure Active Directory in the directory of the administrator users and has access to the WebClient administration interface. Her permissions in iQ.Suite WebClient determines the nature and extent of her access.
Tenant users
A tenant user is a person which exists in the directory of the tenant users within the Active Directory or Azure Active Directory and has access to the WebClient tenant interface. Her permissions in iQ.Suite WebClient determine the nature and extent of her access. A tenant user with appropriate permissions can edit the tenant configuration.
Tenant
A tenant in iQ.Suite corresponds to one or more unique email domains for which a defined job chain is to be executed.
In addition to the tenant-specific configuration, the administration user can define defaults for tenants via the Master Configuration.
Administration configuration
The administration configuration contains all configurations which an administrator user can make in iQ.Suite WebClient. The tenant configuration, server configuration and master configuration are not part of the administration configuration.
Master configuration
The master configuration is used to define global defaults for all tenants which are assigned to this master configuration. The administrator user can, for example, predefine Jobs, Engines and Trailers to be used by tenants.
The master configuration is done by the administrator user in the WebClient component Tenant Administration and in the iQ.Suite Master Management Console. Refer to iQ.Suite Management Consoles.
Server configuration
55 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
A server configuration contains server-specific settings of an iQ.Suite server which can be used by several tenants.
The server configuration can be edited in the WebClient component Tenant Administration and in the iQ.Suite Server Management Console, usually by administrator users. Refer to iQ.Suite Management Consoles.
The server configuration is not only saved in the multi-tenant database. After its deployment via iQ.Suite WebClient, it is additionally available as a file on the corresponding iQ.Suite server (ConfigData.xml).
Tenant configuration
The tenant configuration corresponds to the job chain to be executed for a specific tenant and to the components depending on this job chain (Quarantines, Engines, Trailers etc.). It contains the settings made by the tenant users. However, the Master Configuration can overwrite settings of the tenant configuration.
Note: The iQ.Suite server loads the tenant configuration from the tenant database in regular time intervals. It may take up to 10 minutes for the changes in the configuration, in the license file and, if applicable, in the associated LDIF file to become active on the iQ.Suite server.
The tenant configuration is made in the WebClient components released for the tenant and in the iQ.Suite Tenant Management Console. Refer to iQ.Suite Management Consoles.
56 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Setting up a multi-tenant environment
General procedure
Note: We recommend to install the SQL database server, the WebClient server and the iQ.Suite server on different computers.
To set up a multi-tenant environment, proceed as follows:
1. On your SQL database server, create the required SQL databases: A multi-tenant database:
All data of the Administration Configuration is saved in this SQL database, e.g. tenant, server and master configurations, statistics of all tenants etc.
A database for each tenant (tenant database):
All tenant-specific data is saved in the SQL database of the tenant, e.g. quarantines, configuration, user lists, password entries, statistics of the tenant etc.
Refer to Creating a Database Connection to a SQL Database server.
1. Run the setup of iQ.Suite WebClient to install the WebClient server. Refer to Setup.
Since the setup is carried out by the administrator user, the following settings in the installation wizard are to be made for this user:
Directory service: Directory of the administrator user (administration directory) SQL database: Multi-tenant database Administrative access: User from the administration directoryRegarding the iQ.Suite connection settings for iQ.Suite WebClient, specify any values since these settings are not relevant in multi-tenant environments.
Administrator users require the WebClient to create tenants as well as server and master configurations for these tenants (WebClient component Tenant Administration). Tenant users require the WebClient to access the other WebClient components like e.g. Configuration, Quarantines and Clerk.
3. In the multi-tenant database and in all tenant databases, create the required SQL tables by running the SQL scripts supplied with iQ.Suite WebClient on each database. These scripts are available in the WebClient Support directory:
Default: C:\Program Files\GBS\iQ.Suite WebClient\webapp\support\Scripts 57 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
To run the scripts, you can use one of the following possibilities:
Manually run the scripts within the database:
Example for MS SQL: Open each SQL file and copy the content of this file to the Query window of the SQL Server Enterprise Manager: SQL Server Enterprise Manager > Tools > SQL Query Analyzer. Then, run the command (query) by selecting Execute Query (F5) and grant appropriate access rights to a user.
Use the GBS tool:
Use the GBS tool De.Group.Msx.Tools.AdminConsole.exe under
For MS SQL:
De.Group.Msx.Tools.AdminConsole.exe -tool "CreateTable" -svr "
De.Group.Msx.Tools.AdminConsole.exe -tool "CreateTable" -svr "
3. Open the dynamic_config.xml of the WebClient:
Default: C:\ProgramData\GBS\iQ.Suite WebClient\dynamic_config.xml Set the WebClient to the multi-tenant mode. For this, open the XML file and change the MultiTenant value from 'false’ to 'true’ under the "General" module:
4. Now, you can log in to the WebClient user interface as administrator user. First, enter your email address and then click Next to enter your password:
58 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
On the Welcome page, you should see the WebClient component Tenant Administration.
5. To install an iQ.Suite server, run the iQ.Suite setup:
Run the iQ.Suite setup on all servers which are to be used in the WebClient as multi-tenant servers. Refer to Setup.
Required features
On your workstation, select the sub-feature "Master" under the Support for Multi- Tenancy feature:
Master: The iQ.Suite Master Management Console (for the master configuration) and the iQ.Suite Server Management Console (for the server configuration) will be installed together with iQ.Suite.
Tenant: The iQ.Suite Tenant Management Console for tenant-specific configurations will be installed together with iQ.Suite. This sub-feature is essentially intended for tenant users.
Refer to iQ.Suite Management Consoles.
Since iQ.Suite WebClient and iQ.Suite must access the SQL database server, select
59 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
in the iQ.Suite setup the SQL Server Support feature. Also refer to Creating a Database Connection to a SQL Database server.
If you use Azure Active Directory, you have to additionally install the LDIF Generator for Microsoft Azure feature on any iQ.Suite server. Refer to iQ.Suite LDIF Generator Service.
iQ.Suite PowerShell Provider is not a selectable feature. It will be automatically installed during the iQ.Suite installation if you do not select only the 'iQ.Suite Management Console' feature. PowerShell Provider should be installed on each iQ.Suite server to simplify the registration of the server in the multi-tenant environment.
3. After successful iQ.Suite installation, the iQ.Suite server must be communicated to the administration configuration and set to the multi-tenant mode. For this, run on each iQ.Suite server the iQ.Suite PowerShell as administrator: iQ.Suite PowerShell > right-click > Run as administrator. In the PowerShell, open a session via the Open-iQSession CmdLet and enter the following commands:
$s = New-iQMTServer -DisplayName "
Register-iQMTServer -Server $s -Force Herewith, the server will be automatically provisioned and the created server configuration is displayed in the Tenant Administration WebClient component.
For further information on the Open-iQSession CmdLet, please refer to the separate document concerning iQ.Suite PowerShell (techDoc). Download on www.gbs.com.
iQ.Suite LDIF Generator Service
This section is relevant only if you are using Azure Active Directory.
The iQ.Suite LDIF Generator Service is a Windows service which exports LDIF from Azure Active Directories and import it into the tenant databases.
General information
The iQ.Suite LDIF Generator Service gets the login information of the Azure Active Directory (AAD) for each tenant from iQ.Suite WebClient. Therefore, the server on which the LDIF Generator Service runs should be able to reach the WebClient. The LDIF Generator Service accesses the tenant AAD via the Azure App which is used by the WebClient as well. Therefore, this Azure App must be correctly set up for each tenant. For further information on setting up the Azure App, please refer to the separate document (techDoc: iQ.Suite Azure Edition Guide). Download on www.gbs.com. After the successful LDIF export of an Azure tenant by the LDIF Generator Service, the LDIF is automatically uploaded to the WebClient tenant database via the WebClient. With every change, the iQ.Suite Service automatically loads this LDIF file from the 60 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
WebClient tenant database.
Steps for using the iQ.Suite LDIF Generator Service
To be able to use the iQ.Suite LDIF Generator Service, proceed as follows:
1. In a multi-tenant environment, the iQ.Suite LDIF Generator Service exports the LDIF files for all tenants. That's why this Service should run on only one of the iQ.Suite servers. On all other servers, this Service should not be installed or disabled.
To install the iQ.Suite LDIF Generator Service, select in the iQ.Suite setup the LDIF Generator for Microsoft Azure feature.
2. Create in the iQ.Suite WebClient component Roles & Rights a role for the service mentioned above, e.g. the "LDIF Generator” role. 3. Assign a user from your directory of administrator users to this role and enable the Get directory information permission. 4. In the configuration file of the LDIF generator LdifGenCfg.xml (path:
URL to the WebClient user interface
User Principal Name (UPN) of the administrator user mentioned above
Password of the administrator user
Using iQ.Suite WebClient will be enabled.
Adjusting the LDIF Generator per tenant
If you want to adjust the LDIF Generator per tenant, set in the Global Configuration LdifGenCfg.xml the UseCustomProperties property to 'true':
Creating a custom configuration per tenant
You can create a custom configuration for each tenant. This configuration must have the name of the Azure tenant ID. This ID has been declared in WebClient at the tenant:
Example: tenant02.onmicrosoft.com.xml
As a template, use the LdifGenCfgCustom_tpl.xml.
The
NoSyncMailboxProps NoSyncUserProps NoExportDynGroups NoMailEnabledContactsLimit: With 'true', no contacts without email address will be exported.
NoMailEnabledUsersLimit: With 'true', no users without email address will be exported.
Example: If you don't use Microsoft 365, set NoExportDynGroups=true.
In case of problems
In case of problems with setting up the LDIF Generator, it can be helpful to manually do a test export of an LDIF file. For this, you can use the following program:
De.Group.Msx.Backend.LdifGenerator.ConsoleApp.exe -tool single - AzureTenantId azureTenantID -AzureClientId azureClientID - AzureClientSecretKey secretkey -Filename "path and name of file" [- customCFG "path and name of file"]
Multi-tenant environment within a Windows domain
In this section, you will find an example on how to set up a multi-tenant environment in which the tenant users/groups and the administrator users (users with administrative tasks) are in the same Windows domain.
Using OUs to separate tenant users/administrator users
To separate tenants from each other and also the administrator users/groups from the tenants, an OU (Organizational Unit) is used. In our example, the following OUs are created:
OU "MasterAdmins": Under this OU, all administrator users/groups are created. OU "Tenant1": Under this OU, all users/groups of the Tenant1 tenant are created. OU "Tenant2": Under this OU, all users/groups of the Tenant2 tenant are created.
If required, further tenants can be created like described above.
62 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Particularities regarding the WebClient installation
iQ.Suite WebClient must be installed in the context of the administrator user. Refer to Setting up a multi-tenant environment, step 2. For the administrative access, the MasterAdminGroup from the OU "MasterAdmins" is specified in our example:
63 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
After the WebClient installation, open the dynamic_configuration.xml and specify in the Directory section the OU of the administrator users/groups (ADRootUser and ADRootGroup):
The value corresponds to the AD property distinguishedName of the OU:
Particularities regarding the creation of tenants
To create a tenant, click iQ.Suite WebClient > Tenant Administration > Tenants > Plus.
Each tenant should have its own email domain. This domain is used by iQ.Suite to identify which emails are assigned to which tenant. These are the so called Assigned domains, which must be unique for each tenant, i.e. no overlaps between tenants are 64 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
allowed. This domain is usually also the Login domain of each user within the tenant (case 1). This is however not the case if tenant users/groups and administrator users are in the same Windows domain (case 2).
Example for case 2:
Email domain of the tenant "Tenant1": tenant1.multitenant.com Login domain: multitenant.com
1. For case 2, enable the Use assigned domains for login option in the Basic Settings:
2. Click Next and make the settings for the Database Connection. 3. Click Next and select in the Directory Settings tab the 'Active Directory' option. 4. In the Active Directory Root field, specify the tenant OU which corresponds to the distinguishedName AD property of the OU, like the administration OU specified in the dynamic_configuration.xml.
65 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
5. If you create several tenants with the same login domain, set in the
66 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Tenant Administration in iQ.Suite WebClient
The WebClient component Tenant Administration is intended for administrator users. This component is displayed only after a multi-tenant environment was set up and after an administrator user successfully logged in to the WebClient:
Tenants: Here, you can create/delete or change new tenants. Refer to Tenant. Master: Here, you can create/delete or change master configurations. Refer to Master Configuration. Server: Here, you can create/delete or change iQ.Suite servers. Refer to Server Configuration.
A tenant must be assigned to exactly one master configuration and at least one iQ.Suite server. Several tenants can be assigned to a single server.
Important: We recommend to NOT change the master configuration for an already provisioned tenant. This could cause conflicts. All referenced elements of the master configuration used so far would have to be manually removed from the master configuration via the iQ.Suite Master Management Console. This would be e.g. the case if a tenant user would have created a job which would use a quarantine coming from the master configuration.
67 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
iQ.Suite Management Consoles
General
Only parts of the master configuration, server configuration und tenant configuration can be edited via iQ.Suite WebClient. Some parts can only be edited in the corresponding iQ.Suite Management Consoles (snap-ins):
iQ.Suite Master Management Console iQ.Suite Server Management Console iQ.Suite Tenant Management Console
In the management consoles mentioned above, the iQ.Suite Monitor area is not available. Access to this area in the multi-tenant solution is only possible via iQ.Suite WebClient.
Note: In the following sections, each iQ.Suite Management Console is described individually. The setting options which are described for the single-tenant solution are not documented again in this chapter. Furthermore, some setting options are not available in the management consoles listed above since either they don't make sense in the multi- tenant case or they are currently not implemented.
Editing configurations in the Management Consoles
To be able to edit a configuration on a workstation in the appropriate console, this configuration must be first downloaded from the WebClient server and then be loaded with the console.
The edited configuration must be uploaded again to the WebClient server. Downloading and uploading are done via the WebClient under Configuration > General > Configuration. As an administrator user, go to this area by clicking on the Switch to action on the respective object.
68 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Before downloading the configuration, you should lock the configuration to prevent it from being edited by other users. Before uploading a configuration to the WebClient, the configuration must be locked.
For uploading the file, either drag and drop the file to the area intended for this or click on Select file. After a successful upload, the configuration can be unlocked with Unlock.
To load the configuration with the console, start the console and select the appropriate configuration file from the file system:
Master configuration: ConfigData-mc-
Then, click Open to open the configuration in the console.
iQ.Suite Master Management Console
The iQ.Suite Master Management Console (shortly named iQ.Suite Master Console) is locally installed by the administrator user and is used to edit the master configuration.
69 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
For information on the configuration settings in this console, please refer to the complete iQ.Suite administration manual.
Important: If you don't want the server name to be displayed in the notifications, manually remove the [VAR]Server[/VAR] variable from the concerned notification templates.
Under Policy Configuration, you can configure default jobs for tenants:
Jobs before: The jobs configured here are executed before the tenant-specific job chain. Jobs after: The jobs configured here are executed after the tenant-specific job chain.
The default jobs are displayed in the iQ.Suite Management Tenant Console, but cannot be edited there.
To simplify the configuration of iQ.Suite jobs, Sample Jobs are available for a lot of use cases. These sample jobs are templates that you can drag and drop to the Jobs before or Jobs after area and then modify them to suit your requirements.
If no sample job exists for your use case, you can manually create the required job: Jobs before / Jobs after > Right-click > New > 'JobType'.
iQ.Suite Server Management Console
The iQ.Suite Server Management Console (shortly named iQ.Suite Server Console) is used by the administrator user to configure iQ.Suite servers which can be used by multiple tenants. 70 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
For information on the configuration settings in this console, please refer to the complete iQ.Suite administration manual.
iQ.Suite Tenant Management Console
The iQ.Suite Tenant Management Console (shortly named iQ.Suite Tenant Console) is used by the tenant user to edit the tenant configuration and to view the defaults coming from the master configuration.
To install the iQ.Suite Tenant Management Console, select in the iQ.Suite setup the Tenant feature. No other features are required. Refer to Setup.
For information on the configuration settings in this console, please refer to the complete iQ.Suite administration manual.
Under Policy Configuration, you can configure jobs for your tenant. For this, drag and 71 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
drop the desired Sample Jobs to the Mail Transport Jobs area or create new jobs under Mail Transport Jobs.
The navigation items Jobs before and Jobs after show the default jobs which are configured in the master configuration for your tenant.
72 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Getting Started
Themen:
Technical description User interface iQ.Suite Basics Standard tabs of Mail Transport Jobs Standard tabs of Information Store Jobs Standard tab 'Jobs' Job types
73 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Technical description
The technical foundation of the iQ.Suite is referred to as iQ.Suite architecture and consists of the following main components:
iQ.Suite Management Console
Graphical user interface that is used to configure iQ.Suite. Refer to iQ.Suite Management Console.
iQ.Suite server
Includes functions and processes related to the server. Refer to The iQ.Suite Server.
iQ.Suite configuration
Refers to the iQ.Suite tree structure used by the iQ.Suite server for processing. The main component of the iQ.Suite configuration is the config.xml file. Refer to iQ.Suite Configuration.
iQ.Suite Management Console
The iQ.Suite Management Console is the graphical user interface used to manage and configure the iQ.Suite. It is a so-called "Snap-In" for the MMC. The iQ.Suite Management Console can be used to manage individual servers (Exchange/SMTP) with iQ.Suite installed as well as entire "iQ.Suite server farms". This simplifies daily administration tasks, in particular in a multi-server environment.
With the iQ.Suite Management Console, the administrator has access to all configuration information needed and to iQ.Suite Monitor of the iQ.Suite servers (quarantine, status information, etc.).
The following access methods are used for configuring the system and for accessing the quarantine:
1. Standard Windows file access
Windows file access is used for accessing the iQ.Suite configuration file, for instance to change security settings.
2. SOAP and SSL
iQ.Suite Monitor is accessed through SOAP and SSL using a permanently assigned communication port. For further information on iQ.Suite Monitor, refer to iQ.Suite Monitor.
The iQ.Suite Management Console supports two operating modes.
74 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Local administration
In this mode, the iQ.Suite Management Console is run directly on the server (Exchange/SMTP) where all iQ.Suite components are installed. This mode is suited for smaller systems and for managing the server locally.
Remote administration
In this case, the iQ.Suite Management Console is not installed on the server (Exchange/SMTP), but on a client.
The iQ.Suite Management Console supports the following client operating systems:
Windows 7 as of SP1 (64-bit) Windows 8 (64-bit) Windows 10 (64-bit) Windows Server 2012 (64 Bit) Windows Server 2012 R2 (64-bit) Windows Server 2016 Windows Server 2019
Remote administration is suited for central administration in multi-server environments, with the iQ.Suite Management Console accessing one or more servers (Exchange/SMTP) to configure and administrate the iQ.Suite.
The iQ.Suite Server
The term 'iQ.Suite server’ refers to the iQ.Suite functions and processes that are exclusively run on the server (Exchange/SMTP).
The iQ.Suite server consists of several elements described in the following sections.
iQ.Suite Grabber
'iQ.Suite Grabber’ is a component that ensures that all emails, schedule queries, etc. sent, received or routed by the server (Exchange/SMTP) are intercepted (grabbed) and processed.
iQ.Suite SMTP Transport Grabber: The Transport Grabber monitors the Windows SMTP transport flow. It grabs emails while they are being transported and provides them to the iQ.Suite for processing.
As a registered event sink, the Transport Grabber monitors the email traffic. Relevant emails are intercepted and forwarded to the so-called iQ.Suite Service. The email is detained until processing by the iQ.Suite Service and the server has been successfully completed. Once processed, the emails are returned to the transport flow.
EWS: refer to Configuring access to the Information Store via EWS. iQ.Suite Exchange Transport Agent: Microsoft Exchange Server is supplied with its own SMTP 75 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
transport protocol, with the role of the Transport Grabber played by the so- called Transport Agent. This agent monitors the Exchange SMTP transport flow. It grabs emails while they are being transported and provides them to the iQ.Suite for processing. EWS: refer to Configuring access to the Information Store via EWS.
iQ.Suite Services
The iQ.Suite Services consist of the following Windows services:
iQ.Suite Service
The iQ.Suite Service (iQ.Suite working service) is started on a permanent basis that takes care of and executes all processing requests of the iQ.Suite grabbers.
The iQ.Suite Service has access to all information required:
the configured iQ.Suite jobs the installed iQ.Suite license the Active Directory or the LDIF file iQ.Suite Quarantine
Using this information, the service scans emails for viruses and spam, quarantines them or adds legal disclaimers. When processing is complete, the iQ.Suite Service returns the emails to the transport flow.
iQ.Suite Information Store Access Service
This service is used to access the Exchange Information Store. This access is required for the following actions:
Scan items for viruses in the Information Store. Refer to Virus scanning in the Information Store.
Update sent items in sender mailboxes. Refer to Other Action: Update sent items and the Job CopyToMailbox: Update sent items in the sender's mailbox.
Display and synchronize Clerk absences in Outlook. Refer to Display and synchronize Clerk absences in Outlook.
Before starting this Service, make sure that the iQ.Suite Service is started.
iQ.Suite Data Collector Service
In an environment with several iQ.Suite servers which use the same iQ.Suite configuration (and therefore also the same quarantines), the 'iQ.Suite Data Collector Service’ collects the quarantine index data from all involved iQ.Suite servers according to a configurable time interval (Update interval) and write this data to a SQL database. Afterwards, the quarantine data can be retrieved from the iQ.Suite WebClient. Before each collecting operation, the old index entries are removed from the SQL database.
Prerequisites for unrestricted data collection:
76 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
The Collector Service is enabled on the iQ.Suite server which is configured for the data collection. By default, the Collector Service is enabled on all iQ.Suite servers. Global password and Web Access must be configured at the iQ.Suite domain. Refer to Global password and Configuring web access to the Quarantines.
The Data Collector Service is a feature which is selected by default in the iQ.Suite setup dialog. Therefore, it will be automatically installed during iQ.Suite installation, unless you have deselected it.
iQ.Suite Control Service
The 'iQ.Suite Control Service’ is responsible for starting the other iQ.Suite services and then controls and monitors their performances. If one of the iQ.Suite services is temporarily stopped (not disabled), it is automatically restarted by the iQ.Suite Control Service after a few seconds.
Please note that the behavior depends on which service is stopped:
If the iQ.Suite Control Service is manually stopped, all other iQ.Suite services are stopped as well and the iQ.Suite is disabled. If the iQ.Suite Service is manually stopped and disabled, it is not automatically restarted by the iQ.Suite Control Service. The working service needs to be restarted manually. All emails arriving on the mail server during that time are detained (InQ) until the working service has been restarted. If the iQ.Suite Information Store Access Service is manually stopped and disabled, it is not automatically restarted by the iQ.Suite Control Service. The actions mentioned under iQ.Suite Information Store Access Service can only be executed if this Service is started (if required, manually). If the iQ.Suite Data Collector Service is manually stopped and disabled, the Collector Service is not automatically restarted by the iQ.Suite Control Service. The quarantine data are not collected until the Collector Service is manually restarted.
iQ.Suite Quarantine
The iQ.Suite Quarantine is a separate iQ.Suite area used to store unwanted emails. Virus- infected emails, spam or other unsolicited emails are intercepted on the server and moved to the iQ.Suite Quarantine, in order to prevent them from being delivered to the recipients.
Once installed, each iQ.Suite server provides a number of quarantines. Further quarantines can be created by the administrator.
The iQ.Suite Quarantine consists of the following:
Quarantine directory in the file system: ...\GrpData\Quarantine\... Emails copied to the quarantine Quarantine database (index database: LocIdxDB.mdb)
For each email quarantined, iQ.Suite automatically creates an entry in the quarantine database. This database is a Microsoft Jet database file that contains the following data:
Email subject Date and time 77 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Email sender Email recipient Email sender (SMTP) Email recipient (SMTP) Short description of the applicable restriction Email size Name of the iQ.Suite job that quarantined the email Name of the iQ.Suite server Name of the email file Processing history
Note: Exception: In a privacy quarantine, you can configure that information like the subject line, the names of the attachments and/or the sender addresses or recipient addresses are not stored in the quarantine.
When an iQ.Suite Quarantine is displayed using the iQ.Suite Management Console, the information from the quarantine database is shown first. When a quarantine entry is opened, further Information is read from the email file.
For communicating with the quarantine, iQ.Suite uses SOAP (Simple Object Access Protocol) and SSL (Secure Socket Layer). This applies both to "local" access directly on the server and to access from remote Windows workstations.
By default, port 8008 is used for communication. You can change this port in the iQ.Suite Management Console (iQ.Suite Servers node), but you must then also make this change in all other iQ.Suite administration consoles that access the server. All computers must use the same port. SSL is used to encrypt the SOAP communications channel. All of the required components are included in the installation package.
Only authorized persons have access to the iQ.Suite quarantines via the network. Refer to Setting access permission to iQ.Suite Servers and Quarantines.
For successful access, the following requirements must be met:
The iQ.Suite Service is running. The communication port (default: 8008) is available. The computer name can be resolved and accessed through TCP/IP.
Depending on the iQ.Suite configuration, internal users can access their quarantined emails to perform certain actions.
User access to Quarantine
Blocked emails are quarantined and prevented from delivery to the internal recipients. Depending on the iQ.Suite configuration, internal users are able to access their quarantined emails to proceed certain actions.
Especially for spam filtering with iQ.Suite Wall, user access on the quarantine is a reasonable supplement for the spam quarantine administration. With the iQ.Suite, users can access their quarantined emails themselves. Therefore, it helps to reduce the 78 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
administrator’s workload by allowing users to forward quarantined emails to their inboxes.
The internal users are informed on quarantined emails by a quarantine summary notification. This summary notification contains links for executing certain actions, e.g.:
Request Delivery of the quarantined email to the recipient of the summary notification. This action is not available for privacy quarantines. Release Delivery of the quarantined email to all recipients of the original email. This action is not available for privacy quarantines. Remove Deletion of the quarantined email.
User access can be configured in the iQ.Servers Properties. Refer to User access to iQ.Suite items.
Also refer to Configuring a Global Quarantine summary notification.
Active Directory / LDIF
The iQ.Suite does not make any changes or additions to the Active Directory (AD). However, iQ.Suite does read various information from the Active Directory.
When started, the iQ.Suite Service determines the available Global Catalog server, which is used, for instance, for resolving addresses in distribution lists during email processing.
The iQ.Suite Management Console uses the Active Directory to select sender/recipient conditions.
With iQ.Suite Trailer, sender information can be incorporated in outgoing emails, with iQ.Suite looking for the required details in the Active Directory.
If no Active Directory is available, for instance because the corresponding ports are not open, an LDIF file can be used. Using the LDIF file can be enabled during the installation ('LDIF Support’ mode). This file can be created, for instance, by means of an LDAP export from an Active Directory.
iQ.Suite Unpackers for archives and PDF files
Files are often compressed before being sent by email. In order to extract the files which are contained in archives and PDFs, iQ.Suite uses unpackers, which are automatically installed during iQ.Suite installation.
Internal unpacker: This unpacker is used in all iQ.Suite Jobs except the iQ.Suite Decompression Job in order to extract files for analysis. The extracted files can then be checked, for example, for viruses or other harmful contents.
Attachments in PDF files are unpacked as well if the corresponding option under iQ.Suite Servers Properties is enabled.
For the decompression with the internal unpacker, the settings under iQ.Suite Servers > Properties > General apply. Refer to Compressed files and iQ.Suite Monitor.
This unpacker supports multiple archive formats. Some examples:
79 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
ACE ACE SFX ARJ BINHEX (Mac)
BZIP2 CAB GZIP Java Archive (.jar)
LZH (LH ARC) MacBinary MSCOMPRESS RAR
RPM Self-extracting ARJ Self-extracting CAB Self- extracting LZH/LHA
Self-extracting RAR Self-extracting ZIP TAR TGZ (Tape Archiv)
UUE (Executable ZIP ZOO 7-Zip compressed ASCII archive)
In the following note, the term "archives” is also used to designate "PDF files with attachments”:
Note: Archives can themselves contain further archives. By default, such recursively compressed files are extracted to a recursion depth of '5’. All archives exceeding this recursion depth are moved to the Badmail quarantine. The standard upper limit for an email including unpacked files is 500 MB. Such a limit is particularly important to handle so-called "ZIP of Death" attacks. The recursion depth and the space restriction can be changed under iQ.Suite Servers > Properties > 'General' tab.
Unpacker used by the iQ.Suite Decompression Job: In case the Decompression Job is used, the processed email contains all extracted files as individual attachments. This way, the end user is not charged with different archive formats. The archives are removed from the email after the extraction.
Attachments in PDF files are unpacked as well if the corresponding option in the Options tab of the Decompression Job is enabled.
For the decompression by using this job, the settings in the job's Options tab apply. Refer to Sample Job: Extract attachments from archives and PDFs (Decompression).
Network Service
For a proper operation under Exchange, the system account 'Network Service’ must have access rights (Read and Write) on the following directories:
80 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
iQ.Suite/Log iQ.Suite/GRPData/InQ iQ.Suite/GRPData/OutQ Normally, these access rights are correctly pre-set by default during iQ.Suite setup.
If you use different directories in your iQ.Suite configuration, please make sure that the following rights are set:
Full-access Change Read, Process Listing directory content Read Write
Email processing sequence
1. An incoming or outgoing email follows the transport flow and arrives on the mail server. 2. iQ.Suite monitors the transport flow (SMTP Transport) at position x and temporarily removes the email from the delivery process. The designations of SMTP Transport and Transport Grabber depend on the system used:
Exchange Server SMTP Server
SMTP Microsoft Exchange Simple Mail Transfer Transport Transport Service Protocol Service
Transport Transport Agent Transport Grabber
81 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Grabber
3. The iQ.Suite Service fetches the email and checks the iQ.Suite configuration to determine whether or not the email needs to be processed by iQ.Suite. 4. The emails to be checked are processed according to their job priority set in the iQ.Suite configuration. When processing is complete, the iQ.Suite Service releases the email and performs any configured changes to the email, as required. 5. The email is returned to the transport flow. 6. The email transport is resumed and the email is delivered to the recipient.
iQ.Suite Configuration
All information required to run iQ.Suite is saved in the iQ.Suite configuration file, as ConfigData.xml.
The structure of the ConfigData.xml file is similar to that of a database: various entries exist for each configuration area. If you have a problem with the configuration, you can simply send the ConfigData.xml file to the GBS Support Team for assistance. This file (and other files) can also be collected by the Support Collector. Refer to The Support Collector.
The configuration settings are needed by both the iQ.Suite server and the iQ.Suite Management Console. The iQ.Suite server needs them, for instance, to be informed of the iQ.Suite jobs to be carried out. To make changes to the configuration with the iQ.Suite Management Console, the console must be able to access the ConfigData.xml file.
Usually, the iQ.Suite configuration is saved in a local directory. In multi-server environments, you can set up a synchronization of the local configuration. Refer to Synchronizing Configuration, License and LDIF in a multi-server environment.
The iQ.Suite configuration used by the iQ.Suite Management Console or the iQ.Suite server is specified through an entry in the Windows Registry. The path to the configuration file can be entered in the format C:\...\ConfigData.xml. If the iQ.Suite configuration file specified is not available, iQ.Suite uses the "last known good" configuration, which is logged in the Windows Event Viewer.
The last known good configuration is saved locally for each server and is updated whenever the iQ.Suite configuration is changed and access from the iQ.Suite configuration file to the last known good configuration is possible.
Note: As far as an existing iQ.Suite configuration is imported, please note that certain permissions have to be set on some directories. Refer to Network Service.
Tip: To open a non-standard configuration with the Management Console, you must specify the file with a special parameter. Run the iQ.Suite.msc file with the parameter config and the desired configuration file, e.g.: "C:\Program Files\GBS\iQ.Suite\iQ.Suite.msc" config "C:\OtherDirectory\Subdirectory\ConfigData.xml"
The Support Collector
To give you the best possible support in case of errors, the GBS Support may require the
82 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
information collected by the Support Collector. To start the Support Collector, use one of the following ways:
A) Start > Programs > GBS > iQ.Suite > Support Collector B) iQ.Suite > Basis Configuration > right-click > All Tasks > Start SupportCollector
The following information is collected:
Configuration file Log files License files Microsoft Event Viewer Log Registry entries Minidump files System information (RAM / HDD) Installed applications Environment variables File system report: Contains information on executable iQ.Suite files and MDB files.
This information is returned in one ZIP file:
By default, the ZIP file Backup_TT.MM.JJJJ_HH-MM-SS.zip is saved in the following path: C:\Programs\GBS\iQ.Suite\Support\
If the Support directory doesn't exist, the ZIP file is saved in the following path: C:\Programs\GBS\iQ.Suite\Bin
83 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
User interface
The iQ.Suite Management Console is divided into three areas (UI image is from iQ.Suite 16.2):
Menu and toolbar Configuration area for global, cross-module functions such as saving, updating, etc.
Navigation area Multi-level menu for the configuration and administration of iQ.Suite.
Display area Displays the iQ.Suite contents.
The context-sensitive Online Help is available in each dialog/window by clicking or selecting Operation > Show Help File from the menu.
Toolbar Icons
Up one level Unlock iQ.Suite configuration (ConfigData.xml)
84 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Delete object Move down one position
Properties of the Move up one selected item position
Update view Activate job
Export list Deactivate job
Help New item
Save Enable filter in quarantine/Badmail
Lock iQ.Suite Disable filter in configuration quarantine/Badmail (ConfigData.xml)
Important: If you are using iQ.Suite WebClient:
Before making configuration changes in iQ.Suite, use the icon to lock the iQ.Suite configuration (ConfigData.xml). When configuration changes are made in WebClient (e.g. in Trailer documents), only restarting the iQ.Suite administration console will update the ConfigData.xml. Without locking you might risk data collisions.
Use the icon to unlock the iQ.Suite configuration.
Navigation Icons
he meaning of most icons in the navigation can be deduced from the context or the names besides the icons. At different places in this manual, more details on some icons are given if required. Please contact the GBS Support if you miss any information.
85 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
iQ.Suite Basics
iQ.Suite Jobs (Policy Configuration)
The iQ.Suite jobs are the primary instrument used to configure the iQ.Suite. Each iQ.Suite job performs a module-specific action such as scanning an email for viruses (iQ.Suite Watchdog), scanning for spam (iQ.Suite Wall), encrypting (iQ.Suite Crypt), etc.
Typically, companies use corporate policies to set how emails are to be handled. These policies can be implemented through iQ.Suite jobs. All configured iQ.Suite jobs are grouped in the iQ.Suite Management Console under Policy Configuration.
Example of a Corporate Policy
The company-x wants to prevent spam from being delivered to the recipients. In addition, the recipients are to be informed that an email addressed to them has been classified as spam, so that they can decide for themselves whether this email is to be deleted or delivered.
To implement this company policy, use a Wall Spam Filtering job. The job ensures that an email classified as spam is moved to the iQ.Suite Quarantine area and not delivered to the recipient. The quarantine settings make sure that the recipient is informed of his/her quarantined email through a summary notification.
Mail Transport Jobs and Sample Jobs
Use a separate Mail Transport Job for each application scenario that you wish to implement in the email process, e.g. decryption with PGP, check for viruses, check for spam, sign with S/MIME, etc. To make the configuration of Mail Transport Jobs as easy as possible, sample jobs are provided for a wide range of applications. These examples are templates that you can drag and drop to the Mail Transport Jobs area and then modify the copies to suit your requirements.
If no appropriate sample job is available for a specific scenario, you can also create Mail Transport Jobs manually: Right-click > New.
The iQ.Suite takes into account all enabled jobs located under Mail Transport Jobs and processes them in the specified job order. Refer to Processing order of iQ.Suite Jobs.
Tip: Inactive jobs are not taken into account for processing emails. Thus, configured jobs do not have to be removed from the configuration if they are to be temporarily disabled.
Using a number of different conditions (to be defined in the job), you can set which criteria an email has to meet in order to be processed by the job.
Information Store Jobs 86 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Information Store Jobs are used for virus scanning (and cleaning) in public folders and mailboxes.
Like in Mail Transport Jobs, you can configure different actions in Information Store Jobs, e.g. in case of "Virus found/Removing not successful”.
Under Policy Configuration, you will find the Information Store Scan Configurations area. Each Information Store Job requires an Information Store Scan Configuration. You can create one Information Store Job per Scan Configuration. For this, right-click on the Scan Configuration.
For further information, refer to Virus scanning in the Information Store.
Note: Information Store Jobs can only be used in combination with the iQ.Suite Watchdog module.
Processing order of iQ.Suite Jobs
In the Mail Transport Jobs area, the order in which jobs are processed is set through the position number. The job with position number 1 is executed first, followed by the job with position number 2, etc. New jobs are placed at the end of the list.
To change the position of a job within the processing order, use the and icons in the toolbar or right-click > All Tasks > Up/Down.
To define a reasonable sequence of jobs, you have to decide which functions are to be performed first. A reasonable sequence could be, for instance:
1. Key import job, e.g. Crypt - Key import with GnuPG. 2. Decryption job for all incoming emails, e.g. Crypt - Decrypt with GnuPG. 3. Virus scanning job, e.g. Watchdog - Virus Scanning Job. Without decryption required, the virus scanning job should be the first one executed. This is to ensure that any emails quarantined by other jobs (and can therefore be delivered to the recipient after all) are not infected. For further Information on the quarantine, refer to Quarantine configuration. 4. Job to limit the number of recipients of an email, e.g. Wall - Recipient Limit Filtering Job. This would allow to prevent a server crash resulting from a mail- flooding attack. This job is best executed right after the virus scanning job. It ensures that the recipient lists are not modified by any preceding job. 5. Blocking job, e.g. to block large emails or unknown archives (Watchdog - Attachment/Size Filtering Job). The advantage of running this job early is that the affected emails are excluded from further processing and therefore do not unnecessarily use server resources. 6. Job for conversion to PDF or PDF/A (Convert - Convert Outgoing Attachments). 7. Compression job (Convert - Compress Outgoing Attachments). 8. Job to append a legal disclaimer (Trailer - Trailer Job). 9. Job to integrate an email archiving solution, e.g. with iQ.Suite Store (Bridge - Store Archiving). 10. Define further jobs as required. Use the position numbers to include them at the
87 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
appropriate position within the job chain.
An email can be processed by an iQ.Suite Job only if it matches the conditions which are defined in the job tabs Addresses and Conditions. Only if all conditions are met for an email, a job is started and its respective actions are executed, e.g. checking emails for viruses or spam, inserting a trailer, encrypting etc.
Address conditions and Address lists
Address conditions refer to email addresses. Using sender/recipient conditions, you can set that a job applies to specific users or user groups only. In addition, you can set exceptions (e.g. for departments), or perform specific actions for emails from specific employees.
In each iQ.Suite job, address conditions can be selected either directly or through an address list (Addresses tab). The advantage of address lists is that they can be reused in any number of jobs, which simplifies the job configuration and reduces administrative work.
For further Information on address lists, refer to Address lists and General tab.
Conditions
Besides address conditions, you can also set various other conditions to be taken into account by an iQ.Suite job (Conditions tab). For instance, conditions concerning email features such as specific words in the subject, the level of relevance, etc. Refer to Conditions tab.
Besides these features (which emails already have before they are processed by the iQ.Suite), iQ.Suite jobs can also react to email properties set by a previous iQ.Suite job. Refer to Actions.
With the conditions you can, for instance, create a job that quarantines and deletes all emails (without forwarding them to their recipient) that were sent from the domains *@gmx.net and *@hotmail.com, are larger than 500 KB, contain the word "Look" in the subject field and belong to the fingerprint category Sound. This use case can be performed with a Watchdog Attachment/Size Filtering job.
Actions
Once all requirements for an incoming or outgoing email are met, the email is processed by a job and the associated actions are executed, e.g. scan for viruses, attach trailer, filter spam, etc.
Besides these job actions, which are different for each job type, it is also possible to execute various other actions. These actions are set in the Actions tab, for instance sending a notification to the administrator if processing was successful, when an email is quarantined, or when it is redirected to another recipient. These actions are performed in addition to the job-specific actions.
Some job types allow to perform different actions depending on the outcome of the job. For instance, the Watchdog virus scan job provides different actions depending on whether a) a virus was detected or b) a virus was detected and removed. In the first case, the infected email is quarantined (for instance), in the latter a notification is sent to the administrator to inform him/her of the virus found. 88 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
iQ.Suite jobs can also be configured in such a way that they react to email properties set by a previous iQ.Suite job, e.g. specific headers or iQ.Suite tags. In this way, it is possible to set up dependencies between iQ.Suite jobs: An iQ.Suite job adds specific properties to the email, e.g. a defined iQ.Suite tag, and a subsequent iQ.Suite job reacts to this tag and then performs certain actions. The tags can be removed from the email again, as required. Refer to Actions tab.
Basic Configuration
The Basic Configuration contains the fundamental configuration elements for all iQ.Suite modules.
The "objects" configured in the Basic Configuration area complement a job by adding essential information to the job’s functions or defining additional actions to be executed. For instance, the following objects could be added to a virus scan job:
Virus scanner: Configuration under Utility Settings. Quarantine: Virus-infected emails are not delivered to the recipient but moved to the quarantine. Configuration under Folder Settings as Default Quarantine. Templates: A notification is sent to the administrator in case of a virus-infected email. For further information on the templates, refer to Templates.
The objects are created/stored under Basic Configuration and then used by iQ.Suite jobs. Each object can be used for any number of jobs.
Templates
In certain situations, it is possible to notify recipients, senders and/or administrators, e.g. when a job could not be executed. Depending on the job type (spam filtering, virus scanning, archiving, etc.), the iQ.Suite provides a wide range of notification templates that can be freely reused and integrated in many jobs.
Under Templates, you will find the notification templates that you can use directly or as basis for your own templates. A distinction is made between the following notification types:
Administrative notifications
You will find the notification templates for the iQ.Suite system messages under Templates > Administrative Notifications.
These notifications, mainly warning and error messages, are addressed to iQ.Suite administrators (e.g. message regarding job errors , virus scanner errors, license expiration, etc.).
You can edit the subject and messages of these notifications, but you can neither duplicate nor delete the notification templates.
The variables which can be used in Administrative Notifications are described under General variables and administrative notifications.
Notifications for Mail Transport Jobs
The notification templates are grouped by iQ.Suite module (Watchdog notifications,
89 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Crypt notifications, etc.). Use these templates to inform others about the actions executed by the job.
Example: A Watchdog virus scan job detects a virus-infected email. The administrator is to be informed of this event.
Configuration: Apply the Admin: Virus found template from the Watchdog Notifications area to the Watchdog virus scan job (Actions tab).
Notifications for Information Store Jobs
Use templates from the Information Store Notification area to inform the administrator about job actions executed by Information Store Jobs.
Example: An object in the Information Store could not be checked. The administrator is to be informed of this event.
Configuration: Apply the 'Admin: Unscannable Object’ template to the Watchdog Virus Scanning Job (Actions tab).
Collective notifications
By default, iQ.Suite servers are configured not to send a separate notification for each job event, but to collect notifications and send them as 'Collective notification’. Refer to Collective notification and definition of email addresses and internal domains.
Quarantine summary reports
Quarantine summary notifications are not integrated into specific jobs, but configured directly for the iQ.Suite server.
The quarantine summary notifications focuses on individual quarantines in order to periodically inform administrators, recipients, senders or others about the emails moved to the quarantine. Refer to Defining Quarantine summary notifications and Configuring a Global Quarantine summary notification.
User list summary reports
User lists are used to collect a user’s email addresses known to be trustworthy (whitelist) or untrustworthy (blacklist).
The Whitelist summary report is used to inform users about new entries in their user whitelist. Similarly, the Blacklist summary report is used for the user blacklist. Refer to Whitelist notification / Blacklist notification.
Quarantine notifications
These templates can be used in connection with the Review Quarantine for the four-eyes principle. Refer to Notifications.
Quarantine Configuration
The quarantine is a separate iQ.Suite area used to store unwanted or harmful emails 90 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
such as spam or virus-infected emails. Rather than delivering these emails to their recipients, they are blocked and quarantined. To relieve administrators, the recipient can be automatically informed of the fact that an email addressed to him/her has been quarantined. This is done by way of a quarantine summary notification. The recipient for himself/herself decides whether the email is to be deleted, left in quarantine or delivered to him/her after all.
Some sample jobs use multiple quarantines, in order to categorize the emails according to the spam level (Low, Medium, High). Depending on the relevance of the spam properties identified, the emails are assigned to a spam level and stored under the corresponding category, e.g. the category Anti-spam: High under iQ.Suite Monitor > Quarantine.
The quarantine is configured under Folder Settings, e.g. which jobs will use this quarantine, or how long are quarantined emails to be kept.
For further Information on setting up the quarantine, refer to Configuring Quarantines.
Utility Settings
Utilities are auxiliary components that can be integrated into iQ.Suite jobs. Which utilities can be used in which iQ.Suite job depends on the job type. For instance, Trailer documents can only be used in Trailer jobs.
Please note that the selected utility component must be enabled if it is to be used by an iQ.Suite job.
CORE Classifiers
CORE classifiers are used by iQ.Suite Wall for spam detection and content classification. A classifier for spam detection is supplied with iQ.Suite.
For further Information on CORE, refer to CORE Classification.
Fingerprints
Fingerprints are used by iQ.Suite Watchdog and iQ.Suite Convert to identify file types. A comprehensive range of fingerprints, subdivided into categories, is included with iQ.Suite. Normally, you do not have to make any changes to these fingerprints.
For further Information on configuring fingerprints, refer to Fingerprints.
Dictionaries
Here, you can create dictionaries of text strings that you want iQ.Suite Wall content and spam filtering to block. We have already created a few dictionary categories that you can customize to your needs.
For further Information on setting up dictionaries, refer to Creating Dictionaries.
Password Management
Here, you can configure password managers to be used in PDFCrypt or Convert for generating passwords in order to send emails as password-protected PDF attachments.
91 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
For further information, refer to Address Lists.
DLP
Here, you can define DLP Configurations and Analysis Criteria for the DLP Anomaly Detection.
For further information, refer to Creating a DLP Configuration and Defining analysis criteria.
Virus Scanners
iQ.Suite Watchdog uses third-party virus scanners to check for viruses. Some virus scanners are available in the iQ.Suite as integrated scanners, others have to be installed separately on the server.
For further Information on installation and configuration of the virus scanners, refer to Installation of virus scanners or Enabling virus scanners.
Bridge Connectors
iQ.Suite Bridge uses special connectors to set up a connection between the email environment and an archiving system or external application. Once configured, the connector is included in a Bridge connector job. Refer to Job types.
Archival Connectors
Store uses special connectors to set up a connection between the email environment and the archiving system. Once configured, the connector is included in a Store archiving job. Refer to Job types.
Anti-Spam Engines
The anti-spam engines are interfaces used for fighting against spam and mass-mailing. To analyze the emails, the Anti-Spam Engine checks them against known patterns of typical spam. The pattern database is located on the server where the iQ.Suite is installed. This database is automatically updated at periodical intervals which are configurable. The result of this analysis is a value that is used to calculate the spam probability.
Unlike the SASI Engine, the Kaspersky Anti-Spam Engine additionally offers a Cloud option and an Anti-Phishing filter.
The anti-spam engines are disabled after iQ.Suite installation. To be able to use an engine in the Wall Advanced Spam Filtering Job, first enable the engine and then activate the corresponding criterion (SASI or Kaspersky) in the job.
For further Information on the Engine configuration, refer to Spam filtering with Spam Analyzer.
Connect Engines
iQ.Suite Connect supports Business Collaboration platforms such as Microsoft SharePoint and HCL Connections. For every supported Business Collaboration platform, individual engines are configured and used in Connect jobs to establish a connection between the 92 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
email environment and the Collaboration platform.
For further Information on configuring a Connect engine, refer to the corresponding section under Connect Engines.
Crypt
Crypt Engines
For encryption and decryption, iQ.Suite Crypt uses the GnuPG or S/MIME programs. For each method an individual Crypt engine is available in iQ.Suite configuration. The Crypt engines are installed on the server and configured in the iQ.Suite Basic Configuration. For the synchronization with iQ.Suite KeyManager, a separate Engine type is available.
For further Information on configuring each engine, refer to the chapters under iQ.Suite Crypt.
Global Mappings
iQ.Suite Crypt encryption and decryption jobs allow to set how to handle addresses for which key IDs exist in a public key ring or a Windows certificate store. Using a mapping table, these key IDs are assigned to recipient addresses. To be able to use specific recipient addresses in several Crypt jobs without having to enter them as mapping table for each of these jobs, you can define such addresses as 'Global Mappings’.
For further Information on mapping recipient addresses to public keys, refer to Open the Mapping tab.
KeyManager Connection
iQ.Suite KeyManager is an iQ.Suite Crypt extension designed for managing S/MIME certificates. It not only allows to manage self-signed, public and personal certificates, but also those classified as trustworthy by a certificate authority such as VeriSign ("true" certificates). Manually managing and post-editing "true" certificates is no longer required, as certificate management is performed centrally.
For further information, refer to Using iQ.Suite KeyManager.
PDFCrypt
PDFCrypt enables to encrypt emails and their attachments on the server side, i.e. to convert them to a password-protected PDF file. PDFCrypt generates a new email (PDFCrypt mail) to which the PDF file is attached. Attachments of the original email are embedded in the PDF. The templates you choose determine how the PDFCrypt mail and the PDF file's header should look like (text and possibly images). The PDFCrypt mail is then sent to the recipient.
For further information, refer to iQ.Suite PDFCrypt.
Trailer
Trailers are pieces of text attached to outgoing emails, e.g. salutations, disclaimers, etc. Under Trailer, you will find a number of preconfigured Trailer documents, which you can assign to a Trailer job (Trailer tab). The templates can be reused and applied in any number of Trailer jobs.
93 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
For further information, refer to iQ.Suite Trailer.
iQ.Suite Monitor
iQ.Suite Monitor reflects the iQ.Suite operational environment and enables monitoring and statistical analysis of iQ.Suite operations for each server. More specifically, iQ.Suite Monitor offers various analysis and administration features for quarantined emails.
iQ.Suite Monitor includes views for all quarantine folders on each available server. The quarantine folders contain copies of the original emails, including attachments.
All servers set up under Basic Configuration > iQ.Suite Servers can be monitored by iQ.Suite Monitor.
94 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Standard tabs of Mail Transport Jobs
Regardless of its specific task, every Mail Transport Job features a number of standard functions that are fully integrated into the job. This chapter describes these standard functions. Subsequent job descriptions will no longer address these standard features, but only focus on the job-specific functions.
Save the iQ.Suite configuration with whenever you have made any changes. The configuration is saved to the ConfigData.xml file located under GBS\iQ.Suite\Config. Pending changes are identified through an asterisk (*) at the top node.
Tab: General
The General tab provides various configuration settings, most of which are not job- specific and can be configured for all jobs.
Example of a Crypt job for encryption with GnuPG:
Name: Assign a name to this job.
Enabled: If a job is to be executed by iQ.Suite, it needs to be enabled. Disabled jobs are marked with a X in the icon. iQ.Suite takes into account all enabled jobs and processes them in the specified job order. Refer to Processing order of iQ.Suite Jobs.
Tip: 95 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Disabled jobs are part of the configuration, but they are not executed. Thus, it is not necessary to remove a job from the configuration if you wish to (temporarily) disable the job.
Subject extension: When the job is executed, it is possible to add an entry to the subject line of the email, e.g. processing information. Normally, this configuration is set in the Actions tab under Add subject extension.
The settings in the Subject extension field only apply if the job has been processed successfully but the email does not meet the requirements for triggering a job action.
Example: A spam job is configured to check emails for unwanted contents. For non- spam emails, the text specified under Subject extension is added to the subject line. For spam emails, however, the configured job action is triggered - e.g. the email is quarantined - and the Subject extension field is ignored.
The text to be inserted can be either specified manually or defined by way of variables ( ). For a list of available variables, refer to List of notification variables.
Note: Please note that special rules apply to iQ.Suite Crypt. These rules are explained in detail along with the corresponding job description.
Options
Check emails resent from quarantine: Where required, it is possible to deliver quarantined emails to the original recipient (or another person) by resending them manually from the Quarantine: iQ.Suite Monitor > Send Object from Quarantine.
Before resending an email from the quarantine, perform a root cause analysis and reinsert the email in the job processing chain if required.
Option is enabled: The email is not reinserted into the processing chain, but forwarded to the next job, i.e. the email is not checked again.
Option is disabled: The email is reinserted at the beginning of the job processing chain, i.e. it is processed again by all jobs. Use this option, for instance, if you have been unable to determine the reason why the email was quarantined.
For further Information on sending quarantined emails, refer to Sending from Quarantine.
Ignore emails processed by iQ.Suite servers: In environments with several iQ.Suite servers which use the same iQ.Suite configuration (e.g. server X and server Y), use this option to specify whether this job (on server X) shall process the emails processed by this job on another iQ.Suite server (server Y).
Note: If processed emails are not marked, the 'Ignore emails resent from quarantine’ option has no impact. For further information, refer to Email processing in multi- server environments.
Job is mission critical: Enable this option for jobs that are so important that emails should under no circumstance be delivered to their recipients if they have not been 96 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
checked by this job, for instance when an error occurs in the virus scan job and virus protection can no longer be ensured. Emails that cannot be processed due to a job error are moved to the Badmail quarantine and retained there until checked or released by an authorized person.
Important: With this option enabled, each email processed by this job will be moved to the Badmail quarantine as long as the processing error has not been resolved.
With the Job is mission critical option disabled, the emails are ignored and skipped by this job. Instead of that, they are passed to the next job in the processing chain and processed by this job. All processing errors are recorded in the Windows Event Log. If the processing error occurs repeatedly, the job is disabled and the administrator is automatically informed by email. The disabled job is automatically restarted after 15 minutes.
Similarly, quarantines can also be set to 'mission critical’. Refer to Setting up a local Quarantine database.
Write audit files to log directory
The so-called audit files allows to monitor how the emails are processed by the job. Enable this option for test purpose or to provide evidence that, for instance, emails were encrypted.
Each job with this option enabled is recorded as separate entry. The log is stored under the iQ.Suite installation directory in the Log folder. Any recipient groups are resolved and a separate line is written to the file for every single recipient. Also take into account the configurations on the iQ.Suite server. Refer to Settings for an individual iQ.Suite Server.
Name of the text file: Audit_all_
Example: Audit_all_20100909.log
To update the file, restart the iQ.Suite services.
Besides the Job ID, a very important element is the result of the operations performed by iQ.Suite. Depending on the job type, different results are returned. The most common results are:
Restricted
The email matches the defined restrictions.
Unrestricted
The email does not match the defined restrictions.
Success
The email was successfully processed by the job. The actions configured for successful processing were executed.
Error
The email was not successfully processed by the job. The actions configured 97 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
for unsuccessful processing were executed.
Ignore
For iQ.Suite Crypt only: The email was successfully processed by the job. As configured, no actions were performed, e.g. in case of optional decryption.
Fault
The email could not be processed successfully for some of the recipients, e.g. because no valid certificate was available. In this context, 'Error’ would mean that the email could not be processed for any of the recipients.
Verbose processing log: With this option enabled, further Information is written to the processing log for quarantined emails. Enable this option for troubleshooting.
Process notifications: With this option enabled, a job can also process notifications which have been put in the job chain of the current server for further processing. This is possible for the sender and recipient notifications as well as the PDFCrypt password request emails, provided that the option 'Submit the notification to all iQ.Suite jobs on this server’ has been enabled for these notifications.
Ignore S/MIME signed emails (only in Trailer Job): With this option enabled, S/MIME emails signed by the client are excluded from the job processing.
Process asynchronously: Enable this option for jobs which permanently require a particularly long time to process emails. With this option, the emails that are processed by this job are moved to the background. This prevents emails that are not processed by this job from being delayed. Emails that were moved to the background are processed in the background starting with this job to the end of the job chain.
In Watchdog Virus Scanning (Sandbox) job, asynchronous processing is activated automatically, if an email attachment is uploaded to the cloud-based Sophos sandbox.
Tab: Addresses
In each job, the Addresses tab allows to set to which senders and/or recipients a job applies. To do so, use the Sender/Recipient conditions.
98 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Split up mails with multiple recipients: When an email is addressed to several recipients and some of them do not fulfill the configured sender/recipient conditions, this option allows to set that the email is to be split into two emails:
One email is addressed to the recipients who fulfill the sender/recipient conditions. This is the email processed by the job.
The other email is addressed to the recipients who do not fulfill the sender/recipient conditions. This email is not processed by the job.
Sender/Recipient conditions: The most current use cases (All, External or Internal sender/recipients or Local users) can be handled with the default settings provided here. Select the senders/recipients the job is to apply to.
Advanced button: Use these settings for more complex address conditions, e.g. to use address lists. Refer to Address Lists.
99 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Set for which senders the job actions are to be executed (Run this job when a message arrives from). If you specify an entire group, department, etc., you can exclude individual persons or subgroups from this rule by selecting the Except where addressed from option to define exceptions. The address conditions for recipients (And where addressed to) are set in the same way. Click on the Basic button to return to the default settings.
Note: As a rule, the fields Run this job when a message arrives from and Where addressed to are linked by a logical AND. Both conditions must return 'true’ for the job to be executed.
Example I: Virus Scanning
Corporate policy: Both incoming and outgoing emails are to be checked for viruses.
Job configuration:
100 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Example II: Blocking attachments
Corporate policy: External emails coming from the Internet and containing video files are to be blocked. Exception: They are addressed to members of the
Procedure:
1. Set the senders to whom the job is to apply. As these are external emails, select in the standard view under Message from the 'External senders/recipients' option. 2. Set the recipients to whom the job is to apply. As the recipients are employees of the company, select in the standard view under Addressed to the 'Internal senders/recipients' option. 3. Set the recipients who are to be allowed to receive emails with video attachments (exceptions). To do so, click the Advanced button and afterwards click Except where addressed to. In the subsequent address dialog, select the
Job configuration:
101 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Also refer to Creating, editing and deleting custom Address Lists and Address filtering (Blacklists and Whitelists).
Example III: Adding a disclaimer
Corporate policy: Each outgoing email is to provided with a legal disclaimer. Exception: The email is addressed to specific mailing lists. Internal emails are to be excluded altogether.
Procedure:
1. Set the senders to whom the job is to apply. As these are emails from employees, set in the standard view under Message from the 'All internal senders/recipients' option. 2. Set the recipients to whom the job is to apply. As these are external recipients, set in the standard view under Addressed to the 'All external senders/recipients' option. 3. Set the exceptions. To do so, click the Advanced button and afterwards on Except where addressed to. Enter the mailing lists used in your company by creating a separate address list (Basic Configuration > General Settings > Address Lists) and specifying this list as exception.
Job configuration:
102 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Tab: Selection / Attachments
Note: The Selection / Dateianhänge tab is only available in certain iQ.Suite jobs, for example in Connect Jobs and Convert Jobs.These tabs make it possible to define constraints for the processing of file attachments. In this section, only the options which are not job- specific are described. These tabs can contain additional settings depending von the job type.
Example in Connect SharePoint Job:
Attachment size has to be greater/smaller than... KB: The file attachments can
103 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
be filtered by file size. For this, use the appropriate fields to specify a minimum and/or maximum size. Only the attachments the size of which corresponds to your settings will be processed by the job.
Selected file types: The file attachments can be filtered by file type: Use this option to specify for which file types (fingerprints) the job shall be executed or for which it shall not be executed (exceptions).
In the example above, Internet files will generally be uploaded to the SharePoint server; exceptions are the files with the extension ASA or CLASS.
Tab: Conditions
In each job, you can specify a number of conditions (requirements) to be fulfilled by an email for a job to be executed. These requirements include address rules (Addresses tab) as well as conditions (Conditions tab), e.g. specific words in the email subject line.
A job, e.g. a virus scan job, is only started if all of the conditions for an email return 'true’. Then, depending on the job result, the actions defined in the Actions tab are executed and the email processed accordingly, e.g. quarantined. The condition parameters can be set according to your specific requirements:
To configure a condition, enable the corresponding options and click on the link in the lower part of the window.
The different conditions have the following meaning:
... with specific words in the subject: Set one or more words to be checked for in the email subject line. For instance, iQ.Suite could search for the word "pharma” in the subject of incoming emails. If found, the email is moved to the quarantine. Enter the word in the input line and click Add. The word is added to the search list. After having completed this list, select the search method (logical AND or logical OR).
104 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
... with following subject command: Set a string of characters that iQ.Suite will interpret as command. The command is manually added to the email subject by the sender. Depending on the job option selected, this command results in the job being 'executed’ or 'ignored’. This allows an internal sender, for instance, to send an unencrypted email although an encryption job is enabled. Also, when signing an email or adding a trailer, it may be useful for the internal sender to be able to use a command that either executes or ignores a specific job. If the subject contains several commands, only the first one is executed. The character string is removed from the subject before delivery.
Note: The command may only include the following characters:
all upper case and lower case letters of the ASCII character set. Umlauts are not allowed. all digits from 0 to 9 special characters: ! $ & / = ? # * + - _ < >
The command is not case-sensitive.
... marked as importance: A job is only performed for emails with a specific level of importance (Low, Normal or High). Emails marked as such by the sender (e.g. High) are moved to a separate quarantine. Set the level of importance the email needs to have for the job to be executed.
... with following iQ.Suite tags and values: A job is only performed for emails with specific iQ.Suite tags or values. This command can be used, for instance, to create a dependency between the current job actions and the iQ.Suite tag (outcome) of a preceding job.
Example: If, for a spam filtering job, you define the tag SpamLevel with the value High (Actions > Add > iQ.Suite Tag and Values), you can use this result in the conditions of the subsequent job. This way, the actions of the second job are not to be performed (condition "is not") if the value 'High’ is found. The iQ.Suite tags are deleted before delivery. The control elements do not appear in the email header.
... with following headers and values: This condition is similar to the preceding one except for that iQ.Suite checks the email headers and the job actions depend on the content of the X header field (Further Actions > Add Header and Value). This allows to use, for instance, results returned by open-source tools. The headers and values can be used to select the emails according to whether or not they contain the specified header or value. These control elements appear in the email header. If that is not desired, use the condition '... with the following iQ.Suite tags and values’ instead. Using regular expressions, it is also possible to search for specific patterns. If a match is found in the To field, the job is either executed or ignored, as configured.
... sent by the following SMTP sender: With this condition selected, the email sender address is checked. As opposed to the sender/recipient conditions in the Addresses tab, the exact sender address string is checked in the SMTP log (SMTP command: Mail From > Envelope-From). For normal operations, we recommend to use the regular sender/recipient conditions. The SMTP sender address should only be checked in individual cases, e.g. after a domain change. 105 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
... addressed to the following SMTP recipients: This condition is similar to the preceding one, except for here it is the exact recipient address string that is checked (SMTP command: RPCT-To > Envelope-To).
... sender has custom AD attribute(s): The job checks whether the sender in the Active Directory has custom attributes with specific values. In the next dialog, define the attributes and values to be searched for. In this dialog, also determine whether all searched AD attributes must be found for the job to react to the condition.
... recipient has custom AD attribute(s): This condition only differs from the preceding one in the fact that it concerns recipients.
In case of multiple recipients, the checkbox 'Split up emails with multiple recipients' has the following effect:
If the checkbox is enabled, the following applies: For recipients who have the attribute with the value, the job is executed. For recipients who don't have the attribute or for whom the attribute doesn't contain the value, the job is not executed. If the checkbox is disabled and at least one recipient has the attribute with the value, the job is executed for the entire email.
... sender is in the userlist: Before the email is delivered to the registered (internal) recipients, iQ.Suite checks whether the (external) sender is listed in the recipient’s user list. Select the recipient’s list (blacklist or whitelist) to be checked. Depending on the configuration, the job is either executed or ignored if the sender of the email is on a user list. This allows to set, for instance, that a job will only be executed if the email sender is not included in the recipient’s blacklist.
Note: There is no user list available for external addresses or group addresses.
... with following headers: Specify the email header fields to be searched for. As opposed to '... with the following headers and values’, this condition only checks the existence of a header. You can specify one or several headers. If the latter, you can distinguish between logical AND and logical OR relations. If linked by a logical AND, all of the headers specified must appear in the email for the job actions to be executed. If linked by OR, one header is sufficient to trigger the actions.
... with TNEF mail body: The job is only executed for emails in TNEF format.
... with HTML mail body: The job is only executed for emails in HTML format.
... containing a read request: The job is only executed if the email sender has requested a read confirmation.
... containing a delivery request: The job is only executed if the email sender has requested a receipt confirmation.
... runs within the following schedule: The job is executed only within the defined 106 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
time periods. This option makes sense, for example, if you want to restrict the size of file attachments during the day, but not consider the file size at night.
For every weekday, you can set one or more half hour periods starting from 0:00 hours.
To select a whole day, click the short day name (e.g. 'Mo' for Monday).
Important:
For the job to be executed, all of the content-related conditions selected must be fulfilled at the same time as the applicable address conditions (logical AND). If you want the processing of the conditions logged along with the job, select the 'Include full processing history’ option in the quarantine. This log allows to check why a job was not executed. Note: In privacy quarantines not all email data is listed.
Tab: Actions
The Actions tab is used to set the actions that are to be executed in addition to the job- specific functions. The actions depend on the job result (success/error).
Standard actions
The following standard actions are available for most of the Mail Transport Jobs:
107 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Copy to Quarantine: The email will be copied to the quarantine selected here. If this action is a Success Action (no restriction found), the processed email is quarantined; if it is an Error Action (restriction found), the original email (before processing) is quarantined.
The quarantined email can be provided with a label which can be, for example, the reason for the executed action (e.g. 'VIRUS'). A label can be used to facilitate sorting and searching for emails in the quarantine. For the label, enter a text or use variables.
Delete...: 'email': The email is irrevocably deleted from the server and not delivered to the recipients. Normally, this setting will only be used for virus-infected emails or spam. 'attachment': The unwanted attachment is irrevocably removed from the email.
With the Copy to Quarantine action, a copy of the email can be kept in the quarantine.
Add email sender/recipient to user list: When the job is executed, the (external) sender of the email is added to the (internal) recipient’s user list. Conversely, the (external) recipient of the email is added to the (internal) sender’s user list. Specify whether the entry is to be made for a blacklist or a whitelist.
Tip: With this action, spammers can be automatically added to the user blacklist of the internal recipient.
Add subject extension: During job processing, an extension can be added to the original email subject, e.g. for test purposes. Define the desired extension in the input field. In a Wall job, for example, this can be an information indicating that the email has been checked for spam (example: [spam checked]). 108 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
You can enter the desired extension manually or use variables for it ( ). Refer to List of notification variables.
Furthermore, you can define whether you want to add this extension 'at the beginning’ or 'at the end’ of the original subject.
Send notification to Administrator: After the job has been executed, a notification is sent to the iQ.Suite administrator, e.g. when the job was successful. Select a notification template. Alternatively, you can also click to create a new template and then select it. To modify the layout, you can either use the HTML toolbar or directly enter HTML formatting tags. Refer to Templates.
Send notification to all senders: After the job has been executed, a notification is to be sent to the email senders, e.g. when the job was successful. Set whether only internal senders (employees) are to receive a notification or external senders as well. If the latter, enable the 'Also send to external users' option.
Send notification to all recipients: Similarly to the previous option, you can also set that the recipients receive a notification. In that case, you can set whether the notification is to be sent as a separate email or integrated into the email body. If the latter, you can place the integrated notification at the beginning or at the end of the email body ('Append as inline notification' option). This requires that the email is neither signed nor encrypted and contains an email body. Otherwise, the setting for the integrated notification is ignored and a separate notification is sent instead.
Notes:
For certain types of sender/recipient notifications (e.g. for acknowledge receipts), you can provide a sender address that differs from the usual notification address defined under General Settings > iQ.Suite Servers Settings > Address Settings > Notification Sender. Enable the Use a custom sender email address option and specify the desired address in the input field. If you enable this option for sender notifications, we recommend you to enable the 'Suppress delivery reports' option as well. This prevents the creation of NDRs that are usually created for emails without a sender address, e.g. spam.
With the option Submit notification to all iQ.Suite jobs on this server, sender and recipient notifications can be put into the job chain of the current server for further processing. Only the jobs with the 'Process notifications’ option enabled (General tab) can process these notifications. With both options mentioned above, trailers can be appended to notifications, for example.
Option: Send notification to the recipients just once
The Send notification just once option is only available if you configure that a Notification to All Recipients is to be sent in case of success.
Furthermore, this feature is only available in the following job types:
PDFCrypt Mail Encryption PDFCrypt File Signing/Encryption
109 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Convert Compression Convert Decompression
If you click in the iQ.Suite Job on 'Actions' tab > Success Actions > Send
Für this feature, the User List database is used. This database stores the information on whether and when a recipient has received a recipient notification. This data allows the one-time notification for passwords.
If you are using a SQL database, the SQL script General_UserList_Update_19.0-19.1.sql must have been executed.
Important: In case of a database change, note that the (one-time) notifications will be resent if the data is not transferred to the new database.
Send notification just once
Determine whether the recipients are to be notified just once or for each email.
If this option is enabled and an entry already exists in the database, the corresponding notification of the same password is not resent.
Per password:
With this option enabled, the notification is sent just once per password. If the password is changed, the notification is resent. It's not necessary that the 110 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
notification contains a password. If several jobs use the same notification template, only one notification for all jobs together is sent for the same recipient (if the Per sender option is enabled as well, then also for the same sender) and same password.
If this option is not enabled, a notification is sent just once for each job. The notification is not resent if the password is changed.
Note: In case of several jobs in which sending a password is enabled, the notification of the job which has processed the email first is sent. Therefore, we recommend to make the same settings in all concerned jobs. The used notification messages should be appropriate for all jobs.
Per sender:
Determine whether the one-time notification shall also depend on the sender. If yes, the recipient notification is resent for each new sender.
Example:
Two employees of a bank are in charge of customer X. Employee A sends an email encrypted with password 1 to customer X. After that, employee B sends an email also encrypted with password 1. If these employees work in different locations with different domains, the customer may not be aware of the fact that the same password has been used for the email from employee B. With the Per sender option enabled, you can go around the problem described above.
Additional actions
Click the Add button to select additional actions:
Notification: Enable this option if you want to send a notification to other persons than administrators, all senders or all recipients.
111 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Start external program: Define a new application in order to have actions executed by this application. To start an external application, specify its path and any necessary parameters. This option can be used to run separate scripts.
Add iQ.Suite tag and value: iQ.Suite tags can be added to an email while processed by iQ.Suite to perform special iQ.Suite actions. For instance, the email can be provided with additional information used by a subsequent job for further processing. Before delivery to the original recipient, the iQ.Suite tags are removed again.
Add header field and value: Define a new X header field and specify the desired value, e.g. to return a spam analysis result as value. If the field is not a X header, enable Don't use prefix 'X-'. As opposed to the 'Add iQ.Suite tag and value’ option, the header information is not deleted when the email is delivered to the original recipient.
Redirect mail: The email can be redirected to another freely selectable recipient. Optionally, a copy of the email can be sent to the original recipient as well. Click the address book icon .
to select further recipients or define own addresses. If the email is also to be delivered to the original recipient or original sender, enable the corresponding option.
Note: If you redirect a TNEF email to an external address, the recipient will receive an empty email, possibly with a winmail.dat attachment. The TNEF format is used by Exchange when an Outlook user (not Outlook Express!) sends an email within an Exchange organization. This format is not used for communication via the Internet or with other email programs.
Remove header field: Use this action to remove arbitrary X header fields from emails, e.g. to delete an X header field that was created previously on another server. For this, enable the 'Remove header field' option, click Next and define the field to be removed in the dialog displayed.
Copy to Quarantine: The email will be copied to the quarantine selected here. If you defined a label, it will be attached to the quarantined email. For information on the label, refer to the description of the standard option 'Copy to Quarantine'.
Other than with the standard action of the same name, the option 'Copy original email which entered the job’ is available for this additional action in case of success. With this option enabled, the email will be quarantined in its original state (before job processing). By default, the email is quarantined in its processed state.
Skip subsequent Jobs: This action prevents emails from being processed by subsequent iQ.Suite jobs in the job chain.
Other Action: Update sent items
This action is used to update sent items in the sender's mailbox.
112 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
The job action 'Update sent items’ (success action) is available in the following jobs:
iQ.Suite Crypt: Crypt Outbound iQ.Suite Convert: Convert Compression, Convert PDF, Convert Command Line, Convert TNEF to MIME iQ.Suite PDFCrypt: PDFCrypt Mail Encryption, PDFCrypt File Signing/Encryption iQ.Suite Trailer
If you want several iQ.Suite Jobs to execute this action, use the Wall Copy To Mailbox Job. Refer to Copy To Mailbox: Update sent items in the sender's mailbox.
By default, a sent email is put in the 'Sent' folder of the sender before processing (e.g. without trailer), since the email is processed by the iQ.Suite job only after it has left the email client.
With the Update sent items action, the email is copied in its processed state to the 'Sent' folder of the sender. This is done by the EWS service (iQ.Suite Information Store Access Service) which must be started for this.
Example in Trailer:
After the Update sent items action hase been executed, the sender can see how his email including trailer is delivered to the recipient. Beside this, this action allows the sent emails to be archived with trailer in compliance with the legal requirements.
Configuration in the Job:
In the Actions tab, select the Update sent items action. The actions which are not job- specific are described under Actions tab.
This action which requires access to the Information Store is supported for Exchange Server = 2013 SP1 and for the email clients Microsoft Outlook = 2013 and OWA. Refer to Configuring access to the Information Store via EWS.
113 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Important definitions
Original email: Sent email in the state it has before email processing, e.g. without trailer. Email copy: Email in the state it has after email processing, i.e. in the state it is delivered to the recipient (e.g. with trailer).
The sender can perform the same actions on the processed email as on the sent original email, e.g. resend or forward.
To create the email copy, the original email is searched in the 'Sent Items' folder. In case the search is unsuccessful, the action is aborted with a warning in the Windows Event Log. No email copy is created.
Use the Actions Assistent to define in which folder of the sender's mailbox the email copy is to be created and whether the original email shall be deleted:
Replace the original sent item: By default, the original email is replaced in the 'Sent Items' folder with the copy.
Create a new item: With this option enabled, the original email is kept and the new item (email copy) is created in the 'Sent Items' folder.
If you want to create the email copy in another folder, first select the option 'Create new item in custom folder' and then enable one of the following options:
'Create folder in mailbox root folder': The folder is created under the mailbox root folder. 'Create folder in 'Sent Items’ folder': The folder is created under the default 114 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
folder for sent items.
Use the input field to specify the name of the custom folder. If you don't want to create this folder directly under the mailbox root folder or under the 'Sent Items’ folder, specify the path which corresponds to the desired folder hierarchy. Separate the path elements with backslashes, e.g. Sub1\Sub2\Sub3. If the specified folders do not exist yet, they will be created automatically.
Add subject extension: If you want to extend the original subject with a custom extension, enable this option. Use the input field to define the extension. For this, specify any text of your choice and/or select one or more variables. Determine whether the extension is to be set before the original subject ('at the beginning') or after the original subject ('at the end').
Generate only one copy for all split emails: If an email addressed to multiple recipients is processed by different jobs after dynamic split, then multiple email copies are created by default. In every email copy, for example, only the trailer valid for the respective recipients will be inserted.
With the option enabled, ony one copy for all split emails will be created. All recipients of the original email (TO, CC and BCC recipients) are displayed in the copy. Example in Trailer: The trailer displayed in the copy may therefore not be valid for all recipients of the email.
Tab: Server
The Server tab is used to select the servers where the job is to be enabled. For instance, this could be useful if you are using a common configuration on several servers, but do not wish to run the job on all of these servers.
Note: To be included in the selection list, a server needs to be correctly configured. For further Information on configuring iQ.Suite servers, refer to Settings for an individual iQ.Suite Server.
115 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Buttons:
Select: Click this button to assign the job to one or several servers. Edit: Click this button to open the server’s properties and change them as required. Refer to General Server settings.
Tab: Details
This tab can be used for a detailed description of the job. It is not required for configuration purposes, but allows to enter information about the job and its configuration, e.g. on the actions to be executed or dependencies to other jobs.
116 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Standard tabs of Information Store Jobs
Some standard tabs of Mail Transport Jobs also exist in the Information Store jobs, but contrary to Mail Transport Jobs Information Store jobs do not apply only on "emails", but also on other "Information Store objects”. The descriptions are to be understood accordingly.
Hereafter, the differences in comparison to Mail Transport Jobs are mentioned:
The General tab contains only the option 'Job is mission critical'. The tab Addresses tab does not exist. The tab Conditions tab contains only the condition '... with following iQ.Suite Tags and values'.
The setting options of these tabs are described under Standard tabs of Mail Transport Jobs.
The Actions tab contains the following actions:
Copy to Quarantine Delete...: 'entire object' 'element' (only in Watchdog Jobs) Replace element with (only in Watchdog Jobs). Add subject extension Send
For a description of these actions, refer to Description of the Actions. For the Virus Scanning Job, you will additionally find job-specific information under Actions.
The following additional actions are available:
Notification Start external program Add iQ.Suite tag and value Copy to Quarantine
Refer to Additional Actions.
Pre-configured notification templates for Information Store notifications exist under General Settings > Templates.
117 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Standard tab 'Jobs'
The Jobs tab lists the jobs which use the current object.
This tab is available in different types of objects which can be used by jobs, for example in Notification Templates, Fingerprints, Dictionaries, Connect Engines and Crypt Engines.
Example in a Dictionary:
118 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Job types
Different job types can be created under Policy Configuration. All job types listed below are available as Mail Transport Jobs, some of them are also available as Information Store Jobs (see note in brackets in the Job Type column).
To create a Mail Transport Job, click Mail Transport Jobs > New > 'JobType'.
To create an Information Store Job, click Information Store Scan Configurations > 'Information Store Scan Configuration' > New > 'JobType'.
Job Type Function
Bridge Connector This job exports the emails and passes them to a third- party system connected via an external interface.
Clerk Action This job is used for the sending of Clerk absence notifications and the forwarding/redirection of emails to the deputy.
Clerk Journal This job collects emails into the selected Clerk Quarantine. These emails are kept there for a configurable time to make retroactive email forwarding possible.
Connect SharePoint This job exports email attachments to a connected "Microsoft SharePoint" Social Business Collaboration System.
Connect Workflow By using Connect Workflow, you can save documents as well as create and start workflows in GBS Workflow Manager in an automated way.
Connect Connections This job exports email attachments to a connected "HCL Connections" Social Business Collaboration System.
Convert Command Line This job converts email attachments. The job is started through command line.
Convert Compression This job converts email attachments to ZIP or 7-ZIP. 119 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Convert Decompression This job unpacks archives contained in emails (e.g. RAR, ZIP, 7-ZIP, TAR, etc.).
Convert PDF This job converts email attachments to PDF or PDF/A.
Convert TNEF to MIME This job converts TNEF emails to MIME format.
Crypt Inbound This job decrypts or verifies incoming emails with GnuPG or S/MIME.
Crypt Key Import This job automatically imports PGP keys or S/MIME certificates in the public key or the certificates database.
Crypt Outbound This job encrypts or signs outgoing emails with GnuPG or S/MIME.
DLP Data Analyze This job analyzes emails by using definable analysis criteria in order to detect anomalies.
DLP Data Collection This job collects email data which is used to calculate Baselines for the detection of anomalies.
DLP Review This job puts emails in the Review quarantine for dual control check.
PDFCrypt File This job signs PDF files attached in emails by means of Signing/Encryption the sender's certificate and/or encrypts these PDFs with a password.
PDFCrypt Mail Encryption This job converts emails incl. attachments to password- protected PDF files and sends these PDFs as email attachments to the recipient.
PDFCrypt Signature This job verifies the signatures of PDF files to ensure Verification their integrity and authenticity (binding assignment of the PDF to a person).
RPost Registered email This job sends emails as registered email (RPost).
Store Archiving This job links the iQ.Suite modules with the iQ.Suite Store server and archives emails before delivery.
Store Journaling This job creates copies of the emails at defined 120 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
journaling locations.
Trailer This job attaches a previously created trailer to some or all outgoing emails.
Wall Advanced Action By using regular expressions, emails / Information Store objects and file attachments can be searched for strings. (Mail Transport Job and In case of matches, a text replacement is possible in Information Store Job) email bodies.
Wall Content Filtering This job checks emails / Information Store objects and attachments for restricted text content. (Mail Transport Job and Information Store Job)
Wall CORE Classification This job classifies emails according to their contents or checks them for spam using CORE. For classification by content, you will need to create a new classifier. Use this spam filtering job for testing purposes only. CORE analysis is included in the Wall Spam Filtering Job as combined criterion and only needs to be enabled.
Wall Credit Card Number The jobs checks emails / Information Store objects and Filtering file attachments for credit card numbers.
(Mail Transport Job and Information Store Job)
Wall Email Address This job checks emails for address restrictions. Filtering
Wall Email Cleaning This job deletes HTML bodies and mail headers (e.g. Received headers or X-headers) from emails.
Wall Recipient Limit This job checks emails for a maximum allowable number Filtering of recipients per email (the recipients in the To field of each email).
Wall Spam Filtering This job checks emails for spam using a range of criteria.
Watchdog Attachment This job checks emails / Information Store objects for Filtering denied file attachments. The various file formats are identified with fingerprints. (Mail Transport Job and Information Store Job)
121 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Watchdog Attachment/Size This job checks emails for denied file attachments. Also Filtering allows to set the maximum size of an attachment.
Watchdog Email Size This job checks emails for size and denies files that are Filtering larger than the allowed maximum size (per email size).
Watchdog PDF Protection This job cleans top-level PDFs which contain undesirable elements, or deletes them from the processed emails before delivery to the recipients.
Watchdog Protected This job checks emails for password-protected archives. Attachment Detection
Watchdog URL Scanning This job scans email bodies for suspicious URLs.
Watchdog Virus Scanning This job scans emails / Information Store objects for viruses. (Mail Transport Job and Information Store Job)
Watchdog Virus Scanning This job uploads file attachments from emails to the (Advanced) Avira Protection Cloud for virus check. The upload can be limited to certain file types via the selection of fingerprints.
Watchdog Virus Scanning This job scans emails for viruses by using the Sandbox (Sandbox) technology in the Cloud.
WebCrypt Encryption This job encrypts emails even when the communication partner does not use any encryption technology.
For each job type, you can define individual conditions, all of which must apply for the specified action to be executed.
122 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
General configuration
Themen:
Configuration reports Settings for iQ.Suite Servers Settings for an individual iQ.Suite Server Proxy servers Address Lists Creating notification templates Creating a database connection to a SQL database server Configuring Quarantines Password Management
123 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Configuration reports
The configuration reports provide an overview of the current configuration:
1. Basic Configuration > right-click > All Tasks > Show configuration reports:
A list of all configuration reports is displayed:
2. Select the desired report and click . The report is opened as HTML file in the web browser.
If you want to display a Print preview of the report, click .
3. Use to save the selected report as HTML file.
124 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Settings for iQ.Suite Servers
Select iQ.Suite Server Settings to configure the default settings for all iQ.Suite servers.
In addition, each server can be configured individually. Refer to Settings for an individual iQ.Suite Server.
To configure the iQ.Suite server settings, click Basic Configuration > General Settings > iQ.Suite Servers > right-click > Properties.
Compressed files and iQ.Suite Monitor
Use the General tab to set specific iQ.Suite server settings:
Under Communication Port, enter the port number for iQ.Suite Monitor (default: 8008). The value entered here apply to all servers. Be sure to set the correct communication port. Otherwise, communication with the servers will be impossible. For further Information on allocating rights and security settings, refer to iQ.Suite Monitor. Limit disk workspace per processed email: In rare cases the processing of an email is very load intensive and might lead to insufficient memory for other components. To avoid server restrictions and performance problems, you can limit the disk space available for the processing of an email. If this value is exceeded, the email is moved to the Badmail quarantine. Maximum number of extracted archive levels: Archives cannot only include 125 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
compressed files but also further archives and an arbitrarily large number of sub- archives. In this field enter the at most permitted depth for the decompression of such archives. If this limit is exceeded, the further processing depends on the settings in the When email is unscannable, then field. Maximum number of extracted email elements per email: At the processing of an email with many individual elements like email bodies, file attachments or files contained in archives, the server performance can be affected strongly. Hence, by default, the element number which is unpacked per email is limited on 10 000 elements. If this limit is exceeded, the further email processing depends on the settings in the When email is unscannable, then field. Maximum age of emails in Badmail (in days): Set the number of days the emails are to remain in the Badmail Quarantine (Badmail directory). When this period expires, the emails are automatically deleted. Search for embedded archives in attachments: It is possible to hide ZIP or RAR files within file attachments, such as pictures, which means attachments can be used to infiltrate unwanted or harmful data such as EXE files or viruses. Instructions are available on the Internet - usually relating to hiding in images.
The Search for embedded archives in attachments option allows to apply a mechanism that identifies and extracts archives hidden in attachments. Once extracted, the files are analyzed using standard iQ.Suite methods.
Please note that enabling this option may reduce the overall email processing speed.
To avoid excessive performance loss and ensure the stability of the iQ.Suite, the analysis of attachments for archive recognition is limited in time and volume. Scan inside PDF attachments: The attachments which are contained in PDF files will be extracted. Since such PDF files are treated as archives, the maximum number of extracted archive levels set in this tab will apply for PDF files as well. When email is unscannable, then: Emails that contain unscannable elements (e.g. due to archives, password-protected files or similar) or emails that exceed the configured number of archive levels can be processed as follows: 'Move email to Badmail quarantine': The complete email is moved to the Badmail quarantine. Only after it has been checked by the administrator, the email is delivered to the recipients out of the Badmail quarantine. 'Continue with rule-based processing': The further processing of the affected element is stopped with reaching the defined limit. If available, the next email element (e.g. another file attachment) is checked. With this, the processing corresponds to the regular email processing, at which the scannable email elements are analyzed by the configured virus scanners.
We recommend to configure a Watchdog Protected Attachment Detection job to log unscannable email elements. Refer to Sample Job: Checking password-protected archives for viruses.
Collective notification
As a general rule, each job can be configured that when a specific event occurs, the recipients, senders and/or administrators are informed of this event (Actions tab). If several events occur for an email, the iQ.Suite servers are not configured (by default) to send separate notifications for each event. Instead, all notifications are combined to a 126 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
single collective notification, i.e. the recipients receive a single notification with a list of all events that have occurred. The template used is the Template for Collective Notifications. You can change this template or create new ones.
Related topics: Defining Quarantine summary notifications and Whitelist notification / Blacklist notification.
Note: If you prefer to send individual email notifications for each event, disable the 'Create collective notification' option under iQ.Suite Servers > right-click > Properties > 'General' tab.
Databases
Respectively for the Whitelist and Blacklist entries (User Lists), the statistics data and the Clerk configuration data, select a database connection to determine which database to use to write this data. In the multi-tenant solution, additionally select a database connection for licensing information.
These settings apply to all servers of the iQ.Suite domain.
For the User Lists and the statistics data, you can use either a 'Local database' (Access database) or a SQL database.
If you are using iQ.Suite WebClient, a SQL database is required for the statistics and the Clerk configuration data. In a multi-server environment, a SQL database is required even for the User Lists. Using an Access database is possible only for the User Lists if only one iQ.Suite server is used. But even in this latest case, we recommend to use a SQL database.
With the default setting 'Local database (*.mdb file)', every server will use a own local database. The local Access database is automatically created during iQ.Suite installation.
If you want the data of all servers of the iQ.Suite domain to be written into a central
127 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
database, you must use a SQL database. When using a central database, the local Access database is ignored, but not deleted. When the central database is deactivated again, the local Access database is used again or is automatically created again.
Important: Before you delete your local Access database, transfer the data of the local database manually to the central database, if required.
For information on how to set a central database for the User Lists, refer to Setting up Central User Blacklists and Whitelists, for global statistics refer to Setting up Global Statistics, and for the Clerk configuration data refer to Clerk Configuration (only SQL).
The iQ.Suite Reports are generated from the database which is selected in the Database connection for statistics data field. Even if you are using a central statistics database, server-specific reports can be created via the iQ.Suite Monitor.
Definition of email addresses and internal domains
iQ.Suite requires a number of basic settings concerning the email domain of the emails processed. During installation, the email address of the iQ.Suite administrator specified is used for the following iQ.Suite basic settings:
Administrator(s): Status notifications on the iQ.Suite installation as well as the configured administrator notifications are sent to the address specified in this field. By default, the installation enters the administrator address prompted for. Notification sender: The email address entered here is shown as sender address in the system notifications of the iQ.Suite. By default, the installation enters a dummy address. The email domain is determined from the administrator address prompted for. Reply address: If users reply to a system notification the reply email is sent to the address specified in this field. By default, the installation enters the administrator address prompted for.
128 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Internal domains The email domains specified here are treated as internal email domains, all others as external ones. This setting is used by iQ.Suite rules to distinguish between incoming and outgoing emails by way of an email’s sender and recipient address. For instance, a spam filter job will only run on incoming emails, while a trailer job is to be run only on outgoing emails.
For each entry, use a separate line. Subdomains are automatically included if the main domain is preceded by the wildcard prefix "*.", e.g. *.domain.com. By default, the installation enters the administrator address prompted for.
These entries apply to all iQ.Suite servers. The settings can be changed at any time in this dialog.
Setting access permission to iQ.Suite Servers and Quarantines
General
With the permission iQ.Suite Monitor Access, you can grant or prohibit unlimited remote access to iQ.Suite servers and iQ.Suite quarantines through iQ.Suite Monitor. Thus, authorized users can perform, for example all actions on a quarantine (delete quarantine items or resend them to the sender's mailbox, copy quarantine items to another quarantine, etc.).
You can set this permission:
For all iQ.Suite servers (global): iQ.Suite Servers > Properties > Security
For individual servers (server specific): iQ.Suite Servers > 'Server name' > Properties > Security
For individual quarantines (quarantine specific): Folder Settings > Quarantine > 'Quarantine name' > Properties > Security
For further information on the security settings, refer to Security tab.
The permissions are checked by the iQ.Suite Service. If not logged in to the server, you must authenticate yourself when calling the iQ.Suite Quarantine for the first time. The authentication information is temporarily stored so that subsequent calls (in particular of other quarantines) use the login information that had been successful before. If that fails, an authentication dialog opens.
Tab: Security
Set the desired permissions on the Security tab:
129 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Use to switch to processing mode. You will then be able to use Add to select users or groups from the Active Directory or from a LDIF file whom you want to grant or explicitly deny access.
By default, access is denied for newly added users. Click on the column Allow if you want to grant access to this user.
By default, all iQ.Suite administrators receive this permission.
Note: As soon as you switch to processing mode, the configuration is treated as 'changed' even if no changes had been made.
By default, the option Use global settings is selected, i.e. the current server inherits the global (iQ.Suite Servers) permissions. To set server-specific or quarantine-specific permissions, select the option Customize settings.
Example:
130 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
At a server:
Scenario 1: Only the option Customize settings is selected.
In addition to the globally set permissions, the permissions set at the server are valid. Note the following:
If you allow access to a user globally, but deny it for a certain server, accessing the server is denied for this user - and vice versa.
Example: The administrator David Galler ([email protected]) is a member of the group 'iQ.Suite Administrators', for which in general accessing all servers was allowed. However, Mr. Galler is not to access iQSuiteServer2. This is guaranteed by the above setting.
Scenario 2: In addition to the option 'Customize settings', the option Ignore global settings is enabled.
Only the access permissions set at the server are valid.
At a quarantine:
The option Customize settings is selected. The option Ignore global settings is not available for quarantines.
In addition to the global access permissions, the access permissions set at the quarantine are valid. Note the following:
A user who cannot access a server cannot access this server's quarantines either. The quarantine-specific permission is ignored in this case.
Example:
131 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
If you deny accessing iQSuiteServer2 to Mr. Galler, but grant access at a quarantine of this server, accessing this quarantine is denied to Mr. Galler. In the converse case, access is also denied.
To open the desired quarantine, authorized users have to login with their UPN and their user password:
Synchronizing Configuration, License and LDIF in a multi-server environment
In multi-server environments, you can achieve that all iQ.Suite servers of your domain use the same configuration, the same license and the same LDIF file by synchronizing the corresponding files.
The configuration and the licenses can be synchronized automatically or manually; the LDIF file can be synchronized only automatically.
Paths
Configuration: ...\GBS\iQ.Suite\Config\ConfigData.xml
License: ...\GBS\iQ.Suite\License\license.lic
Demo license: ...\GBS\iQ.Suite\License\demo.lic
LDIF: ...\GBS\iQ.Suite\Config\iQSuite.ldf
Prerequisites for the Synchronization
All iQ.Suite servers and all configurations existing on these servers must have been updated to the current iQ.Suite version. The communication port must be the same on all iQ.Suite servers: iQ.Suite Servers > Properties > General > Communication Port The communication via the communication port must not be hindered, for example by a firewall. The automatic LDIF synchronization is possible only if all iQ.Suite servers run in the LDIF mode. Refer to Installing iQ.Suite without Access to Active Directory.
132 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Important Notes
Configuration
If the sent configuration could not be loaded at the receiving server, the receiving server's configuration that had successfully been loaded last will be used: ...\GBS\iQ.Suite\AppData\LastConfig.xml
Licenses
Every receiving server checks whether the received license is valid for its server. Invalid licenses are rejected by the receiving server. Demo licenses and licenses which expire within the next 10 days are considered as "invalid".
Only for automatic synchronization: When an invalid demo.lic is synchronized, the complete license is considered as "invalid”. This means that also the license.lic is ignored. An error is written to the Event Log. When a demo.lic is deleted on the master server, it is not automatically deleted on the slave servers. On the slave servers, it can be deleted only manually.
Automatic synchronization
The automatic synchronization of the iQ.Suite configuration, iQ.Suite license and LDIF file is based on a master-slave concept:
Important: The configuration of the master server (sending server) is rolled out to all slave servers (receiving servers) even if a more current configuration exists on a slave server. That's why we recommend you to exclusively change the configuration on the master server.
The license of the master server is rolled out to all slave servers for which this license is valid.
Note: Automatic synchronization of the configuration is performed each time the configuration has been changed on the master server and then every 15 minutes.Automatic synchronization of the license is performed each time a license is loaded on the master server and then every hour.Automatic synchronization of the LDIF file is performed each time the LDIF file is loaded on the master server and then every hour.
To enable automatic synchronization, proceed as follows:
1. Open iQ.Suite Servers > Properties.
2. In the Synchronisation tab, enable the appropraite option(s) for automatic synchronization (configuration, license and/or LDIF file) and define a Master server the configuration, license and/or LDIF file of which are by default to be distributed to all other servers of your iQ.Suite domain (slave server).
133 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
3. Open the Global Options tab:
4. Global Password
On all iQ.Suite servers, enter the same password in the Global Password field. The password must be the same on all servers in order to allow the communication between the servers.
With a secure random password is generated. Since with every new click on the icon, a new password is generated, perform this action only on one of the integrated servers. Then copy the random password to the other servers' configuration.
To display the password in plain text, enable the Show password option.
5. Optional: To exclude an iQ.Suite slave server from the synchronization, disable automatic synchronization of the configuration, license and/or LDIF file under iQ.Suite Servers > 'Server' > Properties > 'Monitor' tab.
Under iQ.Suite Monitor > Server > 'MasterServer' > Server Status > Properties >
134 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
General, the current status of the automatic synchronization is displayed.
Example:
Manual synchronization
Manual synchronization is possible for the configuration, the license (license.lic) and a demo license (demo*.lic), but not for the LDIF file.
When manual sending is used, the local iQ.Suite configuration (for example on iQSuiteServer2) or the iQ.Suite license selected from your file system is sent to another server of the iQ.Suite domain (for example to iQSuiteServer1):
1. On the iQSuiteServer2, open the iQ.Suite Management Console. 2. Click iQ.Suite Monitor > Server > iQSuiteServer1 > right-click > All Tasks > Send configuration or Send license / Send Demo license > Select license:
Note: The filename of the demo license must begin with "demo" in small letters (demo.lic or demo*.lic).
135 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
3. To be able to perform these actions for the first time within a session, you need to login with your UPN and user password. Only authorized users can perform this action. Refer to Setting access permission to iQ.Suite Servers and Quarantines. 4. Under iQ.Suite Servers Properties > 'Global Options' tab, enter a Timeout in seconds. In case of timeout, the synchronization is terminated with an error.
If automatic synchronization is not enabled at the iQ.Suite domain (options under Servers Properties > Synchronization), you can send the local configuration or the selected license to any iQ.Suite server. The other servers of the iQ.Suite domain are not affected by these actions.
If automatic synchronization is enabled, manual synchronization is only possible at a master server. With synchronization, the master server's configuration or license is changed. This results in the fact that the sent configuration or license is distributed immediately to all iQ.Suite servers that are integrated with the synchronization process.
Backup of the synchronized files
Configuration: With each synchronization, the receiving iQ.Suite server performs a backup of the previous ConfigData.xml:
PushConfigBackup_
License / Demo license: Before loading a new license on the slave server, the receiving iQ.Suite server performs a backup of the previous license:
backup_license
LDIF file: With each synchronization, the receiving iQ.Suite server performs a backup of the previous iQSuite.ldf:
backup_
The backup files of the licenses and the LDIF are respectively created under the new files (refer to Paths), the backup files of the configuration are created under ...\GBS\iQ.Suite\AppData. For the licenses and the LDIF, always the oldest backup files are deleted after 10 backups. For the configuration, this already happens after 5 backups.
Email processing in multi-server environments
In an iQ.Suite domain (multi-server environment), you can prevent emails from being processed several times on different servers of the domain (option 'Ignore emails processed by iQ.Suite servers’ in the Mail Transport Job). By default, all emails to be processed on an iQ.Suite server are marked as already processed with a check mark in the email header. This mark is used by the jobs on the other iQ.Suite servers to identify the email as already processed. If accordingly configured, the email will not be processed again by these jobs.
For performance reasons, it can however make sense to disable marking of emails: The email content's changes due to the added check mark (even if no iQ.Suite job has processed the email) increase the server load. To accelerate email processing, you can enable the 'Disable marking of processed emails’ option for all servers of the domain 136 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
(iQ.Suite Servers > Properties > 'Global Options’ tab).
Note: When this option is enabled, it is not possible to prevent emails from being processed several times by the jobs. The Ignore emails processed by iQ.Suite servers option in the jobs has therefore no impact in this case.
Configuring access to the Information Store via EWS
An Information Store access via the iQ.Suite Information Store Access Service (EWS) is required for the following actions:
Scan items for viruses in the Information Store. Refer to Virus scanning in the Information Store.
Update sent items in sender mailboxes. Refer to Other Action: Update sent items and Update sent items in the sender's mailbox.
Display and synchronize Clerk absences in Outlook. Refer to Display and synchronize Clerk absences in Outlook.
Also on SMTP gateways, access to the Exchanger servers via EWS must be ensured if one of these actions are to be executed on the SMTP server.
For iQ.Suite to be able to access the Exchange databases via EWS, you must specify a valid EWS user and configure the access in the Exchange Access tab (refer to the following sections).
Create EWS user
For the Information Store access, you must create an EWS user with certain access rights:
1. Open the Exchange Management Console, e.g. via https:\\localhost\ecp. 2. Create a new user (including mailbox). In this example the user is called
137 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
3. Open the 'Exchange Management Shell’' and provide the user with the required rights by calling the SetEWSPermissions.ps1 script under GBS\iQ.Suite\Support\Scripts. To set the access rights on the Exchange server, enter the following:
SetEWSPermissions.ps1 -User
The required access rights for the EWS user are set.
Important: Access rights can only be set for public folders that are currently available in the Information Store. When changing the database-related settings for the public folders (e.g. adding a new folder), the script must be executed again to set the required rights for the changed elements.
4. For accessing Microsoft 365, an appropriate Exchange Online PowerShell 138 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
connection must exist:
[Sample]
$Credential=Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange - ConnectionUri https://outlook.office365.com/powershell-liveid/ - Credential $Credential -Authentication Basic -AllowRedirection
Import-PSSession $Session
To authorize the user accordingly, the parameter -IsO365Domain for Microsoft 365 must be passed:
[Sample]
& 'C:\Program Files\GBS\iQ.Suite\Support\Scripts\SetEWSPermissions.ps1' - Username (Read-Host -Prompt 'Input the user name') -IsO365Domain
Tab: Exchange Access
In this tab, make the settings which will allow Exchange Information Store access:
User / Password: Enter the username and the password of the EWS user which has been created on the Exchange Server.
If you enter the email address of the user (e.g. [email protected]), you have not to specify the domain in the Domain field.
Client Access Server (CAS) / Exchange version: If the Client Access Server role and the Mailbox role are used on the same Exchange server, you don't have to specify a CAS server. If the CAS role is installed separately from the mailbox role or you want to use the 139 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
feature 'Update sent items' or make Information Store scans with iQ.Suite for SMTP, enter the server name or FQDN of the CAS server.
If you specify a CAS server, you have to select the Exchange version of this CAS server in the next field.
For the CAS server, specify the server name or the FQDN.
Domain: Specify the domain of the EWS user specified above (e.g. company-x.com) if you did not enter the email address in the User field.
Microsoft 365 connection: If you want to use the iQ.Suite feature 'Update sent items’ in combination with Microsoft 365, click 'Yes'. In this case, keep the 'Client Access Server' field empty.
Display and synchronize Clerk absences in Outlook
With this feature enabled, you can synchronize One-time Clerk Absences created in iQ.Suite WebClient and the absence notifications used in these absences with your Exchange Server.
The absence information coming from iQ.Suite WebClient is used for the Automatic Replies feature in Outlook (Client and Web version) and is displayed in the Outlook dialog for Automatic Replies after a successful synchronization. The variables used in notifications are resolved, so that the correct variable values are displayed in Outlook, e.g. [VAR]deputy::displayname;[/VAR] is replaced with "Anna Glenn" (deputy). Creating absences in iQ.Suite WebClient:
Example of a one-time absence for David Galler (component Clerk > Absences > One- Time Absences):
Example of an absence notification for David Galler (component Clerk > Absencees > Notifications):
140 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Settings in a notification for Mr Galler:
Display in the Outlook dialog Automatic Replies after a successful synchronization:
141 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
iQ.Suite sets the marker ##IQSUITE_CLERK_SYNC## at the end of the message. This mark allows you to filter out the Automatic Replies from Exchange by using iQ.Suite Wall, if desired.
Now, another user (e.g. Boris Zidane) would like to send an email to David Galler. Since Mr Galler is absent, an absence notice is shown when Mr Zidane (the sender) is entering the recipient name "David Galler" in a recipient field:
If, despite the absence notice, the sender (in our example "Boris Zidane") sends the email to the absent "David Galler", Mr Zidane will receive an Automatic Reply (email) which applies to the absent recipient. The Automatic Reply contains the subject and message of the absence notification which was created in iQ.Suite WebClient for the Mr Galler.
Settings in the iQ.Suite Management Console
142 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
For the feature described above, the following settings are required:
1. Enable the option Display and synchronize Clerk absences in Outlook. 2. Use Add to make the Schedule settings for the synchronization.
Example: Every week on Monday, Wednesday, Thursday und Saturday, respectively at 1 am, the synchronization will run:
3. Click Apply > OK.
Since EWS (iQ.Suite Information Store Access Service) is required for this feature, make sure that this Service is started.
SMS Gateway for sending passwords by SMS 143 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
This tab is only relevant if you are using iQ.Suite PDFCrypt or iQ.Suite Convert.
Under certain preconditions, the password of password-protected PDF files can be sent to the recipients of these PDFs by SMS.
Since the SMS is not directly sent from iQ.Suite but via an SMS Gateway, you must make settings in the SMS Gateway tab:
Email address: Specify the email address which can be used to communicate with your SMS Gateway.
Example: [VAR]SMSRecipient[/VAR]@gateway.com Also refer to Password by SMS and Sending the password to the recipient by email or SMS.
Send email in plaintext format: Some SMS Gateways cannot process emails in HTML format. If you enable this option, HTML emails will be converted to plain text.
Configuring web access to the Quarantines
Run the WebClient_Quarantine.sql script on your WebClient database in order to create the required database objects. You will find the SQL Scripts under ...\GBS\iQ.Suite\Support\Scripts\ The following procedure applies if you are using MS SQL Server:
1. Open the SQL file mentioned above under: \GBS\iQ.Suite\Support\Scripts\SQL 2. Copy the content of this file to the Query window of the SQL Server Enterprise Manager: SQL Server Enterprise Manager > Tools > SQL Query Analyzer. 3. Run the command (query) by selecting Execute Query (F5). 4. Grant appropriate access rights to a user.
For PostgreSQL, refer to the documentation of PostgreSQL, if required.
Use the WebClient tab of the iQ.Suite Servers' Properties to make the settings required for user access to the iQ.Suite items "Quarantine data", "User Lists" and "Passwords":
144 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
URL: Specify the URL of the WebClient server to be used by users to access the iQ.Suite items mentioned above. To enable this user access, additionally select under 'iQ.Suite Server' > 'User Access' tab an option for user access by WebClient. Refer to User access to iQ.Suite items.
Enable quarantine data collection: The quarantine data are collected for web access.
Database connection: The quarantine data collected by the 'iQ.Suite Data Collector Service' of the selected iQ.Suite Server of an iQ.Suite domain are saved in the configured SQL database. To configure the required Database connection, click and proceed as described under Requirements for SQL database server and iQ.Suite Server.
Important: Use for each quarantine a separate database (database connection).
Update interval: Specify in minutes how frequently data collection should be performed, during which the database content will be updated.
145 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Settings for an individual iQ.Suite Server
Click Basic Configuration > iQ.Suite Servers and double-click the required server in the right section.
To define a new server, click iQ.Suite Servers > right-click > New > iQ.Suite Server.
General settings for server
Name: Enter the (NetBIOS) name of the server (Exchange/SMTP). During the installation, the current server name is automatically entered.
Number of threads: Set the maximum number of emails processed simultaneously by the iQ.Suite. A reasonable maximum depends on the capacity and performance of your server.
Select the Event logging level. You can view this log with the Windows Event Viewer. The options range from 'None’ to 'Maximum’.
In the iQ.Suite jobs, you can set that audit files are created to log and view the email processing operations performed by a job (refer to Write audit files to log directory). Under Create audit files, enter how often these files are to be created and under Delete audit files after x days set how long the files are to be kept in the Log directory. 146 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Tip: To be able to view a newly created server in the iQ.Suite Monitor, refresh the view: iQ.Suite Monitor > right-click > Refresh.
Individual email addresses for an iQ.Suite Server
Both the user-defined and default installation settings in the properties for all iQ.Suite servers are copied to each individual server. These are the iQ.Suite Servers default settings.
To specify different settings for a specific server, select the Customize address settings option and enter the new addresses in the associate fields.
Monitor: Synchronization and number of processed emails
In the Monitor tab, you can perform the following settings:
147 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Name/IP address: If the iQ.Suite administration console and the iQ.Suite server are installed in different domains, the administration console can access the iQ.Suite server only by remote via the iQ.Suite Monitor. To establish a connection between the administration console and the iQ.Suite Server, you can specify in this field an alternative server name or the IP address of the iQ.Suite server.
Disable automatic configuration synchronization / Disable automatic license synchronization / Disable automatic LDIF file synchronization: Use these options to exclude the iQ.Suite server (slave server) from the synchronization. These options are not available for the master server.
For further information on the configuration synchronization, refer to Synchronizing Configuration, License and LDIF in a multi-server environment.
Maximum number: Use this field to limit the number of processed emails to be displayed under iQ.Suite Monitor in the Processed Emails view. Under iQ.Suite Monitor, you can stop the internal buffering of processed emails. Refer to Start/Stop the recording of processed emails.
Converting TNEF mails to MIME
Bridge Quarantines as well as the Mail Transport Jobs Bridge Connector and Store Archiving can optionally convert emails from TNEF to MIME before they are exported to the external component (e.g. an external archiving system).
Use the Conversion tab to define the conversion method to be used by the Bridge Quarantines and the jobs mentioned above:
148 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
In general, it is not required to modify the default settings. In individual cases, you may have to influence the representation of TNEF emails. For this, refer to Converting TNEF mail to MIME.
Important: Please note that only the TNEF-to-MIME Convert Job can convert the email from TNEF to MIME for further processing by the subsequent jobs of the job chain. The server- specific setting does not change the format of the email in the job chain; if required, a copy of the email is created in the MIME format. Whenever the email has been converted to MIME by the Convert Job before it is processed by one of the jobs mentioned above, the server-specific setting is ignored.
Using a proxy server
If your network environment requires a proxy server for Internet connections, you can select the proxy for each iQ.Suite server, for instance for downloading updates from the Internet.
1. Create a proxy server configuration in the iQ.Suite. Refer to Proxy servers. 2. Select in the Proxy Server tab the Custom proxy server option and select the previously created proxy server configuration.
149 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
User access to iQ.Suite items
You can enable users to access the following iQ.Suite items:
Quarantined emails Entries of User Lists (Blacklists and Whitelists) Passwords
Users will receive notification emails that contain links. Depending on your configuration, clicking on these links can trigger a request by email or HTTP(S).
Examples:
1. The Quarantine summary notification contains links to quarantined emails. With a click on links, the user can execute some actions. For further information, refer to User access to Quarantine. 2. iQ.Suite PDFCrypt: The PDFCrypt mail or the separate recipient notification may contain a link for a password request. When the user clicks on this link, a request email is created. The user sends this request email to the automatically set email address. The reply will be an email which contains the password.
For each server, you can specify whether and how users can access the iQ.Suite items mentioned above. For this, select Basic Configuration > iQ.Suite Servers > 'Server' > right-click > Properties and open the User Access tab:
Allow access by email: refer to Enable user access via email request.
No access by HTTP/HTTPS: Since the internal HTTP server is not started, no access is possible from the (summary) notifications via the links contained in these notifications.
Access by internal HTTP server: refer to Enable user access via internal HTTP Server.
150 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Access by WebClient only: This option enables user access by HTTP or HTTPS via iQ.Suite WebClient. Access by HTTPS is only possible via the WebClient. This option disables the internal HTTP server - unlike the option 'Access by WebClient and internal HTTP server’.
Access by WebClient and internal HTTP server: Like the option 'Access by WebClient only', this option enables user access by iQ.Suite WebClient. However, the internal server remains active, so that the already existing links still work if you swith from the internal HTTP server to the WebClient.
Note: For accessing the WebClient, specify the WebClient URL under iQ.Suite Servers > Properties > WebClient > URL.
Enable user access via email request
The request is started by email (so-called 'request email'). This request email (e.g. password request) is created when the user clicks on the link for the desired request (so- called 'mailto' link) in the notification. The email client opens a new email with the recipient, subject, and message body being set automatically. The user must now send this request email.
To ensure that this is correctly processed by the iQ.Suite, it is required that the recipient's email address exists and that the email is sent through the server on which the iQ.Suite is installed. We recommend you to set up the mailbox on the same server. The message content is read out, thereby triggering the action requested by the user. iQ.Suite recognizes request emails through the email address (specified in the Mailbox field) and the message body.
Finally, the request email is placed in the specified mailbox. To delete request emails once they have been processed, select the Delete request mails after processing option.
Enable user access via internal HTTP server
Requests are started via HTTP. When the user clicks on the link, the web browser opens. The user is notified that the request is being processed.
For requests HTTP, you must specify a free Port (default: 8009) and the name or IP of the HTTP server in the Server or IP field.
Important: The feedback message is set in the OK_Response.html file in the iQ.Suite\AppData directory. For further Information on configuring user quarantine access, refer to Setting permissions for Quarantine access.
Generate abbreviated email links
The mailto links generated by iQ.Suite have the command to be executed in the email body by default. The subject contains only a string which transcribes the command, e.g. 'PUR’ (PasswordUserRequest). 151 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Example of a non-abbreviated mailto link:
mailto:[email protected]?subject=PUR&body=[UR]:ver=3* id=7tkmllSVIEJMP/DONPgRan7wERgvLSaPFV2ZqDw1Pp0W8lYufG1Q_g== Some web mailers can resolve these mailto links only up to the subject. Therefore, the emails sent via these web mailers are by default for iQ.Suite unusable since the command is expected in the body. In order to handle this problem, enable the option 'Generate abbreviated email links’. With this option, the command is written in the subject line when the mailto links are generated, and iQ.Suite can process these command mails.
Example of an abbreviated mailto link:
mailto:[email protected]?subject=[UR]:ver=3* id=7tkmllSVIEJMP/DONPgRan7wERgvLSaPFV2ZqDw1Pp0W8lYufG1Q_g==
Scheduled tasks
Quarantine maintenance
Use the Scheduled Tasks tab to specify the time at which the quarantine on the servers is to be purged. This deletes all emails marked for deletion to make space for newer emails. Default setting: each Saturday at 03:00 AM.
Tip: If necessary, you can also purge quarantines manually. Click iQ.Suite Monitor > Server > right-click > All Tasks > Purge Quarantine.
1. Under Basic Configuration > iQ.Suite Servers > 'Server name' > Properties, open the Scheduled Tasks tab:
152 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
2. If you wish to modify the time and/or the purge period, click Edit and specify the desired time and day:
Automatically sending Server Report
Like for the Quarantine maintenance, use the Schedule Tasks tab to define the time at which a Server Report is to be sent automatically to the iQ.Suite administrator by email.
The notification email includes all information that is displayed under iQ.Suite Monitor > Server > 'Server' > Server Status > General Tab. Refer to Server status.
MailFlow Check: Monitoring Mail Routing from iQ.Suite 360 to iQ.Suite
The MailFlow Check Service is a service which monitors the mail routing from iQ.Suite 360 to iQ.Suite. Not the concrete deficient route part but interruptions in the entire route can be detected.
In case of interruptions, iQ.Suite administrators will be informed via the Windows Event Log (Warning or Error). Additionally, an email notification is sent in case of errors. This way, interruptions can be detected sooner and reparation times can be reduced.
Make the settings for the MailFlow Check in the MailFlow Check tab of the desired iQ.Suite Server (Basis Configuration > iQ.Suite Servers > 'iQ.Suite Server'):
153 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Use service 'MailFlow Check': To activate the MailFlow Check Service, enable this checkbox.
Recipient address: iQ.Suite 360 sends a ping email at a regular time interval (Check interval) to the email address which is specified here and routed via this server. No access to these emails via a user mailbox is required.
Check interval: Define the time interval within which a ping email is expected to arrive at the recipient address. If the ping email does not arrive within this time interval, a warning is output to the Event Log.
Period count: This is the number of missing ping emails after which an error is output. An Event Log entry of the type Error is written and an email notification is sent.
Delete ping emails: The received ping emails will be deleted from the server and not delivered to the mailbox.
How is the iQ.Suite Administrator informed in case of interruptions?
The following example illustrates the monitoring:
Check interval: 5 minutes Period count: 3 Recipient address [email protected]
According to the settings in this example, a ping email is sent to the recipient address every 5 minutes.
If the ping email does not arrive at the iQ.Suite mail server after 5 minutes, the internal error count is increased and a warning is output to the Event Log.
154 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
If the email does not arrive three times consecutively, i.e. in our example after 15 minutes (
View a list of all Jobs
The iQ.Suite Jobs tab provides a list of all jobs defined on this server. To edit a job on the server, select the job properties.
155 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Proxy servers
If you have already specified proxy server connection data during the iQ.Suite installation, these proxy server settings are entered under Basic Configuration > General Settings > Proxy Server.
When required, change these settings:
Proxy name or IP: Enter the full name or IP address of the proxy server, e.g. proxy.mydomain.de or 172.x.x.1. Proxy port: Enter the port number used for communication with the proxy server. Default: 8000. Proxy user and Proxy password (optional): Authentication data used by the update service to log in to the proxy server.
Note: To delete a proxy server, click 'Proxy server' > right-click > Delete. Note that you cannot delete a proxy server that is being used by an object.
156 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Address Lists
Under Basic Configuration > General Settings > Adress Lists, you find preconfigured lists that you can use to start with. For instance, use the AntiSpam: Blacklist address list to collect addresses from well-known spam domains. For emails whose sender address is listed in a blacklist, you can configure a Wall job in order to block such emails and not deliver them to the intended recipients. Conversely, use the AntiSpam: Whitelist address list to exclude known trustworthy email addresses from being checked, e.g. addresses from business partners. You can also create your own address lists and later assign them to a job.
iQ.Suite address lists
The iQ.Suite address lists are created from the settings of the main iQ.Suite server and cannot be freely changed. The entries are determined during the installation, however they can be manually configured subsequently. Refer to iQ.Suite Server settings.
Use the iQ.Suite address lists to configure jobs for specific sender/recipient groups.
Note: If you select 'Empty sender (<>)', the iQ.Suite jobs will also be able to process emails without any sender address, for instance to perform specific job actions for iQ.Suite system notifications or spam without sender address.
Creating, editing and deleting custom address lists
You can create your own address lists to be selected and used for individual jobs. Create a custom address list from domain addresses, group addresses or addresses from other organizational units. iQ.Suite takes the available data from the Active Directory (AD) (on Exchange) or the LDIF file (on SMTP).
To create an address list perform the following steps:
1. Click Basic Configuration > Address Lists > right-click > New > Address List.
2. Enter a meaningful name for the address list and click
157 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
3. Select the addresses to be added and click Add.
To add your own addresses to the address list, enter them in the input field. You can use the placeholders asterisk (*) and question mark (?). It is also possible to enter formally invalid email addresses such as info@domain. For each entry, use a separate line.
To search for an entry, click . This text search function is also available for dictionaries. For further Information on finding and replacing, refer to Searching for text in Dictionaries.
To remove an entry from the list, select it and click Remove.
4. Click OK.
158 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
5. If the Allow adding addresses from the quarantine option is enabled, the quarantined email’s sender address can be added to any address list out of the quarantine (iQ.Suite Monitor > Add button).
By default, the following address lists are enabled for direct access. Creating your own address lists extends this selection correspondingly:
Anti-Spam: Blacklist Anti-Spam: Newsletter Blacklist Anti-Spam: Newsletter Whitelist Anti-Spam: Whitelist
6. Click OK again. Your address list has now been created and can be edited or deleted under Address lists. To delete the address list, right-click and select Delete.
Using and handling addresses within a Job
In each job, the Addresses tab allows to set to which senders and recipients a job applies, e.g. whether a job is to be valid for all users or restricted to internal or external recipients.
Note: Both conditions in the Message from and Addressed to fields must come 'True' for an action to be triggered (logical AND).
159 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
For further Information on sender/recipient conditions and sample configurations, refer to Addresses tab.
1. Click on Advanced. 2. Select the Sender/Recipient condition for which a specific action is to be executed. For instance, if you wish to run a job for all addresses included in the 'Sample List' address list, click the following entry:
3. Select the desired address list (here: Sample List) :
160 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
4. Confirm with OK. The address list will now be used in the iQ.Suite job.
161 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Creating notification templates
General
In each iQ.Suite job, you can specify the persons to be notified on erroneous or successful job processing (administrators, senders and/or recipients). For each iQ.Suite module, notification templates are available to be selected within the jobs of the respective module (Actions tab). The preconfigured notification templates for the iQ.Suite modules are stored under Basic Configuration > General Settings > Templates.
To create a new notification template, proceed as follows:
1. Click Templates > 'Template Type' > right-click > New > 'Job type'.
When creating a template, assign the template to a job type, so that only the relevant notification templates are shown in the selection when configuring jobs.
2. Enter the Notification subject.
3. In the Notification Text tab, click Edit. Enter the notification text. To customize the layout of your text, use the Formatting toolbar (the commands are internally converted to HTML code). To enter HTML tags directly, open the source code with .
4. Confirm with OK and select the new notification template in a job.
Related topics: Defining Quarantine summary notifications, Collective notification and Whitelist notification / Blacklist notification.
List of notification variables
The notification variables listed in the following table may be used in the notification texts
and notification subject lines. Insert the desired variables by using .
In certain cases, it may be more appropriate not to display individual rows of the notification template, for example, if a cellular phone number has not been entered for all users in the Active Directory. You can use the [COND] conditional variable in these cases by manually entering it in the source text of any notification template. Refer to [COND] variable:.
Note: All variables except the variables under Administrative Notifications are set between the tokens [VAR] and [/VAR] ("VAR" in capital letters!).
General variables
Variable type Variable Description
162 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
General: Applicable [VAR]RestrictedRecipients[/VAR] Recipients of the email that recipients triggered the action who were defined in the address conditions.
General: Date [VAR]DateOnly[/VAR] Date on which the job that started the action was processed.
General: Date and [VAR]Date[/VAR] Date and time at which the Time job that started the action was processed.
General: Full iQ.Suite [VAR]ToolReportFull[/VAR] Full processing report of all Report executed jobs.
General: Full iQ.Suite [VAR]ToolReportFullHTML[/VAR] Full processing report of all Report (HTML) executed jobs in HTML format.
General: ID of a [VAR]QuarantineDocRef[/VAR] Unique identifier of the quarantined email quarantined email.
General: Initial [VAR]InitialRecipients[/VAR] Email recipients who were recipient(s) specified in the original email (at the beginning of the job chain).
General: Invalid [VAR]UnrestrictedRecipients[/VAR] Recipients of the email that recipients triggered the action who were not defined in the address conditions.
General: iQ.Suite [VAR]ToolReport[/VAR] Summary of the scan results. Report
General: iQ.Suite [VAR]ToolReportDetails[/VAR] Scan results with all details. Report (details)
General: Job name [VAR]Jobname[/VAR] Name of the job that started the action.
General: Message ID [VAR]MsgID[/VAR] ID of the email.
General: Number of [VAR]NumberRecipient[/VAR] Number of recipients to recipients which the email is addressed.
163 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
General: Product [VAR]ProductName[/VAR] Product name of the iQ.Suite name (iQ.Suite for Microsoft Exchange or for SMTP)
General: Product [VAR]ProductVersion[/VAR] Version number of the version installed iQ.Suite
General: Quarantine [VAR]Quarantine[/VAR] The quarantine in which an folder email was stored.
General: Recipient(s) [VAR]Recipients[/VAR] SMTP recipients of the email (SMTP) that triggered the action.
General: Recipient(s) [VAR]MailHeader::To[/VAR] Email recipients of the email (email) that triggered the action (recipients from the 'To’ field).
General: Sender [VAR]Mailsender[/VAR] Sender of the email that triggered the action.
General: Sender [VAR]From[/VAR] Sender SMTP of the email (SMTP) that triggered the action.
General: Server [VAR]Server[/VAR] Server through which the affected email was sent (the name entered in the configuration settings).
General: Server [VAR]ServerFQDN[/VAR] Server through which the (network name) affected email was sent (the server’s network name - Fully Qualified Domain Name).
General: Subject [VAR]Subject[/VAR] Subject line of the email that triggered the action.
General: Time [VAR]TimeOnly[/VAR] Time at which the job that started the action was processed.
Administrative notifications
For resolving the variables for Administrative Notifications, no general prefixes are used. These variables must be set into brackets, e.g. [HTML_ProductName].
The existence of variables can be checked by using [COND].
164 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Variables with an "HTML_" prefix are always replaced with an HTML-encoded value. Therefore, such variables should be used only in the notification body. Variables without "HTML_" prefix are not specially encoded and should be used only in the subject.
General Variables for Administrative notifications:
The general variables are always resolved, this does not depend on the Administrative Notification type. The following general variables can be used:
Variable Description Possible values
ProductName Name of the installed product iQ.Suite Exchange (fixed) HTML_ProductName iQ.Suite SMTP
(Avira Exchange Security)
ProductShortName Short name of the installed iQ.Suite product HTML_ProductShortName (AVEXS) (fixed)
CompanyName Name of the manufacturer of GBS Europa GmbH the installed product HTML_CompanyName (Avira Operations GmbH & (fixed) Co. KG)
ServerName Serve name Extracted from EMHConfig / WinAPI HTML_ServerName
ServerPhysName Physical server name Extracted from EMHConfig / WinAPI HTML_ServerPhysName
Type-dependent variables:
In this section, you will find a description of the variables which can be used for different types of administrative notifications:
Admin: Failed to load configuration file
Variable Description
HTML_Name Name / Path of the failed configuration file
HTML_Date File time of the failed configuration file
165 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
HTML_Description Error description
A) Admin: Email moved to Badmail B) Admin (internal): Email moved to Badmail C) Admin: Email moved to Badmail (with links) D) Admin (internal): Email moved to Badmail (with links)
Variable Description Available for
Description Short error description A, B, C, D
HTML_Date Date and time of the A, B, C, error D
HTML_Sender Email sender A, B, C, D
HTML_Recipients Email recipient A, B, C, D
HTML_Subject Email subject A, B, C, D
HTML_History Processing log A, B, C, D
HTML_ReleaseLinkHttp Release link via HTTP C, D
HTML_ReleaseLinkMail Release link via MailTo C, D
A) Admin: No valid license B) Admin: License expired C) Admin: License expiring today D) Admin: License expiring soon
Variable Description Available for
HTML_Title License name A, B, C, D
HTML_EndDate Expiration date of the B license 166 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
HTML_DaysLeft Remaining days until D expiration of the license
Admin: Job reported error Admin: Job reported error (with restart)
Variable Description
Name Name of the job which runs with errors
HTML_Name
HTML_Date Date and time of the job disabling
ErrorCount Number of emails for which the job ran with errors
Minutes Duration of the job disabling in minutes
HTML_Description Error description
A) Admin: Virus scanner error B) Admin: Scanner update single error C) Admin: Scanner update multiple errors D) Admin: Scanner update success
Variable Description Available for
Name Name of the scanner A, B, C, D HTML_Name
HTML_Date Date and time of the A, B, C, error / successful D update
ErrorCount Number of scanner / A, B, C scanner update errors
HTML_Since Date and time of the C first update error 167 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
HTML_Description Error description / A, B, C, Last update D
HTML_Log Scanner update log B, C, D
HTML_ScannerEngine Engine version after D update
HTML_ScannerPattern Pattern version after D update
HTML_ScannerPrevUpdate Date and time of the D last successful update
A) Admin: Quarantine database full B) Admin: Quarantine database full (mission critical) C) Admin: Quarantine database nearly full D) Admin: Quarantine database nearly full (mission critical) E) Admin: Database connection error
Variable Description Available for
Name Name of the Quarantine A, B, C, D, database E HTML_Name
Usage Filling degree of the C, D Quarantine database in %
ErrorCount Number of the failed E attempts
HTML_Description Error reason E
Admin: Unknown Crypt certificate
Variable Description
HTML_Name Email encrypted with the certificate
168 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
HTML_Date Date and time of the verification
HTML_Description Report reason
HTML_CertificateId Certificate ID
Admin: Global summary error
Variable Description
Name Name of the global summary notification HTML_Name
LocationName Folder for which the summary notification is executed. HTML_LocationName
HTML_Date Error date and time
HTML_Description Error reason
Admin: User request error
Variable Description
Name Name of the user
HTML_Name
HTML_Date Date and time of the request
HTML_Description Error reason
HTML_Source Source of the request
Admin: Notification reinjection failed
Variable Description
169 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Description Short error string
HTML_Date Date and time of the error
HTML_Sender Sender of the notification
HTML_Recipients Recipient of the notification
HTML_Subject Subject of the notification
HTML_Report Error reason
Admin: MailFlow Check failed
Variable Description
HTML_HCEmail Monitored email address
HTML_HCWaitDuration Monitoring interval
HTML_FailedTimes Number of intervals in which no email has been received.
Bridge
Variable type Variable Description
Bridge: [VAR]Bridge_Engine[/VAR] Display name of the Bridge Connector connector defined under 'Utilities’ (from the configuration of the Bridge job).
Bridge: Error [VAR]Bridge_ErrorCode[/VAR] Error code returned by Bridge in code case of an error, e.g. when no connection to the Bridge Connector can be established.
Bridge: Error [VAR]Bridge_ErrorDescription[/VAR] Error description returned by description Bridge in case of an error, e.g. when no connection to the Bridge Connector can be established.
170 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Collective Notification
Variable type Variable Description
Collective [VAR]NotificationList[/VAR] HTML list of all notifications (Body), notification: list of separated by dashes. notifications
Collective [VAR]TOCList[/VAR] Numbered HTML list of all notifications notification: table (Subject). Each entry in the list has a of contents link to the corresponding entry in the notification list ("NotificationList" variable).
Connect
Variable type Variable Description
Connect: Detailed job report [VAR]Connect_JobReport[/VAR] Detailed job report
Connect: Name of Connect [VAR]Connect_Engine[/VAR] Name of the Engine used Connect Engine
Connect: Name of failed [VAR]Connect_AttaNameFail[/VAR] Name of the attachment(s) file attachment(s) which could not be uploaded.
Connect: Name of uploaded [VAR]Connect_AttaNameSuccess[/VAR] Name of the attachment(s) uploaded attachment(s)
Connect: Reason of uploading [VAR]Connect_UploadError[/VAR] List of errors failure on attachment(s) which occurred when trying to upload attachments
Connect: Size of uploaded [VAR]Connect_AttachmentSizeKB[/VAR] Size of the attachment(s) (in KB) uploaded file 171 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
attachment(s) (in KB)
Connect: Time for uploading [VAR]Connect_ProcTimeSuccess[/VAR] Processing attachment(s) time for uploading the file attachment(s)
Connect: Total number of [VAR]Connect_UploadCountFail[/VAR] Number of failed attachments file attachments which could not be uploaded.
Connect: Total number of [VAR]Connect_UploadCountSuccess[/VAR] Number of uploaded attachments successfully uploaded file attachments
Connect: Total size of [VAR]Connect_TotalAttaSizeKB[/VAR] Total size of uploaded attachments (in KB) the uploaded attachments (in KB)
Connect: Total time for [VAR]Connect_TotalProcTime[/VAR] Total uploading attachments processing time for all uploaded file attachments
Connect: URL of uploaded [VAR]Connect_UploadUrl[/VAR] URL to the attachment(s) uploaded attachment(s)
Convert
Variable type Variable Description
Convert: Name of [VAR]AttachmentName[/VAR] Name of the converted file the converted attachment; in form of a list for attachment multiple attachments.
Convert: Size [VAR]SizeDeltasPerc[/VAR] Size difference of the converted difference of the file attachment (in %); in form of converted a list for multiple attachments. attachment (in %) 172 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Convert: Size [VAR]SizeDeltaKB[/VAR] Size difference of the converted difference of the file attachment (in KB); in form converted of a list for multiple attachment (in KB) attachments.
Convert: Size of [VAR]AttachmentSize[/VAR] Size of the converted file the converted attachment prior to conversion attachment (in (in bytes); in form of a list for bytes) multiple attachments.
Convert: Size of [VAR]AttachmentSizeKB[/VAR] Size of the converted file the converted attachment prior to conversion attachment (in KB) (in KB); in form of a list for multiple attachments.
Convert: Total [VAR]ConvertedCount[/VAR] Total number of converted file number of attachments. converted attachments
Convert: Total [VAR]SizeDeltaSumKB[/VAR] Total size difference of the size difference of converted file attachments of the converted this email (in KB). attachments (in KB)
Convert: Total [VAR]MailSizeDeltaKB[/VAR] Total size difference of the size difference of original email following the original email conversion (in KB). (in KB)
Convert: Total [VAR]AttachmentSizeSum[/VAR] Total size of the converted file size of the attachments prior to conversion converted (in bytes). attachments (in bytes)
Convert: Total [VAR]AttachmentSizeSumKB[/VAR] Total size of the converted file size of the attachments prior to conversion converted (in KB). attachments (in KB)
Convert [VAR]Password[/VAR] Password used for encryption Compression: Password
Convert [VAR]UniqueID[/VAR] Unique generated email
173 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Compression: identifier Password ID
Convert [VAR]RequestPassword[/VAR] [VAR]RequestPassword[/VAR] Compression: contains the string with the Password request actual password request. ID This string can be copied into the subject or body of a new Convert [VAR]RequestPasswordRecipient[/VAR] email and sent to the recipient Compression: of the password request. Password request recipient [VAR]RequestPasswordRecipient [/VAR] is replaced with the mailbox address of the iQ.Suite server (User Access tab).
Convert [VAR]HTTP_RequestPasswordLink[/VAR] Only when the Password Compression: Management is used. Request password by web Web link for requesting password incl. HTML markup (text).
Convert [VAR]Mail_RequestPasswordLink[/VAR] Only when the Password Compression: Management is used. Send password by email Email link for requesting password incl. HTML markup (text).
Convert [VAR]SMSRecipient[/VAR] Only when the Password Compression: Management is used. Can also be SMS number used under iQ.Suite Servers > SMS Gateway.
SMS number of the recipient for sending the password by SMS.
Crypt / WebCrypt
Variable type Variable Description
iQ.Suite Crypt
Crypt: Analysis [VAR]Crypt_Security[/VAR] Displays the Crypt mode used results and its result (email has not been encrypted or decrypted, etc.).
174 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Crypt: Crypt [VAR]Crypt_Engine[/VAR] Name of the selected Crypt Engine engine.
Crypt: Crypt [VAR]Crypt_Method[/VAR] Name of encryption method method (PGP, S/MIME or PGP/MIME).
Crypt: Crypt [VAR]Crypt_Handling[/VAR] Job security settings: encrypt, mode sign, encrypt and sign.
Crypt: Number [VAR]Crypt_NumberImported[/VAR] Number of imported keys (the of imported email sections from which the keys keys were imported are counted).
Crypt: [VAR]Crypt_AffectedRecipients[/VAR] Recipients for whom a Crypt Recipients action has been executed. processed
Crypt: Signer [VAR]Crypt_SignerEmail[/VAR] Email address of the certificate email address used for verification (only S/MIME).
iQ.Suite Crypt - WebCrypt
WebCrypt [VAR]Crypt_ErrorCode[/VAR] Error code returned in case of SMTP: Error an error. Error numbers code between 1 and 20 refer to errors of the WebCrypt server.
WebCrypt [VAR]Crypt_Marker[/VAR] Configured marker SMTP: Marker
WebCrypt [VAR]UseSMTP[/VAR] Is set to "1" if an SMTP server is SMTP: Use used; can be used as [COND] SMTP condition.
WebCrypt [VAR]SMTP_Host[/VAR] Name/FQDN of the SMTP server SMTP: SMTP Host
WebCrypt [VAR]SMTP_Port[/VAR] Port of the SMTP server SMTP: SMTP Port
WebCrypt [VAR]SMTP_User[/VAR] User of the SMTP server SMTP: SMTP User
175 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
WebCrypt [VAR]SMTP_Password[/VAR] Password of the user on the SMTP: SMTP SMTP server Password
WebCrypt [VAR]SMTP_TimeoutSeconds Timeout for accessing the SMTP SMTP: Timeout [/VAR] server in seconds (in seconds)
WebCrypt: Use [VAR]SMTP_UseTLS[/VAR] Is set to "1" if an TLS is used; TLS otherwise, it is not set.
Can be used as [COND] condition.
WebCrypt: Error [VAR]Crypt_ErrorCode[/VAR] Error code returned in case of code an error. Error numbers between 1 and 20 refer to errors of the WebCrypt Pro server.
Information Store
Variable type Variable Description
IS-Scan: Carbon [VAR]ISSCAN_DisplayCC[/VAR] Contents of the 'DisplayCc’ field of copy the scanned object
IS-Scan: Created [VAR]ISSCAN_CreatedTime[/VAR] Created date and time of the time scanned object
IS-Scan: Error [VAR]ISSCAN_ErrorText[/VAR] Description of the scan error description
IS-Scan: Folder [VAR]ISSCAN_Folder[/VAR] Name of the Information Store folder which contained the scanned object.
IS-Scan: Mailbox [VAR]ISSCAN_Mailbox[/VAR] Name of the mailbox which contained the scanned object.
IS-Scan: Message [VAR]ISSCAN_MessageUrl[/VAR] URL of the Information Store URL where the scanned object was located.
IS-Scan: Received [VAR]ISSCAN_ReceivedTime[/VAR] Received date and time of the time scanned object
176 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
IS-Scan: Scan [VAR]ISSCAN_ScanCfg[/VAR] Scan configuration used to scan configuration the object.
IS-Scan: Sent [VAR]ISSCAN_SentTime[/VAR] Sent date and time of the time scanned object
IS-Scan: Server [VAR]ISSCAN_Server[/VAR] Name of the scanned server,
IS-Scan: To [VAR]ISSCAN_DisplayTo[/VAR] Contents of the 'DisplayTo’ field of the scanned object
Password Management
Variable type Variable Description
Password Management: Server [VAR]Server[/VAR] (NetBIOS- /Short)Name of the server
Password Management: Server [VAR]ServerFQDN[/VAR] Name of the (network name) server with domain (Fully Qualified Domain Name)
Password Management: Sender [VAR]From[/VAR] Sender of the original email
Password Management: [VAR]Recipients[/VAR] Recipient of the Recipient(s) original email
Password Management: Subject [VAR]Subject[/VAR] Subject of the email for which the password was generated
Password Management: [VAR]UniqueID[/VAR] Unique Password ID identifier of the email for which the password was generated.
Only appropriate for passwords that are generated 177 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
for each email.
Password Management: [VAR]CreationDate[/VAR] Date and time Password creation date of the password creation
Password Management: [VAR]CreationDateOnly[/VAR] Date of the Password creation date (date password only) creation
Password Management: [VAR]CreationTimeOnly[/VAR] Time of the Password creation date (time password only) creation
Password Management: Latest [VAR]LastRequestedDate[/VAR] Date and time password request date when the password has been requested last
Password Management: Latest [VAR]LastRequestedDateOnly[/VAR] Date when the password request date (date password has only) been requested last
Password Management: Latest [VAR]LastRequestedTimeOnly[/VAR] Time when the password request date (time password has only) been requested last
Password Management: Latest [VAR]LastUsedDate[/VAR] Date and time password use date when the password has been used last
Password Management: Latest [VAR]LastUsedDateOnly[/VAR] Date when the password use date (date only) password has been used last
Password Management: Latest [VAR]LastUsedTimeOnly[/VAR] Time when the password use date (time only) password has been used last
PDFCrypt
Variable type Variable Description
178 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
PDFCrypt: Job mode [VAR]Mode[/VAR] Executed processing (signing, encryption or "signing + encryption”)
PDFCrypt: List of [VAR]AttachmentLinks[/VAR] Can be used in PDFCrypt header. attachment links Links to the file attachments of the original email.
Note: If you use this variable many times, the attachments will also be inserted into the PDF many times.
PDFCrypt: Number [VAR]NotVerifiedCount[/VAR] Number of not verified PDF files of unverified PDFs (with invalid signature or untrusted certificate)
PDFCrypt: Number [VAR]BadCount[/VAR] Number of PDF files that could of unprocessed not be processed. PDFs
PDFCrypt: Number [VAR]GoodCount[/VAR] Number of successfully of successfully processed PDF files processed PDFs
PDFCrypt: Number [VAR]UnsignedCount[/VAR] Number of unsigned PDF files of unsigned PDFs
PDFCrypt: Number [VAR]VerifiedCount[/VAR] Number of verified PDF files. of verified PDFs
PDFCrypt: Password [VAR]Password[/VAR] Password that was used for encryption.
PDFCrypt: Password [VAR]UniqueID[/VAR] Unique generated email ID identifier
PDFCrypt: Password [VAR]RequestPassword[/VAR] [VAR]RequestPassword[/VAR] request ID contains the string with the actual password request.
PDFCrypt: Password [VAR]RequestPasswordRecipient[/VAR] This string can be copied into request recipient the subject or body of a new email and sent to the recipient of the password request.
[VAR]RequestPasswordRecipient [/VAR] is replaced with the mailbox address of the iQ.Suite 179 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
server (User Access tab).
PDFCrypt: Request [VAR]HTTP_RequestPasswordLink[/VAR] Only when the Password password by web Management is used.
Web link for requesting password incl. HTML markup (text).
PDFCrypt: [VAR]Mail_RequestPasswordLink[/VAR] Only when the Password Send password by Management is used. email Email link for requesting password incl. HTML markup (text).
PDFCrypt: SMS [VAR]SMSRecipient[/VAR] Only when the Password number Management is used. Can also be used under iQ.Suite Servers > SMS Gateway.
SMS number of the recipient for sending the password of encrypted PDFs by SMS.
PDFCrypt: Table of [VAR]AttachmentTable[/VAR] Can be used in PDF Header: attachment links HTML table which contains two columns: one with attachment icons and one with the corresponding attachment names. The attachments of the original email open by clicking on the attachment icons.
Quarantine Summaries
Variable type Variable Description
Summary: Current [VAR]Nowdate[/VAR] Date at which the summary report current summary date notification was generated.
Summary: Current [VAR]Now[/VAR] Date and time at summary report which the current date and time summary notification was generated.
180 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Summary: Current [VAR]Nowtime[/VAR] Time at which the summary report current summary time notification was generated.
Summary: Fully [VAR]FQDN[/VAR] Full domain name of qualified domain the server on which name the quarantine for which a notifications to be generated is located.
Summary: HTTP port [VAR]HTTPPort[/VAR] Port of the HTTP server.
Summary: HTTP [VAR]HTTPServer[/VAR] HTTP server through server which HTTP user requests are sent.
Summary: Last [VAR]Lastdate[/VAR] Date at which the summary report previous summary date notification was generated.
Summary: Last [VAR]Last[/VAR] Date and time at summary report which the previous date and time summary notification was generated.
Summary: Last [VAR]Lasttime[/VAR] Time at which the summary report previous summary time notification was generated.
Summary: List of [VAR]HtmlList[/VAR] Complete list of all quarantined emails quarantined items for a recipient with HTML formatting (compulsory field in the quarantine summary notification).
Summary: [VAR]Displayname[/VAR] Name of the Quarantine quarantine from where the email list was generated.
Summary: Recipients [VAR]RcptTo[/VAR] Recipients of the summary 181 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
notification.
Summary: Request [VAR]Link::MAIL_SendRecentlyAdded[/VAR] Creates an additional follow-up summary link in the summary by email notification. Users can manually request an intermediate report of their summary notification by email.
Summary: Request [VAR]Link::HTTP_SendRecentlyAdded[/VAR] Creates an additional follow-up summary link in the summary via HTTP notification. Users can manually request an intermediate report of their summary notification via HTTP.
Summary: Reply to [VAR]ReplyTo[/VAR] Address to which replies to the summary notification are to be sent (NotificationReplyTo).
Summary: Sender [VAR]From[/VAR] Sender of the summary notification.
Summary: Server [VAR]Server[/VAR] Short name of the server where the quarantine is located for which a notification is to be generated.
Summary: Subject [VAR]Subject[/VAR] Subject of the summary notification.
Store (Archiving)
Variable type Variable Description
Store Archiving: [VAR]Archive_ID[/VAR] ID (in archive) of the email ID archived with success.
182 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Store Archiving: [VAR]Archive_Engine[/VAR] Display name of the archiving Engine engine, set under 'Utilities’ (from configuration of the Store job).
Store Archiving: [VAR]Archive_ErrorCode[/VAR] Error code returned by the Error code archive interface in case of an error.
Store Archiving: [VAR]Archive_ErrorDescription[/VAR] Error description returned by Error the archive interface in case of description an error.
Store Archiving: [VAR]Archive_Size[/VAR] Number of archived bytes (total Size (in bytes) of all exported emails).
Store Archiving: [VAR]Archive_Time[/VAR] Time in seconds needed for Time (in archiving. seconds)
Userlist Summaries
Variable type Variable Description
Userlist: [VAR]HtmlList[/VAR] Complete list of all entries for the Entries corresponding recipient with HTML formatting (compulsory field in the blacklist/whitelist notification).
Userlist: Fully [VAR]FQDN[/VAR] Full network name of the server Qualified hosting the blacklist/whitelist for Domain Name which the summary notifications are generated.
Userlist: HTTP [VAR]HTTPPort[/VAR] Port of the HTTP server. Port
Userlist: HTTP [VAR]HTTPServer[/VAR] HTTP server through which HTTP Server user requests are sent.
Userlist: Name [VAR]Displayname[/VAR] Name of the blacklist/whitelist used to generate the list of emails.
Userlist: [VAR]SummaryPart[/VAR] If more than 3 000 new entries Number are listed in a blacklist/whitelist,
183 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
the user receives several blacklist/whitelist notifications. The variable returns the consecutive number of the notification ("1" for the first 3 000 entries, "2" for the next 3 000, etc.).
Userlist: [VAR]CollectedSize[/VAR] Total size of the blacklist/whitelist Number of notification. entries
Userlist: [VAR]RcptTo[/VAR] Recipients of the blacklist/whitelist Recipients notification.
Userlist: Reply [VAR]ReplyTo[/VAR] Address to which the replies to address the blacklist/whitelist notifications are to be sent (NotificationReplyTo).
Userlist: [VAR]From[/VAR] Sender of the blacklist/whitelist Sender notification.
Userlist: [VAR]Server[/VAR] Short name of the server hosting Server the blacklist/whitelist for which the notifications are generated.
Userlist: [VAR]Subject[/VAR] Subject of the blacklist/whitelist Subject notification.
Whitelist
Whitelist: [VAR]link::MAIL_ClearWhitelist[/VAR] Creates an additional link in the Clear whitelist summary notification. Users can by email manually delete a whitelist by email (all entries are removed).
Whitelist: [VAR]link::HTTP_ClearWhitelis[/VAR] Creates an additional link in the Clear whitelist summary notification. Users can by web manually delete a whitelist via HTTP (all entries are removed).
Whitelist: Send [VAR]link::MAIL_SendWhitelist[/VAR] Creates an additional link in the whitelist by summary notification. Users can email manually request a whitelist by email.
Whitelist: Send [VAR]link::HTTP_SendWhitelist[/VAR] Creates an additional link in the
184 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
whitelist by summary notification. Users can web manually request a whitelist via HTTP.
Blacklist
Blacklist: Clear [VAR]link::MAIL_ClearBlacklist[/VAR] Creates an additional link in the blacklist by summary notification. Users can email manually delete a blacklist by email (all entries are removed).
Blacklist: Clear [VAR]link::HTTP_ClearBlacklist[/VAR] Creates an additional link in the blacklist by summary notification. Users can web manually delete a blacklist via HTTP (all entries are removed).
Blacklist: Send [VAR]link::MAIL_SendBlacklist[/VAR] Creates an additional link in the blacklist by summary notification. Users can email manually request a blacklist by email.
Blacklist: Send [VAR]link::HTTP_SendBlacklist[/VAR] Creates an additional link in the blacklist by summary notification. Users can web manually request a blacklist via HTTP.
Wall
Variable type Variable Description
iQ.Suite Wall - Content filtering
Wall: Content [VAR]DeniedContentTabHTML[/VAR] Detailed information on the checking details words/sentences found.
Wall: Denied [VAR]DeniedWordlists[/VAR] Dictionaries triggering the action, dictionaries value/threshold reached.
Wall: Denied [VAR]DeniedWord[/VAR] Word triggering the action, words value/threshold reached.
Wall: Mail part [VAR]DeniedMailParts[/VAR] Attachments/message bodies causing the action.
iQ.Suite Wall - Spam filtering
185 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Wall: CORE [VAR]CORECategory[/VAR] Category in which the email is classification placed (classified) by CORE. category Example: NON-SPAM, SPAM.
Wall: CORE [VAR]COREPrediction[/VAR] Precise value for categorizing classification emails. result
Wall: Kaspersky [VAR]KASAnalysis[/VAR] Return value of the Kaspersky Anti-Spam Anti-Spam Engine, after having analysis details checked the email for spam.
Wall: SASI result [VAR]SASIAnalysis[/VAR] Return value of the SASI Engine, after having checked the email for spam.
Wall: SCL result [VAR]SCLAnalysis[/VAR] Return value of the SCL probability level after having checked the email for spam.
Wall: Spam [VAR]SpamReportHTML[/VAR] Detailed information on each analysis details spam criterion.
Wall: Spam [VAR]SpamLevel[/VAR] iQ.Suite Wall adds a spam level level in the form of an asterisk rating in steps of 10 in the header of each scanned email (e.g. X- SPAM-TAG: * indicates a spam probability between 0 and 10, X- SPAM-TAG: *** a probability between 20 and 30). You can define a rule that looks for this string in the Outlook message header and applies actions to emails with more than a certain number of asterisks.
For further Information on creating rules in Outlook, please refer to the Outlook help.
Wall: Spam [VAR]SpamValue[/VAR] Calculated spam probability probability value (from 0 to 100). This value is compared with the individually defined threshold values in the advanced spam filtering job.
iQ.Suite Wall - Address Filtering
186 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Wall: Max. [VAR]SetRecipientLimit[/VAR] The maximum number of number of recipients defined in the job. recipients
Wall: Restricted [VAR]DeniedRecipient[/VAR] Names of the recipients who recipients have triggered an action.
Wall: Restricted [VAR]DeniedSender[/VAR] Names of the senders who have senders triggered an action.
iQ.Suite Wall - Creating/Validating DKIM signatures
Wall: DKIM [VAR]DKIM_BodyHash[/VAR] Hash value of the DKIM body Body Hash
Wall: DKIM [VAR]DKIM_BodyCanon[/VAR] Method of canonicalization used Canonisation for the email body Body
Wall: DKIM [VAR]DKIM_HeaderCanon[/VAR] Method of canonicalization used Canonisation for the email header Header
Wall: DKIM DNS [VAR]DKIM_DNS[/VAR] DNS server
Wall: DKIM [VAR]DKIM_Domain[/VAR] Domain which contains the Domain public key
Wall: DKIM [VAR]DKIM_HashAlgorithm[/VAR] Hash algorithm used to calculate Hash Algorithm the DKIM signature
Wall: DKIM [VAR]DKIM_UsedHeaders[/VAR] Used DKIM headers Headers
Wall: DKIM [VAR]DKIM_Selector[/VAR] Selector Selector
Wall: DKIM [VAR]DKIM_SignatureDate[/VAR] Date of the DKIM signature Signature Date
Wall: DKIM [VAR]DKIM_Timestamp[/VAR] Timestamp of the DKIM Timestamp signature
iQ.Suite Wall - Deleting HTML bodies and mail headers
187 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Wall: Header [VAR]HeaderMatch[/VAR] Pattern due to which the deleted matches header was found.
Wall: Number [VAR]BodiesRemovedCount[/VAR] Number of bodies removed of bodies removed
Wall: Number [VAR]HeaderRemovedCount[/VAR] Number of headers removed of headers removed
Wall: Removed [VAR]HeaderRemoved[/VAR] Name of the deleted headers headers
Watchdog
Variable type Variable Description
Watchdog: [VAR]AttachmentName[/VAR] Names of the Attachment denied/infected file name attachments.
Watchdog: [VAR]AttachmentSize[/VAR] Size of the denied/infected Attachment file attachment. size
Watchdog: [VAR]FingerprintName[/VAR] Name of the denied file type. Attachment type
Watchdog: [VAR]MessageSize[/VAR] Overall size of the email. Email size
Watchdog: [VAR]SetSizeLimit[/VAR] Maximum email size Email size limit specified in the job.
Watchdog: [VAR]ExtractedUrl[/VAR] A list of all URLs found in the Extracted URLs email.
Watchdog: [VAR]Fingerprintcategory[/VAR] Category of the denied file Fingerprint type. category
Watchdog: [VAR]ErrorAttachment[/VAR] Names of the PDFs for which Names of errors occured during
188 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
failed PDFs processing.
Watchdog: [VAR]IgnoredAttachment[/VAR] Names of the PDFs which Names of have not been processed ignored PDFs (because they were encrypted or signed).
Watchdog: [VAR]DeniedAttachment[/VAR] Names of the PDFs which Names of contain prohibited elements. restricted PDFs
Watchdog: [VAR]SafeAttachment[/VAR] Names of the PDFs which Names of safe have been identified as PDFs "safe” (no prohibited elements)
Watchdog: [VAR]ExtractedUrlCount[/VAR] Number of URLs found in Number of the email. extracted URLs
Watchdog: [VAR]ErrorCount[/VAR] Number of PDFs for which Number of errors occured during failed PDFs processing.
Watchdog: [VAR]IgnoredCount[/VAR] Number of PDFs which have Number of not been processed ignored PDFs (because they were encrypted or signed).
Watchdog: [VAR]DeniedCount[/VAR] Number of PDFs which Number of contain prohibited elements. restricted PDFs
Watchdog: [VAR]SafeCount[/VAR] Number of PDFs which have Number of been identified as "safe” (no safe PDFs prohibited elements).
Watchdog: [VAR]DeniedExtractedAttachments[/VAR] Names of all prohibited Removed files attachments which have from PDFs been extracted from PDFs.
Watchdog: [VAR]DeniedExtractedUrls[/VAR] Names of all prohibited URLs Removed URLs which have been extracted from PDFs from PDFs.
Watchdog: [VAR]SuspiciousUrl[/VAR] URL which has been Suspicious URL identified as 'suspicious’ by the Kaspersky Anti-Spam
189 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Engine.
Watchdog: [VAR]Virusname[/VAR] Names of the viruses found. Virus name
Watchdog: [VAR]virusscanner[/VAR] Names of the scan engines Virus scanner that have found the viruses.
190 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Creating a database connection to a SQL database server
Overview
Connections to SQL database servers
By default, the iQ.Suite data is written to a local database based on the Microsoft Jet engine, without further configuration settings required. If you prefer to have the iQ.Suite data written to a SQL database instead, you can use a SQL database server.
Available database connections
For the supported SQL database servers, the following types of database connections are available:
PostgreSQL: If you are using PostgreSQL, select this database connection. For PostgreSQL, refer to the documentation of PostgreSQL, if required. MS SQL: If you are using Microsoft SQL Server, select this database connection.
Refer to Configuration of the Database Connection.
Recommended usage of a SQL database server
A SQL database server must or should be used in particular cases:
User Lists (Blacklists and Whitelists):
For User Lists, a local Access database is generally sufficient because of the small data volume. Exception: In multi-server environments, we recommend to use a central SQL database. Refer to Setting up central User Blacklists and Whitelists.
iQ.Suite WebClient:
For data to be displayed in the iQ.Suite WebClient (e.g. statistics and Clerk), at least one SQL database must be created and connected to iQ.Suite. For information on how to install and configure the WebClient, refer to Installation of iQ.Suite WebClient.
For statistics: refer to Setting up Global Statistics. For Clerk: refer to Clerk Configuration (Only SQL).
Quarantines:
For the Quarantines, we recommend to use a SQL database server because of the high data volume, since SQL database servers are faster and provide more storage space than Access databases. Refer to Setting up a local Quarantine database.
Note:
191 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Complex server environments require a number of configurations of both iQ.Suite and SQL database server, which go beyond the scope of this document.
Requirements for SQL database server and iQ.Suite Server
For using a SQL database server in combination with iQ.Suite, the following requirements must be met:
The installations of the SQL database server and the iQ.Suite server are completed. The database(s) have been set up and the corresponding tables created. At least one user is defined as a database user. This database user has sufficient rights to the database. The database driver has been installed on the iQ.Suite server.
If the SQL database server and the iQ.Suite server are installed on different computers, additionally ensure that the protocol set on the database SQL database server meets the requirements for external server operation.
Configuration of the database connection
Only one SQL database is sufficient for all data of iQ.Suite and iQ.Suite WebClient. This is also the recommended procedure.
Note that a distinction is made between a central SQL database server for central User Lists or Global Statistics and a local SQL database Server for the Quarantine. Refer to Setting up a local Quarantine database.
This section describes how to configure a database connection between iQ.Suite and a Microsoft SQL Server:
1. Create a new database connection:
Basic Configuration > General Settings > Database Connections > Right-click > New > 'DatabaseType'
Refer to Available database connections.
192 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
2. The Connection string field contains an ADO string. You can keep this default ADO string. The specified iQ.Suite variables (Server, Database, etc.) will be replaced with associate values on each server at runtime. 3. In the Database server section, specify the name under which the database server can be accessed: Use current iQ.Suite Server name: Use this option if the database server is installed on every server of the iQ.Suite domain. Use fixed name: Enter the name of the computer (including instance name, if applicable) on which the database server is installed. 4. In the Database name section, specify the name under which the database can be accessed: Use current Quarantine name: Use this option if you want to use the same database connection for several quarantines. In this case, make sure that the quarantine name is the same as the database name. Use fixed name: Enter the name of the computer (if required, with instance name) on which the database can be accessed. 5. Under Database user, enter the name of a database user who has access rights on the database. In the next field, enter the associated password. 6. Under Command timeout, define after how many seconds the database connection will be interrupted if no data is returned from the database. If you are using large databases, we recommend to start with '60' (seconds).
7. To test the configured database connection, click .
Note: For the database type PostgreSQL, the database connection cannot be tested.
8. If you didn't specify a fixed name for Database server and/or Database name, select in the subsequent dialog respectively a name and click OK:
193 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
A system message indicates whether the connection was successful or failed.
ADO String
Default string for a SQL database connection:
For PostgreSQL:
Driver={PostgreSQL UNICODE(x64)};Database=[ADODatabase]; Server=[ADOServer];Uid=[ADOUser];Pwd=[ADOPwd] For MS SQL Server (with "OLE-DB” driver):
Provider=SQLNCLI11;Database=[ADODatabase];Server= [ADOServer];Uid=[ADOUser];Pwd=[ADOPwd] The default string illustrates one of many configuration possibilities for the ADO string. For further Information on the ADO string configuration, refer to the Microsoft documentation or to www.connectionstrings.com.
Driver=<...>: Name of the used database driver
Provider=<...>: Mandatory parameter needed to specify the provider. Enter the value manually (no iQ.Suite variable available).
Database=[ADODatabase]: mandatory parameter, which sets the database to be used. The variable [ADODatabase] will be replaced according to your setting under Database name. If the 'Use current Quarantine name’ option is enabled, this variable will be replaced as follows:
If using the SQL database server for the quarantine, the variable will be replaced with the name of the database set in the Folder name field under Quarantine > Properties > General Tab. If using the SQL database server for a central User List, the variable will be replaced with the name 'Whitelist'.
Therefore, with the 'Use current Quarantine name’ option, you can use one database connection for several databases which exist on the same SQL database server. Please note that the databases have to be created with exactly this name. Otherwise, no connection will be possible.
Server=[ADOServer]: mandatory parameter, which specifies the database server instance used. The variable [ADOServer] will be replaced at runtime with the specified fixed name of the respective server, depending on your setting under Database server.
Uid=[ADOUser];Pwd=[ADOPwd]: mandatory parameters. The variables 194 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
[ADOUser] and [ADOPwd] will be replaced with the contents of the fields Database user and Password.
Setting up central User Blacklists and Whitelists
In a multi-server environments, each server creates its own user list (blacklist and whitelist). Thus, each user is provided with a separate blacklist and whitelist for each server, which all need to be maintained individually. In order to manage the user lists centrally and simplify administration, you can set up a SQL database server instead of the standard local database based on the Microsoft Jet engine. This SQL database server will write the information for all iQ.Suite servers involved to a central SQL database.
To create a central user list, proceed as follows:
1. Create on your SQL database server a SQL database manually.
2. Run the General_UserList.sql script on the SQL database in order to create the database objects required for the user lists. You will find the SQL scripts under ...\GBS\iQ.Suite\Support\Scripts\ The following procedure applies if you are using MS SQL Server:
1. Open the SQL file mentioned above under \GBS\iQ.Suite\Support\Scripts\SQL 2. Copy the content of this file to the Query window of the SQL Server Enterprise Manager: SQL Server Enterprise Manager > Tools > SQL Query Analyzer 3. Run the command (query) by selecting Execute Query (F5). 4. Grant appropriate access rights to a user. 3. Create a database connection between the SQL database server and the iQ.Suite server: Basic Configuration > Database Connections > New > 'DatabaseType'. Refer to Requirements for SQL Database server and iQ.Suite Server. 4. Under Configuration > iQ.Suite Servers > Properties > Databases, select in the Database connection for Whitelist entries field the corresponding configuration. Refer to Databases. 5. Open the Advanced Spam Filtering job. In the Actions tab, click the Definite Criteria button and enable the 'Emails from senders in user whitelist' option.
Setting up Global statistics
The statistics data, which are displayed per server under IQ.Suite Monitor > Servers > 'Server' > IQ.Suite Reports, can be written to a central SQL database for all iQ.Suite servers in order to be displayed in the iQ.Suite WebClient. Inside the WebClient, these statistics can be displayed for all servers or filtered per server.
To enable the creation of global statistics, proceed as follows:
1. Create on your SQL database server a SQL database manually. 2. Run the General_Statistics.sql script in order to create the database objects required for global statistics. You will find the SQL Scripts under ...\GBS\iQ.Suite\Support\Scripts\
195 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
The following procedure applies if you are using MS SQL Server:
1. Open the SQL file mentioned above under \GBS\iQ.Suite\Support\Scripts\SQL 2. Copy the content of this file to the Query window of the SQL Server Enterprise Manager: SQL Server Enterprise Manager > Tools > SQL Query Analyzer 3. Run the command (query) by selecting Execute Query (F5). 4. Grant appropriate access rights to a user. 3. Create a database connection between the SQL database server and the iQ.Suite server: Basic Configuration > Database Connections > New > 'DatabaseType' 4. Refer to Configuration of the Database Connection.
5. Under Configuration > iQ.Suite Servers > Properties > Databases, select in the Database connection for statistics data field the corresponding configuration. Refer to Databases.
Setting up a local Quarantine database
Besides using the SQL database server for blacklists/whitelists, it can also be used locally for quarantine databases. Normally, the index of a quarantine is maintained in the local Access database (Microsoft Jet engine). In case the capacity of an Access database is insufficient, these entries can also be written to a SQL database server.
Procedure:
1. Create on your SQL database server a SQL database manually. 2. Run the General_Quarantine.sql script in order to create the required database objects. You will find the SQL Scripts under ...\GBS\iQ.Suite\Support\Scripts\ The following procedure applies if you are using MS SQL Server:
1. Open the SQL file mentioned above under \GBS\iQ.Suite\Support\Scripts\SQL 2. Copy the content of this file to the Query window of the SQL Server Enterprise Manager: SQL Server Enterprise Manager > Tools > SQL Query Analyzer 3. Run the command (query) by selecting Execute Query (F5). 4. Grant appropriate access rights to a user. 3. Create a database connection between the SQL database server and the iQ.Suite server: Basic Configuration > Database Connections > New > 'DatabaseType' Refer to Configuration of the Database Connection.
Note: In the database connection ADO string, the [ADODatabase] variable for the quarantine database name is replaced with the folder name (Folder Settings > 'Quarantine' > right-click > Properties > Folder name) if the 'Use current Quarantine name’ option is selected in the database connection. This allows to use one database connection for several quarantine databases. With the 'Use current Quarantine name’ option enabled, the database must have this folder name on the 196 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
SQL database server.
4. Create a quarantine: Folder Settings > Quarantine > New > Quarantine. In the Connection string field, select the previously configured database connection.
Note: When using SQL databases, it might happen that the database service fails or becomes inaccessible. As a result, the quarantine cannot be accessed during that period of unavailability and any emails that should have been quarantined cannot be stored properly. To handle this business-critical situation, you can select the Quarantine is mission critical option in the Quarantine (Folder Settings > Open 'Quarantine' > General). This option allows to deal with emails in the event of a quarantine error.
Troubleshooting SQL Servers
Problems that occur during the installation or configuration of a SQL server can have various causes. Therefore, the troubleshooting steps below can only provide basic information as to possible causes:
Check the port (default: 1433) or adjust it to your server environment: SQL Server Configuration Manager > SQL Native Client Configuration > Client Protocols > TCP/IP. Make sure the SQL server browser is enabled: SQL Server Configuration Manager > SQL Server Services > SQL Server Browser (Status: Running).
If a central SQL Server has been installed on a different computer than the iQ.Suite server, the following requirements must also be met:
Open SQL Server Surface Area Configuration > Surface Area Configuration for Services and Connections. Select under MSSQLSERVER > Database Engine > Remote Connections the 'Using both TCP/IP and named pipes’ option in order to authorize the connection on the SQL server as configured in the ADO string. After configuration is complete, the SQL server service has to be restarted.
Tip: Also refer to the quarantine configuration options (mission critical), e.g. in case of a database service failure described in the preceding section.
197 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Configuring Quarantines
After having installed iQ.Suite, each iQ.Suite server provides several quarantines for storing unwanted emails. The emails actually affected are defined in the job configuration (Addresses and Conditions tabs). Additionally, you have to set the 'Copy to Quarantine’ action and to specify the desired quarantine. At iQ.Suite installation, the Quarantine directory is created in the data directory, which initially contains the default quarantines and later all other newly created quarantines.
To create a Quarantine, click on Basis Configuration > Folder Settings > Quarantine > New > 'Quarantine type'. For the configuration, please note the information in the sections and chapters below.
Types of quarantines:
Regular quarantines
The iQ.Suite standard configuration already contains some predefined regular quarantines, such as the Default Quarantine and the Anti-Spam Quarantines. Regular quarantines are marked with a red icon.
Privacy quarantines
Privacy quarantines are mostly identical to regular quarantines. As a difference, in privacy quarantines you can configure that information like subject line, names of file attachments and/or sender/recipients' addresses are not displayed for secrecy reasons (Options tab). Since this email data is not available in the quarantine view of the iQ.Suite monitor, certain actions are not possible, e.g. the resending or saving of the email. Privacy quarantines are marked with a blue icon.
Review quarantines
For using Review quarantines, you need a license for the module 'iQ.Suite DLP’. For further information on DLP Review, please refer to DLP Review.
Review quarantines are used to allow a second person to review emails before they are sent to the recipient(s), e.g. to check whether they are compliant with the company policies (Four-eyes principle). Using a notification template, you can notify the reviewer when emails are put into the Review quarantine. Likewise, the sender can be informed of the action performed by the reviewers on his/her email ("approved" or "rejected").
Clerk quarantines
For using Clerk quarantines, you need a license for the module 'iQ.Suite Clerk’. A Clerk quarantine is only needed if you want to use the retroactive email processing of Clerk. Refer to Clerk Quarantine (Access or SQL).
198 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Notes:
Once the configuration has been saved, the new Quarantine is automatically created by the iQ.Suite Service and displayed under iQ.Suite Monitor. Refresh the view, if necessary. Due to limitations in the index database, the size of a Quarantine is usually limited to 1 GB.
General settings
Example of a Regular Quarantine:
Settings which are valid for every Quarantine type:
Folder Name: The quarantine’s Folder Name cannot be changed. This field can only be edited when you create a new quarantine. By default, the folder name is taken from the entry under Name. Only the characters A-Z and 0-9 are used, all others are converted to underscores. The proposed name can be overwritten.
Note: Enter the folder name only, not an absolute path. If using a SQL database server as quarantine index database, the folder name is also used as database name.
Delete mails after: Set after how many days the quarantined emails are to be removed from the quarantine. To remove all emails from the quarantine simultaneously, select iQ.Suite Monitor > Servers > 'Server name' > Quarantine Areas > 'Quarantine' > right-click > All Tasks > Compress quarantine.
Write job processing logs: Use this option to log the processing of the last iQ.Suite job, e.g. to trace back the reasons for quarantining an email. You can call the corresponding email in the iQ.Suite Monitor and view the processing log including all details in the Processing Log tab.
199 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Include full processing history: This option is an extension of the 'Write job processing logs' option. If enabled, not only the last iQ.Suite job having dealt with the email is logged, but the entire job processing chain, including all previous jobs. This log provides information as to why a job was not executed.
Note: For the Privacy Quarantine, this option is not available in the General tab, but in the Options tab.
Quarantine is mission critical
If enabled, any quarantine error is communicated to the job, after which the job is aborted and the job’s troubleshooting routine is started. The action performed with the email (ignore job or move to the Badmail quarantine) depends on the 'mission critical’ setting in the job itself. For further Information on the mission critical jobs, refer to Options.
Example:
A job used to check attachments detects a video file in an email addressed to an employee. The job is configured to block such emails and move them to the default quarantine. The email is not delivered to the recipient. Due to a quarantine error, the default quarantine is not available, i.e. the email cannot be quarantined.
The following settings for the job and the quarantine are conceivable:
Both the quarantine and the job are not mission critical:
Result: The quarantine error is ignored. The email cannot be quarantined, but it is not delivered either.
The quarantine is not mission critical but the job is mission critical:
Result: Refer to a) above.
The quarantine is mission critical but the job is not mission critical:
Result: The job is aborted and the email is passed as it is to the next job in the job chain.
Both the quarantine and the job are mission critical:
Result: The email is moved to the Badmail quarantine and not delivered.
Important: As long as the quarantine error has not been eliminated, it will systematically be signaled to the job if the 'Quarantine is mission critical’ option is selected. If the job itself is not mission critical, it will disable itself after a certain time and no longer process any emails. On the other hand, if the job is mission critical as well, each email will be moved to the Badmail quarantine (and not delivered) until the error has been resolved.
Regardless of the actual 'mission critical’ setting, the iQ.Suite administrators are informed by email of recurring quarantine or job errors.
Settings which are valid only for regular quarantines and Review quarantines:
200 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Size of body excerpts: Set whether or not and how much text from the email body (message body) is to be stored in the quarantine. When setting this field, please take into account the privacy aspects and the required space in the database.
Encrypt data: With this option enabled, a password is generated; this password is saved in encrypted form in the quarantine database. This password is used to encrypt the quarantine data which are written to the quarantine folder iQ.Suite\GrpData\Quarantine\
Note: When moving quarantine data from an iQ.Suite Quarantine to another iQ.Suite Quarantine (target quarantine), please note that encrypted quarantine data is decrypted if the 'Encrypt data’ option for the target quarantine is not enabled. Inversely, not encrypted quarantine data is encrypted if the 'Encrypt data’ option for the target quarantine is enabled.
Important: When deleting a quarantine database from which encrypted quarantine data is stored in the Quarantine folder, please note that this encrypted quarantine data cannot be decrypted anymore.
Settings which are valid only for regular quarantines:
Collect data for iQ.Suite WebClient: The data of the configured quarantine is collected by the iQ.Suite Data Collector Service and can be displayed on the iQ.Suite WebClient.
Setting permissions for Quarantine access
Use the Security tab to set access permissions for the Quarantine:
For further information on the configuration, refer to Setting access permission to iQ.Suite 201 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Servers and Quarantines.
Defining schedule for Quarantines
For Regular Quarantines and Privacy Quarantines, use the Schedule tab to make settings allowing the scheduled resend of quarantined items (emails):
Delete quarantine items after resent: The quarantined email is removed from the Quarantine database after it has been resent to the user mailbox.
Processing Action: Specify whether the quarantined email after resent on the way from the Quarantine database to the user mailbox shall be processed by the enabled iQ.Suite jobs or shall be delivered to the recipient(s) without being processed.
Options:
For every weekday, you can set one or more half hour periods starting from 0:00 hours.
To select a whole day, click on the short day name (e.g. 'Mo' for Monday).
Resend after specified time delay: The quarantined emails are resent to the recipients
202 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Options for Privacy Quarantines
When creating a privacy quarantine, use the Options tab to configure which email information is not to be displayed in quarantined emails under iQ.Suite Monitor and specify whether job processing logs are to be written.
Write job processing logs: Refer to General Settings.
Defining Quarantine summary notifications
A Quarantine summary notification periodically informs the users about the emails addressed to them and quarantined by iQ.Suite. Using the summary notification, the users can check the senders of quarantined emails and decide whether they want to have the email delivered after all. The actions actually available to the users as well as the additional information provided in the summary notification are set individually for each quarantine and each summary notification.
If you have configured blacklist/whitelist support, you can provide the users with access to their blacklists or whitelists. If you want to allow users to add senders to their user whitelists or blacklists from the summary notification, use the template Quarantine
203 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
summary report with whitelist support or Quarantine summary report with blacklist support.
If a summary notification is to be sent to the users for a specific quarantine, then you have to configure:
a template used to set the summary notification layout. a quarantine for which the summary notification is to be created. The fields are used to set which emails and which email fields are to be listed in the summary notification.
The [VAR]HTMLList[/VAR] variables and the specification of the email fields form the essential configuration elements. These entries define which content should be displayed in the summary notification.
Note: Each iQ.Suite server sends an individual quarantine summary notification, by default. In a server environment with several iQ.Suite servers, however, each user receives several quarantine summary notifications. To prevent this, configure a global quarantine summary notification. Refer to Configuring a Global Quarantine Summary Notification.
Template configuration
1. Open the desired template: Basic Configuration > General Settings > Templates > Quarantine Summaries. If blacklist/whitelist support has been enabled, separate templates will be available. 2. Change the layout of the summary notification as required. For further Information on templates, please refer to Creating notification templates. 3. Use the available variables to set the content of the summary notification. A summary notification consists of general information (e.g. the number of quarantined emails of the user) and links that allow to trigger specific actions, e.g. request a quarantined email. Each entry in the summary notification consists of a descriptive text (e.g. 'Number of emails’) and the corresponding variable ([VAR]collectedsize[/VAR]).
Note: Do not remove the variable [VAR]HTMLList[/VAR] (summary notification: List of quarantined emails). This entry defines the HTML list.
Quarantine configuration
The users are to periodically receive summary notifications informing them of any emails addressed to them that were blocked and quarantined.
1. Open the desired spam quarantine: Basic Configuration > Folder Settings > Quarantine. 2. In the Summary Reports tab, click Add to configure a new summary notification. In a server environment with several iQ.Suite servers, we recommend you, to send global quarantine summary notifications with a global iQ.Suite server.
204 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Template: Select the configured summary notification under Basic Configuration > General Settings > Templates > Quarantine Summaries.
Summary data: Set which emails are to be listed in the summary notification. If the 'New mails only’ option is selected, the only quarantined emails listed are those that were newly quarantined, i.e. not included yet in the previous summary notification.
Options: By default, quarantined emails requested or released by the user are not scanned again by the active iQ.Suite jobs. Each email requested from the summary notification is delivered unscanned when resent. If these emails should be scanned a second time by all iQ.Suite jobs, select the Process with iQ.Suite jobs option.
3. In the Recipients tab, define the notification type and the recipients of the summary notification: Notification type: The notification type determines the content of the summary notification. 'Administrative summary report': The summary notification contains information on all quarantined emails for all users. 'User-related summary report': The summary notification contains information on the emails put in quarantine for specific users.
205 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
In the case of a user-related summary report, the specified User type determines to whom user-specific summary notifications are sent: Send summary report to all email recipients / sender: The user- specific summary notification is sent to all original email senders whose emails were quarantined, and to all recipients to whom these emails were originally addressed. Send summary report to the following addresses only: The user- specific summary notification will only be sent to those users whose addresses are specified (select using the Address dialog).
In the case of an administrative summary report, the following recipients may be specified: Send to all iQ.Suite administrators: The administrative summary notification is delivered to all iQ.Suite administrators (entry under iQ.Suite Server). Only send to following addresses: The administrative summary notification will be sent to those users whose addresses are specified (select using the Address dialog). In general, administrative summary notifications should only be configured for authorized users or administrators.
4. In the Summary Fields tab, specify which fields of the quarantined emails are to be included in the summary notification.
From the Variable list, select the fields to be read from the quarantined email. For instance, if you select 'Subject’, the Subject line of the quarantined email is included in the summary notification.
The recipient of the summary notification can perform an action for the selected email by clicking on the links in the notification. Select the actions the user will be allowed to execute:
206 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Request: The quarantined email is delivered to the recipient of the summary notification. Enable this action in user-related summary notifications. Release: The quarantined email is forwarded to all original recipients of the email. Enable this action in administrative summary notifications. Remove: The quarantined email is marked for deletion in the quarantine. Add to whitelist: The sender of the email is added to the user whitelist. Add to blacklist’: The sender of the email is added to the user blacklist.
Tip: A list of all quarantines is available under Folder Settings > Quarantine. The 'summary report' column shows for which quarantines a summary notification has been configured (Yes/No).
Note: You can create several summary notifications with different contents for the same quarantine. The emails are retrieved separately from the quarantine for each summary notification, even if the schedule is the same for all of them.
5. In the Whitelist Fields or Blacklist Fields tab, select the quarantined email fields to be listed in the whitelist or blacklist notification. Refer to Whitelist Notification / Blacklist Notification.
6. Select the Schedule tab and click Add. Specify the desired period:
207 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
'Monthly (Interval)', e.g. every second and fourth week of the month on Monday. 'Monthly (Days)', e.g. on the 15th and the last day of the nonth. 'Weekly', e.g. every Monday at 10 PM.
In this example, an action is run every 15th and on the last day of the month at midnight.
Configuring a Global Quarantine summary notification
In a server environment with several iQ.Suite servers using the same iQ.Suite configuration with the same quarantines, we recommend you, to configure a global quarantine summary notification that contains all notifications for all the quarantines of a user into one notification. Without global quarantine summary notifications each internal user receives an individual summary notification for each of his/her quarantines from each involved iQ.Suite server.
To configure a global quarantine summary notification, proceed as follows:
1. Under iQ.Suite Servers > Properties, open the Global Options tab:
208 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
2. Define a Global password. Refer to Global Password. 3. In the Global iQ.Suite Server field, specify an iQ.Suite server which shall collect the quarantine data from all involved quarantines, create the global quarantine summary notification and send it to the users. 4. Specify a Timeout in seconds. In case of a timeout, processing ist aborted with an error. 5. Define for which quarantines a global quarantine summary notification shall be created. For this, open the desired quarantines under Folder settings > Quarantine and enable in the Summary Notification tab the 'Create global quarantine summary notification' option.
Note: When this option is not enabled, each involved iQ.Suite server will send individual summary notifications for this quarantine.
Whitelist Notification / Blacklist Notification
While quarantine summary reports inform users about the emails quarantined by the iQ.Suite, the whitelist or blacklist notifications inform the user of new entries in his/her whitelist or blacklist.
Tip: For a recipient of a quarantine summary notification to be able to manage the entries in his/her whitelist and request a whitelist report, select the template with Whitelist Support for the quarantine summary notification. The same applies by analogy to blacklists. Refer to Defining Quarantine Summary Notifications.
209 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Under Whitelist template or Blacklist template, select the associate template defined under General Settings > Templates > Quarantine Summaries. Related topics: Defining Quarantine summary notifications and Setting up central User Blacklists and Whitelists.
210 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Password Management
Under Basis Configuration > Utility Settings > Password Management > 'Password Manager', you can create password managers or use the existing 'Standard Password Manager'.
Tab: General
Database connection for password information: The passwords generated by the password manager are saved in the database that is selected here.
Note: In a multi-server environment, the local preconfigured access database should not be used. In this case, a SQL database has to be created and be configured in the iQ.Suite accordingly. Refer to Creating a Database connection to a SQL Database server.
If using the local Access database, the corresponding MDB file (PwdMgmt.mdb) is created in the folder specified under Folder name after the iQ.Suite standard configuration has been saved. By default, the folder name is taken from the entry under Name. Only the characters A-Z and 0-9 are used, all others are converted to underscores. The proposed name can be overwritten. Folder name must be unique and cannot be changed later.
Path: 211 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
...\GBS\iQ.Suite\GrpData\PwdMgmt\
The template must exist under Templates > Password Management Notification Templates.
Use custom sender email address: This option is used to provide a sender address that differs from the usual notification address defined under General Settings > iQ.Suite Servers Settings > Address Settings > Notification Sender. Specify the desired email address in the subsequent field.
Verify sender email address on password requests: When a password is requested to decrypt a PDFCrypt mail per MAIL link, this option enables to verify whether the email address of the sender of the password request email matches with the requested password. Only if the sender address and the password match, the password is sent.
Submit notification to all iQ.Suite jobs on this server: With this option enabled, determine whether password emails are to be put into the job chain of the current server for further processing. With this, as an example, a trailer can be appended to password emails. If this option is not enabled, the password email is directly delivered to the recipient without further processing.
Password complexity
Use the Complexity tab to make the following settings:
Generate new password every... days: This setting applies only to passwords that have been generated per recipient or per sender-recipient combination.
Refer to the job settings (PDFCrypt/Convert Job) under Password type and Password generation.
To set a time limit to the validity of these passwords in the password database, specify the number of days to pass after password generation before to generate a new password. The recipient receives the new password with the next email which will contain a password-encrypted file for this recipient. For past emails, the old
212 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
password can still be used and requested without any time limit.
Password complexity: Define whether the password must contain upper case characters, lower case characters, numbers, and/or special characters. Used special characters: ! $ & / = ? # * + - _ < >
Excluded characters: You can define exceptions for the selected complexity options. Example: The password must contain upper case letters, but certain upper case letters are not allowed, for example, 'O’ and '0’ (zero) because of possible confusion. Default: iIoOlL01.
Password length: Enter the number of characters that the password must have.
The settings of password complexity also apply to one-time passwords.
Ignore complexity on manual password set: This option applies in case the user defines own passwords via iQ.Suite WebClient. With this option, determine whether your settings of password complexity shall be considered or ignored in this case.
213 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
iQ.Suite Monitor
With iQ.Suite Monitor, certain activities of the iQ.Suite servers can be watched and actions executed, e.g. the quarantined emails can be displayed (incl. the Badmail quarantine), scanners or connectors tested etc.
All iQ.Suite servers configured under Basic Configuration > iQ.Suite Servers are displayed in the iQ.Suite Monitor area after refreshing the view. Refer to Settings for an Individual iQ.Suite Server.
iQ.Suite Monitor accesses the servers via the network using SSL encryption. Therefore, iQ.Suite Monitor normally requires a login as authorized user. If you are not logged in to the server locally, a login dialog will prompt you for a user name and password to access the corresponding domain. To set the iQ.Suite Monitor access rights, proceed as described under Setting Access Permission to iQ.Suite Servers and Quarantines.
For successful remote access, the following requirements must be met:
The iQ.Suite Service is running. The communication port (default: 8008) is available. The computer name can be resolved and accessed through TCP/IP.
The login dialog for another server appears only if your current user does not have sufficient access rights for the second server. It is possible to log in to several servers at the same time using different user names and thus to access every iQ.Suite Monitor on each server.
During the iQ.Suite installation, access rights are granted according to the rights to the parent drive, i.e. the administrator will usually automatically have access.
To observe quarantine data in iQ.Suite Monitor, proceed as follows:
1. Set up the desired quarantine as described under Configuring Quarantines. 2. Click on the desired server. 3. Authenticate yourself with a user name and a password with sufficient rights to access the iQ.Suite data on the server’s file system. 4. In iQ.Suite Monitor open the quarantine you wish to view, e.g. the BADMAIL quarantine. All emails moved to the Badmail quarantine will be displayed (up to a maximum of 10 000).
5. The quarantined objects can be opened, filtered and resent as required. Exception: Information Store objects cannot be resent from the quarantine.
Topics:
Server Status 214 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Quarantines Password Management Bridge Quarantines Clerk Quarantines CORE Classifiers iQ.Suite Reports Protocol of the processed emails
215 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Server Status
For each of the configured iQ.Suite servers, the Server Status feature provides information on server settings relevant for the iQ.Suite and test functions to check certain configurations: iQ.Suite Monitor > Servers > 'Server name' > Server Status > 'General' tab.
A Server Report that includes such information can be sent automatically to the iQ.Suite administrator. Refer to Automatically sending Server Report.
Tab: General
The General tab provides general information on the current iQ.Suite version, the date of the last virus scanner update, licensed modules etc. This tab cannot be modified:
Tab: Test
The Test tab is used to check specific iQ.Suite settings:
216 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Scan Engine Test: Use this option to test whether the virus scanners used work correctly. To do so, the software checks whether the scan engine recognizes the EICAR test virus or the anti-spam engines used recognize the GTUBE test spam string. Both test strings contain harmless code that is unable to damage your system environment. The test results are indicated by OK or ERROR.
Scan Engine / Antispam Update: Use this option to test whether virus scanner and anti-spam engine updates are performed correctly. Further, you can start synchronization of the KeyManager certificates. Anti-spam engines as well as some of the virus scanners periodically download data from a defined download site. This ensures that iQ.Suite uses the most recent data when processing emails, e.g. the most recent search patterns for spam recognition. The test results are indicated by OK or ERROR.
TNEF-to-Mime Decoder Test: Use this option to test whether the decoder used for converting TNEF emails to MIME works correctly. This option is only relevant if you are using iQ.Suite Bridge or iQ.Suite Store and want to archive internal emails (TNEF emails) in MIME format.
Archive Connector Test: Use this option to test whether the archive connector used works properly. This option is only relevant if you are using 'iQ.Suite Store for Microsoft Exchange' and wish to archive emails through the iQ.Suite Store archiving interface.
Starting Information Store scan manually
Use the Information Store tab to manually start scanning in private Information Stores:
Combinable Scan Options are displayed when you click on Start scan. These scan options are described in the following sections.
General Settings
Use the General tab to select a Scan Configuration and, if required, limit the scan
217 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
runtime and the scope of the mailboxes to be scanned:
Scan Configuration: Select the Scan Configuration to be used. For limits and exceptions, if you want to use the settings of the Scan Configuration, enable the 'Use settings of the Scan Configuration’ option. Otherwise, you can make different settings in the Limits and Exceptions tabs. Stop scanning after... hours: With this option, you can limit the scan to a certain runtime (in hours). When this runtime is expired, the scan is aborted - no matter whether all items to be scanned have been scanned or not.
Specify mailboxes to be scanned
Determine whether to scan all mailboxes or only certain mailboxes. If required, select the desired mailboxes.
Limits
Use the Limits tab to specify which objects contained in the mailboxes are to be scanned:
Limit by type
If at the Scan Configuration at least one Watchdog Virus Scanning Job with an active virus 218 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
scanner is enabled, a scanner tag is set on the Information Store objects during each scan. To create the scanner tag, a hash value is used. This hash value is calculated from the versions of the virus scanner engine and virus patterns used for this scan. If no scanner tag is found, all objects are scanned - regardless of your setting in the Limit by type field.
The following options are available:
'Only objects with outdated scanner tag': Only the objects which have no up-to-date scanner tag or have never been scanned will be scanned. 'New objects only': Only the objects which have never been scanned (i.e. they have no scanner tag at all) will be scanned. 'All objects': All objects will be scanned - no matter whether they have been already scanned or not. Also objects with an up-to-date scanner tag will be scanned again.
Limit by time
Use the following options to limit the objects to be scanned by time:
'All objects since last scan': All objects which have been modified, created or received since the last scan will be scanned. 'All objects from specific period': All objects which have been modified, created or received during the defined period will be scanned. 'All objects from past number of days/hours': All objects which have been modified, created or received during the last... days/hours before the start date and time of the scan will be scanned.
Exceptions for the Scan
In the Exceptions tab, define which types of mailbox objects, types of mailboxes, and types of archive mailboxes you want to exclude from the scan:
For information on the types of mailboxes and mailbox objects, please refer to the 219 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Microsoft documentation.
Starting Information Store scan
In order to manually start the scan by using your configuration, click the Start Scan button.
Note: Any number of manual scans can be executed simultaneously provided that these scans use different scan options. In parallel to this, a scheduled scan can run. Multiple scheduled scans cannot be executed simultaneously.
Scheduled scans can be configured as described under Virus Scanning in the Information Store.
Scan reports
Use the Information Store tab to display the latest scan report.
A scan report contains details on the last Information Store scan (e.g. date and time of the last virus check, whether and in which database a virus was found, etc).
Note: Scan reports are always created - no matter whether the scans are started automatically (according to a schedule) or manually.
Click Show scan report to display the latest scan report.
Scan reports are stored under
A scan report always consists of an XML file and an HTML file resulting from the XML file:
ScanResult_
220 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Quarantines
General
If you have selected the 'Copy to Quarantine’ option in the Actions tab of a job, all affected emails are quarantined under iQ.Suite Monitor > Servers > 'Server name' > Quarantine Areas. By default, iQ.Suite provides the following quarantines:
Badmail quarantine: Contains emails classified as badmail. Refer to Badmails. Anti-spam quarantines: Each of these quarantines contains emails classified as spam by an iQ.Suite Wall anti-spam job. Depending on the classification level, spam emails are moved to one the quarantines. Refer to CORE Classification. Default quarantine: Contains all quarantined emails that could not be assigned to any other quarantine. This is the quarantine where emails are stored by default. Information Store quarantine: Contains email parts (e.g. email body, attachments) quarantined by an Information Store job. Refer to Virus scanning in the Information Store.
Additional quarantines can be created to classify the quarantined emails stored in the default quarantine. Furthermore, emails can be stored in privacy quarantines to prevent certain email data from being displayed in the iQ.Suite Monitor. Refer to Configuring Quarantines.
Usually, the Review quarantine is used for emails that should be reviewed before their delivery. For using Review quarantines, you need a license for the module 'iQ.Suite DLP'. This license is requires for all iQ.Suite Jobs (e.g. DLP Review Job or Wall Job) to be able to copy emails to the Review quarantine. For further information on DLP Review, refer to DLP Review.
For each email that meets the requirements configured in the job, the 'Copy to quarantine' action generates a quarantined email, which is stored in the configured quarantine.
Filter options
Within a Quarantine, a filter can be used to find specific quarantined emails or to limit the number of quarantined emails displayed. For this, numerous filter options are available:
221 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Date/Time: You can filter emails by the date/time at which they have been quarantined. By using 'Custom’, you can specify a time interval. Select job type: By selecting a job type, you decide to display only emails which have been quarantined by iQ.Suite jobs of the selected job type, e.g. Wall Spam Filtering Jobs. Attachment name: Only emails which contain the attachment specified here will be displayed. Subject: Only emails which have the subject specified here will be displayed. Label: By selecting the action 'Copy to Quarantine' in Jobs, you can attach a label to the quarantined email. With this filter option, you can filter emails by label. Sender / Recipients: You can filter emails by sender and/or by recipient(s). For this, specify the email address.
Note: All filter options are linked by a logical AND. Therefore, only the emails that fulfill all filter criteria will be displayed.In all input fields, you can use the asterisk (*) as a wildcard character.
To reset the filter options, click
Quarantine item
A quarantine item usually represents an email. In the Information Store Quarantine, a quarantine item can also be an email element (e.g. body or attachment) and in the Badmail Quarantine also other elements like, for example, command items.
To view information about a quarantine item (e.g. to find out the reason why it was quarantined), double-click on the quarantine item to open it:
Icons in quarantine items:
Send item from quarantine. Not available in the Information Store Quarantine.
222 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Delete item in quarantine.
Set, edit or delete the label for the item.
Save selected attachments. Save item.
Open Online Help.
Next item in quarantine.
Previous item in quarantine.
Example of a Quarantine email in the regular Quarantine
1. The Message tab contains general information such as date, time and email sender.
Note: Note that certain information is not displayed in privacy quarantines and most of the quarantine actions available for regular quarantines can not be executed.
223 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
To add the email’s SMTP sender to an address list for anti-spam protection, click the Add To button. The address lists shown with this button are set individually. Once you have added the sender address to the address list (refer to Address Lists), a message appears:
To copy the email to another Quarantine on this server, click the Copy To button. You can also assign a CORE classification category to the email (refer to CORE Classifiers). You can select the CORE classifier available on this server and then assign a category to the email:
You will then find this email in the corresponding CORE classifier category: iQ.Suite Monitor > Servers > 'Server name' > CORE classifier Areas > 'Classifier name' > 'Category name'.
2. The Processing Log tab shows the following information: Name and type of the job that has quarantined the item Server name Reason why the item has been quarantined. Processing details 3. The Resent Log tab displays details on the resend from quarantine process.
With right-click > All Tasks from the context menu to apply one of the following actions to a quarantined email:
Send the quarantined email to any recipient. Refer to Sending from Quarantine. Add a label to the quarantined email. Add the sender or sender domain to an address list. Refer to Adding senders to an Address List. Copy the quarantined email to another quarantine.
224 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
iQ.Suite Monitor displays a maximum of 10 000 quarantined emails (the most recent ones). To view older quarantined emails, restrict the list displayed using the appropriate filter options.
Example of an item in the Information Store Quarantine
1. The Item tab contains general information like Date, Time and email sender. The button Copy is used to copy the item to another Quarantine which is available on this server.
2. The Processing Log tab shows the following information:
Name and type of the job that has quarantined the item Server name 225 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Reason why the item has been quarantined. Processing details
Sending from Quarantine
Important: Other than quarantined emails, Information Store objects cannot be resent from the quarantine.
if you want to send a quarantined email to its original recipient or another user, you can resend it directly from the quarantine without having it rechecked by an iQ.Suite job:
1. Open the quarantine which contains the desired quarantined email, right-click on the email and select All Tasks > Resend Quarantine item.
As an alternative, you can send the email directly from the Properties dialog by clicking :
2. To change the recipient, enable the Change email recipients option and then click
(Select Address). The From field of the email contains the original sender (i.e. not a forwarded email).
No address lists are available to select an address for resending from quarantine.
3. Normally, you do not want any jobs to process the quarantined email. For this, select the Deliver the email bypassing any iQ.Suite jobs on this server option.
Notes:
This is a global setting. If you have enabled jobs that are to scan emails resent from quarantine, select the 'Resubmit the email to all iQ.Suite jobs on this server’ option. Otherwise, the Check emails resent from quarantine job setting will not apply and 226 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
all emails will be forwarded unprocessed. The ‘Resubmit the email to all iQ.Suite jobs on this server’ option only applies to those jobs for which the Quarantined emails: Check emails resent from quarantine option is enabled. All jobs will be excluded for which the ‘Ignore emails resent from quarantine' option is enabled.
Adding senders to an Address List
If the email of a specific sender has been quarantined but you wish future emails from this sender to be accepted, you can add the sender to one of your address lists, e.g. Anti- Spam: Whitelist:
1. Open the quarantine the desired quarantined email is stored: right-click on the email > All Tasks > Add sender to address list. 2. Select the address list to which the sender is to be added. 3. As an alternative to select an individual sender, you can define all senders from a specific domain as trustworthy. Those emails are sent directly to the recipients. For this, select the 'Add mail domain to address list’ option. This avoids having to add every single email sender from a domain (e.g. a customer) to the address list individually. The address is added in the form *@company-x.com.
Note: In both cases, the 'Addresses may be added from Quarantine’ option must be enabled within the address list. Otherwise, the selected sender address cannot be added to the list.
Reviewing emails in Review Quarantines (iQ.Suite DLP)
If you are defined as a Reviewer and the prerequisites to access the Review quarantine are met, you can access the emails contained in this quarantine.
Note: Accessing Review quarantines requires a separate license for the 'iQ.Suite DLP' module. Further prerequisites are described under Setting up Access to the Review Quarantine.
If configured accordingly, the iQ.Suite sends you a Reviewer Notification as soon as an email has been put in the Review quarantine (for information on the notification options, refer to Notifications). Depending on the notification template used, this notification email can contain links to approve or reject the email. Otherwise, open the Review Quarantine in your iQ.Suite Management Console:
227 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
In this view, the column Review Status is displayed in addition to the usual columns:
Waiting for Review (initial status)
Approved
Rejected
If you are a reviewer, proceed as follows:
1. To be able to review an email, you can view the email's content: Double-click on the quarantined email to open the Quarantine Item dialog, which contains information about the quarantined email:
228 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
In the Mail content field, you can view an excerpt of the email body or only the email header or the complete email. Additionally, you can save the attachments (if available) on your computer.
2. Depending on the Review Status of the quarantined email, you can perform various Actions on the Quarantined email using the context menu:
Review-Status Possible actions
Waiting for Approve email Review Reject email
Set label
Approved Approve email
Set label
Rejected Set label
General
You can set a label, irrespective of the Review Status.
In the Resent Log of the quarantine item, a log entry is written for the actions Approve 229 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
email and Reject email.
If configured accordingly, a notification is sent to the sender as soon as the email has been approved or rejected.
Description of the possible actions
Emails with the Review Status Waiting for Review:
Approve email: The email is sent from the quarantine to the original recipients - without being processed again by the configured iQ.Suite jobs.
The email gets the status Approved.
Important: Approving is irrevocable: An email with the status Approved cannot be rejected afterwards.
Reject email: The email is not sent to the original recipients. Optionally, the reviewer can specify a reason for the rejection:
This reason will be written in the Resent Log of the quarantine item and, if configured accordingly, in the notification to the sender. This way, the sender can edit the email according to the reject reason and then send it again to the recipients.
When you click OK, the email gets the status Rejected.
Important: Rejecting is irrevocable. As reviewer, the only possible action on a rejected email is to set a label.
Emails with the Review Status Approved:
Approve email: An approved email can be approved again in order to sent it again to the recipient. This action has the same effects as approving an email which has the status Waiting for Review.
Badmails
Badmails refer to emails that cannot, or only incompletely be processed by iQ.Suite jobs, and therefore are moved to a separate Badmail quarantine (iQ.Suite Monitor > Servers > 'Server name' > Quarantine Areas > Quarantine > Badmail). For safety reasons, emails should be moved to the Badmail quarantine if a virus scanner is not attainable temporarily and the emails could not be checked for viruses therefore. But also very big emails which could cause performance problems due to their high disk space requirement can be moved to the Badmail quarantine. Define these settings directly at the iQ.Suite 230 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
server. Refer to Compressed Files and iQ.Suite Monitor.
Badmails are a special type of quarantined emails. Thus, the same functions and options apply to badmails as for quarantined emails. Please note that badmails cannot be checked for viruses or spam!
At each iQ.Suite server one separate Badmail quarantine is available. Further Badmail quarantines cannot be created.
More information
231 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Password Management
When the Password Management for PDFCrypt is used, passwords are generated to send emails as password-protected PDF attachments. For further Information, refer to iQ.Suite PDFCrypt.
The passwords which have been generated by using Password Managers for encrypting files (possible use in PDFCrypt und Convert) are stored in the selected database and can be viewed under iQ.Suite Monitor > Server > 'Server name' > Password Management > 'Password Manager'.
In addition to the password, additional information is displayed, for example, Password ID, Subject, Internal address and External addresses, date and time of the last request:
The Password ID, which may be sent in PDFCrypt mails or in success notifications, can be used to recover a lost password.
Double-clicking on the entry shows the password and additional information:
232 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Delete or set passwords to obsolete
To irrevocably delete a password from the password database, select the password and click All Tasks > Delete. Deleted passwords can be neither displayed nor requested.
To set the password to obsolete, click All Tasks > Set to obsolete. Contrary to deleted passwords, obsolete passwords remain in the password database and can be requested. Obsolete passwords are not displayed by default. They can be made visible via a filter option.
Note: None of the actions mentioned above (Delete password or Set to obsolete) enforces the creation of a new password.
Filter Options
To only show certain passwords, use the filter to limit the displayed items:
Date/Time: You can filter passwords by the date at which they have been created, last requested or last used. In the Date drop-down field, select the appropriate option.
By using 'Custom’, you can specify a time interval.
Sender (or "Internal address"): Only the passwords used for emails whose sender 233 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
has the email address specified here will be displayed. Recipient (or "External address"): Only the passwords used for emails whose recipient has the email address specified here will be displayed. Subject: Only the passwords used for emails which have the subject specified here will be displayed. Password ID: Only the password which has this ID will be displayed.
Note: All filter options are linked by a logical AND. Therefore, only the passwords that fulfill all filter criteria will be displayed.In all input fields, you can use the asterisk (*) as a wildcard character.
With the Show obsolete entries option, also the passwords marked as obsolete are displayed.
To reset the filter options, click .
234 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Bridge Quarantines
If you are using iQ.Suite Bridge, you can create Bridge Quarantines: Basis Configuration > Folder Settings > Bridge > New > Bridge.
The items of the Bridge Quarantines are displayed under iQ.Suite Monitor > Servers > 'Server' > Bridge Quarantines > 'Bridge Quarantine'.
For further information on iQ.Suite Bridge, refer to iQ.Suite Bridge.
235 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Clerk Quarantines
A Clerk Quarantine is only required if you want to use the retroactive email processing of iQ.Suite Clerk. For further information on Clerk Quarantines, please refer to Clerk Quarantine (Access or SQL).
The emails of Clerk Quarantines are displayed under iQ.Suite Monitor > Servers > 'Server' > Clerk Areas > 'Clerk Quarantine'.
Double-click on the quarantined email to open the Quarantine Item dialog, which contains information about the quarantined email:
In the Mail content field, you can view an excerpt of the email body or only the email header or the complete email. Furthermore, you can save the email and email attachments on your computer.
236 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
CORE Classifiers
The CORE technology is used for content filtering and classification with iQ.Suite Wall. The CORE classifiers used to this end divide the emails into various content categories. Here, you can manage and "teach" your CORE Classifiers. Listed below each classifier are the categories you have created with the associated emails.
To teach the classifier, drag and drop emails from the quarantines to the classifier categories. Then right-click on the classifier you want to teach and select All Tasks > Teach Classifier.
For further Information on the CORE technology and using CORE Classifiers, refer to CORE Classification.
237 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
iQ.Suite Reports
For special reporting and statistics features, you can manually install the additional package for iQ.Suite Reports named iQ.Suite Report Engine after iQ.Suite installation. Download on www.gbs.com.
The installation only takes a few minutes and does not require a separate license. Afterwards, the features are available under iQ.Suite Monitor > Servers > 'Server name' > iQ.Suite Reports.
The iQ.Suite Reporting and Statistics functions is used to retrieve detailed information on email processing. Predefined reports and one advanced statistics report are available. The advanced statistics report can be defined individually. The reports can be accessed through iQ.Suite Monitor.
The reports list the policy violations detected (e.g. viruses, unwanted file attachments) both graphically and in tabular form. Specific reports are available for the most current iQ.Suite issues. In addition, information on iQ.Suite quarantines is also provided. Reports can be created for freely selectable periods of time. Reports over several pages can be displayed using . The reports can be printed and exported with a wide range of options for further processing:
The report data is temporarily stored during processing and written to the evaluation database at half-hour intervals, i.e. processed emails do not immediately appear in the reports.
Click on iQ.Suite Reports and double-click on the required report in the right pane to open it. In the window that now appears, enter the desired time span for the report.
Click to export the analysis in one of several formats for importing into another application.
Different views are available, e.g. bar chart, circular chart, additive chart and table. Within the selected time period (from... until...), statistics can be displayed per hour, day, week or month. The totals are always given for the entire selected period.
Description of the available statistics:
Archiving Statistics: Number of archived emails (incl. attachments) and total size of archived emails in MB. This information is given per iQ.Suite job. Badmail Statistics: Number of emails in the Badmail Quarantine and number of processed emails. 238 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Bridge Statistics: Number of emails which have been successfully processed (OK) and number of emails which have not been successfully processed (Error). This information is respectively given per iQ.Suite job. Mail Throughput: Number of emails processed by the iQ.Suite and number of delivered emails. Since not necessarily all delivered emails are processed, the number of delivered emails may be higher than the number of processed emails. Quarantine Folder Statistics: Number and size (MB) of the emails which have been put in quarantine. This information is given per quarantine. Spam Filtering Statistics: Number of identified spam emails per spam probability (High, Medium, Low, No spam), number of spam emails per iQ.Suite job and per spam probability, percentage of spam emails per spam probability. Top 10 Virus: The 10 viruses which have been found most frequently are displayed, respectively with the virus name and the frequency (number). In case a virus is found several times in an email, the number is increased by 1 each time the virus is found. Virus Scanning Statistics: Number of found viruses. This information is respectively given per iQ.Suite job. Advanced statistic reports: In this dialog, you can limit the statistics listed below to certain jobs: Job Restriction Statistics: Number of restrictions, size (MB) of these restrictions, number and size (MB) of these restrictions and total number of restrictions. This information is respectively given per iQ.Suite job.
Refer to What is a 'Job restriction’?.
Deleted Mails Statistics: Number of emails which have been deleted by iQ.Suite jobs during processing. This information is respectively given per iQ.Suite job. Quarantined Mails Statistics: Statistics about emails which have been put in quarantine. Multiple views are available: Number, size (MB), table with number and size (MB), total number and total size. This information is respectively given per iQ.Suite job. Information Store Access Statistics: Number of IS objects for which a restriction occured. The number is specified for the following objects: Scanned objects Objects which could not be scanned Virus-infected objects
What is a 'Job restriction'?
A Job restriction is the condition that triggers the actions defined in the job for an email. A job restriction occurs whenever all entry conditions of a job for an email are met and therefore the corresponding job action is executed.
Examples:
The 'Watchdog Email Size Filtering’ job is so configured that all emails from INTERN to EXTERN with a size over 10 MB are to be put in quarantine. An email with a size of 20 MB is sent by User A to EXTERN. The job restriction occurs since the condition is met. The action of the job restriction is 'Put the email in quarantine’. In the Job Restriction Statistics, the number of emails is increased by 1 and the size by 20 MB. Furthermore, 239 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
the total size of job restrictions is increased by 1.
In the following example, the Job Restriction Statistics is to be displayed for every day of the period from 05/01/2015 to 07/01/2015. During this period, a Wall Email Address Filtering job and a PDFCrypt Encryption job were executed on 07/01/2015:
240 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Protocol of the processed emails
A limited number of processed emails are can be displayed under iQ.Suite Monitor > Servers > 'Server' > Processed Emails Here, you will find an overview of the last "n” emails that have been processed since the last start of the iQ.Suite Service and that match the set filter option. When the iQ.Suite Service is restarted, the main memory is cleared and recording is automatically restarted.
By default, the navigation item Processed Emails is not visible. In order to show the processed emails, right-click on the iQ.Suite server (e.g. IQSUITESERVER2) and select All Tasks > Show/Hide Processed Emails:
Start/Stop the recording of processed emails
In order to manually start/stop the recording of processed emails, right-click on Processed Emails and then select All Tasks > Start or Stop recording. After stopping, no new processed emails are added to the main memory; the emails already contained in the main memory remain in the main memory.
Number of emails to be displayed
Define the maximum number of emails to be displayed in the Monitor tab of the server. Refer to Monitor: Synchronization and Number of Processed Emails.
Filter
With the filter function , the emails can be filtered by Start time of the processing (default), by Size or by Processing time:
241 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Additionally, the displayed emails can be filtered by Start time (date and time of the processing), by Sender, Recipient or Subject. For this, click the corresponding column header.
Details on the processed email
For detailed information on the processed email, double-click the email:
Split count: Based on your job configuration, an email can be split, so that several emails are created (option Split up mails with multiple recipients in the Addresses tab). This field indicates the number of emails.
Example: An email is sent to two recipients, but only for one recipient a Trailer has been attached. In the Split count field, the number '2' is displayed.
Email: If the email was split, the drop-down list is enabled. Select the number of the email you want to display details on.
242 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
iQ.Suite Watchdog
Topics:
Overview – Watchdog Virus scanning Virus Scanners File restrictions Jobs for virus scanning Jobs for File restrictions Scanning email bodies for suspicious URLs PDF Protection: Checking PDFs for undesirable elements
243 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Watchdog – Overview
iQ.Suite Watchdog provides comprehensive protection of your environment from email attacks, viruses and harmful content in emails and file attachments. The security concept provided by Watchdog allows to analyze over 200 file formats. Using a fingerprint technology, this also includes archives.
Combined with iQ.Suite Crypt, encrypted emails and file attachments are analyzed as well. In addition, it is possible to use multiple scan engines in parallel for virus scanning with various algorithms, which further increases the security of your infrastructure.
Job types
Type: Watchdog Virus Scanning
Exists as Mail Transport Job and as Information Store Job.
Emails / Information Store objects/elements are checked for viruses by using any Scan Engine except the 'Sophos Scan Engine with Sandboxing’. For the Engine with Sandboxing, the Watchdog Virus Scanning (Sandbox) job must be used.
Refer to Virus scanning on the mail server or to Virus scanning in the Information Store.
Type: Watchdog Virus Scanning (Sandbox)
This job is used to check emails for viruses by using the Sophos Sandboxing Protection.
Refer to Virus Scanning in the Sophos Cloud with Sandboxing.
Type: Watchdog Virus Scanning (Advanced)
This job is used to upload file attachments from emails to the Avira Protection Cloud to check them for viruses. Other than in the Watchdog Virus Scanning Job, fingerprints can be selected here to limit the upload to the Cloud to certain file types.
Refer to Virus scanning in the Avira Protection Cloud.
Type: Watchdog Email Size Filtering
Emails which exceed an at most permitted size can be blocked.
Refer to Sample Job: Limiting email size.
Type: Watchdog Attachment Filtering
Exists as Mail Transport Job and as Information Store Job.
244 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Blocking specific file types in attachments, e.g. multimedia data or Microsoft Office documents.
Refer to Sample Job: Denying file attachments by type.
Type: Watchdog Attachment/Size Filtering
Limiting attachment type and/or size.
Type: Watchdog Protected Attachment Detection
Checking emails for password-protected archives.
Refer to Sample Job: Checking password-protected archives for viruses.
Type: Watchdog URL Scanning
Scanning email bodies for suspicious URLs, e.g. phishing URLs.
Refer to Scanning email bodies for suspicious URLs.
Type: Watchdog PDF Protection
Cleaning Top-level PDFs which contain undesirable elements, or deleting them from the processed emails before delivery to the recipients.
Elements defined as "prohibited" can be e.g. file attachments of certain types or sizes, JavaScript objects or other annotations such as URLs to harmful web pages.
Refer to PDF Protection: Checking PDFs for undesirable elements.
245 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Virus scanning
With iQ.Suite Watchdog, the incoming emails arriving on the mail server can be scanned for viruses before delivery to the recipients. For this, virus scanners from third-party manufacturers are used. Refer to Virus Scanning on the Mail Server.
Also data contained in the public and/or private Information Store of Exchange can be scanned for viruses by using virus scanners. EWS is used as the interface to the Information Store. Refer to Virus scanning in the Information Store.
For further Informationen on EWS, refer to http://technet.microsoft.com.
Virus scanning on the mail server
The Watchdog Virus Scanning job is used for virus scanning on the mail server. The job configuration determines the virus scanners used for scanning and determines the emails for which a job will be executed. If you have selected several scan engines, the emails are checked by all of them, cleaned if they are infected. If configured, further actions are performed as previously defined.
In this job, you can use all engines except the 'Sophos Scan Engine mit Sandboxing’. For this engine, another job type is available. Refer to Virus scanning in the Sophos Cloud with Sandboxing.
The following job actions are possible in case of an detected virus:
The email is cleaned and delivered afterwards to the recipients. The email is quarantined and deleted from the mail server. It is not delivered to the recipients. The virus-infected attachments are deleted from the email. Afterwards it is delivered to the recipients.
In addition, further job actions can be processed, e.g.:
An additional text is added to the email's subject line. For example a quarantined email can be extended with
Virus scanning in the Information Store
Besides virus scanning at transport level, iQ.Suite is also able to scan data in the public and/or private Microsoft Exchange Information Store.
246 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
A sample job and further information are provided under Virus scanning in the Information Store.
247 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Virus Scanners
Notes on virus scanners
For virus scanning the iQ.Suite supports different third-party virus scanners. Either the virus scanners must be installed on the server separately to be called and started by Watchdog. Or they are installed as integrated scanners in the course of the iQ.Suite setup. After iQ.Suite installation, these virus scanners (Scan Engines) are disabled. They can be enabled in the iQ.Suite Management Console.
Virus scanners are connected to a Watchdog job with a configured scan engine. For each supported virus scanner, the iQ.Suite standard configuration provides a preconfigured scan engine under Basic Configuration > Utility Settings > Scan Engines This menu item is the interface between your scan engine and iQ.Suite Watchdog.
iQ.Suite Watchdog supports the following scan engines (virus scanners):
Avira Scan Engine with APC (integrated scanner) Kaspersky Scan Engine (integrated scanner) McAfee Scan Engine (integrated scanner) Sophos Scan Engine (integrated scanner) Sophos Scan Engine with Sandboxing (integrated scanner)
For further information on one of the supported virus scanners, please refer to the separate documentation relative to the respective virus scanner. Download on www.gbs.com.
Enabling virus scanners
Different virus scanners can be used within iQ.Suite to check emails for viruses. iQ.Suite calls an enabled scan engine through the GBS AV Interface.
Important: Disable any real-time or on-access scan functions of your scan engines for the...\iQ.Suite\GrpData directory.
If you do not want to use an integrated scanner (refer to the list under Notes on Virus Scanners), proceed as follows:
1. Make sure that the iQ.Suite supports the desired virus scanner (refer to the list under Virus Scanning). If your virus scanner is not listed, please contact the GBS Support Team. 2. Install the virus scanner on the server. 3. Enable the virus scanner in the scan engine configuration: Basic Configuration > Utility Settings > Scan Engines > 'General' tab > Enabled: Yes. 248 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
4. In the General and Options tabs, enter the values for your scan engine. A list of return codes is available in the Details tab.
For further Information on configurable parameters, please refer to the third-party documentation of your virus scanner. 5. Test your scan engine for correct operation: iQ.Suite Monitor > 'Server Name' > Server Status > Test > Scanner Test. If successful, an OK is returned along with a message saying that an EICAR test virus was found. The EICAR test virus is a harmless code string that is unable to create any damage to your environment.
Standard tabs of virus scanners
The following section provides a detailed description of the standard configuration options for all virus scanners. In the subsequent sections, only the particularities of the corresponding virus scanner are described.
Tab: General
Enabled: Status of the virus scanner. To use a virus scanner, set this option to 'Yes'.
GBS AV Interface (GBS Anti-Virus Interface, shortly named "GAVI"): Name of the GBS Anti Virus Interface DLL. This DLL establishes the connection between the iQ.Suite and the virus scanner. This entry is preset for each virus scanner and must not be changed.
Parameter: Name of the parameter to be used by the virus scanner for scanning.
Different clean parameter: To set the virus scanner so that emails or attachments are cleaned when a virus is detected, enable this option and specify the corresponding parameter in the Clean parameter field.
249 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Note: If you want to use the scan engine for virus scanning only, use the Watchdog job Virus checking with AntiVir Engine and disable the 'Remove virus’ option in the Actions tab. If the virus scanner is to clean any virus-infected files found, use the Watchdog job Virus checking and cleaning with AntiVir Engine. In this case, the field mentioned above needs to be enabled and the actions to be performed for infected emails must have been set accordingly.
Timeout: Enter the number of seconds after which an unsuccessful attempt to connect to the server is aborted (minimum: 60 seconds). Take into account the performance of your server. Recommended: 60 to 120 seconds.
Record detailed log data: Creates a log file with detailed processing data of the scanner, e.g. for troubleshooting.
Allow multiple concurrent calls: Sets that the scan engine can process several emails at the same time. The specific number of calls is set under iQ.Suite Server > Properties > 'General' tab > Number of Threads. Refer to Settings for an individual iQ.Suite Server.
Tab: Return Code Settings
The Return Code Settings tab contains the possible return codes of the virus scanner. For each return code, a meaning (Details field) and a return code category (Mapping field) are specified. The category determines which actions in a Virus Scanning job will be triggered if the virus scanner returns a return code of this category.
Example: If a virus scanner returns a return code of the category 'Virus', the actions configured in the Virus Scanning job for virus-infected emails will be executed. The meaning of the preconfigured return codes can be found in the Details tab.
Use the Edit and Add buttons to change or add return codes as required.
The following categories of return codes exist:
OK: No virus was found.
No job actions will be executed.
Virus: A virus was found.
250 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
The actions which are configured in the Virus Scanning job under Virus found/Removing not successful will be executed.
Denied: An element could not be scanned, for example because it is encrypted.
The actions which are configured in the Virus Scanning job under Object unscannable will be executed.
Custom: Use this category to configure return codes which shall trigger the actions configured in the Virus Scanning job under Custom mapping detected.
A use case can be e.g. the return code which your virus scanner returns if password-encrypted attachments are detected. You can, for example, configure that such attachments are moved to a quarantine in order to be reviewed before they are sent.
Error: An error occured while scanning.
If several virus scanners are used, the Multiple Scanner Settings on Error Cases (setting in the Virus Scanning job) are considered:
If the processing is aborted, no actions will be executed. Depending on whether the job is mission critical, the email is ignored or moved to the Badmail quarantine.
If several virus scanners are used and at least one virus scanner should scan without an error, the processing with the current virus scanner is aborted. Scanning the file is retried by using the next virus scanner. Only if all virus scanners return an error, the processing is completely aborted. If only one virus scanner is used or all used virus scanners should scan without an error, the email processing is aborted in case of errors.
Retry: The scan process was successful because the virus scanner was executed without an error. The virus scanner is shut down and re-started by the job. The file is scanned again with the virus scanner.
The return code category of the rescan determines then the further processing in the job (see above). If the Retry category remains also after three scan retries, the scan process is finally treated as "Error".
Priorities of the return code categories
When an email is scanned, the scannable elements (bodies, attachments, archive items) are individually scanned, and for each element a scan result (in form of a category) is provided.
If several virus scanners are used, several scan results are provided for each scanned element, one scan result per virus scanner in use. All these scan results must be finally summed up to an overall result for the email, so that the appropriate actions can be executed.
In order to sum up the scan results, the assciated categories are regarded according to the defined priority order.
To sum up the scan results of all email elements to a global result for the email, the following priorities apply:
251 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Virus > Denied > Cleaned (Virus removed) > Custom > No virus
At least one email element with the category "Virus" => Email result Virus At least one email element with the category "Denied" => Email result Denied At least one email element with the category "Cleaned" => Email result Cleaned At least one email element with the category "Custom" => Email result Custom None of the cases mentioned above => Email result No virus
If more than one virus scanner is used, the scan results of the individual virus scanners are summed up to an overall result for each email element.
Summing up the scan results is made according to the same priorities. The category "Cleaned" is ignored here:
Virus > Denied > Custom > No virus
At least one virus scanner with the result "Virus" => Email element with the category Virus At least one virus scanner with the result "Denied" => Email element with the category Denied At least one virus scanner with the result "Custom" => Email element with the category Custom None of the cases mentioned above => Email element with the category No virus
If the summing-up for an email element returns the category Virus and virus cleaning is enabled, then iQ.Suite tries to clean the element by using all active virus scanners which are able to clean. If one of the virus scanners succeeds in cleaning, the email element is replaced with a cleaned version and the category is changed to Cleaned. Otherwise, the email element remains with its category "Virus".
Tab: Update
All integrated virus scanners provide a mechanism used by the iQ.Suite to download the latest virus patterns and/or scanner version from the defined download server. Virus scanners without this Update tab perform the required updates autonomously.
252 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Activate update of program data: With this option enabled, program data (engine or pattern files) is automatically updated. Update timeout: Period of time after which the update process is aborted. Minimum: 60 seconds. Notify administrator on successful updates: In the case of update errors, notifications are sent automatically. To be notified on successful updates as well, enable this option. Download setting 'Use predefined setting': Depending on the engine, the program data is downloaded either directly from the server of the manufacturer or from the GBS download server. 'Use custom download server': If you want to obtain the automatic updates from another server than the predefined download server (e.g. if using iQ.Suite Update Manager), then specify in the Download server field the target address to this server.
To specify several servers, separate each entry by a semicolon. An exception are the Avira Scan Engines with APC in which a comma (instead of a semicolon) must be used as a separator.
Schedule setting 'Update program data in intervals': With this option, an update will be performed in regular time intervals. In the Update interval field, specify a time interval in minutes at which the program will check for pattern updates. Minimum: 15 minutes. 'Update program data at points in time': Click Add to define points in time for the start of updates:
253 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
In the example above, an update is performed daily at 8 AM.
Tab: Proxy Server
Virus scanners featuring this tab can use a proxy server for updating the virus patterns. Select the desired proxy server:
No proxy server: No proxy server is used. Proxy server of iQ.Suite Server: The proxy server used is the one defined for the iQ.Suite server. These proxy server settings can be set during the installation. Refer to Installation of iQ.Suite, Step 9. Custom proxy server: The proxy server used is the one set in the Basic Configuration.
For further Information on how to create a new proxy server, please refer to Proxy servers. 254 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Specialties of Avira Scan Engine with APC
The 'Avira Scan Engine with APC (64-Bit)' is included as integrated virus scanner in the installation package. The Cloud option requires a separate license and is disabled by default.
Conventional virus scanning procedure
The virus patterns required for virus scanning are updated regularly to ensure optimal virus-protection against new malware. For this, iQ.Suite downloads the new patterns provided by Avira from the Internet. The download interval is set in the Update tab.
By default, the updated patterns are stored under: \iQ.Suite\Bin\Savapi2x64\Update\Extract If you want to use a proxy server for downloading the pattern updates, select a proxy server in the Proxy Server tab.
What is Avira Protection Cloud (APC)?
Avira Protection Clous (APC) is an optional component of SAVAPI that enables files of the type "Portable Executable" and "Non-Portable Executable" to be scanned in the Avira Cloud. The additional scan in the cloud improves the malware detection rate.
Scanning Portable Executable files requires a separate license.
For Non-Portable Executable files, an additional separate license is required. Please contact the GBS Sales team.
(1) The application (iQ.Suite) scans a file on a computer. The local engine does not find any malware.
The file's fingerprint is sent to the local cache and there compared with the fingerprints contained in the cache. The result is one of the following options:
The fingerprint is available in the cache. The cache sends the status of the fingerprint to SAVAPI. The status may be 'clean' (malware-free) or 'malware'. Then, SAVAPI sends a corresponding return value to the iQ.Suite. 255 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
(2) If the fingerprint is not available in the cache, the fingerprint is sent to the APC. (3) There, it is compared with the fingerprints which are known to the APC. The result is one of the following options: (A) If the fingerprint is available in the APC, the APC sends the status of the fingerprint to SAVAPI (i.e. 'clean’ or 'malware'). (B) If the fingerprint is not available in the APC, the complete file is uploaded to the APC server. After a deeper analysis in the cloud, it is declared as 'clean' or 'malware'.
(4) The APC sends the status of the fingerprint to SAVAPI. Then, SAVAPI sends a corresponding return value to the iQ.Suite.
(5) If the file is classified as malware, the file is handled according to your configuration in the iQ.Suite.
APC can be configured in the Options tab:
For information on the settings which are not APC-specific, refer to Standard tabs - Virus Scanners.
Use Avira Protection Cloud: Decide whether to use the Avira Protection Cloud. Use proxy server: When using the Protection Cloud, define whether a proxy server should be used for the Cloud functionality. If so, select the configuration document of the desired proxy server in the subsequent field. APC mode: Specify the mode to be used for scanning the files: 'Check only hash values': Only the hash values of the files are sent to the APC server and compared with the hash values which are already available on the APC server. 'Use complete scan functionality': With this option, not only the hash values are sent to the APC server. Additionally, the files are uploaded to the APC server and scanned there.
256 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
APC Blackout Mechanism
The APC component of SAVAPI, when activated, requires a permanent Internet connection. When the Internet connection is interrupted or becomes very slow, this could lead to performance issues while SAVAPI performs multiple scans. In order to avoid those issues, an APC blackout mechanism is implemented that will temporarily disable the APC. In case of cloud availability problems due to a limited or no Internet connection, the files are scanned locally. In case the local engine has found no malware and the APC is accessible again, the APC is used.
The Blackout mechanism is configured using two options, Retries and Timeout, and it works as follows:
Timeout: In case the APC is not accessible, the timeout specified here will be used. Possible values: 1 - 86 400 seconds (86 400 sec = 24 hours).
When the timeout expires, SAVAPI retries to access the APC. If an APC scan could be successfully performed, the APC is declared 'available’ and will be used again for scanning the next files.
Retries: Specify the maximum number of consecutive timeouts allowed before declaring APC unreachable. If retries number consecutive scans using APC fail, APC will be declared unavailable and will no longer be used. The rest of the scans will be performed using the local engine only.
Important: With the value '0', attempting to use APC will not end. As long as the APC is not reachable, no scan result is delivered for the file and the email communication is thereby blocked.If Retries is set to a value > 0 and APC is not reachable, an error with return value 1091 occurs. In order to prevent this error in this case, enter this value in the virus scanner configuration as an OK return code.
Cache size (in bytes): In order to increase the scanning speed and to save bandwidth, the fingerprints of the files can be stored in a local cache. Thereby, future requests for the same fingerprints can be served faster. The size of the cache greatly affects the time needed by the APC to process the request. The more size available, the more data can be stored and used later.
Use this field to specify the maximum size you want to allow. With the value '0’, the APC cache is disabled.
Default: 5 242 880 bytes (5 MB); Maximum: 104 857 600 bytes (100 MB).
Specialties of Kaspersky Scan Engine
The virus scanner 'Kaspersky Scan Engine’ is included as integrated scanner in the installation package.
Conventional virus scanning procedure
The virus patterns required for virus scanning are updated regularly, like described under Specialties of Avira Scan Engine with APC.
By default, the updated patterns are stored under \iQ.Suite\Bin\kav\ Update\downloads. 257 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
If you want to use a proxy server for downloading the pattern updates, select the proxy server in the Proxy Server tab.
Cloud Protection
The conventional virus scanner identifies harmful objects by using virus definitions which are continuously updated online. Additionally to this, Kaspersky uses "Live Protection” to detect new malware: Whenever virus protection detects potential malicious software on a computer, a Cloud module transmits the findings to a central database of Kaspersky. After analysis and processing by Kaspersky's specialists, this information is made available to all other users. With this, you can benefit from virus information from other users and contribute yourself to improve the detection rate.
The Cloud option requires a separate license.
Here an illustration to explain how it works:
Some of the incoming emails on the iQ.Suite server contain malware such as virus. When Kaspersky Cloud Protection is used, the hash values of the files which were not identified by the local engine as malware are sent to the Kaspersky Security Network (Kaspersky Cloud) for additional analysis. The cloud sends back a return value to the iQ.Suite. If the file is classified as 'clean’ by the cloud (no malware), it is delivered to the recipients. If the file is identified as 'malware’ and if iQ.Suite is accordingly configured, the file is quarantined.
Anti-Phishing URL Detection
For the detection of phishing URLs in message bodies and file attachments of emails, the Anti-Phishing function of Kaspersky is used. Anti-Phishing allows checking URLs to find out if they are included in the list of phishing URLs.
This Anti-Phishing component is built into 'Web Anti-Virus' and 'IM Anti-Virus' of Kaspersky Anti Virus and requires a separate license.
Cloud Protection and Anti-Phishing URL Detection can be activated in the Options tab of the Kaspersky Scan Engine:
258 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
If you are using the Cloud Protection, you can use a Proxy server for the communication between the iQ.Suite and the Cloud. For information on setting the proxy server, please refer to Proxy Server tab.
Limit disk workspace per processed element (in MB) to
When Kaspersky Scan Engine is used, it is possible to limit the disk workspace per processed element. To do so, in the Options tab, enter the permitted value for the Limit disk workspace per processed element (in MB) to option. This option allows to counteract so-called "zip bombs". A zip file will then be unpacked only up to the entered limit. The value "0" means no limitation. In principle, the global limitation by iQ.Suite as set in the General tab under 'iQ.Suite Servers' also takes effect.
Specialties of McAfee Scan Engine
The 'McAfee Scan Engine' can be used as an integrated scan engine directly after the iQ.Suite setup. The required McAfee licence can be requested at the iQ.Suite licensing and must not be acquired separately.
The iQ.Suite downloads the initial virus patterns from the McAfee download area and checks this area regularly for updated patterns. This ensures optimal virus-protection against new malware. The search interval for new patterns is set in the Update tab. Updated patterns are stored by default under \iQ.Suite\Bin\mcafee3\Update\Extract. If you want to use a proxy server for downloading the pattern updates from the Internet, select the proxy server in the Proxy Server tab.
Specialties of Sophos Scan Engine
The 'Sophos Scan Engine' can be used as an integrated scan engine directly after the iQ.Suite setup. The required Sophos licence can be requested at the iQ.Suite licensing and must not be acquired separately.
iQ.Suite downloads the initial virus patterns from the Sophos download area and checks this area regularly for updated engine and pattern files. This ensures optimal virus- protection against new malware. The search interval for new patterns is set in the Update tab. Updated patterns are stored by default under \iQ.Suite\Bin\SAVI\Update. If you want to use a proxy server for downloading the pattern updates from the Internet, select the proxy server in the Proxy Server tab. 259 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
The Sophos Live Protection can optionally be used: If using "Live Protection”, the hash values of the files which were not identified as malware by the local engine are sent to the Sophos Cloud (named "Sophos Central”) for a further analysis. The Cloud sends then a return value to iQ.Suite. If the file was classified by the Cloud as 'harmless’, it is delivered. If it was identified as malware, it can be moved to the Quarantine if accordingly configured.
No information about the original email (e.g. sender, recipient) is transmitted to the Sophos Cloud.
The Live Protection can be activated in the Engine's Options tab:
DNS Server: Specify the IP address of the DNS server via which iQ.Suite can request the hash values.
Specialties of Sophos Scan Engine with Sandboxing
The 'Sophos Scan Engine with Sandboxing’ can be used as an integrated scan engine directly after the iQ.Suite setup. For the Sandboxing option, an iQ.Suite license extension is required.
In this engine, the Sophos Sandboxing Protection option (Sophos Live Protection with Sandboxing) is available. If you want to use only the Cloud option without Sandbox, you can use the 'Sophos Scan Engine’.
No information about the original email (e.g. sender, recipient) is transmitted to the Sophos Cloud.
260 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
The 'Sophos Scan Engine with Sandboxing’ acts in the first instance like the Sophos Scan Engine, i.e. it performs a local virus check based on the downloaded engine and pattern files. If this virus check provides no clear result, the determined hash value of the file is sent to the Sophos Cloud (named "Sophos Central”) for further analysis. If also the cloud- based hash value analysis provides no clear result, then an anonymized copy of the suspicious file is sent to the Sandbox. In the Sandbox, the file is executed in a secure Cloud environment and its behavior is monitored and analyzed. If the analysis data is classified as a threat, the file is rejected and blocked. If the file is considered as harmless, it is delivered.
By using the information coming from the Sandbox, iQ.Suite Watchdog finally creates for each threat event a forensic report which gives some deeper insights and context information.
The Sophos Sandboxing Protection can be activated in the Engine's Options tab:
If you want to use the Sandboxing Protection, you can use a Proxy server for the communication between iQ.Suite and the cloud-based sandbox. For information on setting a proxy server, refer to Proxy Server tab.
In the Target URL field, select the Sophos sandbox to be used:
'International' (default): The international URL will be used: https://analysis.sophos.com
'Germany': The URL to the German data center will be used: https://de.analysis.sophos.com
'Europa': For Europe, the URL to the German data center will be used: https://de.analysis.sophos.com
'United Kingdom': The URL to the data center in London will be used: https://uk.analysis.sophos.com
261 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
File restrictions
Notes on File restrictions
iQ.Suite Watchdog is used for virus scanning purposes primarily. In addition, emails with attributes of certain file restrictions defined in the job, can be blocked:
Blocking emails that contain certain attachment types, e.g. multimedia data or prohibited MS Office documents. Blocking emails that exceed the allowed file size. Blocking emails that contain certain attachment types and the attachments exceed the allowed file size.
Blocking emails that contain certain attachment types
The file needs to be identified by iQ.Suite Watchdog. To do so, Watchdog checks the file’s fingerprints, which contains the binary file patterns. These patterns identifies the file. The result of the analysis is compared with the file restrictions defined in the job and blocked or delivered accordingly.
For denied files, the job actions are performed, for instance for an email with a denied attachment:
The email is quarantined and not delivered to the recipients. The denied attachments are deleted. Then the email is delivered to the recipients. The email is deleted.
In addition, further job actions can be performed, e.g.:
Add a subject extension, e.g.
The iQ.Suite standard configuration contains various sample jobs for file restrictions (refer to Sample Jobs). Use the sample jobs or define new ones, using the job type Watchdog Attachment Filtering. To block emails with attachments that exceed a certain file size, use a job of the type Watchdog Attachment/Size Filtering.
For a detailed job description, refer to Sample Job: Denying file attachments by type.
Blocking emails of a certain file size
An email can be blocked by analyzing the email's file size. If the allowed size is exceeded,
262 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
the email is blocked.
Use the sample jobs under Sample Jobs or define a new one, using the job type Watchdog E-Mail Size Filtering. To block emails with attachments that exceed a certain file size, use a job of the type Watchdog Attachment/Size Filtering.
For a detailed job description, refer to Sample Job: Limiting email size.
Blocking emails with attachments of a certain type and size
An email can be blocked by analyzing the type and size of the file attachments. For this, use a job of the type Watchdog Attachment/Size Filtering. The maximum attachment size is specified in the Fingerprint/Size tab. This job can check and deny attachment types while at the same time filtering by attachment size.
Fingerprints
Configure Fingerprint categories
To be able to block emails that contain attachments of a certain file type, the denied file types have to be defined. For this, the fingerprints are used. The iQ.Suite standard configuration contains various fingerprint definitions that are classified in individual fingerprint categories. For example, the fingerprint category Images contains fingerprints for Bitmaps, GIFs, JPGs, etc. A fingerprint can be used in various fingerprint categories.
To assign a fingerprint to a new fingerprint category, proceed as follows:
1. Create a new fingerprint category: Basic Configuration > Utility Settings > Fingerprints > right-click > New > Fingerprint Category. 2. Name the category and confirm with OK. The new category is created. 3. To copy existing fingerprints, drag and drop the desired fingerprint to the new category by holding down the CTRL key. A plus sign then appears in the cursor. If you don't hold down the CTRL key, the fingerprints are moved, not copied!
Note: Exceptions: To copy fingerprints from the All Fingerprints category, drag and drop them to the desired category.
Important: When you delete a fingerprint from any category with the DEL key, it is permanently deleted and cannot be restored. To remove a fingerprint from a category without permanently deleting it, right-click it and select Remove fingerprint(s) from this category. Make sure that the fingerprints you want to delete or remove are no longer used by an iQ.Suite job.
Defining new Fingerprints
The Name Pattern identifies an attachment by means of its file name and/or its file extension, e.g. Att01.cdf or *.cdf.
Name patterns can be used to quickly react to new virus attacks even before a virus pattern update is available from the manufacturer of your anti-virus application. In such a case, define a new fingerprint with the virus' name pattern and include it in a
263 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Watchdog Attachment Filtering job. You can also block individual files. If your company employs custom software that uses its own file formats, you can also create fingerprints for these files, which you can use, for instance, to prevent files of this type being sent as email attachments to recipients outside the company.
The Binary Pattern identifies a file attachment by means of distinct binary file data. The binary pattern defined in the fingerprint as hexadecimal value is searched for in the file. If this pattern is found, the file is blocked from the job using the defined fingerprint.
Note: Unlike name patterns, a binary pattern represents a distinct mapping to a file format and therefore is not manipulable so easily.
The Allowed characters field can be used to define that the content of the file attachment must contain only specific characters. The allowed characters are specified as hexadecimal values.
The Hash Value uniquely identifies a file attachment based on the file's hash values. The use of hash value fingerprints is appropriate, when in the course of a spam surge, it is always exactly the same file attachment (for example a pdf) that is sent to e.g. an extremly high amount of employees of an enterprise. Since a hash value is unique, such a fingerpri18.118.1nt takes effect only if the file attachements always match exactly including the meta data as, for example the Modified Date.
All fingerprint criteria have to match option: If you select this option, both the filename pattern and the binary pattern of the checked file must correspond with the data in the fingerprint properties. Furthermore, the file must not contain other characters than the allowed ones. If this option is not selected, only one of the fingerprint criteria (name pattern or binary pattern or empty allowed characters) must match to identify the file format. Disable the option if you are using Hash settings.
Note: Criteria which are not configured will not be checked (empty name pattern, empty allowed characters, no binary pattern).
Creating Fingerprints with name patterns
If a file’s binary pattern is unknown, it can be identified using a name pattern. To create a new fingerprint, proceed as follows:
1. Click Basic Configuration > Utility Settings > Fingerprints > 'Fingerprint Category' > right-Click > New > Fingerprint. 2. Name the fingerprint:
In this example, the fingerprint is assigned to the fingerprint category Fonts.
264 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
3. Open the Pattern Settings tab:
1. Under Name Pattern, enter the file extension for the file. Separate multiple entries with a semicolon (;). The asterisk (*) can be used as placeholder, e.g. *.cfd. If you enter a complete file name, e.g. Att01.cdf, only files that contain this string are found.
Leave the Name Pattern field empty, if only the binary pattern and/or allowed characters are to be checked. 2. You can extend the fingerprint with a binary pattern. Refer to Creating Binary Patterns for Fingerprints. 3. You can define that the content of the file attachment must contain only specific characters. For this, specify the allowed hexadecimal values in the Allowed characters field. If the file contains another character, then this fingerprint criterion does not apply.
265 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Example: If the attachment must contain only the numbers 0 until 9, then specify the hexadecimal values 30 (for 0) until 39 (for 9) as follows: 30313233343536373839.
Note: Since the files are completely checked for not allowed characters, the server load is higher when allowed characters are specified.
4. Save the fingerprint and include it in a job.
Creating binary patterns for Fingerprints
Note: If you want to create additional fingerprints with binary patterns, you need the hexadecimal values of the file to be detected. For this, please contact the manufacturer of the software to which the file type applies.
To create a fingerprint with a binary pattern, proceed as follows:
1. Open the Pattern Settings tab and click the Add button:
Binary patterns contain a start position and an end position that define the search section within the file and the hexadecimal value that defines the search pattern.
The Start position defines the position within a file from which a pattern search is performed. The position of the first byte in the file corresponds to offset 1. The second byte corresponds to offset 2, etc. The End position defines the position within a file up to which the pattern search is performed. The end position is the offset up to which the pattern has to be found.
If under the start position or the end position a minus sign is prefixed, the bytes are counted in reverse. The entry -1, for instance, is the last byte of the file, -2 would then be the last but one byte, etc. A start position of 1 and an end position of -1 means that the entire file will be searched for the specified pattern. For instance, with 11 as start position and -10 as end position, the search is then performed from the eleventh byte to the tenth byte
266 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
from the end. You can also enter two negative values, for instance -6 as start position and -1 as end position. The search is then performed from the last byte to the sixth from last byte. You cannot enter a negative start position and a positive end position.
The binary pattern defined under Hexadecimal Values is searched for in the file between the start position and the end position. In this example, the hexadecimal value 42 4D is searched for that is part of a bmp file.
A fingerprint can consist of several binary patterns. For example, to identify the bmp file mentioned above, not only the string 42 4D is required but the hexadecimal value 00000000 as well. To complete the binary pattern for a bmp file, you must add one more entry with the Add button. Only when both binary patterns are found in a file, the file does match the pattern and can be identified as a bmp file.
For further Information on the 'Name and binary pattern have to match’ option, please refer to Fingerprints.
Note: By defining the start and end position, please note that the server load increases with the number of bytes to be evaluated. For example, with the setting 'Start position 1’ and 'End position -1’, the server load is much higher than with the setting 'Start position 1’ and 'End position 4’. With the first setting, each file is searched completely; with the other setting, only the first 4 bytes of a file are scanned.
Example of a Simple Fingerprint: ZIP file
Start End Hex value
1 4 504B0304
Example of a More Complex Fingerprint: Windows Meta File
Start End Hex value
1 13 576F72642E446F63756D656E74
1 -1 57006F007200640044006F00630075006D0065006E0074
1 10 D0CF11E0A1B11AE10000
Creating hash values for Fingerprints
267 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Note: If you want to create additional fingerprints with Hash values, you need the Hash value computed from the respective file.
To create a fingerprint with a hash value, proceed as follows.
1. In a newly created fingerprint, in the Hash Settings tab, click the Add button. 2. Choose between the 'MD5' and S'HA-256' hash types. 3. In the Hash field, enter the hash value calculated from the file and click OK.
4. Add additional hash values if desired.
For further Information on configuration of fingerprints, refer to Fingerprints.
268 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Jobs for virus scanning
Note: The examples below only illustrate the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
Sample Job: Checking emails for viruses
Copy the Virus Scanning With AntiVir Engine job to Mail Transport Jobs. Activate the job.
Scan Engines
In the Scan Engines tab, select the virus scanners used. If you have selected more than one virus scanner, you can change the order of the virus scanners to be used with the arrow keys (Up and Down).
Click the Edit button to change the virus scanner configuration or click Select:
269 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
You can also select several scan engines. To add scan engines, select them and - using the arrow buttons - move them to the right field Selected Items to add them (or to the left field Available Items to remove them). Alternatively, you can double-click on the scan engines to move them from left to right or vice-versa.
To open the Basic Configuration settings for a selected scan engine, click Edit.
Note: For the scan engine to work correctly, it must have been installed, configured and enabled. You can use iQ.Suite Monitor to test the scanner's functionality. Refer to Enabling virus scanners.
At least one virus scanner must run error free (default and recommended option): It is sufficient if only one of the virus scanners is able to scan the email. Thus, the email is delivered even if not checked by the other configured scanners (for instance due to a failure). All virus scanners must run error free: All defined virus scanners must scan the email. If one of the configured scanners fails or is disabled (and the email cannot be checked for that reason), the email is moved to the Badmail quarantine.
Note: Emails identified as virus-infected are never delivered to the recipient if you have selected the 'Delete email’ option under Actions tab > Virus found/Removing not successful.
Actions
In the Actions tab, specify the actions to be performed when the job finds a virus- infected email:
270 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
With its default settings, this job scans emails for viruses but does not attempt to clean infected emails and attachments. Though all virus scanners are able to clean infected objects, we recommend to quarantine infected attachments immediately, as, in practice, viruses are usually received in spam and therefore not to be delivered to the recipients.
Scan options:
Extra archive scan with iQ.Suite unpacker: If you are using a virus scanner which has no integrated unpacker, enable this option. An integrated unpacker will then extract the compressed files before passing them to the virus scanner. Scan email body (recommended): Enable this option to check the message body for viruses. Virus Found/Removing not Successful: Define the actions to be performed if a virus was found but the virus scanner could not remove the virus.
With the default settings of the job, a copy of the blocked email is quarantined and the affected file attachments are removed. The email is only delivered to the recipients if the message body was virus-free and the file attachment could be removed. The administrator is informed about the virus detected by a notification.
Remove Virus(es)
Determine whether you want the virus scanner to try to remove the found virus-infected elements. If Yes, click on Removing Successful:
Removing Successful: Define the actions to be executed when a virus was found and the virus scanner could successfully remove the virus.
Note: Only if you want that the job removes found viruses, enable in the Scan Engine the 'Alternative clean parameter’ option.
Object unscannable 271 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Object unscannable: Define the actions to be executed on objects that cannot be scanned (e.g. because of an unknown format). By default, the administrator will be notified in case of an unscannable object.
Tip: Check whether the virus-infected emails addressed to your company are often also spam. If they are, it is best to delete the entire email and not just the file attachment. This saves filtering of the remaining message body. Thus, subsequent jobs do not have to process the email server load is reduced.
Custom mapping detected
Custom mapping detected: Define the actions to be executed if the Scan Engine returns a return code of the category "Custom".
For a description of the selected actions (standard actions and additional actions with Add), refer to Actions tab.
Sample Job: Checking password-protected archives for viruses
For iQ.Suite jobs to be able to process emails, the emails need to be fully unpacked (including all attachments), which is impossible for password-protected archives such as ZIP files. Therefore, emails with such attachments are systematically blocked as being "unscannable" and moved to the iQ.Suite Badmail quarantine. Refer to Badmails.
To be able to handle password-protected archives in a rule-based way, use the Watchdog Protected Attachment Detection job. This job is designed to process emails with password-protected archives, marks the archives as "unscannable" and performs the actions set in the Actions tab. This allows a subsequent antivirus job to ignore the scan error codes returned by the virus scanner. In this way, password-protected archives can be checked according to specific rules. For instance, such emails can be blocked for certain persons/groups only. Moving the emails to the Badmail quarantine can be globally disabled using the iQ.Suite Server settings. Refer to Compressed files and iQ.Suite Monitor.
Note: Make sure that, in the job chain, the Watchdog Protected Attachment Detection job is started before the virus scanning job.
Job configuration
You can create a new Watchdog Protected Attachment Detection job under Mail- Transport Jobs or take the Sample Job and move it to Mail-Transport Jobs. Activate the job.
As preconfigured, a new job adds information to the email subject and sends a notification to the administrator. A copy of the email is stored in the default quarantine. However, the email is not blocked ('Delete email' disabled). Depending on the configuration, the email is passed to a virus scan job and then delivered.
If emails are to be blocked and not delivered to their recipients, enable the 'Delete email’ option. In this case, the email is kept in the default quarantine until checked and released by the administrator.
272 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Virus scanning in the Sophos Cloud with Sandboxing
If you want to use Sophos with Sandboxing for virus check, configure a Watchdog Virus Scanning (Sandbox) job: Mail Transport Jobs > right-click > New > 'Job'.
For further information on the Sandboxing feature, please refer to Specialties of Sophos Scan Engine with Sandboxing.
Job configuration
This job can only be used with a 'Sophos Scan Engine with Sandboxing'. Therefore, in the Scan Engines tab only this Engine can be selected:
Activate the Engine, if required.
For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs. For a description of the other settings which are not documented in this section, refer to Sample Job: Checking emails for viruses.
Virus scanning in the Avira Protection Cloud
If you want to use the Avira Protection Cloud for virus scan and to upload only certain file types to this Cloud, configure a Watchdog Virus Scanning (Advanced) job. Only this job gives the possibility to select fingerprints.
To create this job, click on Mail Transport Jobs > Right-click > New > Watchdog Jobs > 'Job Type'.
For further information on the APC Option, refer to Specialties of Avira Scan Engine with APC.
Job configuration
This job can only be used with the 'Sophos Scan Engine mit APC'. Therefore, in the Scan 273 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Engines tab only this engine can be selected:
Enable this engine.
For information on the settings in the standard tabs, refer to Standard tabs of Mail Transport Jobs. For a description of other settings which are not documented in this section, refer to Sample Job: Checking emails for viruses.
Virus scanning in the Information Store
Under Policy Configuration at each Scan Configuration, you can create a Watchdog Virus Scanning Job in order to check Information Store objects for viruses: 'Information Store Scan Configuration' > New > Watchdog Virus Scanning.
For further information on the Scan Configuration, refer to Scan Configuration for Information Store Jobs.
General Settings
Enable the Job:
274 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Scan Engines
In the Scan Engines tab, select the virus scanners you want to use. All virus scanners except the 'Sophos Scan Engine with Sandboxing' are available in this job.
Refer to Scan Engines.
Actions
Use the Actions tab to define the actions to be performed in the cases mentioned below:
Scan options
275 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Extra archive scan with iQ.Suite unpacker: If you are using a virus scanner which has no integrated unpacker, enable this option. An integrated unpacker will then extract the compressed files before passing them to the virus scanner.
Virus found/Removing not successful: Specify the actions to be executed if a virus was found and the virus scanner could successfully remove the virus-infected element from the Information Store object.
Removed virus(es)
Define whether the virus scanner should try to remove the virus-infected elements. If yes, click Removing successful.
Removing successful: Specify the actions to be executed if a virus was found and the virus scanner could successfully remove the virus-infected element(s).
Note: Only if you want that the job removes found viruses, enable in the Scan Engine the 'Alternative clean parameter’ option.
Object unscannable
Object unscannable: Specify the actions to be executed if the Information Store object or at least one element of the Information Store object could not be scanned. This allows to control the behavior of iQ.Suite when it finds encrypted objects, which typically cannot be opened to be scan for viruses.
Description of the Actions
The following actions are available for the cases Virus found/Removing not successful, Removing successful and Object unscannable:
Copy to Quarantine: A copy of the Information Store object or of the element will be copied to the Quarantine selected here. Default: Information Store Quarantine. 276 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
The quarantine object can be provided with a label (e.g.: VIRUS or DENIED) which can be, for example, the reason for the executed "Copy... to Quarantine" action. A label can be used to facilitate sorting and searching for objects in the Quarantine.
Important: Other than for emails in the Quarantine, the "Resend from the Quarantine” action is not available for Information Store objects.
Add subject extension
During job processing, an additional information can be added to the email subject, e.g. for test purposes. This can, for instance, be a text indicating that a virus was found in the object and the virus-infected attachment was replaced (example 1).
Examples:
1. [Virus Detected And Attachment(s) Replaced] 2. [Virus Detected And Cleaned] 3. [Unscannable object detected]
The text to be added can be either specified manually or defined by using variables ( ). Refer to List of notification variables. Beside this, determine whether you want the text to be added 'at the beginning' or 'at the end' of the subject.
The following actions are available only for "Virus found/Removing not successful" and "Object unscannable":
Delete...: 'entire object’: The entire Information Store object will be irrevocably deleted from the server. 'element’: Only the virus-infected element of the object will be irrevocably removed from the object.
With the Copy to Quarantine option, the virus-infected element/object can be copied to the selected Quarantine and kept there.
Replace element with
The virus-infected element is deleted and replaced with an HTML file whose content can be defined in the Replace content with field. By default, this HTML file contains information about the found virus and the virus-infected element. Use the Custom name of replacement file field to specify a filename for the HTML file. The .html file extension will be automatically added if you do not specify it.
Send
Refer to Standard actions.
Besides the standard actions mentioned above, you can use the Add button to define additional actions, for instance sending notifications to other recipients or starting an external application. Refer to Additional actions.
277 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
278 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Jobs for File restrictions
For file restrictions, use the Watchdog Attachment Filtering Job. This job exists as Mail Transport Job and as Information Store Job.
Notes:
The examples below only illustrate the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs. Some setting options of the Mail Transport Job are not available in the Information Store Job. Refer to Standard tabs of Information Store Jobs.
Sample Job: Denying file attachments by type
Copy the sample job Block Video Files to Mail Transport Jobs. Activate the job.
Selecting Fingerprints
Open the Fingerprints tab:
Scan inside compressed attachments: The software also checks compressed attachments (e.g. ZIP or RAR archives) for prohibited files. If a prohibited file attachment is detected, the entire compressed file is blocked. If this option is disabled, only the archive (in this case the ZIP file itself) is analyzed.
279 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Ignore inline attachments: File attachments detected as 'inline attachments’ ('content disposition’ type) can be excluded from search. For this, enable this option. Fingerprint conditions: Click 'Video’ or 'No fingerprints selected’ to select a fingerprint category or an individual fingerprint from the list. The following view appears:
Use the Add and Remove buttons to assign entire categories or individual fingerprints to the list of denied and/or allowed fingerprints.
Tip: You can enter a category such as Video under Denied Fingerprints and define one or more fingerprints from that category as exception under Allowed Fingerprints. To keep a clear overview, do not use the same job for too many categories.
Defining actions
In the Actions tab, specify the actions to be performed when the job finds an attachment with a denied fingerprint.
Actions in the Mail Transport Job:
280 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
In this example, a copy of the email is quarantined and the virus-infected attachments are deleted. The email is delivered to its recipient, but the denied attachments are removed. A notification of the denied fingerprint is sent to the administrator.
Click the Add button to define further actions.
The actions available in the Information Store Job are described under Description of the Actions.
Sample Job: Limiting email size
Copy the Block emails Larger 100 MB job to Mail Transport Jobs. Activate the job.
Tip: The email size limit applies to the email as a whole, including subject, message body, header and attachments.
Specifying email size
In the Email Size tab, perform the following settings:
281 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Email size limit: Each email processed by the job should not exceed the size specified in this field. Consider the number of recipients: The number of recipients will be considered when calculating the email size: [Email Size] x [Number of recipients]=Email size to be considered
Defining actions
In the Actions tab, specify the actions to be performed when the job finds an email that exceeds the maximum size:
282 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
In this example, a copy of the email is placed in quarantine and the email is deleted without being delivered to its recipient. A notification of the excessive email size is sent to the administrator.
Click the Add button to define further actions.
Sample Job: Denying attachment types and sizes
Under Policy Configuration > Sample Jobs, you will find a number of preconfigured jobs for blocking various file formats and sizes:
Block Office Files > 10 MB Block Sound Files > 5 MB Block Video Files > 5 MB
Tip: Unlike checking the email size, checking the format and the size of attachments applies to attachments only. Neither the subject nor the message body nor the email header are taken into account.
Copy the Block Office Files > 10 MB job to Mail Transport Jobs. Activate the job.
Specifying Fingerprint and Size
In the Fingerprint/Size tab, enter the maximum allowed email size and the fingerprint format:
Note: Unlike for simple fingerprint checking, the ‘Scan inside compressed attachments’ option is not available here. To limit the size of compressed files, enter their formats in this job.
Fingerprint/Size conditions: To specify the size in kilobytes, click on '10 000'. To select a 283 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
fingerprint category, an individual fingerprint or the maximum size from the list of fingerprints, click 'Microsoft Office'.
The following view is displayed:
Use the Add and Remove buttons to assign entire categories or individual fingerprints to the list of denied and/or allowed fingerprints.
Tip: You can enter a category under Denied Fingerprints and define one or more fingerprints from that category as exception under Allowed Fingerprints. To keep a clear overview, do not use the same job for too many categories.
For further Information on fingerprints and on entering name and binary patterns, refer to Fingerprints.
Defining actions
In the Actions tab, specify the actions to be performed when the job finds an email that is denied by an Attachment/Size job:
284 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
In this example, a copy of the email is quarantined, the virus-infected attachments are deleted, and the email is delivered without its attachments. A notification of the restriction is sent to the administrator. You can select this notification from the drop- down list of available notification templates.
Refer to Creating notification templates.
285 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Scanning email bodies for suspicious URLs
The Watchdog URL Scanning job, which is exclusively operational with the Kaspersky Scan Engine, is used to scan email bodies in plain-text or HTML for suspicious URLs like e.g. phishing URLs.
This job first extracts the email bodies and search in the bodies for URLs by using regular expressions. Afterwards, it checks whether the found URLs are suspicious by using either the locally downloaded URL patterns or the URL lists existing in the Kaspersky Cloud (depending on your configuration in the Kaspersky Scan Engine).
Job configuration
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
Create a Watchdog URL Scanning Job (Mail Transport Jobs > right-click > New > 'Job') and proceed as follows:
1. In the URL Scanners tab, select the Kaspersky Scan Engine:
Activate the Engine, if required.
2. In the Regular Expressions tab, specify the regular expressions to be used with Add:
286 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
287 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
PDF Protection: Checking PDFs for undesirable elements
Use Watchdog PDF Protection to check top-level PDFs and PDF files in top-level PDFs for undesirable elements such as prohibited file attachments, JavaScript objects and unknown URLs. If undesirable elements are found, the top-level PDF can be cleaned or removed from the email. Alternatively, the email can be entirely deleted. This depends on your configuration.
Elements defined as "prohibited" can be e.g. file attachments of certain types or sizes, JavaScript objects or other annotations such as URLs to harmful web pages.
Important definitions
Concepts which are used in the context of Watchdog PDF Protection and need an explanation are defined below:
Top-level PDF
PDF which is directly attached to an email. A PDF in an archive (e.g. ZIP or RAR) is not a top-level PDF.
Annotations
As "comment annotations", we usually mean elements which can be retroactively added on PDF pages by using the comment functions of PDF readers. Examples:
Besides the "comment annotations" mentioned above, there are the following annotations which we name "interactivity annotations":
Highlight or strike out text
Examples: Mark important text passages with colors or with wavelike/continuous lines; strike out text passages.
Enter comments in text form
Add comments in text form in the PDF; information tags or text fields can be created and put over the original text.
Highlight comments by drawing
Highlight comments by using colors and shapes (e.g. rectangles, arrows, circles and clouds).
Link to a file (file annotation)
Highlight comments by using a file.
JavaScript objects 288 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
With "JavaScript objects", we mean all JavaScript objects embedded in PDFs, e.g. JavaScript annotations.
Beside the regular use of JavaScript in PDFs, attackers can embed JavaScript in PDF files in oder to produce undesirable effects.
Link annotations
With "Link annotations", we mean page-link annotations used to jump at different positions in the PDF and URL annotations. The latest can be used to link to harmful web pages in order to phish information.
Tab: Attachments
In this tab, define which file attachments to prohibit in the checked PDFs by restricting the allowed file sizes and fingerprints.
With 'file attachments', we mean here embedded files and file annotations in the scanned PDFs.
Attachment size must be greater/smaller than... KB: You can enter a minimum and/or maximum file size to prohibit specific file attachments of the checked PDF because of their file size.
Example: File attachments which are greated than 500 KB, but smaller than 1000 KB.
Prohibit the following file types: Select fingerprints to determine which attachments of the PDF files are to be marked as 'prohibited: All file types: All file types will be prohibited. Selected file types: Define which file types to prohibit by selecting fingerprints. With 'Except attachment is of type', you can exclude a subset of the selected file types form the prohibition. 289 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Note: The conditions for file size and file types are linked by a logical AND.Example: Only the EXE files greater than 500 KB should be 'prohibited'. If the scanned PDF contains such a file, all actions for "Restriction found” will be executed. If an EXE file with 450 KB is found, then the EXE will be marked as 'admitted'.
Scan inside compressed attachments: Use the Edit archives button to determine which types of archives contained in top-level PDFs are to be decompressed until the maximum number of extracted archive levels is reached (e.g. the archive types 'ZIP' and 'RAR'). Archives which are attached directly to emails will not be unpacked.
The files extracted from archives are individually checked for prohibited fingerprints. If the archive contains a PDF, this PDF is separately checked for prohibited elements.
Maximum number of extracted archive levels: refer to Compressed files and iQ.Suite Monitor.
Also refer to note "PDFs from unpacked archives" under Actions tab.
Note: Nested PDF files in top-level PDFs are extracted and always checked for prohibited elements until the maximum number of extracted archive levels is reached. The Scan inside compressed attachments option has no impact on this.
Once the maximum number of extracted archive levels is exceeded, processing of the current element (PDF or archive) is aborted with an error.
Tab: Options
Use the Options tab to define the Constraints for annotations contained in PDF files:
Allow all annotations: All found annotations remain unfiltered in the processed PDFs. An exception are the file annotations which are prohibited according to the 290 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
configuration in the Attachments tab. Prohibit all annotations: All types of annotations will be marked as "prohibited", including all URLs and JavaScript objects. Even the file annotations which are allowed according to the configuration in the Attachments tab will be marked as "prohibited". Prohibit selected annotations: JavaScript: Watchdog PDF Protection cannot extract any JavaScript codes and check them for legitimacy. Consequently, all JavaScript objects found in PDFs will be marked as "prohibited" if this option is enabled.
URLs: The URLs will be extracted from the PDF and filtered against the whitelist configured in the Allowed addresses field: All URLs which are not specified as allowed addresses are marked as "prohibited”.
Use a separate line for each allowed address. The wildcards "?" and "*" can be used in the addresses.
All PDF files must be processed successfully
This option is only relevant for emails which contain several PDFs.
If this option is enabled (default) and at least one PDF of the email could not be successfully processed (error), actions are executed depending on the error type:
Loading error: All occured errors were loading errors => The "Loading actions" (Malformed PDF Actions) are executed. Other errors: For at least one PDF, an error occured (except loading errors) => The "Error Actions” are executed.
If this option is disabled and at least one PDF of the email could be successfully processed, the following cases are possible:
No prohibited elements in PDF(s) found: There is no reason to execute actions => No actions are executed. Prohibited elements found: Prohibited elements were found in at least one PDF => The actions for "Restriction found" (Restricted Actions) are executed.
Also refer to Actions tab.
Ignore password-encrypted PDF files: Password-encrypted PDFs cannot be processed.
Option is enabled (default): Password-encrypted PDFs will be ignored and therefore cannot trigger the defined error actions. Option is disabled: Password-encrypted PDFs will not be ignored and can trigger the error actions.
Note: Encrypted PDFs without user password can be processed and cleaned, if required, because no password is required to load these PDFs.
Ignore signed PDF files:
On the one hand, it seems to be rather improbable that harmful PDFs are signed, 291 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
on the other hand a signature improves the semblance of seriousness in case of harmful PDFs. Use this option to decide whether to ignore or process signed PDFs. Consider for your decision that signatures are invalidated in case of cleaning.
Note: Ignored PDF files are skipped, i.e. not processed, and are irrelevant for the option All PDF files must be processed successfully.
Tab: Actions
For general information on 'Actions' in iQ.Suite jobs, refer to Actions.
Restriction found: Actions to be executed when no errors occured, but prohibited elements were found in at least one PDF. Error actions: Actions to be executed when at least one error (except load error) occured during job execution. Loading actions: Actions to be executed when at least one PDF could not be successfully loaded.
If the email to be processed contains several PDFs, then the setting All PDF files must be processed successfully is considered for executing the actions.
No actions are executed if no error occurs during job execution and one of the following cases applies:
The email contains no PDF. The email contains only ignored PDFs. The email contains only loadable PDFs without prohibited elements.
Actions for "Restriction found":
Delete email: If the email contains a PDF with prohibited elements, the email will 292 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
be irrevocably deleted from the server and will not be delivered to the recipients. With the 'Copy to Quarantine’ option enabled, a copy of the email can be kept in the quarantine. Delete attachment: If the processed email contains a PDF with prohibited elements, the PDF is deleted from the email. The email will be further processed without the PDF. Clean attachment: The prohibited elements will be removed from the PDF. The PDF will then be re-attached to the email in a cleaned state.
For a description of the other possible actions, refer to Actions tab.
Note: PDFs from unpacked archives
PDFs from unpacked archives are scanned, but they can be neither cleaned nor deleted from the archive. If an archive is atttached to a top-level PDF and this archive contains a PDF file, this PDF file is checked for prohibited elements. If this PDF file contains prohibited elements, then the complete archive is marked as “prohibited”. Hence, the top-level PDF contains a prohibited file atttachment (the archive). The subsequent actions depend on the selected actions.
More information
293 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
iQ.Suite Wall
iQ.Suite Wall is used to scan emails and file attachments for spam or unwanted content before they are sent to the recipient and to quarantine them if necessary. Quarantine summary notifications regularly inform end users about the emails that have been quarantined for them. Targeted address analysis and classification are used to restrict incoming or outgoing email addresses as well as limit the number of recipients pText Analysis with Dictionarieser email.
In addition to using spam pattern analysis, the iQ.Suite Wall content analysis can be used to analyze emails for specific content and to block them if they violate company policy. Content analysis is also useful for externally addressed emails in order to ensure that outgoing emails conform to the internal security level.
Job types
Type: Wall Email Address Filtering
Blocking emails because of sender/recipient addresses; search and text replacement by using regular expressions.
Refer to Address filtering: Blocking certain sender addresses.
Type: Wall Content Filtering
Exists as Mail Transport Job and as Information Store Job.
Checking emails (including file attachments) for undesirable contents by using dictionaries.
Refer to Text analysis with Dictionaries.
Type: Wall Spam Filtering
Spam filtering by using configurable criteria, with or without spam analyzer.
Refer to Spam filtering without Spam Analyzer and Spam filtering with Spam Analyzer.
Type: Wall CORE Classification
Text classification with CORE
Refer to CORE Classification.
Type: Wall Recipient Limit Filtering
Restrict number of recipients
Refer to Limiting the number of recipients.
294 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Type: Wall Credit Card Number Filtering
Exists as Mail Transport Job and as Information Store Job.
Checks emails / Information Store objects and file attachments for credit card numbers.
Refer to Text analysis for Credit Card numbers.
Type: Wall Advanced Action
Exists as Mail Transport Job and as Information Store Job.
Search in emails (including file attachments) by using regular expressions; text replacement in email fields and filenames. Tranferring matches to an external application.
Refer to Advanced Action: Text analysis with regular expressions.
Type: Wall Email Cleaning
Deletes HTML bodies and mail headers (e.g. Received headers or X-headers) from emails.
Refer to Email Cleaning: Deleting HTML bodies and mail Headers.
Type: Wall DKIM Creation
Signs outgoing emails by using DKIM (RFC 6376) to attest the authenticity of the sender or sender domain.
Refer to Creating DKIM signatures.
Type: Wall DKIM Validation
Checks DKIM signatures of incoming emails in order to verify the authenticity of the sender or sender domain and to confirm the integrity of these emails.
Refer to Validating DKIM signatures.
Type: Wall Copy To Mailbox
Copys sent emails in their processed state to the 'Sent’ folder in the mailbox of the set sender. This way, the email is displayed exactely as it is delivered to the recipient (e.g. with a trailer added by a Trailer job).
Refer to Update sent items in the sender's mailbox.
295 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Spam Protection – Overview
iQ.Suite Wall provides a comprehensive protection against spam through a wide range of analysis methods. To ensure an efficient and highly performing spam protection, we recommend you to use these methods combined:
Address filtering (Blacklists and Whitelists)
An address analysis job allows to prevent emails coming from senders known to be unrequested from being delivered to the recipients. The unrequested email addresses or entire domains are entered in a blacklist used as filter. On the other hand, an address analysis can also be used to exclude emails from spam analysis if they come from known "acceptable" senders. Such addresses are entered in whitelists. How blocked emails are further processed (e.g. deleted or quarantined), depends on the job configuration. If they are quarantined, the recipient decides for himself what to do with the email (deliver, delete, etc.) and how future emails from this sender are to be handled. To do so, he/she can add the sender address to his/her personal blacklist or whitelist (User Blacklist/User Whitelist).
For further Information, refer to Address filtering: Blocking certain sender addresses.
Spam Filtering Job
The Wall Spam Filtering job checks emails for typical spam features. For this, the job distinguishes between definite criteria and combined criteria. Definite criteria classifies the email as either 100% spam or 100% non-spam. The combined criteria are used to calculate how likely it is that the email checked is spam (spam probability). The more combined criteria are used, the higher the probability to classify emails as either spam or non-spam.
For further information, refer to Spam filtering without Spam Analyzer and Spam filtering with Spam Analyzer.
Spam Analyzers (Anti-Spam Engines)
Spam analysis can be performed through anti-spam engines from third-party manufacturers. In iQ.Suite, the engines are provided as analyzers.
For further Information, refer to Spam filtering with Spam Analyzer.
Text analysis (Dictionaries, CORE)
Dictionaries offer a possibility of checking email content for unwanted words. Whenever a configured maximum number of occurrences of search terms listed in the dictionary is exceeded, the email is classified as spam. For further Information, please refer to Text analysis with Dictionaries. 296 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Besides using dictionaries, a text analysis can also be performed using the CORE Analyzer (COntent Recognition Engine), which also analyzes and classifies email content. With CORE, the text analysis is based on a statistical learning theory for text classification, where a representative set of incoming and outgoing emails (including Spam) is analyzed and then used to train a classifier. When combined with the filtering methods above, CORE contributes to a significantly higher spam recognition rate.
For further Information, refer to CORE Classification.
297 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Address Filtering: Blocking certain sender addresses
The Wall E-Mail Address Filtering jobs focuses on the senders and recipients of the emails. You can deny specific senders, so that no email from these addresses is delivered to your users, and you can deny specific recipients, so that none of your employees (or only selected people) can send email to them.
To block emails from known spam domains or other unsolicited senders, use the sample job Block Specific Sender Addresses. This job contains a blacklist with email addresses from domains known as spam domains. Emails from sender addresses listed in the blacklist are blocked and quarantined.
Note: Please note that the provided list of spam domains is no recommendation from GBS and the information is not kept up-to-date. The list simply provides a basis for your own configurations. Therefore, check the entries and change them as required.
1. Copy the Block Specific Sender Addresses job to Mail Transport Jobs. Activate the job. This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard Tabs of Mail Transport Jobs. 2. Open the Addresses tab. If required, modify the default settings.
1. To add addresses to the blacklist manually, click on Anti-Spam: Blacklist > User-defined Address lists > Anti-Spam: Blacklist > Edit button. Refer to Creating, editing and deleting custom address lists. 2. To add addresses to the blacklist automatically at least in one job, this action has to be enabled, e.g. in the sample job Block Offensive Language: For this, in the Actions tab, enable the Add email sender/recipient to user list Blacklist option. As soon as an email is quarantined by this job, the sender address is added to the blacklist.
3. For the internal users, configure a quarantine summary notification including blacklist and whitelist functionality. With this, your employees can add a sender address to their user whitelist out of the quarantine summary notification. The receivers of the summary notification can react on emails which were classified as spam and quarantined falsely. Emails from senders listed on the users' whitelist will not be quarantined in the future. Refer to Defining Quarantine summary notifications.
298 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Creating and validating DKIM signatures
DomainKeys Identified Mail (DKIM) is an email authentication method based on asymmetric encryption and designed to detect forged sender addresses in emails (email spoofing), a technique often used for phishing and spamning.
DKIM cannot be used on Microsoft 365 because Microsoft modifies the body hash.
How does DKIM work?
DKIM allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain. It achieves this by affixing a digital signature, linked to a domain name, to each outgoing email. The recipient system can verify this by looking up the sender's public key published in the DNS as a TXT record. A valid signature also guarantees that some parts of the email (possibly including attachments) have not been modified since the signature was affixed.
However, please note that DKIM itself cannot detect spam. If email addresses of an authenticated domain are used for spamming, advanced methods are required to detect emails with undesired contents.
For further informationen on DKIM, refer to www.dkim.org.
DKIM in a multi-tenant environment
If you want to use DKIM in a multi-tenant environment, you must configure DKIM in the Master Configuration (iQ.Suite Master Management Console).
Creating DKIM signatures
Create a Wall DKIM Creation Job under Mail Transport Jobs. Enable this job.
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
In the Options tab, define how to create DKIM signatures for outgoing emails:
299 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Domain: Domain of the DNS from which the public key used to validate the DKIM signature will be requested.
Usually, this is the sender domain of your company users.
Example: mycompany.com
Selector: Specify the selector to distinguish DKIM records in your DNS:
DKIM record:
For the selector, you can enter any value which contains any of the following allowed characters: letters (except umlauts), numbers and the characters 'underscore' ( _ ) and 'minus' (-).
Example with the selector 'gbs_iqsuite': gbs_iqsuite._domainkey.mycompany.com
Private key (base64): The private key is required to create the DKIM signature. Insert the base64-encoded key content in this field.
Hash algorithm: This algorithm selected here will be used to calculate the DKIM signature: 'SHA-256’ (default) 'SHA-1’ (not secure)
Canonicalization:
The 'Canonicalization' (also called 'Normalization') is a process whereby the email's headers and body are converted into a canonical standard and 'normalized' before the DKIM signature is created. This is necessary because some email servers and relay systems will make various inconsequential changes to the message during normal processing, which could otherwise break the signature if a canonical standard was not used to prepare each message for signing. There are two canonicalization methods used 300 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
for DKIM signing and verification: "simple” and "relaxed”.
'Simple' is the strictest method, allowing little to no changes to the message. 'Relaxed' is more forgiving than 'simple', allowing several inconsequential changes.
Respectively for the headers and the message body, specify which method of the canonicalization shall be used:
Canon method (header) This is the method used for the message headers when signing the message. 'Simple’: This method allows no changes to the header fields in any way. 'Relaxed’: This method allows for converting header names (not header values) to lower case, converting one or more sequential spaces to a single space, and other minor changes. Canon method (body) This is the method used for the message body when signing the message. 'Simple’: This method ignores empty lines at the end of the message body, no other changes to the body are allowed. 'Relaxed’: This method allows for blank lines at the end of the message, ignores spaces at the end of lines, reduces all sequences of spaces in a single line to a single space character, and other minor changes. Remove other DKIM signatures (default): The job always creates a new DKIM signature. With this option enabled, already existing DKIM signatures are kept in the email. Header fields in hash: Specify the header fields to include in the DKIM signature (hash value). At least the 'From' field (sender) must be contained.
Actions
Use the Actions tab to define the actions to be executed in case of job success and in case of job errors.
In the success actions, the action Add subject extension is not available since the DKIM signature can be destroyed if the subject is part of the signature.
Validating DKIM signatures
Use the Wall DKIM Validation Job to configure how iQ.Suite will validate DKIM signatures in incoming emails.
This example only illustrates the job-specific details. For a description of the settings under standard tabs, please refer to Standard tabs of Mail Transport Jobs.
For the validation, the DKIM Validation Job requests the public key from the DNS record of the DKIM signature domain and validates the DKIM signature using this key.
Create a Wall DKIM Validation Job under Mail Transport Jobs. Enable the job.
Open the Options tab:
301 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Alternative DNS server: The public key of the sender will be requested from the DNS server.
By default, the DNS server of the current iQ.Suite server is used. If you want to use another DNS server, specify here the IP address of the desired DNS server.
DKIM signature options:
DKIM signatures Must contain DKIM signature:
At least one DKIM signature must be contained in the email. Consequently, emails without any DKIM signature are treated as errors and the error actions are executed (Actions tab). Refer to Actions.
Only one DKIM signature allowed: The email must contain only one DKIM signature. Consequently, emails with several DKIM signatures are treated as errors and the error actions are executed (Actions tab).
If both checkboxes are enabled, emails without any DKIM signature and emails with several DKIM signatures are treated as errors.
Remove all DKIM signatures on success:
If all DKIM signatures could be successfully validated, all DKIM signatures are removed from the email.
Validation:
This setting is only relevant for emails with several DKIM signatures. The following options are available:
'All must match’: All DKIM signatures must be validated.
302 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
'Sender/Domain must match’: For the validation, only DKIM signatures having a domain matching the sender's domain are considered.
If no DKIM signature is found, the actions which will be executed depend on whether the 'Must contain DKIM signature’ option is enabled.
Actions
The following job results are possible:
The DKIM signatures to be validated could be validated.
The success actions will be executed.
Not all DKIM signatures to be validated could be validated.
If at least one of the DKIM signatures could not be validated, the error actions are executed.
No DKIM signature has been validated because no appropriate DKIM signature existed and no DKIM signature had to exist.
If defined, the Subject extension specified in the General tab will be added in the suject line of the email.
303 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Searching and replacing text by using regular expressions
Wall E-Mail Address Filtering jobs can be used not only for email blocking but also for complex text replacements. With regular expressions, email processing can be controlled and email properties can be modified.
For this, the email fields are checked for specific patterns defined as regular expressions. When a match is found in an email field, it is replaced with the defined replacement text.
Regular expressions can also be used in job conditions. Whenever a search pattern defined in the conditions is found, the job is either executed or ignored, as configured.
Possible applications:
Modify sender or recipient address (SMTP Envelope) Modify email header Modify email body Redirect emails based on email content
Notes:
We support the ICU library functionality. Make sure that the regular expressions defined comply with this syntax. Note that, by default, the syntax is not case- sensitive. Wall Adress Filtering Jobs do not allow search within file attachments. For this, use the Wall Advanced Action Job. Refer to Advanced Action: Text analysis with regular expressions.
In the Wall E-Mail Address Filtering job, the Regular Expressions tab offers different possibilities:
304 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
SMTP Recipients: Modifies the email field of the SMTP recipient. Before the email is sent, the recipient address is checked and replaced using a regular expression. SMTP Sender: Modifies the email field of the SMTP sender. Before the email is sent, the sender address is checked and replaced using a regular expression. E-Mail Header: Modifies a specific header line of the email. Before the email is sent, the email header is checked and replaced using a regular expression.
Select the corresponding tab and click Add.
Replacing domains
The following describes how to modify the domain of the SMTP recipient address of an incoming email. Changing the SMTP sender address for outgoing emails works in the same way.
Create a Wall E-Mail Address Filtering job under Mail Transport Jobs. Activate the job. This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
In the Regular Expression tab, click SMTP Recipient > Add:
305 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Regular Expression: Set the search pattern as regular expression. This pattern is searched for in recipient addresses in the SMTP Envelope of emails. Replace matches with the following replacement text: If a match is found, the text found with the regular expression is replaced with the replacement text specified in this field.
In the example above, the recipient addresses from a domain matching the pattern @mycompany.com are changed to @internal.local. For advanced domain changes, e.g. to change the order of first name and last name, you need more complicated regular expressions.
Example: The recipient address [email protected] is to be changed to [email protected]. Search pattern: ^([a-z]+)\.([a-z]+)@mycompany\.com$ Replacement text: [email protected]
The two expressions ([a-z]+) represent the first name and the last name of the address. In the replacement text, $2.$1 defines the order of ([a-z]+), i.e. of the first name and the last name.
Key elements in the ICU Library
Meta Description character
. All characters.
$ Ende of row.
\d All characters of the general Nd Unicode category (mumber, decimal).
\D All non-decimal digits.
\s An empty space (white space). An empty space is defined as [\t\n\f\r\p{Z}]. 306 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
\w A word character. Word characters are [\p{Ll}\p{Lu}\p{Lt}\p{Lo}\p{Nd}].
\W All characters which are not word characters.
[arz0-9] Characters a, r, z and 0...9.
[^arz0-9] All characters except a, r, z and 0...9.
Operator Description
* 0 or more occurrences..
+ 1 or more occurrences.
? 1 or 0 or occurrences.
Modifying email header line
Regular expressions can be used to modify individual lines of the email header. The following describes how to replace the text in the ’X-Mailer' header line with the text '---'.
Create a Wall E-Mail Address Filtering job under Mail Transport Jobs. Activate the job. This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
In the Regular Expression tab, click Email Header > Add:
307 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Specify a regular expression for the email header line to be modified (here: X-Mailer):
Name of the email header: Specify the name of the email header line to be modified by the regular expression (Regular expression field). You can specify a fixed name or a regular expression. Header is defined as regular expression: If you have specified a regular expression in the previous field, enable this checkbox. Processing Mode 'Remove line breaks (Header Folding)':
This mode is recommended, since in MIME emails long header lines are often broken across several lines, which can make reading the header line rather complicated.
'Remove comments and line breaks (Header Folding)':
With this mode, line breaks and comments will be removed.
'Search in raw data':
This mode should only be used if the line break pattern (e.g. the number of tab stops or blanks) is known and can be replaced by using regular expressions.
Regular expression: Set the search pattern as regular expression. This pattern is searched for in the specified email header. Replace matches with the following replacement text: If a match is found, the text found with the regular expression is replaced with the replacement text specified in this field. In the replacement text, you can also use variables.
Modifying email body
Regular expressions can be used to modify individual words or phrases of the email 308 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
body. This, for instance, allows to prevent sensitive information from being sent by email.
This requires that the searched text has a structure that can be described and searched for in the email body using regular expressions.
Create a Wall E-Mail Address Filtering job under Mail Transport Jobs. Activate the job. This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
In the Regular Expression tab, click Email Body > Add:
Specify a regular expression for the words or the phrase in the email message body to be modified:
Email body format: You can restrict job execution to certain formats of the message body by selecting the desired option ('HTML’, 'Plain text’ or 'RTF’). With the default option 'All body formats’ the job starts for all formats. If the character set of the message body is unknown, the local character set is used. Regular Expression: Set the search pattern as regular expression. This pattern is searched for in the message body. Replace matches with the following replacement text: If a match is found, the text found with the regular expression is replaced with the replacement text specified in this field. In the replacement text, you can also use general variables and variables which were created by Wall Extract Header Value Jobs.
309 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Limiting the number of recipients
To prevent mail flooding with bulk emails, you can limit the number of recipients for each email. As soon as the defined limit is reached, the configured job actions are performed.
For this, use a Wall Recipient Limit Filtering Job.
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
1. Copy the sample job Block Emails With More Than 50 Recipients to Mail Transport Jobs. 2. Activate the job. 3. In the Number Of Recipients tab, enter the maximum number of recipients per email:
In this example, each incoming or outgoing email can be addressed to at most 50 recipients.
Note: In case the emails are addressed to a list of recipients grouped in a single address, the server (Exchange/SMTP) needs be able to resolve this list into individual recipients in order to determine the number of recipients. An address actually representing a mailing list will be considered a single recipient if it lies outside of the scope of the Exchange/SMTP server.
4. In the Actions tab, specify the actions to be performed when the job finds an email 310 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
with too many recipients. By default, a copy of the email is quarantined and the email is deleted without being delivered to its recipients. A notification of the number of recipients is sent to the administrator. You can select this notification from the drop-down list of available notification templates. Refer to Creating notification templates.
311 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Spam filtering without Spam Analyzer
Functionality of the Advanced Spam Filtering Job
The Advanced Spam Filtering sample job specifically checks the email header, the subject line and the message body for typical spam features. For this, the job distinguishes between definite criteria and combined criteria. Definite criteria classifies the email unambiguously as spam or non-spam, whereas the combined criteria only express a tendency for or against spam.
The definite criteria are criteria like sender addresses that are listed in a blacklist or a whitelist. As soon as the job detects a sender addresses that is listed in a blacklist, the email is classified as spam without further analysis. The configured job actions are performed, e.g. the email is blocked and quarantined (quarantine High). One definite criteria is sufficient to classify an email as either 0% spam or 100% spam.
The combined criteria are evaluated only if no definite criteria has classified the email unambiguously as spam or non-spam and focus on less significant spam attributes such as a high number of HTML links in the message body of the email. One single combined criteria that classifies an email as spam has only little impact on the email classification. However, the more other combined criteria classify the emails as spam as well, the higher the calculated spam probability. The spam probability for each email is calculated through evaluation of all combined criteria and ranges from 1% to 99%. Depending on this result, the email is assigned to one of the four threshold ranges None, Low, Medium or High. With this, the job actions defined for this threshold are performed.
In the job, the following actions are defined for the threshold ranges:
1. Threshold range: None. This means a spam probability of 0%. Threshold value: 0.
A definite criterion classified the email unambiguously as non-spam. By default, no job actions are performed. The email is forwarded to the next job in the job chain.
2. Threshold range: Low. This means a spam probability of 1 - 9%. Threshold value: 1 - 9.
At least one combined criterion classified the email as spam. Due to a low spam probability no job actions are performed, by default. The email is forwarded to the next job in the job chain.
3. Threshold range: Medium. This means a spam probability of 10 - 49%. Threshold value: 10 - 49.
Some combined criteria classified the email as spam. Due to a medium spam probability the email is blocked, by default. A copy of the email is quarantined and the calculated value of the spam probability is added into the subject line of the quarantined email. 312 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
4. Threshold range: High. This means a spam probability of 50 - 100%. Threshold value: 50 - 100.
Many combined criteria classified the email as spam. Due to a high spam probability the email is blocked and not delivered to the recipients. A copy of the email is quarantined and the calculated value of the spam probability is added into the subject line of the quarantined email.
If required, modify the job actions for the single threshold ranges.
Possible Job actions:
For emails with the spam probability of 0%, the subject can be extended with a corresponding text (Add subject extension). Emails with a spam probability below 10% can be moved into the Anti-Spam: Low quarantine for classification with CORE. Refer to CORE Classification. For emails with a spam probability between 10% and 49%, the SCL field can be processed in Microsoft Exchange, so that the email is automatically moved to the recipient’s Junk Mail folder (refer to Write spam result in Exchange SCL field) or the email is moved into the Anti-Spam: Medium quarantine. The administrator can classify the email for CORE. The recipients receive a summary report on the quarantined emails and can request their delivery if required. Emails with a spam probability between 50% and 100% can be moved into the Anti- Spam: High quarantine for CORE classification.
The Low, Medium and High ranges can be adjusted with sliders in the Actions tab and linked to corresponding actions, which are then performed for all emails in that range. However, we recommend you to keep the job configuration pre-set in the Advanced Spam Filtering job. The settings in this sample job perform strongly by experience. If your spam detection rate is unsatisfactory, try to optimize the definite spam criteria before modifying the combined criteria. If necessary, teach your own CORE classifier.
Tip: By default, the job is configured so that a high spam probability - for instance over 91% - can be achieved only when definite spam characteristics have been identified by several combined criteria.
Note: The definite or combined criteria do not affect the execution of the remaining configured jobs, such as checking the attachments by iQ.Suite Watchdog. Thus, if you have enabled the definite “No spam” criterion Emails with attachments and set the threshold value (Minimum number) to 2, then the spam filtering job immediately classifies these emails under the spam probability range None. The subsequent Watchdog job will process the email as usual.
Sample Job: Advanced Spam Filtering
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
1. Copy the Advanced Spam Filtering job to Mail Transport Jobs. Activate the job.
313 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
2. In the Actions tab, specify the threshold value for the spam probabilities and specify the job actions to be performed for identified spam emails.
In this example, the following actions are configured for the spam probabilities None, Low, Medium and High:
For emails assigned to the spam probability None, no job actions are performed, by default (unambiguously non-spam). If required, add a subject extension, e.g. "Wall spam checked".
For emails assigned to the spam probability Low, no job actions are performed, by default (0 - 9% spam probability). Click the Low button to adjust the job actions.
For emails assigned to the spam probability Medium, job actions are performed (10 - 49% spam probability). Click the Medium button to adjust the job actions:
314 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Emails are assigned to this range if some combined criteria have found major spam indications or many combined criteria have found many minor spam indications.
The first action defined is to copy the email to the quarantine (Anti-Spam: Medium), where it is labeled MEDIUM. The original email is delivered to the recipient. The second action is to add a subject extension to inform the recipient of the email’s spam probability. With this, local users can set up their own Outlook message rules to deal with these emails.
Tip: You can configure a quarantine summary notification for quarantine category in order to notify local users of quarantined emails addressed to them (Refer to Defining Quarantine summary notifications). You can also use the Microsoft SCL value to forward the emails directly to the users’ Junk Mail folder through the Exchange Store.
For emails assigned to the spam probability High (10 - 49% spam probability) job actions are performed. Click on the High button to modify the settings, if required. The High spam probability is meant for emails that are most likely spam and should therefore not be delivered. In this case, the email is quarantined (Anti-Spam: High). Because of the big number of spam sent every day, no notifications are sent to the administrator.
Note: A high volume of spam can result in large quarantines, which can reduce system performance. When you no longer need the emails (e.g. for CORE Classification), you should therefore disable the Low and High quarantine copy.
Tip: Depending on your email environment, you may want to set different threshold values for the Medium and High ranges. Before you do change the thresholds, though, observe whether the job yields good filtering results with these settings.
Your aims should be:
to maximize the number of spam in the Anti-spam: High quarantine, to maximize the number of non-spam in the Anti-spam: Low quarantine, and therefore to minimize the volume of email going into the Anti-spam: Medium quarantine
2. If required, adjust the spam criteria. Click the Definite Criteria button:
315 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
In the No Spam tab, select the definite No-Spam criteria to be analyzed by the job. As soon as one of these criteria are found, the email is classified as 100% non- spam.
In the Spam tab, select the definite Spam criteria to be analyzed by the job. As soon as one of these criteria is found, the email is classified as 100% spam.
For a description of the criteria mentioned above, refer to Definite 'Spam' criteria and Definite 'No-Spam' criteria.
Note: Make sure you keep both the whitelist and the blacklist up-to-date.
3. Click OK to return to the Actions tab. 4. If required, enable the options Write spam result in Exchange SCL field or Write spam value in mail header field.
Write spam result in Exchange SCL field:
The spam filter of Microsoft Exchange can be used as definitive criterion (non- spam). The result of the spam filters calculation is an integer value between -1 and 9. This result is the so-called SCL (Spam Confidence Level). The higher the spam probability, the larger the SCL.
An SCL of 0 means that the email is probably non-spam, the value -1 is used for unfiltered emails, for instance, internal emails from senders within the same Exchange organization.
The Exchange SCL value trigger specified actions, such as automatically moving emails to the user’s Outlook Junk Mail folder. In the Exchange System Manager, you can centrally define what is to be done with emails with SCL values above a set threshold.
Even if you do not want to or cannot use Exchange Anti-Spam, this option will let you set the spam probability value of the spam filtering job as SCL result, 316 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
thus allowing you to use the Exchange functionality for possible actions or further processing. Internally, the spam probability value is converted to SCL values to enable Outlook to use them.
Tip: If you are using the quarantine summary notification feature, users are notified of all relevant spam emails (refer to Defining Quarantine Summary Notifications). In that case, you do not have to use the Exchange Store forwarding to Junk Mail folders.
Write spam value in mail header field:
The spam probability value (Low, Medium or High) is always written in the email header. For this, the result is converted to a string of asterisks (one asterisk corresponding to a value up to 10, two asterisks to a value up to 20, three asterisks up to 30, etc.) to which an Outlook rule can be applied. You can also specify the result separately for each spam probability: 'Actions' tab > Add > Add X-header. In this case, the result is displayed directly as a numeric value instead of being converted to a string of asterisks.
Practical tips on False Positives
In rare cases, the job classifies 'normal' and wanted emails as spam. In cases of frequent so-called false positives, we recommend the following procedure:
1. If the affected emails all exceed the spam probability threshold by only a small amount, increase the threshold value slightly. 2. If emails from a particular sender are regularly classified incorrectly as spam, add this sender to the Active Directory or to the whitelist (under Definite Criteria > Definite 'No Spam' criteria), so that these emails are no longer checked for spam. 3. Try to identify key words typically used in the affected emails and enter them in the Business Words dictionary. These words will then be taken into account through the 'No Spam' criterion Body business phrases so that emails containing them will receive a lower spam value. 4. Train your own CORE spam classifier. Refer to CORE Classification. 5. If the classification remains unsatisfactory after having performed the steps above, try to determine the criteria that are responsible for the false classification, e.g. using the processing log in the quarantine or the notification variable Spam analysis details. If it is often the same criterion, try to reduce its significance slightly to a lower value (Criterion relevance field). This way, the job will take into account the criterion to a lesser extent when determining the spam probability. 6. If you are sufficiently familiar with the characteristics of typical emails in your business environment (both spam and non-spam), you can also use the Combined Criteria under Advanced Configuration to optimize each criterion for your environment. This is especially useful if you had to reduce the relevance of a criterion by a large amount or disable it altogether. This can, however, result in a reduced effectiveness of the spam filter. For further Information, please refer to Spam filtering for Experts: Using combined criteria.
Tables: Definite criteria
317 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Definite 'No-Spam’ criteria
In the job, you can define the 'No-Spam’ criteria described in the table below. The emails which match at least one of these criteria will be clearly identified as non-spam:
Criterion Description
Trusted senders Whitelist: Addresses of all known senders that are always (Whitelist) allowed and that are known not to send spam. This normally includes all regular communication partners as well as the domains of your customers and suppliers. Keeping this list up-to-date and comprehensive ensures that your system resources will not be burdened with unnecessary checking.
Emails from Trustworthy addresses include all users and contacts Active Directory users entered in the Active Directory.
Emails from senders in Trustworthy addresses include all entries in the Microsoft Outlook user whitelist Outlook user whitelist. On Exchange: This only applies on Exchange Servers with the "Safelist Aggregation" component enabled.
For further information on "Safelist Aggregation", refer to the Microsoft website
Emails from user The email addresses included in the user whitelist are let whitelist entries through without prior checking for spam.
Subject phrases All emails containing specific words in the subject line are accepted without being checked for spam. This feature allows to set specific "passwords" to ensure that emails with critical contents are systematically delivered without being checked. These words are defined in a dictionary, which is then specified in the anti-spam job. The additional option allows to have the message body checked for these words as well (besides the subject).
Many attachments Emails with file attachments. Most spam emails do not contain any attachments. Use this field to specify a threshold. Example: 'Minimum number = 2’ means that all emails with two or more file attachments are delivered without spam checking.
Emails with a minimum Spam emails are usually rather small, i.e. large emails are size of less likely to be spam. Use this field to specify a threshold as of which emails are no longer checked for spam.
318 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
E-Mails sind in TNEF- TNEF emails. This Exchange-specific format is not being Format used by spammers yet.
Emails encrypted Encrypted and/or signed emails. Spammers do not send and/or signed encrypted or signed emails.
Microsoft Exchange Spam Confidence Level (SCL) accepts integers from -1 to 9. "No spam” SCL value Exchange assigns -1 for emails from senders from the same Exchange organization. The Wall Spam Filtering job treats this value as definite "no spam” criterion.
Definite 'Spam’ criteria
In the job, you can define the 'Spam’ criteria described in the table below. The emails which match at least one of these criteria will be clearly identified as spam:
Criterion Description
Denied senders Blacklist: All sender addresses known to be originators of (Blacklist) spam. The default configuration contains a list of known addresses to which you can add further addresses.
Emails from user The email addresses listed in the user blacklist are blacklist entries automatically classified as spam.
Denied character sets This function checks the charset field in the email header for the character sets in the specified list. Emails with a matching character set are immediately classified as spam.
Exchange SenderID If enabled, the mail’s sender ID is also checked. This allows to request returns "FAIL" prevent "spoofing", i.e. the falsification of sender email address domains. The analysis is based on entries in a DNS, which is used to determine from which IP addresses emails from specific domains are allowed to be sent or not. The Sender ID result is provided with the email. Wall checks the mail’s Sender ID and classifies the result "FAIL" as spam. To be able to use the SenderID function, a number of other functions need to be enabled on the server, such as the associated SenderID filter. The filter is enabled under Server > Protocols > SMTP > Properties > Identification. In addition, both server and client (Outlook) must be configured.
For further information, refer to the Microsoft website.
Emails with GTUBE If enabled, emails containing the GTUBE spam test string are test pattern also checked. Use this option to check the functionality of the
319 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
spam detection feature. A spam will be identified as such if you do not use a spam analyzer for spam checking.
GTUBE = Generic Test for Unsolicited Bulk Email
Spam filtering for experts: Using combined criteria
In general, the default settings of the Advanced Spam Filtering job perform strongly and do not have to be modified. In case of many false positives, proceed as described under Practical tips on False Positives. We recommend you to adjust single combined criteria only if these measures do not fulfill your requirements.
The differences between definite and combined criteria are described under Functionality of the Advanced Spam Filtering Job.
The combined criteria are only used for emails that are not already classified with the definite criteria as spam or non-spam. Each activated combined criterion evaluates the email with a certain spam probability. The individual values of all combined criteria are weighted according to their defined relevance to establish an overall result.
Each criterion has a defined relevance to the overall result, which can be set from Low to Very high. The higher the relevance of a criterion, the more impact on the overall result.
If required, you can disable the criterion by deselecting the checkbox.
An individual value can be assigned to most criteria for Minimum and Maximum. Below the minimum value, this criterion is not used in the overall weighting of the email. When the maximum score is reached or exceeded, this criterion considers the email as spam.
Depending on the overall result, the email is assigned to one of the spam probability ranges None, Low, Medium or High. The threshold values of the individual areas are decisive.
Example: Email Classification by Combined Criteria
320 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
In this example, the combined criterion Body phrases in the Spam (Body) tab is enabled.
To check the message bodies of all incoming emails for spam, this criterion uses the Anti-spam: Frequently Used Spam Phrases dictionary. This dictionary has a weighting value of 5 (General tab in the dictionary). Refer to Text analysis with Dictionaries.
If a word or phrase from this dictionary is found in an email, for instance "check it out", it receives a score of 5. Specify the number of occurrences required for this criterion to be taken into account in the overall score (Minimum threshold) and as of which value the criterion classifies the email as spam (Maximum score). The default value is 30. With this, six different words from this dictionary must be found in the message body of the email to be classified as spam according to this criterion. If only three words are found, the email is not definitely spam according to this criterion, but the probability of it being spam is already quite high. The relevance of this criterion is set to Very high, thus it has strong impact on the overall result of the email as spam.
Note: Words that occur more than once in an email are counted only once. If, for instance, the phrase "check it out” occurs three times within the same email, it would add only 5 to the score, not 15 (as in a 'normal' Wall Content Filtering job).
Tables: Combined criteria
Combined 'No Spam' criterion
Criterion Description
HAM phrases Checks whether the message body contains business words that in message body are typical for the user.
321 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Combined classification criteria
Here, the results of other spam filtering products - which often use only a single spam filtering method - are included. Their combination with other criteria in the spam filtering job eliminates the disadvantages of these products.
Criterion Description
CORE The results of the CORE classification with the internal SPAM Classification classifier are used to determine the spam probability. The returned percentage probability value is included with a high relevance for classification (default setting).
Refer to CORE Classification.
Exchange SCL The Intelligent Message Filter (IMF) also determines a spam value probability for each email, the so-called Spam Confidence Level (SCL) - from -1 to 9. The higher the spam probability, the higher the SCL. This is used to include the SCL value in the iQ.Suite spam evaluation.
Also refer to:
Definite 'No-Spam' criteria Write spam result in Exchange SCL field
SASI results The spam analyzers 'SASI’ and 'Kaspersky’ checks emails against / Kaspersky results known spam patterns. For further information, refer to www.gbs.com.
By default, the threshold as of which an email is considered spam is set at 50. If numerous received emails are spam emails in your opinion and the spam analyzer does not detect them as spams, it may be reasonable to adjust this threshold.
Combined header criteria
Criterion Description
Suspicious Checks whether the email has a From header and whether this sender header is completed and corresponds with the sender in the properties SMTP protocol.
Suspicious Checks whether the email contains a To header, whether this recipient header is completed and whether it or the CC header contains at properties least one of the SMTP recipients.
322 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Digits in sender Checks whether one of the sender addresses (SMTP or email address(es) header) contains digits.
Number of Checks the number of recipients of an email. recipients
Known spam x- Checks whether the X-Mailer entry in the email is an email client mailer typically used to send spam.
Known spam Takes into account the result of a previously run spam analysis to results classify emails as spam or non-spam. The result (number of spam indications found) is written to the email X-header. iQ.Suite reads the X-header and writes the number of spam indications into the criterion. The values for the minimum/maximum number of spam indications are then used for evaluation. The result may come from an external system or have been determined by iQ.Suite on another server.
Combined subject criteria
Criterion Description
Subject missing Checks whether the email has a subject field with content.
Recipient Checks whether the part preceding the @ of a recipient address is address in found in the subject of the email. subject
Junk sequence in Checks the email subject for long strings of hiding characters subject (blanks) and meaningless junk character strings.
Subject phrases Checks whether the email subject contains words typically found in spam.
Subject Checks the email subject for any concealed words from the concealed dictionaries specified. phrases
Combined message body criteria
Criterion Description
Recipient address Checks whether the part preceding the @ of a recipient address is
323 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
in body found in the message body of the email.
Junk sequence in Checks the message bodymessage body for long strings of spaces subject or meaningless character strings.
Body phrases Checks the message body for words typically found in spam.
Body concealed Checks the message body for any concealed words from the phrases dictionaries specified.
Suspicious HTML Checks the message body for any HTML constructs. code
Suspicious HTML Checks the message body for any spammer links. links
Many HTML Links Checks the message body for many HTML links in relation to the size of the text.
Embedded Can be used to identify spam content conveyed through images embedded images (internal reference to attachments). For instance, it is possible that (in configurations without SASI) emails with embedded images are systematically considered spam, unless embedded images are standard practice for email communication in the corresponding environment.
324 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Spam filtering with Spam Analyzer
For spam filtering, iQ.Suite supports spam analyzers of the following third-party manufacturers:
Sophos SASI Engine (SASI: Sophos Anti Spam Interface) Kaspersky Anti-Spam Engine
These integrated anti-spam engines are installed during iQ.Suite setup. After iQ.Suite installation, these engines are disabled. They can be enabled in the iQ.Suite Management Console and used as additional spam criteria in the Advanced Spam Filtering job.
Note: The anti-spam engines are additional features for iQ.Suite Wall and as such each of them requires a separate license. For further information, please contact the GBS Sales Team.
Anti-Spam Engine Configuration
If you plan to use an anti-spam engine for fighting spam, first configure the anti-spam engine for periodical pattern updates. The configured engine is automatically used whenever the corresponding criterion is enabled in the Advanced Spam Filtering job.
Open the anti-spam engine: Basic Configuration > Utility Settings > Anti-Spam Engines. Enable the engine.
Standard tabs of the Anti-Spam Engines
In this section, you will find a detailed configuration description of the standard functions of anti-spam engines with SASI as an example. In the subsequent sections, only the particularities of the Kaspersky Anti-Spam Engine are documented.
Tab: General
325 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Enable the Engine in the General tab. Usually, no further settings are required in this tab.
SASI interface / Kaspersky interface: This is the DLL file that links the iQ.Suite with the respective engine. Do not change this entry! Timeout: Enter the number of seconds after which a scan request addressed to the engine is to be canceled. Be sure to take into account the performance of your server. Write detailed log data: Creates a log file with detailed processing data of the scanner, e.g. for troubleshooting. Trusted relays (optional): Trusted relays are internal or external mail relay servers that you know to be safe; i.e. you trust that these servers will not be the source of unwanted emails. Trusted relays can exist both inside your network ("internal relays") and outside of it ("external relays").
Use this field to specify the IP addresses of the relay servers you want to trust. The Engine will skip over the trusted relays which are specified in the 'Received' headers of emails.
Use for each address a separate line.
Tab: Update
326 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
To ensure permanent spam protection, the files used for identifying spam need to be periodically updated. Use the Update tab to perform settings for automatic updates. Further configuration settings are normally not required.
Activate update of program data: With this option enabled, program data (engine or pattern files) is automatically updated. Update timeout: Period of time after which the update process is aborted. Minimum: 60 seconds. Notify administrator on successful updates: In the case of update errors, notifications are sent automatically. To be notified on successful updates as well, enable this option.
Download setting
'Use predefined setting’: Depending on the engine, the program data is downloaded either directly from the server of the manufacturer or from the GBS download server. 'Use custom download server’: If you want to obtain the automatic updates from another server than the predefined download server (e.g. if using iQ.Suite Update Manager), then specify in the Download server field the target address to this server.
To specify several servers, separate each entry by a semicolon.
For further informationen on iQ.Suite Update Manager, refer to the separate document (techDoc). Download on www.gbs.com.
Schedule settings
'Update program data in intervals': With this option, an update will be performed in regular time intervals. In the Update interval field, specify a time interval in minutes at which the program will check for pattern updates. 327 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Minimum: 15 minutes. 'Update program data at points in time': Click Add to define points in time for the start of updates:
In the example above, an update is performed daily at 8 AM.
Tab: Proxy Server
To use a proxy server as communication interface, select the appropriate option:
No proxy server: No proxy server is used. Proxy server of iQ.Suite Server: The proxy server used is the one defined for the iQ.Suite server. These proxy server settings can be set during the installation. Refer to Installation of iQ.Suite, Step 9. Custom proxy server: The proxy server used is the one set in the Basic Configuration. 328 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
For further information on how to create a new proxy server, refer to Proxy servers.
Particularities of the Kaspersky Anti-Spam Engine
With the Kaspersky Anti-Spam Engine, you can use different technologies to detect spam. Make the required settings in the Options tab:
Enable Anti-Phishing filter: To be able to use the Kaspersky Anti- Phishing component, enable this option.
The Anti-Phishing component is applied after the anti-spam technologies "Antispam scanning (AS)" and "URL Reputation filtering (URF)" of the KAS SDK (Kaspersky Anti-Spam Software Development Kit) have analyzed the email and no phishing attack has been detected.
What is the Anti-Phishing component?
Various fraud techniques demand their specific approach to effectively detect them in emails: The anti-phishing component embodies methods for processing email data (message content, including subject and file attachments) and analyzing it using heuristic analysis in order to detect new phishing scam. Heuristic algorithms are used in heuristic analysis to scale to new threats. These algorithms allow KAS SDK to handle phishing schemes made in purpose to overcome regular spam analysis. Although in some cases heuristic processing may result in false positive errors, so that a normal email is considered as phishing scam, the advantage is detection of yet unknown phishing schemes which are not covered by standard definition based analysis.
Refer to false positives.
Use Kaspersky Cloud Protection:
Using the Cloud technologies of Kaspersky Security Network (KSN) improves response time on rapidly emerging spam and phishing. Furthermore, the use of 329 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
data from KSN reduces the risk of false positives. iQ.Suite sends to the cloud- enabled KAS SDK parsed formatted data instead of the whole email. To save on traffic data and deliver responsiveness, the Cloud component computes hash fingerprints against the received data prior to sending this data for analysis to the KSN cloud. Sent data is then analyzed in the cloud and the analysis result with check status is returned to iQ.Suite via the KAS SDK.
If you are using the Cloud Protection, you can use a proxy server for the communication between iQ.Suite and the Cloud.
For information on setting the proxy server, refer to Using a proxy server.
For further information on the Anti-Phishing component and the Cloud Protection, please refer to the documentations of Kaspersky.
Configuration of an Advanced Spam Filtering Job
1. Open the Advanced Spam Filtering job under Mail Transport Jobs. Activate the job and keep the default settings. 2. In the Actions tab, click Combined Criteria > Spam (Classification) and enable the criterion 'SASI results' and/or the criterion 'Kaspersky Anti-Spam results'. Make sure that the corresponding engine is enabled as well. We recommend to keep the default settings.
Relevance of this criteria: Set the relevance (weighting) for the entire criterion (ranging from Low - Very high). The values for the relevance and the coefficient are multiplied and yield the result for this criterion. HAM/SPAM threshold: By default, the threshold as of which an email is considered spam is set at 50. If numerous received emails are spam emails in your opinion and the spam analyzer does not detect them as spams, it may be reasonable to adjust this threshold. No-spam coefficient (only for SASI): Use the No-Spam coefficient to reduce the weighting for the No-Spam result. The higher this coefficient, the higher the influence of SASI on the overall result in the No-Spam range. 330 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Note: If combined with the 'CORE classification' criterion, the spam recognition rate can be significantly increased. Keep the default settings and enable both criteria.
3. Once this job is activated, the configured anti-spam engine is automatically enabled. 4. Select iQ.Suite Monitor > Server > Server Status > 'Test' tab > Update virus scanner to check the pattern update. The test returns a log file as well as an error or success message.
Save the iQ.Suite configuration whenever you have made any changes ( ). The configuration is saved to the ConfigData.xml file located under GBS\iQ.Suite\Config. Pending changes are identified through an asterisk (*) at the top node.
331 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Text analysis with Dictionaries
At the dictionary-based text analysis, the subject line, the message body and the file attachments of emails are searched for unwanted words or phrases. Each search term is written into a list of words (dictionary). For each list, a value (weight) is set.
The text analysis can be limited to specific senders or recipients, e.g. for spam protection in external emails addressed to internal users. For instance, you can use the dictionary Anti-Spam: Pharmacy Offers to search for pharmaceutical terms that indicate spam such as overweight, aging, etc. In this example, the value for this dictionary is 20 (General tab). If several applicable terms are found, their values are added to an overall value. If the terms overweight and aging are found in the email, it is given the overall value 40. This overall value is checked against a threshold set in the job. If the latter is exceeded, the job actions are triggered, e.g. the email is quarantined. The actions available are the same as for address filtering. Refer to Address Filtering (Blacklists and Whitelists).
Besides performing a text analysis for incoming emails, you can also ensure that outgoing emails comply with internal confidentiality requirements. Using the dictionaries, it is possible to check the outgoing emails for information that is not supposed to get 'outside'.
For text analysis with dictionaries, use the Wall Content Filtering Job or sample jobs. This job exists as Mail Transport Job and as Information Store Job.
Note: Note that some setting options of the Mail Transport Job are not available in the Information Store Job. Refer to Standard tabs of Information Store Jobs.
Dictionaries
Creating Dictionaries
To add further entries to an existing dictionary or to create a new list, proceed as follows:
1. Click on Basic Configuration > Utility Settings > Dictionaries. Create a new dictionary or open the existing one to be extended, e.g. the Anti-Spam: Pharmacy Offers dictionary:
332 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
2. In this example, the weighting of this dictionary is 20. Possible values are from 1 to 200. This weighting applies to each word or phrase and determines the relationship to other dictionaries and to what extent the dictionary is taken into account in the job.
Refer to Sample Job: Checking and denying text contents. 3. The List of words/phrases field contains the search terms. Click on the input field and add words and phrases that you want to forbid. For each entry, use a separate line (ENTER key).
The following wildcards can be used in dictionaries: Asterisk (*): The asterisk represents zero or more characters within a word or phrase. Example: *check* will find "check”, "checkpoint”, "intercheck” and "intercheckpoint”. check* will find "check” and "checkpoint”, but not "intercheck” nor "intercheckpoint”. The asterisk must be placed at the beginning or end of a word or phrase.
Plus sign (+): The plus sign has the same function as the asterisk, but indicates that the search term is part of a word or phrase. Example: +check+ will find "checkpoint”, "intercheck” and "intercheckpoint”, but not 'check' on its own. check+ finds only "checkpoint”. The plus sign must also be placed at the start or end of a word or phrase.
Tip: If you enter a word or phrase without wildcard, only that exact word/phrase will be found. For example, if you enter check, only the whole word "check" will be found.
4. To sort the dictionary in ascending order, click , and to sort it in descending order, click . 5. Use regular expressions: If you want to use regular expressions to search for text content instead of using words or phrases, enable this option. Specify in the List of 333 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
words/phrases field the regular expressions to be used.
Searching for Text in Dictionaries
To search for and replace text in dictionaries, double-click on the dictionary to open it and click :
Under Search for, enter the desired search term.
If required, enable the desired Search options. If you do not specify any additional options, the function looks for the entered character string everywhere, i.e. also within words and phrases.
Find whole word only: You can separate words with any non-alphanumeric character including paragraph marks and manual line breaks. Case sensitive: Makes the search case-sensitive. Count matches only: Only the number of matches is displayed, not the matches themselves:
To replace a string with another, click Replace:
You can also use the text search and replace function for your own addresses. Refer to Address Lists.
Sample Job: Checking and denying text contents
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
To scan emails on certain text contents, use a Wall Content Filtering Job.
1. Copy a sample job to Mail Transport Jobs or configure a new job. In the following example, the sample job Block Offensive Language is used. Activate the job. 2. In the Content Restriction tab, specify the procedure to check emails on certain 334 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
text contents and define the dictionaries to be used by this job:
Options:
By default, this job checks the subject line, the message body and compressed files that can be extracted for entries in the Offensive Language (English) or Offensive Language (German) dictionaries.
With the Scan in selected attachments option, the file attachments will be checked for prohibited terms as well. Click Select and select fingerprints to define which file types (attachments) will be scanned. For further information on fingerprints, refer to Fingerprints.
With the Scan email header option, the email headers will be checked too. For this case, additional options are available. These options are described under Processing Mode.
Threshold:
The overall threshold value is set at 50. The sum of all prohibited words or phrases is multiplied by this threshold. Thus, the weighting for both dictionaries is 10 the defined job actions (Actions tab) are performed, if at least 5 prohibited terms are found in an email.
Compressed files are extracted - to the extent possible - and a text extract is created. Specify the desired compressed files under Edit archives.
Search in text extract: With this option enabled, the visible text is checked only. Search in raw data: With this option enabled, hidden text is checked as well (e.g. HTML tags, meta information, control characters, etc.).
3. To use further dictionaries in the job, click Edit:
335 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Use and to add and remove dictionaries in the list. The double arrows add or remove all existing dictionaries. All dictionaries listed under Selected Items are used from the job.
4. In this job, a copy of the email is quarantined and the email is deleted without being delivered to its recipient. A notification is sent to the administrator. You can select this notification from the drop-down list of available notification templates. Refer to Creating notification templates.
336 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Text analysis for Credit Card numbers
Cashless financial transactions increasingly rely on card-based payments. In this context, credit cards have become a very popular form of payment in both business and private sectors, which is mainly due to their international acceptance. As a result, credit cards are being increasingly used for electronic banking.
Therefore, the security of credit cards has become a major issue for their holders and the issuing banks. So, to avoid any abuse, it is essential that credit card numbers transmitted by email are exclusively delivered to the intended recipient.
For text analysis for credit card numbers, use the Wall Credit Card Attachment Filtering Job or sample jobs. This job exists as Mail Transport Job and as Information Store Job.
Note: Note that some setting options of the Mail Transport Job are not available in the Information Store Job. Refer to Standard tabs of Information Store Jobs.
Job configuration
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
1. Copy the sample job Block Emails with Credit Card Information to Mail Transport Jobs. Activate the job. 2. When required, modify the address evaluation so that only emails which are addressed to enterprise external recipients are processed (Addresses tab). 3. Open the Content Restrictions tab:
337 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Scan options: Subject line, message body and file attachments are checked for credit card numbers by default. Scan email subject: The email's subject line is checked. Scan email body: The email's message body is checked. Scan in selected attachments: The email's file attachments are checked. If you enable this option, use the fingerprints to exclude certain attachment types from being checked. Extract archives: Enable this option to allow scanning of compressed file attachments. For this, the compressed files have to be unpacked first. To prevent certain archives from being checked, click the Edit archives button and define the exceptions.
4. Open the Options tab:
338 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Maximum size to be searched (in KB per element): Defines the maximum amount of KB to be checked within a file. The first 100 KB are checked by default. Digits to reveal (in report): Amount of digits of a credit card number that is displayed in the processing log. With the default setting '4’, only the last four digits are displayed in the iQ.Suite Monitor. All other digits are marked with an X. Range to search for proximity phrases (characters): At the rating of a number sequence, the proximity text can be examined for keywords that indicate a credit card number, e.g. "credit" or "card number". If such a keyword is found, the probability that the number sequence is a credit card number increases. The 100 characters before and after the number sequence are examined by default. Prefer wellknown issuers: The first six numbers of a credit card number indicate the numbering of a credit card issuer, e.g. American Express. If this option is enabled, a number sequence with a numbering of a well-known issuer gains a higher probability than a number sequence which cannot be assigned to any issuer. Prefer common number separation: This option defines that common number groups that indicate a credit card number have strong influence on the identification of a credit card number. If this option is enabled, common number groups gain a higher probability than unknown number sequences.
Note: In order to interpret a number sequence as a credit card number, the number sequence may be disrupted by hyphens or blanks merely.
Report hits with high probability only: With this option, an unknown number sequence is only rated as a credit card number if the analysis result reports a high probability. Disable this option in the case of many False Positives (many credit card numbers are not found by the job). Report unknown issuers / Report wellknown issuers: This global setting defines whether the job considers credit card information of well-known and/or unknown issuers. With both options enabled, all number sequences are checked independent of the issuer. Proximity search: Define the keywords that indicate a credit card number, e.g. "credit” or "card number”. If a number sequence is found, the proximity phrases are checked for these keywords. If a keyword is found, the probability that the number sequence is a credit card number increases. Numbers to ignore: If certain number sequences shall not be interpreted as a credit card number, enter this permissible number sequence in this field. These numbers will be ignored by the job.
5. If a credit card number is found, the email is stored in the default quarantine by default and the email is not delivered to the recipients. The administrator is notified.
339 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
CORE Classification
With CORE (COntent Recognition Engine), emails can also be categorized/checked for unwanted content without matching against dictionaries.
CORE is based on the Support Vector Machines (SVM) method, a statistical learning theory for text classification, where the analyzer is "learned" through a representation of text as vector. The goal of SVM is to reliably assign incoming emails to predefined categories in order to be able to filter out spam according to the text content and handle the emails according to specific topics. This theory is implemented through training emails used to train a classifier.
The training emails used comprise a representative set of emails that a company receives (spam and non-spam, including business email, newsletters, offers and inquiries) and are used as basis for categorization. For this, the trainings emails are copied into the CORE classifier. Once trained, the classifier can be used in the Wall CORE Classification job. If you are not satisfied with the result of the analysis, you can retrain the classifier any time by adding further emails to each category.
The more representative this selection is, the better this method will work in a production environment. As spammers use frequently changing (and often non-existing) addresses and varying content, CORE is especially suited for blocking spam because it is trainable, while dictionaries require more maintenance work to keep with the pace at which spammers change their methods.
In addition to check external emails addressed to internal users, CORE can be used to check emails addressed to external users as well.
CORE for Spam Filtering
Using the preset CORE Classifier
The iQ.Suite provides a trained spam classifier, which can be used immediately in the Advanced Spam Filtering job. For this, enable the combined criterion 'CORE classifier’ in the job.
Note: This classifier cannot be modified or extended. When installed, it is stored in a different location than your own classifiers.
Creating a new CORE Classifier
To use CORE with your own CORE Classifier, proceed as follows:
1. Create a new classifier with two categories: Basic Configuration > Utility Settings > CORE Classifier > New > New Classifier:
340 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
2. Enter a name for the classifier. Do not use special characters. The folder name is entered automatically and the folders are created under iQ.Suite\GrpData\Quarantine\.
3. Save the configuration with .
4. Refresh the iQ.Suite Monitor: right-click > Refresh. 5. Drag and drop the emails from the quarantines to the CORE classifier and place each one in a suitable category. 6. To teach the classifier in iQ.Suite Monitor, open the context menu and select All Tasks > Teach Classifier. After completing the teaching process, log files are created in the classifier folder you have created and the status in iQ.Suite Monitor is changed. A message appears in the Event Viewer. 7. Open the Advanced Spam Filtering job under Policy Configuration > Mail Transport Jobs. 8. In the Actions tab, click on the Combined Criteria button. 9. Open the Spam (Classification) tab:
341 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
10. In the spam criterion CORE classification > Classifier, select your newly created CORE Classifier. 11. Save the configuration.
The job will now use the newly created classifier, which you can retrain any time.
CORE for Content Classification
CORE can not only be used for spam protection purposes but also for content classification, e.g. to categorize emails depending on the text contents.
Configuring a Classifier
Emails addressed to [email protected] are to be automatically categorized by their content into different predefined categories, e.g. request, query, support, etc. Then, the emails are to be forwarded to the recipients according to this classification.
1. Under Basic Configuration > Utility Settings > CORE Classifiers, create a new classifier with several categories:
342 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
2. Enter a name for the classifier. Do not use special characters. The folder name is entered automatically and the folders are created under iQ.Suite\GrpData\Quarantine\. 3. To define the categories, click Add:
4. Save the Classifier configuration. 5. Refresh the iQ.Suite Monitor: right-click > Refresh. The new CORE Classifier and the created categories are displayed. 6. Drag and drop the trainings emails from the quarantines to the CORE Classifier and place each one in a suitable category. 7. To teach the classifier in iQ.Suite Monitor, open the context menu and select All Tasks > Teach Classifier. After completing the teaching process, log files are created in the classifier folder you have created and the status in iQ.Suite Monitor is changed. A message appears in the Event Viewer. 8. Create several Wall CORE Classification Jobs with this CORE Classifier and enable them. Refer to Configuring a CORE Classification Job.
Configuring a CORE Classification Job
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
1. Create a Wall CORE Classification job under Mail Transport Jobs. Activate the job. 2. In the Subject extension field of the General tab, enter the CORE classification result variable [VAR]CORECategory[/VAR], which will be added to the subject line of each email whose content has been classified by CORE and further processed. This
343 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
tells the recipients that the email has been automatically forwarded to them based on its content. 3. In the Addresses tab, set up the address conditions. Under Run this job when a message arrives from, enter the external senders and under And where addressed to, enter the address [email protected]:
For further information on addresses, refer to Address Lists. 4. In the CORE Options tab under Select classifier, select the classifier you have just created:
5. Define when to trigger the job actions: 1. With the Always, regardless of classification option, actions are performed independent of the category in which the email is classified. You can use this option, for instance, to quarantine all emails in a particular category (a label is set with a variable for this purpose), 344 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
create an X-header with the CORE classification result or the CORE classification category, add a subject extension to all emails before delivery to the recipients.
2. The When CORE result reaches selected threshold option refers to a defined threshold of a category. In this example, the job actions are performed for emails that are classified as requests with a threshold above 50%. For all other emails, no action is performed.
With these actions, you can control further processing of your emails, e.g. using Outlook rules or other applications.
6. In the Actions tab, specify the actions to be performed when the job has classified an email as request with a probability of more than 50%:
To let you check whether CORE has classified the email correctly, it is quarantined and the administrator is notified. In productive operation, you can disable these two actions. 7. Click Add and enable the Redirect mail action. Enter the email address of the department or person who deals with inquiries in your company. For further Information on entering addresses, refer to Address Lists.
The configuration for the first category is finished. For each category to be redirected, create a separate job. For this, duplicate the job with right-click > All Tasks > Duplicate. Repeat the procedure for each category.
345 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Advanced Action: Text analysis with regular expressions
The Wall Advanced Action Job can search with regular expressions in email fields (SMTP sender, SMTP recipient, email header and email body) and in file attachments. A text replacement is only possible in the email fields mentioned above and in file attachments. In the contents of file attachments, text replacement is not possible.
In addition, the found matches can be transferred to an external application, which make a lot of application scenarios possible (e.g. to validate the found matches).
Note: The Wall Advanced Action Job exists as Mail Transport Job and as Information Store Job. However, some setting options of the Mail Transport Job are not available in the Information Store Job. Refer to Standard tabs of Information Store Jobs. Refer to Standard tabs of Mail Transport Jobs.
Search in file attachments by using regular expressions
To configure a Wall Advanced Action job, proceed as follows:
1. Under Mail Transport Jobs, create a Wall Advanced Action job. Enable the job.
2. In the Content tab, define the regular expressions to be used by the job. Refer to Searching and replacing text by using regular expressions.
The Email Body tab (under Content) contains the Search in text extract option. With this option enabled, only the visible text will be extracted from the email body and searched through.
3. Open the Attachments tab:
346 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
1. Specify the file attachment types which shall be checked. To exclude single fingerprints, define exceptions. 2. Ignore inline attachments: To exclude embedded file attachments from the search, enable this option. 3. Search in text extract: This option is used to enable text extraction per Oracle Outside In Technology which is used to convert binary data from email attachments to simple text files. The search for regular expressions is carried out on the extracted text.
4. In the sub-tab File name, click Add:
Regular Expression: Set the search pattern as regular expression. This pattern is searched for in the filename of the email attachment. Replace matches with the following replacement text: If a match is found, the text found with the regular expression is replaced with the replacement text specified in this field. In the replacement text, you can also use general variables and variables which were created by Wall Extract Header Value Jobs.
5. Click Apply.
347 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
6. In the sub-tab File content, click Add and specify a search pattern for the content of file attachments. Note that matches in file attachments cannot be replaced. 7. Click Apply and save configuration.
Transfer matches to an external application
Use a Wall Advanced Action job to transfer results of a text analysis determined by a regular expression to an external application. This allows, for example, validation of found matches. Depending on the type of application many use cases are possible. This section demonstrates how it works.
Job configuration
1. Under Mail Transport Jobs, create a Wall Advanced Action job. Enable the job. 2. Use the Content tab to define regular expressions for search and text replacement in email fields. Refer to the description under Searching and replacing text by using regular expressions. 3. In the Content tab, open the sub-tab Email Body and click Add. Refer to Modifying email body. 4. Open the Options tab.
This tab is only relevant if you want to transfer the found regular expressions, matches and/or the replacement text to an external application in order to verify the matches.
Note: To validate every match that was found, the external application is called for every single match.
Provide matches as files: The data to be passed to an external application is transferred by command line, usually. However, if the data contains characters that cannot be processed, such as line breaks, data can be written to temporary files. Every object is provided as a separate file (regular expressions, matches and/or
348 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
replacement texts). As soon as the file is delivered to the application, it is deleted immediately. Please note that processing lasts longer if files are used - compared to delivery via command line.
Note: Specify the objects to be transferred to the application by using parameters (see step 5).
Verify matches with the following application: Enable this option if data is to be transferred to an external application.
5. Click Edit in order to configure the connection settings:
Command Line: Enter the path to the external application (execution file).
Parameters: iQ.Suite provides parameters that can be transferred to the application by command line or by using certain files. The parameters must also be defined in the application.
Parameters for data transfer by command line:
[regex_regex]: Regular expression that was found. [regex_match]: Match that was found by a regular expression. [regex_replacement]: Replacement text for the match. Parameters for data transfer by file:
[regex_regex_file]: File that contains the regular expression. This parameter is only available if configured in the job.
[regex_match_file]: File that contains the match that was found by a regular expression. This parameter is only available if configured in the job.
[regex_replacement_file]: File that contains the replacement text. This parameter is only available if configured in the job. 349 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Parameter for processing report:
[Cmd_ReportFile]: File to which the report should be written.
Timeout: If the application is unable to process the data in the specified time, a timeout occurs and processing is stopped.
User/Password: If start of the application requires a certain user account, enter this user's authentication data in this field.
6. Open the Actions tab and define the success and error actions that shall be performed. Note that the success actions will be performed if at least one match was replaced. 7. Save the job.
350 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Email Cleaning: Deleting HTML bodies and mail headers
The Wall Email Cleaning Job is used to delete HTML bodies and mail headers (e.g. Received or X-headers) from emails.
To create a Wall Email Cleaning job, click Mail Transport Jobs > New > Wall Jobs. Enable the job.
This example only illustrates the job-specific details. For a description of the settings under standard tabs, please refer to Standard tabs of Mail Transport Jobs.
In the Options tab, you can make the following settings:
Delete email bodies: 'Never': No HTML bodies will be deleted. 'html bodies': All HTML bodies will be deleted without replacement. 'html bodies (auto generate missing text body)': All HTML bodies will be deleted. If no plain-text body exists, a plain-text body is created by using the extracted content of the HTML body. Name patterns for email headers to be deleted: Here, you can specify name patterns to be used to search for email headers. For each name pattern, use a separate line. The wildcards ? and * can be used. Examples: X-* ; Received The MIME headers which are absolutely necessary for the email structure will not 351 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
be deleted (e.g. from, to, content-*, sender, subject, message-id).
352 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Extract the content of an email header and save as a variable
You can use the Wall Extract Header Value Job to extract the content of any email header by using regular expressions and save it as a variable. Then, this variable can be used also in other jobs in notifications and certain actions.
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
To make the desired setttings for the variable, proceed as follows::
1. Open the Variables tab and click Add:
2. Use the General tab to make the desired settings.
Example:
353 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Use in this job only: Determine whether the variable can only be used in this job or also in other jobs.
Name: Specify the desired variable name.
Example: X-MAILER
This name determines the variable name by using the following shema: [VAR]variable::Name[/VAR]
In our example, the variable will be: [VAR]variable::X-MAILER[/VAR]
Name of email header: Specify the name of the email header whose content will be extracted.
You can specify a fixed header name or a regular expression. In the last case, enable the checkbox Header is defined as regular expression.
Example: X-Mailer Processing mode:
'Remove line breaks (Header Folding)':
This mode is recommended, since in MIME emails long header lines are often broken across several lines, which can make reading the header line rather complicated.
'Remove comments and line breaks (Header Folding)':
354 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Line breaks and comments will be removed.
'Search in raw data':
This mode should only be used if the line break pattern (e.g. the number of tab stops or blanks) is known and can be replaced by using regular expressions.
Regular expression: The email header contains an information which shall be extracted. The regular expression describes the header line.
Example: ^([a-z]+)@[a-z]+\.[a-z]$
Content of variable: Use this field to specify which part (information) of the header will be extracted. This variable will be replaced with the extracted part.
Example:
Content of "X-Mailer": [email protected]
Regular expression: ^([a-z]+)@[a-z]+\.[a-z]$
Content of variable: $0 (complete header content) => Variable will be replaced with "[email protected]".
Content of variable: $1 => Variable will be replaced with "dgaller".
More information
355 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
iQ.Suite Trailer
Topics:
Trailer – Overview Configuring Trailer elements (optional) Configuring a Trailer Document Configuring a Trailer Job
356 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Trailer – Overview
iQ.Suite Trailer allows to integrate individual trailer texts into emails as disclaimers (so- called trailers). With this, you can add greetings, company information, legal disclaimers or notices to emails that are sent to external recipients. In addition, you can combine them with graphic elements such as the company logo, images, vCards, or other Trailer attachments.
Due to the flexibility of iQ.Suite Trailer it is possible to configure individual trailers for different departments, groups of persons or Internet domains and append them to emails for a specific period of time. Easy trailer configuration and a central management of the trailers, in turn, help to ensure a uniform appearance and corporate identity of the company to the outside world.
Procedure for Trailer Configuration
1. To attach a trailer to emails, at least one configured Trailer job is required. Refer to General Job Configuration. 2. Usually, every Trailer job contains at least one Trailer document with the content of the trailer that is attached to the email. The Trailer documents are configured before the Trailer job. Then, the Trailer documents can be selected in the job (Trailer tab). Refer to Creating a Trailer Document. 3. If required, you can include Trailer images or Trailer attachments to the trailer. Like Trailer documents both elements are configured before configuring the Trailer job. The Trailer images are selected in the Trailer document, the Trailer attachments in the job (Attachments tab). Refer to Conventional and Personalized Trailer Images or Trailer Attachments 4. In addition, you can use Trailer search patterns for Trailer positioning. Like Trailer documents the Trailer search patterns are configured before configuring the Trailer job. Then, the Trailer search patterns are selected in the job (Position tab). Refer to Creating a Trailer Document.
357 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Configuring Trailer elements (optional)
In order to realize certain scenarios, you can use optional Trailer elements such as images, search patterns or Trailer attachments in the Trailer job or Trailer document. These optional elements are configured separately and can be selected in Trailer jobs or Trailer documents later on.
Conventional and personalized Trailer Images
Frequently, the Trailers for HTML emails shall not only include text but also contain images. Images can be provided by one of the following Trailer image types:
Conventional Trailer images Personalized Trailer images
When the image shall be used for all employees or a certain user group such as the company logo or small icons, create a conventional Trailer image. Conventional Trailer images are not stored in the Active Directory.
When the image refers to a single person such as an employees' photo or his/her scanned signature, create a personalized Trailer image. Personalized Trailer images can be stored in the Active Directory in a certain attribute, e.g. in the thumbnailPhoto. This attribute is used by Outlook.
Usually, conventional and personalized Trailer images are directly integrated in the Trailer document (refer to Inserting Images in the HTML Format). For this, the images must be imported to the iQ.Suite server, before adjusting them to the Trailer document. As an alternative, the images can be inserted as HTTP link (without a previous import). Refer to Inserting Images as HTTP Link.
Notes:
Information from the Global Catalog is used to display personalized Trailer images. For this, Active Directory and Global Catalog must be synchronized. Images must be available as GIF, JPG or PNG image and cannot be appended to RTF emails.
Creating Trailer Image categories
In the iQ.Suite, conventional and personalized Trailer images are managed in Trailer image categories. By default, you can find the following sections under Trailer > Trailer Images.
All Trailer Images: Displays a list of all images imported to the iQ.Suite and available as trailer. Unassigned Trailer Images: Displays a list of all images that have not been 358 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
assigned to an image category.
Depending on the internal sender address, it is possible to attach different trailers to emails for different groups or domains. Image categories can be used to store images in a systematic way, for instance to store all logos under one image category or to sort the photos of the employees by department.
Configuration:
1. Click Trailer > Trailer Images > right-click > New > Trailer image category and enter the name of the new image category:
2. Click OK to create the new category. 3. Add a Trailer image to the new category: 1. Conventional Trailer image: 'Image category' > right-click > New > Trailer image. Refer to Importing Conventional Trailer Images. 2. Personalized Trailer image: 'Image category' > right-click > New > Trailer image. Refer to Configuring Personalized Trailer Images.
Tip: To assign images to another image category, right-click on the image and click All Tasks > Move to > 'Image category'.
Importing Conventional Trailer Images
1. Assign a Trailer image to the desired image category: 'Image category' > right- click > New > Trailer image.
2. Click Browse and select the desired image from the file system. Please note that the images must be available in either GIF or JPG format. 359 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Under Image preview, the selected image is displayed.
Icons:
Import Opens the file system to change the image again displayed in the preview box.
Open The default image viewer is opened. If the image program defined as default image viewer is an viewer image processing application, this allows to directly process the selected image. Then import the image again:
Export Opens the file system to change the image displayed in the preview box, e.g.for image processing. Please note that any images that have not been exported will no longer be available after having closed the iQ.Suite Management Console.
3. The Information tab provides detailed information on the imported image. 4. Click Apply > OK and save the iQ.Suite Management Console. 5. Insert the image in the Trailer text of the Trailer document. Refer to Assigning Trailer Images to a Trailer Document.
Configuring personalized Trailer images
1. Add a personalized Trailer image to the desired image category: 'Image category' > right-click > New > Personalized Trailer image. 2. Open the General tab to configure the personalized Trailer image:
360 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Attachment name: With this name personalized Trailer images are appended to the Trailer.
Field name in AD: Enter the attribute in which personalized Trailer images shall be stored in the Active Directory (AD). Every Active Directory field can be used to store images for personalized Trailers. Since thumbnailPhoto is used by Outlook, this field is pre-defined. The employee's image is determined automatically from this field and is attached to the Trailer.
If you want to use an attribute of a Trailer data source as a personalized image, you must enter the Field name in AD as follows: DS::
Default image: If for an employee no image is available, an outline image is displayed by default. Any image can be used as default image, e.g. a different outline image or the company logo. In order to change the default image, proceed as described under Changing the Default Image. The default image is rescaled to the size of the image stored in the Active Directory. To prevent rescaling, enable the 'Ignore image size' option.
Important: When you create a new personalized Trailer image the configuration Default image for used Trailer images is set by default. After replacing the outline image used in this configuration, the default image cannot be restored.
3. Then, insert the image in the Trailer text of the Trailer document. Refer to Assigning Trailer Images to a Trailer Document.
Changing the default image
The outline image used in the standard configuration as default image can be replaced:
3. Import the desired default image to the iQ.Suite server as a conventional Trailer image. Refer to Importing Conventional Trailer Images. 4. Select the default image in the configuration of the personalized Trailer image:
361 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
3. Save the configuration. As of now, if no image is found for an employee, this image is inserted in the Trailer. 4. In order to prevent insertion of any default image, add the following command in the Trailer text of the Trailer document (HTML tab): [COND]src="[IMG]
the source code. Click :
Alternative Data Sources
Additional data sources (SQL databases) can be used in the Trailer as sources for user- specific data in addition to Active Directory and LDIF. This is appropriate for data which is not included in the Active Directory or is not maintained there. 362 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Variables representing this data can be added to the Trailer document as follows:
On the WebClient user interface, select the data source and then the attribute.
In the iQ.Suite Administration Console, add the variables manually by using the following syntax:
[VAR]DS::
These alternative data sources are created and configured in the WebClient under Configuration > Trailer > Data sources.
The data is stored in an SQL database which requires a database connection. All data sources can use the same database connection.
Trailer images When storing images in a Trailer data source, you should use a separate database since images may be very large. The "Value” column must be one third larger than the largest image you want to store in the file system (1,33 times its binary size); Recommended: nvarchar(max) (SQL-Server) For the creation of the necessary tables in the database, use the General_TrailerDataSource.sql script in
Trailer Attachments
With Trailer Attachments personalized data that is, for example, stored in the Active directory, can be attached as a Trailer attachment, e.g. vCards or public PGP or S/MIME keys. The data for the Trailer attachment can be converted as a QR code and can be displayed in the Trailer as a QR code image. Email recipients can select and use the vCard data or QR code images. Moreover, binary file attachments such as PDF or Office documents that are stored in the iQ.Suite configuration can be attached rule-based as a binary Trailer attachment.
Unlike other Trailer elements such as Trailer texts or Trailer images the Trailer attachments are not integrated into the email body but are attached to emails like a conventional file attachment instead. Configured Trailer attachments are inserted directly in the Trailer jobs. In order to insert the Trailer attachment as QR code image a Trailer document is required.
Creating a Trailer Attachment category
In the iQ.Suite, the Trailer attachments are managed in Trailer attachment categories under Trailer > Trailer Attachments.
363 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
All Trailer Attachments: Displays a list of all attachments imported to the iQ.Suite and available as trailer. Unassigned Trailer Attachments: Displays a list of all attachments that have not been assigned to an attachment category.
Depending on the internal sender address, it is possible to attach different Trailer attachments to emails for different groups or domains. Attachment categories can be used to store attachments in a systematic way, for instance to store vCards in a separate category or to sort PGP keys by department.
Configuration:
1. Click Trailer > Trailer Attachments > right-click > New > Trailer Attachment category and enter the name of the new attachment category. 2. Click OK to create the new attachment category. 3. Add a Trailer attachment to the new category. 1. Conventional Trailer attachment: 'Attachment category' > right-click > New > Trailer attachment. Refer to Creating conventional Trailer attachments. 2. Binary Trailer attachment: 'Attachment category' > right-click > New > Trailer attachment (Binary). Refer to Creating binary Trailer attachments.
Tip: To assign Trailer attachments to another attachment category, right-click on the attachment and click All Tasks > Move to > Select 'Attachment category'.
Creating conventional Trailer Attachments
This section describes how to create a conventional Trailer attachment e.g. for text attachments as PGP or S/MIME keys or vCards. To attach Trailer attachments such as PDFs or Office documents, binary Trailer attachments are required. Refer to Creating Binary Trailer Attachments.
1. If required, create a new Trailer attachment category: Trailer > Trailer Attachments > right-click > New > Trailer Attachment category > 'Name of new Attachment category'. 2. Add a Trailer attachment to the new attachment category: 'Attachment category' > right-click > New > Trailer Attachment.
Tip: To assign Trailer attachments to another attachment category, right-click on the attachment and click All Tasks > Move to > 'Attachment category'.
3. Open the General tab to configure the Trailer attachment:
364 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Name: With this name the Trailer attachment is listed in the attachment category. Attachment name: The attachment name corresponds to the file name of the Trailer attachment and ends with a file named extension. For example, the extension *.txt appends the Trailer attachment in the text format. For vCards the file name extension *.vcf must be used ('vCard file').
Tip: You can use variables to personalize file attachment names. e.g. for vCards. With the variables [VAR]firstname[\VAR][\VAR]lastname[\VAR].vcf it is easy to identify vCard owners by the name of the file attachment.
4. Open the Attachment tab:
Content type: Select the type of file attachment to be created. To create a vCard, select the 'VCard’ option. To create another attachment type, e.g. a QR code image
365 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
or a public PGP key, select the 'user defined' option. Custom content type: Enter the content type the Trailer Attachment shall be created, e.g. text/plain or text/html. This option is only relevant for user defined Trailer Attachments.
Data: Enter the data used to create the Trailer attachment. Click to use variables for data from the Active Directory, e.g. to create personalized vCards. If the data shall be provided as a QR code, we recommend you not to exceed a size of 1500 bytes. Larger amounts of data may not be represented correctly. Provide text as QR code image in Trailer documents: Enable this option to convert Trailer attachments to a QR code. The created QR code image can be
selected in Trailer documents with the icon . QR code images are created in the PNG format.
Note: If a QR code image is used in a Trailer document, the option is greyed-out and cannot be disabled manually.
5. Save the configuration and assign the Trailer attachment to a Trailer job.
Creating binary Trailer Attachments
This section describes how to create a binary Trailer attachment, e.g. for PDF or office documents.
1. If required, create a new attachment category for your binary Trailer attachments. Then, assign a binary Trailer attachment to this category: 'Attachment category' > right-click > New > Binary Trailer Attachment. 2. Open the General tab to configure the Trailer attachment:
Name: Name the document. With this name the binary Trailer attachment will be listed in the attachment category.
366 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Attachment name: Click . Select the binary attachment that shall be appended from the file system. Content type: Usually, the attachment's file extension is used to identify the file type. However, some clients use the file's MIME content type. For those clients enter the attachment's MIME content type under Custom content type. If no MIME content type shall be used or if the content type is unknown, you can keep the default setting 'Binary’.
3. Save the configuration. Assign the Trailer attachment to a Trailer job.
Creating Trailer Attachments 'vCard’
Use the document type "Trailer Attachment vCard” to configure Trailer attachments containing typical vCard information (e.g. first name and last name, phone, email address).
Note: For the configuration of vCards with fields which are not available in the Fields tab of this document type, you have to create a conventional Trailer attachment. Refer to Creating Conventional Trailer Attachments.
To create a Trailer attachment of the type 'vCard’, proceed as follows:
1. Select Trailer Settings > Trailer Attachments > All Trailer Attachments > right- click > New > Trailer Attachment vCard. 2. Use the General tab to configure the Trailer attachment for vCards:
For information on configuration, refer to Creating conventional Trailer Attachments.
3. Open the Fields tab to define the content of the vCard:
367 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
List of selected vCard fields: Deselect the contents which are not to be shown in the vCard.
By default, the values from the Active Directory which are valid for the user (sender) are used by means of variables. To define other values for certain fields, click on - var- and enable the 'Use fixed custom values’ option.
Show vCard as text button: Use this button to display the vCard source text corresponding to your selection. If required, you can copy this text and insert it into the Attachment tab of a conventional Trailer attachment in order to add your own fields.
Provide text as QR code image in Trailer documents: Enable this option to convert Trailer attachments to a QR code. The created QR code image can be
selected in Trailer documents with the icon . QR code images are created in the PNG format.
Note: If a QR code image is used in a Trailer document, the option is greyed-out and cannot be disabled manually.
4. Save the configuration and assign the Trailer attachment to a Trailer job.
Trailer Search pattern
Trailers can be inserted at different positions within an email. This position is set in the Trailer job (Position tab). In certain cases however, it may be useful to search for specific patterns within the email. For instance, trailer texts are not to be appended at the end of a forwarded email (i.e. not at the end of the original message), but at the beginning. In this case, you need to define a search pattern that identifies the beginning of the original message.
368 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
The sample pattern displayed marks the beginning of the original message by adding a specific text string such as 'Original Message'.
The iQ.Suite standard configuration includes a number of search patterns for common email clients (e.g. for Microsoft Outlook) that are enabled by default. If you do not need certain search patterns in your infrastructure, you can simply disable them.
To configure your own search patterns, create a new Trailer search pattern document and insert the associate patterns: Utility Settings > Trailer > Trailer Patterns.
Use to search and replace individual elements.
If using certain email clients, such as Apple or Mac applications, it may be necessary to mark the beginning of the message body. Otherwise the trailer cannot be inserted at the right email position. For such a use case, Trailer search patterns can be extended with regular expressions: Utility Settings > Trailer > Trailer Patterns (reg. expression).
Those Trailer search patterns are marked with the sign.
369 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Configuring a Trailer Document
Creating a Trailer Document
The actual content of the trailer appended to an email are defined in Trailer documents:
1. Create a new Trailer document: Utility Settings > Trailer > Trailer Document > New > Trailer Document:
Enable the document. Use for a period of time only: Set the period of time the Trailer shall be valid. If no time is specified, the document will be valid for an unlimited period of time and appended to each outgoing email.
Note: Only enabled Trailer documents can be appended to emails (even when the job itself is enabled). The advantage of the separate activation and deactivation of individual Trailer documents is that it simplifies administration. For instance, when normally three Trailer documents are appended to emails but one of them is to be temporarily removed, this can be achieved by disabling the corresponding Trailer document. Thus, it is not necessary to modify the job.
2. Open the Content tab. Basically, emails can be processed in either HTML, RTF or Plain Text format. To add a trailer to an email, the trailer texts must also be available in the corresponding email format (HTML, RTF or Plain Text).
370 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Since these email formats are not displayed in the same way e.g. HTML with colors versus plain text without any formatting at all, the trailer texts should be designed according to the email format. For instance, line breaks can be used in plain text trailers to emphasize specific elements (as opposed to bold or italics). Create separate trailer texts for each of these email formats by selecting the corresponding tab and designing the trailer accordingly.
A number of formatting options are available for HTML emails. For instance, you
can include tables, links, variables , images or QR code images in the trailer, which are converted to HTML commands internally. For detailed information on using images, refer to Assigning Trailer Images to a Trailer Document.
To enter HTML code manually, open the source code using . Please note that full support for all HTML functions cannot be guaranteed. When using complex HTML codes, the RTF format may not be displayed as desired.
[COND] variable:
In certain cases, it may be useful not to display trailer lines. For example: If the Active Directory does not contain a mobile phone number for all users, it would be better to omit this line in the trailer. In notification templates and Trailer documents (e.g. 'Sender signature with conditional fields'), the [COND] variable is used to this end. As an alternative, you can also insert the variable manually in the source text of any Trailer document.
Example:
Name: [VAR]FirstName;[/VAR] [VAR]LastName;[/VAR] Phone: [VAR]OfficeNumber;HomeNumber[/VAR][COND]MobileNumber; Mobile:[VAR]MobileNumber[/VAR][/COND] Fax: [VAR]OfficeFaxNumber[/VAR]
Be sure to use the proper syntax. The first semicolon (here: after [COND]MobileNumber;) must be followed by a line break. iQ.Suite Trailer checks
371 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
whether an entry exists in the Active Directory for the field specified after [COND](here: MobileNumber). If no entry exists for this user or the entry is empty, the entire line following the semicolon is removed from the trailer, including [/COND] and the line break.
Scenario 'Sending emails on behalf of
Example:
The secretary "Anna Glenn" should send an email to the recipient "Kai Baron" from the mailbox of her superior "David Galler" (mailbox owner). Mrs. Glenn sends the email on behalf of Mr. Galler, but the trailer should contain personal data of Mr. Galler.
If using variables for personal data (e.g. email address, last name or phone number), iQ.Suite takes the data of the physical sender (e.g. of the secretary) by default. If you want iQ.Suite to take the data of the mailbox owner, set ADFrom:: prior to the variable name:
Example for the first name:
[VAR]givenName[/VAR] > [VAR] ADFrom::givenName[/VAR] If ADFrom:: is set, the variable will be replaced with "David” instead of "Anna”.
In emails which are sent from the own mailbox, "From” and "Sender" match. That's why, you can generally set ADFrom.
To append a trailer to Plain Text emails, the trailer text must be available as plain text. Formatting the trailer is not possible. In HTML trailers with a simple structure (no tables, no images, etc.), the text trailer can be automatically generated from the HTML trailer. If a more complicated HTML code is used, the plain text result will not be up to expectations. Use the 'Modify Plain Text' option to design another trailer text or trailer layout for text emails. This allows to take into account the specific requirements of plain text emails.
For RTF and TNEF emails in the Exchange environment, the RTF format of the trailer is created from unformatted 'plain text’ (default setting). This means that the Trailers are appended unformatted.
To display formatted Trailer texts after all, set the Generate RTF format based on field to 'HTML'. In this way, the RTF format is generated from HTML. This, for instance, also allows to send formatted trailers for internal emails within an Exchange organization that uses Outlook (but not Outlook Express!). The TNEF format is processed through RTF. Please note that full support for all HTML functions cannot be guaranteed. When using complex HTML codes, the RTF format may not be displayed as desired. Trailer jobs generally cannot process signed or encrypted TNEF emails.
3. Click the Preview icon to check that the display matches the desired result. Confirm with OK.
372 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
For further Information on editing trailer texts, refer to Creating a Trailer Document.
Note: Use the default Trailer documents for trailer configuration and adjust them to your requirements. We recommend you to define texts and design of the trailer after consulting the specialty departments, particularly for Legal Disclaimers.
Assigning a Trailer Image to a Trailer Document
As some web browsers are known to have difficulties when displaying large tables, we recommend you to keep the images as small as possible. As it is not possible to integrate images into RTF emails, be sure to check the settings in the senders' email client.
Inserting images in the HTML Format
To include images directly into a Trailer document, the images must be available on the iQ.Suite server. Refer to Importing conventional Trailer Images.
1. Open the desired Trailer document. 2. Enable the Trailer document, open the Content tab and click under 'HTML' on Edit.
3. With the icon select the desired Trailer image:
373 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
4. With Preview the Trailer document is displayed in a preview. 5. Confirm with OK. 6. Enable the job and save the configuration. Send a test mail to yourself or to a test user.
Example of a Trailer with a Trailer image:
Inserting images as HTTP link
To minimize the size of emails, you can also insert an HTTP link rather than the image itself. Email clients are able to load images from this link and display them to the recipient. Depending on the email program used and the applicable user settings, the images are displayed after a confirmation or manual click on the link by the user.
Hinweis: The following requirements must be met:
The image is available online and in a format that can be processed by web browsers, e.g. JPG. The sender’s email client sends emails in HTML format. The recipient is online. The recipient must have enabled the display of external images.
Adjust the Trailer document as follows:
1. Open a Trailer document: 'Content' tab > HTML > Edit.
374 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
2. Put the cursor to the position in the trailer text at which the picture shall be inserted and click .
3. Under Picture Source, enter the URL to the desired image file. 4. Where required, use the Alternate Text field to set an alternative text to be shown if the image cannot be displayed in the web browser. 5. Confirm with OK to insert the URL in the trailer text. The Trailer text tab provides a preview.
Assigning a Trailer Attachment to a Trailer Document
Trailer Attachments such as vCards are directly assigned to a Trailer job. A Trailer document is only required if the Trailer Attachment data shall be inserted as a QR code image.
Inserting a QR Code Image
1. Open the Trailer document to which the Trailer Attachment shall be assigned. 2. Enable the Trailer document, open the Content tab and click under 'HTML' on Edit.
3. With the icon select the desired Trailer Attachment:
4. With Preview the Trailer document is displayed in a preview. For QR code images no preview is available. 5. Confirm your configuration with OK.
375 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
376 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Configuring a Trailer Job
General Job Configuration
This chapter describes specialities on the configuration of Trailer jobs. For a description of the settings under standard tabs, please refer to Standard Tabs of Mail Transport Jobs.
Notes:
Trailer jobs ignore emails signed and sent by the client (S/MIME signature), as iQ.Suite Trailer needs to modify the email to insert the trailer, after which the signature would become invalid. The examples below (Jobs) only illustrate the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
Attach Legal Disclaimer
1. Copy the Legal Disclaimer Job to Mail Transport Jobs. Activate the job. 2. Define the job settings in the standard tabs.
Tab: Trailer
In the Trailer tab, define which of the Trailer documents shall be used by the job and shall be attached as a Trailer. By default, The Trailer document 'Legal Disclaimer' is selected:
377 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Deactivate automatic generation of HTML body: Since no Trailer images can be appended to text mails, a HTML body is created by default and appended to the email in addition to the text body (option is disabled). If for text mails no additional HTML body shall be created, activate this option. Please note that the option on TNEF mails does not have any consequence and no HTML body may be contained in the MIME mail. Edit opens the selected Trailer document. With Select you can select the desired Trailer document:
All configured Trailer documents are displayed left-side of the dialog. All Trailer documents that are listed right-side of the dialog are used by the job and will be attached as a Trailer. Use the arrow buttons in the middle to navigate the objects.
With Edit you can open the selected Trailer document. Refer to Creating a Trailer Document.
Tab: Attachments
Use the Attachments to define which Trailer attachments shall be integrated into the trailers. With the arrow buttons right-side of the dialog determine the order the Trailer Attachments are inserted (the topmost object is inserted first):
378 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Edit opens the selected Trailer attachment.
With Select you can select the desired Trailer attachment:
All configured Trailer attachments are displayed left-side of the dialog. All Trailer Attachments that are listed right-side of the dialog are used by the job and will be attached. Use the arrow buttons in the middle to navigate the objects.
With Edit you can open the selected Trailer Attachment. Refer to Creating conventional Trailer Attachments.
Tab: Position
Use the Position tab to set at which place of the email the trailer is to be inserted.
379 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
However, as trailers represent variable pieces of text, it is possible to freely insert a trailer anywhere within the message body:
Placeholders: Using defined placeholders, the trailer can be manually inserted at different positions defined by the user. Enter the permitted placeholders in the input field, e.g. TRAILER-SALES, TRAILER-VERTRIEB. Use a separate line for each entry.
To insert the trailer into an email, the user has to enter the placeholder(s) between square brackets at the desired positions (here: [TRAILER-SALES] and/or [TRAILER- VERTRIEB]). The placeholders are later replaced with the actual trailer.
If multiple placeholders are found: In case multiple permitted placeholders are found in the email, define how to replace the placeholders. It doesn't matter whether these are different placeholders or the same placeholder is found several times in the email.
'Replace first': Only the first placeholder found is replaced by the trailer. Note that the other placeholders remain visible for the email recipient.
'Replace all': All placeholders found in the email are replaced by the trailer. With this option enabled, the same trailer is inserted at different positions in the email.
'Replace first and delete remaining': Only the first placeholder found is replaced by the trailer. The other placeholders are removed from the email.
Automatically detect position...: The Trailer is automatically inserted at the position defined through a search pattern.
The search pattern can be used, for instance, to set that a trailer is to be appended to a specific message. For instance, it may be desirable not to append a trailer at the end of the original message of a forwarded email, but at the end of the new 380 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
(forwarding) message.
This option can be used together with the 'Placeholder’ option above. In this case, the 'Placeholder' option has priority. This means that the position option only applies if no placeholder has been set by the user. If no position matches the search pattern, the text is appended at the end of the message.
Add trailer at the end of email message if...: The trailer is automatically inserted at the end of the message. This option can only be used together with the 'Placeholder’ option.
If no placeholder has been set by the user in the email, the text is appended at the end of the message body (also if forwarded).
Tip: You can set up an automatic notification to be sent to your administrator whenever a trailer has been successfully appended to an email (Actions tab). As you wish to append a trailer to outgoing emails only, be sure to select the email outgoing server in the Server tab only!
Tab: Selector
By default, the Trailer Job uses the sender address of the FROM line of the email header as selector. The sender address is mostly linked with a user for whom an entry with user- related data (e.g. first and last name) exists in the used Trailer data source (Active Directory, LDIF or SQL database).
Example of a FROM line: From: FirstName LastName (location)
For not user-related data, you may have created an entry in your data source which shall be used for all employees of your company in a given location. You can use this entry as selector so that for all users of this location the information provided for the location is extracted from the data source and put into the trailer of these users.
Example: In your big company with lots of employees in differents locations, you have created one entry per location in order to avoid to manage the information related to a location for each user individually (time saving, especially in case of changes). This entry contains information which applies to all employees (e.g. the attribute "Postal code" of the location).
In the Selector tab, use a regular expression to define the desired selector which will be used, instead of the sender address, as key for the data extraction from the data source:
381 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Other example: Frankfurt am Main, 012345
For the header value '012345', the following settings would fit:
Email header: x-location Regular expression: ^[a-zA-Z0-9]+, ([0-9]+) Selector content: $1
Note: No decoding/Conversion of the header value (e.g. from UTF8) is made before the regular expression is applied. Please specify the regular expression accordingly.
Use Trailer selector: The configured selector is only used if you enable the checkbox. Email header: Specify the tag of the email header line which contains the selector (e.g. FROM). Processing mode: Specify the processing mode to be used to extract the selector from the email header: 'Remove line breaks (Header Folding)' (recommended):
Since long header lines in MIME mails are often broken across several lines and this can make reading the header line rather complicated, the mode is recommended.
'Remove comments and line breaks (Header Folding)':
With this mode enabled, line breaks and comments will be removed.
'Search in raw data':
Only use this mode if the line break pattern (e.g. the number of tab stops or
382 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
blanks) is known and the regular expression can be used to search for the selector.
Regular expression: The email header contains an information to be extracted. The regular expression describes the header line which contains the selector. Selector content: Use this field to specify which part of the header line shall be extracted (e.g. '$1'). This is the actual selector used to find in the data source the entry to be used for the Trailer information.
To use the selector, sel::selector:: must preceed the respective data source entry in the Trailer document. Please set this prefix manually. Example:
[VAR]sel::selector::DS::OpenDatabase::department [/VAR]
Scenario: Attaching a Legal Disclaimer
This chapter describes specialities on the configuration of a recipient-specific and country-specific legal disclaimer. Refer to the details described under Standard Tabs of Mail Transport Jobs.
1. Copy the Legal Disclaimer job to Mail Transport Jobs. Activate the job. 2. Set up the address conditions. Please note that the Trailers can only be configured for a specific department when you select a group list.
Tip: When setting up address conditions, keep in mind that mailing lists and similar addresses should not contain a Trailer text. Set up any such exceptions in the address conditions under Except where addressed to.
3. Use the Conditions tab to define whether a specific character string in the email subject line (word in subject or subject command) is to be taken into account when the job is executed.
If, on the server, a trailer is defined with a legal disclaimer or a marketing message, the sender will normally be unable to disable this trailer. However, for private emails or emails addressed to mailing lists, it could be preferable to allow emails without trailer. In some departments, it may also be desirable to add a specific trailer to selected emails only.
For such cases, you can define in the iQ.Suite a command which senders can add to the subject line of the email, if required. If the job finds such a command, the job is not run and no trailer is attached ('Conditions' tab> with following subject command).
Searching for the command is not case-sensitive. The search is stopped as soon as the command has been found and the string is removed from the subject. Subsequent commands are ignored.
Note: The command may only contain characters from the 7-bit ASCII character set. The conditions set in both the Addresses and Conditions tabs must come true for the job to be run (logical AND).
4. Select the desired Trailer in the Trailers tab:
383 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
The standard configuration contains a pre-configured Trailer document, already.
5. Use the Position tab to set at which place of the email the trailer is to be inserted. Typically, marketing trailers or legal disclaimers are placed at the beginning or the end of the message, i.e. right before or after the message body.
Scenario: Attaching customized signatures
iQ.Suite Trailer is able to insert sender-specific information into an email directly on the server. This lets you create "signatures” for different individuals or departments combined with conditions without having to keep redundant information. Note that "signatures” in this context refers to closing phrases and sender information, and not to digital signatures.
While standardized signatures ensure a consistent corporate image, using a server-based signing process ensures that your data is always up-to-date, correct and consistent throughout the company. Even in case of relocations, changed phone or room numbers or new departmental structures, the applicable information is taken from the Active Directory (AD) and automatically used for the email signature.
To allow access to cross-domain information, iQ.Suite Trailer uses the Global Catalog - an index containing the relevant information of all users within an Active Directory. The Active Directory itself is read only and remains unaffected by the use of the Global Catalog.
When you create a new Trailer, you can select the available variables for first name, last name, department, etc. from a drop-down list. If a value does not exist, a general default value can be inserted.
You can also use any other value from the Active Directory, e.g. user-defined attributes. To do so, read the Active Directory values with ADSI Edit. For further Information on ADSI Edit, refer to your Windows Server documentation.
1. Copy the Attach Sender Signature job to Mail Transport Jobs. Activate the job. 384 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Note: This job ignores emails signed with S/MIME by the client. Since iQ.Suite Trailer must open the email to be able to insert text modules, this signaturen would become invalid.
2. Use the preconfigured Trailer document Signatures and adjust it to your requirements. 3. As a rule, individual signatures are valid indefinitely. Make sure that the 'Use for a period of time only’ option in the General tab is disabled. 4. In the Content tab, select one of the HTML, Text or RTF tabs to create the trailer text for the corresponding email format.
If you have selected HTML or Text, a window opens in which you can edit your trailer. Click the Variables icon and select the desired information:
To design the trailer text for the RTF format, proceed as described under Creating a Trailer Document (Step 5).
5. The variables appear in the input field and can be formatted according to the company guidelines with spaces, dashes, bold type, etc. To start a new line, press Shift+Enter; for a new paragraph (two lines), press Enter.
The tokens [VAR] and [/VAR] are case-sensitive and must always be written in capital letters. If required, use the conditional variable [COND]. Refer to [COND] variable:.
The variables insert the contents of the corresponding field in the Active Directory. If a variable cannot be resolved, [VAR]myvalue[/VAR] is inserted in the text. Possible causes:
The variable does not contain a value, e.g. due to information missing in the Active Directory. The variable or token does not exist, e.g. due to a spelling mistake (upper/lower case). For instance, writing [Var] instead of [/VAR] will generate an error.
To include generally applicable information, use a default setting, which you can enter and edit directly in the text. This value is added to the outgoing email. Place a semicolon after the variable, followed by the default value that applies to all users 385 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
(refer to bold values in screenshot above).
Example:[VAR]myvalue;HELLO[/VAR] Thus, if no value is found in the Active Directory for myvalue, HELLO is used instead.
Tip: Special case: [VAR]myvalue;[/VAR] If you have entered an empty character string as your default value, i.e. no entry after the semicolon, nothing is added to the message in case no value is available in the Active Directory.
Note: Make sure that the Active Directory entries are always up-to-date
6. Save the signature Trailer with OK. 7. If required, configure a Trailer search pattern. Refer to Trailer Search pattern.
Scenario: Attaching customized signatures with Personalized Image
You can add personalized images to your customized signatures. With this the Trailers do not only contain employee-related data such as name and phone number, but also the employee's image or his/her scanned signature. Especially for emails sent by sales or customer service representatives, Trailer personalization might be reasonable. Images are inserted in the HTML email body.
For every employee for whom an image shall be appended an image must be available in the Active Directory (AD). The images are not imported to the iQ.Suite server but must be stored within a user attribute such as thumbnailPhoto. Note: Images must be available as GIF, PNG or JPG to be integrated to a Trailer. We recommend not to exceed file size of 200 KB, since big file attachments might lead to negative effects on the side of the recipient or during email transport.
Configuration:
1. Copy the Attach sender signature to Mail Transport Jobs. When configuring the job you can refer to the job configuration of the legal disclaimer. Refer to General Job Configuration. 2. Create a personalized Trailer image. Refer to Configuring Personalized Trailer Images. 3. Modify the text and the configuration of the Trailer document Sender signature with personalized image. Refer to Creating a Trailer Document. 4. Insert the personalized Trailer image in the Trailer document. Refer to Assigning Trailer Images to a Trailer Document. 5. Save the job.
Scenario: Adding a company logo to the Trailer
1. Copy the Legal Disclaimer job to Mail Transport Jobs. Activate the job. 2. Create a Trailer image for the company logo. Refer to Conventional and Personalized Trailer Images.
386 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
3. Create a Trailer document with the desired Trailer texts. Refer to Creating a Trailer Document. 4. Insert the Trailer image in the Trailer document. Refer to Assigning Trailer Images to a Trailer Document. 5. Save the job.
Scenario: Adding vCard data to the Trailer
1. Create a Trailer Attachment as described under Creating Conventional Trailer Attachments. Use the variables to insert the desired vCard data. 2. Copy the Sender Signature with VCard and QR Code Image job to Mail Transport Jobs. Activate the job. 1. In the Attachment tab select the configured Trailer Attachment. 2. In the Position tab define the position, the Trailer shall be placed in the email body. 3. Save the job. The configured Trailer Attachment is not inserted in the email body but appended to the email.
Note: Representation of file attachments within the email is determined by the used mail client of the recipient. Hence, with some clients the Trailer file attachments cannot be distinguished from conventional file attachments.
387 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
iQ.Suite Clerk
Topics:
Clerk – Overview Requirements for iQ.Suite Clerk Absences (One-Time, Periodic) Forwarding vs. Redirection Clerk Database Clerk Jobs
388 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Overview
iQ.Suite Clerk allows a central absence management, enabling to redirect or forward emails in case of one-time absences (e.g. for the time of a vacation or a business travel) and in case of periodic absences on certain weekdays (e.g. for part-time employees).
Retroactive forwarding is also possible - e.g. in case an employee forgot to arrange a forwarding before the begin of his/her vacation.
If configured accordingly, absence notifications can be automatically sent to the sender and/or deputy. This way, iQ.Suite Clerk ensures that no important emails remain unprocessed and/or unanswered - whatever it is a (planned or unforeseen) absence. This is particularly important if it concerns a time-critical information, invoices or requests for proposals, for example.
389 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Requirements for iQ.Suite Clerk
Certain administration tasks required for iQ.Suite Clerk can be performed in the iQ.Suite administration console. Other administration tasks are only possible in iQ.Suite WebClient. Consequently, iQ.Suite Clerk requires the installation of iQ.Suite WebClient, additionally to iQ.Suite for Microsoft Exchange/SMTP. Refer to Installation of iQ.Suite WebClient.
iQ.Suite Administration Console
In the iQ.Suite administration console, the following configurations are required:
SQL database for the Clerk configuration. Refer to Clerk Configuration (Only SQL). Clerk Action Job
Optional: Retroactive email processing requires additional configurations:
Clerk Quarantine. Refer to Clerk Quarantine (Access or SQL). Clerk Journal Job
Job Types
Job: Clerk Action
This job is responsible for the forwarding/redirection of emails to the deputies and sends Clerk absence notifications to the sender and/or deputy, if configured accordingly.
Refer to Job: Clerk Action.
Job: Clerk Journal
This job collects emails into a Clerk Quarantine in order to make retroactive email processing possible. A background task forwards the collected emails retroactively and/or sends retroactive absence notifications to the sender and/or deputy, if configured accordingly.
Refer to Job: Clerk Journal.
iQ.Suite WebClient
Roles & Rights
As a user with appropriate administration rights, you can grant permissions in iQ.Suite WebClient under Roles & Rights in order to allow users or groups to access the Clerk WebClient component and to carry out actions in Clerk such as the configuration of absences. 390 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
In iQ.Suite WebClient, the following actions are possible depending on the set permissions:
Clerk
Creation of Absences (One-Time, Periodic), including rules and notification templates:
Rules in absences can be used to define exceptions of the standard settings, for example in order to forward emails with special contents to another person than the standard deputy.
By using Notification templates (if desired, with an image), the sender and/or the deputy can be notified of the forwarding/redirection. In case of retroactive forwarding, retroactive notifications can be sent as well.
Clerk Administration
Configuration of ploicies and delegations:
Delegations can be configured to allow users to create absences for other users, for example in case of an unplanned absence due to sickness.
Individual Policies can be created to reduce the configuration scope of absences for certain users/groups. Thus, you can e.g. specify a default message for Out-of-Office notifications to force internal/external senders to use this notification message.
For further information on then WebClient topics mentioned above, please refer to the context-sensitive online documentation of iQ.Suite WebClient.
391 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Absences (One-Time, Periodic)
In iQ.Suite WebClient, users can configure absences for themselves as absentees and via delegations for other users as well.
In each absence, you can configure whether the absentee's emails are to be forwarded or redirected and whether sender and/or deputy are to be notified. It is also possible to configure absences without forwarding/redirection but with enabled notification to the sender and/or deputy. Refer to Forwarding vs. Redirection.
One-time absence
One-time absences are limited to a specified period, e.g. for the time of a vacation or a business travel.
Periodic absence
In case of a periodic recurring absence, e.g. of part-time employees, it is possible to arrange a periodic absence on an hourly time scale for specific days of the week. This absence can be limited or unlimited in the time (no end date).
392 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Forwarding vs. Redirection
Forwarding
In case of forwarding, the deputy receives a copy of the email addressed to the original recipient. The email can be marked as "forwarded” for the original recipient by enabling the 'Add subject extension’ action which can be selected in the Clerk Action Job.
Retroactive forwarding
Retroactive forwarding is a supplement for email forwarding or redirection. Without use of the retroactive forwarding, emails are delivered to a deputy not before an authorized user has arranged a redirection or forwarding. In case a redirection or forwarding is only enabled at the 3rd day of the user's absence, the emails of the two days before are not available for the deputy. By use of the retroactive forwarding, this gap is closed.
In case of a retroactive email forwarding, also retroactive sender notifications can be sent.
The retroactive forwarding requires the configuration of a Clerk Quarantine and a Clerk Journal Job in iQ.Suite. In iQ.Suite WebClient under Roles & Rights, the retroactive processing must be allowed.
Refer to Clerk Quarantine (Access or SQL) and Clerk Journal Job.
Redirection
A redirection is established to always assign incoming emails to a deputy. The mailbox of the original recipient is not charged since the original email is delivered to the deputy. A redirection can be established, for example, for a managing director to redirect the emails addressed to him to an assistant or the office of the general manager.
Also at collaborative usage of public folders, a redirection might be reasonable. Example: A user has entered her email address in a mailing list. Emails received from this list are to be stored in a public folder instead of being delivered to her mailbox. Since the sender is a mailing list, you may not want to send an automatic notification of this redirection to the sender.
393 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Clerk Database
For iQ.Suite Clerk, a SQL database is needed; for the retroactive email forwarding a Clerk Quarantine is additionally required.
Clerk Configuration (only SQL)
The settings from the Clerk component in iQ.Suite WebClient are saved to the Clerk Configuration database.
To be able to use the Clerk Configuration data in iQ.Suite, proceed as follows:
1. Create on your SQL database server a SQL database manually. 2. Run the General_Clerk.sql script on the database in order to create the required database objects. You will find the SQL Scripts under ...\GBS\iQ.Suite\Support\Scripts\ The following procedure applies if you are using MS SQL Server:
1. Open the SQL file mentioned above under \GBS\iQ.Suite\Support\Scripts\SQL 2. Copy the content of this file to the Query window of the SQL Server Enterprise Manager: SQL Server Enterprise Manager > Tools > SQL Query Analyzer 3. Run the command (query) by selecting Execute Query (F5). 4. Grant appropriate access rights to a user.
For PostgreSQL, please read the documentation of PostgreSQL, if required.
1. Create a database connection between the SQL database server and the iQ.Suite server: Basis Configuration > Database Connections > New > 'DatabaseType'. Refer to Configuration of the Database Connection.
2. Under Basis Configuration > iQ.Suite Servers > Properties > Databases select in the Database connection for Clerk configuration data field the corresponding configuration. Refer to Databases.
Clerk Quarantine (Access or SQL)
For the optional feature of the retroactive email processing, a Clerk Quarantine (also named 'Journal database') must be configured: Basis Configuration > Folder Settings > Clerk > New > Clerk. Refer to General settings and Setting Permissions for Quarantine access.
Retroactive email forwarding is only possible if the emails have been collected into the
394 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
selected Clerk Quarantine by the Clerk Journal Job before activation of the retroactive email processing. If emails are to be retroactively forwarded because of configured absences, they are forwarded from this quarantine. Refer to Clerk Journal Job.
The content of the Clerk Quarantine can be viewed under iQ.Suite Monitor > Servers > 'Server' > Clerk Areas > 'Clerk'.
395 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Clerk Jobs
Clerk Action Job
The Clerk Action Job is responsible for sending Clerk absence notifications and for the forwarding/redirection of emails to the specified deputy.
For a description of the settings in the standard tabs, refer to Standard tabs of Mail Transport Jobs.
If you want to activate actions for the sending of notifications, create appropriate Clerk Action notification templates under Basis Configuration > General Settings > Templates > Clerk. Refer to Templates.
Clerk Journal Job
For the retroactive email forwarding, at least one Clerk Journal Job must be configured and enabled.
The Clerk Journal Job collects emails into the selected Clerk Quarantine. Then, these emails are kept there for a time which is configurable in the Clerk Quarantine. If absences in iQ.Suite WebClient are activated for a period in the past, the retroactive email processing is automatically enabled. Emails can then be retroactively forwarded from the Clerk Quarantine.
396 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
For a description of the settings in the standard tabs, refer to Standard tabs of Mail Transport Jobs.
In the Database tab, determine into which Clerk Quarantine the emails are to be collected:
Also refer to Clerk Database.
397 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
iQ.Suite Crypt
Topics:
Overview – Crypt PGP - General information Automatic key import with GnuPG Encryption with GnuPG Decryption with GnuPG S/MIME - General information Automatic certificate import with S/MIME Encryption with S/MIME Decryption with S/MIME Signing with S/MIME Verifying S/MIME signatures Using iQ.Suite KeyManager Encrypting emails with WebCrypt Pro Migration from S/MIME to S/MIME2
398 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Crypt – Overview
iQ.Suite Crypt is used to encrypt, decrypt, sign or verify emails. With its flexible configuration options, Crypt lets you centrally define corporate encryption policies.
Powerful asymmetrical and symmetrical encryption is implemented with standard methods such as PGP, GnuPG or S/MIME, which can also be used in parallel. For the user, the encryption is fully transparent, regardless of the email client used.
For further Information on cryptography and encryption methods, refer to the Crypt Whitepaper. Download on www.gbs.com.
The GBS solution draws the boundary of confidential communication on the server and not at the client. Within your company, the email is transmitted unencrypted.
Advantages:
1. Email security on the way through the Internet or other public networks. The email cannot be read by unauthorized persons. 2. Convenient key management. The keys are stored only once on the server. 3. Since encryption is not performed on the clients, the required installation and training is considerably reduced. Users benefit from outstanding ease of use. 4. Virus checking possible before or afterwards. 5. Content analysis possible before or afterwards.
As a general rule, to send encrypted email, a cryptography tool is required on both communication sides on the server (or the client).
There are two widely used encryption methods:
PGP (by using GnuPG) S/MIME
iQ.Suite Crypt can use either with PGP or S/MIME to encrypt and decrypt emails. These two methods are not compatible with each other, i.e. you cannot, for example, use S/MIME to decrypt a PGP-encrypted email. You can, however, use both standards at the same time on your server.
As an alternative to the methods described above is WebCrypt Pro for email encryption. WebCrypt Pro enables email encryption even if the communication partner does not use any encryption solution. Refer to Encrypting emails with WebCrypt Pro.
With iQ.Suite KeyManager self-signed and public/private keys from accredited certification authorities (e.g. VeriSign) can be administrated centrally and can be synchronized with a local certificate store. Refer to Using iQ.Suite KeyManager.
399 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Job types
Depending on how to use iQ.Suite Crypt, various job types are available:
Job: Crypt Key Import
Importing PGP keys and S/MIME certificates
Job: Crypt Outbound with GnuPG or S/MIME
Encrypting or signing emails
Job: Crypt Inboun d with GnuPG or S/MIME
Decrypting or verifying emails
For further Information on setting up jobs, please refer to the description provided for the sample jobs, e.g. Sample Job: Key Import with GnuPG.
Note: iQ.Suite Crypt can encrypt and decrypt emails with PGP, PGP/MIME orS/MIME. As these methods are not compatible with each other, create a separate job for each Crypt type.
GnuPG - Getting Started
1. Install GnuPG. 2. Generate a key pair. 3. Add your private key to the private key ring. 4. Add the public key to the public key ring. 5. Let your communication partners know your corporate public key. 6. Configure the GnuPG engine.
Refer to Configuration of the unsynchronized GnuPG Engine.
7. Save your communication partner’s public key.
Refer to Automatic Key import with GnuPG.
8. Optionally, set up and enable the key import job and import the public keys.
Refer to Sample Job: Key import with GnuPG .
9. Sign public keys of the recipients. 10. Set up the decryption job.
Refer to Decryption Sequence by using the 'PGP’ or 'PGP/MIME’ method and Sample Job: Decrypting emails with GnuPG.
11. Set up the encryption job.
Refer to Encryption Sequence by using the 'PGP’ or 'PGP/MIME’ method and Sample Job: Encrypting emails with GnuPG.
400 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
S/MIME2 - Getting started
1. Configure a S/MIME2 engine.
Refer to Configuration of the S/MIME2 Engine.
2. Import your PFX files into the local Windows certificate store. For test purpose, use the sample certificates stored under
3. Configure a decryption job.
Refer to Decryption sequence with S/MIME and Sample Job: Decrypting emails with S/MIME.
4. In the iQ.Suite configure an encryption job.
Refer to Encryption sequence with S/MIME and Sample Job: Encrypting emails with S/MIME.
Global mappings
iQ.Suite Crypt encryption and decryption jobs allow to set how to handle addresses for which key IDs exist in a public key ring or a Windows certificate store. Using a mapping table, these key IDs are assigned to recipient addresses.
To be able to use specific recipient addresses in several Crypt jobs without having to enter them as mapping table for each of these jobs, you can define such addresses as 'Global Mappings'.
To create an address as global mapping, select Basic Configuration > Utility Settings > Crypt Settings > Global Mappings:
401 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Enabled: Enable the global mapping with 'Yes' or disable it with 'No'. Email address: Specify the desired recipient address to be created as global mapping, e.g. an individual address or an entire domain. Wildcards are permitted. Key ID: Specify the key ID associated with the email address, as entered in the public key ring.
Create each address that is to be available for multiple jobs as a separate global mapping. Within Crypt jobs, you can set whether all or no global mappings are to be used. Refer to Open the Mapping tab.
402 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
PGP - General information
Using PGP for encryption, the sender encrypts the email with the recipient’s public key before sending it. Only the recipient can decrypt this email with his/her private key. As opposed to symmetrical encryption using passwords, no 'secure lines' are needed to exchange keys between senders and recipients.
Encryption/Decryption with GnuPG
Encryption:
1. An internal sender sends an email to an external recipient. 2. On the server, Crypt determines the key for all recipients and calls GnuPG for email encryption. 3. GnuPG encrypts all message bodies and file attachments on a per-file basis. The originals are then replaced with their encrypted counterparts. 4. When this is complete, the encrypted emails are released and sent to the external recipients.
For further Information on GnuPG, refer to https://www.gnupg.org/.
Decryption:
To decrypt emails with Crypt, specify the senders whose email you want to decrypt. This can be all senders with an Internet domain or individual users included in the address settings.
1. An encrypted email addressed to an internal user arrives on the internal mail server. 2. Crypt first checks all attachments. Then Crypt checks for an encrypted message body by looking for a standard PGP text string: -----BEGIN PGP MESSAGE----- 3. If found (meaning the email was encrypted), Crypt decrypts the message body and any attachments using the recipient’s private key. 4. Decryption uses a password, which must be the same for all private keys in the key ring. To allow use of the private key, the password is passed from Crypt to GnuPG. 5. The encrypted parts are replaced with the decrypted ones and the decrypted email is released for delivery to the client.
PGP/MIME
iQ.Suite Crypt supports encryption and decryption with PGP/MIME.
PGP/MIME was developed from the first PGP/Inline process. Specified in RFC 3156, PGP/MIME uses the same encryption format as S/MIME, but uses PGP technology, which
403 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
encrypts the entire email as a whole rather than its individual parts. The email content type is multipart/encrypted (or multipart/signed). As opposed to normal PGP encryption, formatting information and non-ASCII characters are not lost with this encryption method. The PGP signature is included separately in an attachment, which simplifies reading and replying and also reduces the likelihood of errors.
Please note that some clients do not support PGP/MIME.
Preliminaries for GnuPG
To use Crypt and GnuPG for PGP encryption and decryption of emails, proceed as follows:
1. Install GnuPG on your server, following the installation instructions for GnuPG. 2. In GnuPG, generate a key pair consisting of the public key and the secret private key. The public key is made publicly available so that all potential senders can use it. The private key must be kept secret in a secure location. 3. Configure the Crypt engine for GnuPG under Basic Configuration > Utility Settings > Crypt Settings > Crypt Engines. 4. Import the recipients’ public keys into the PGP key ring e.g. using the iQ.Suite Import job. 5. Sign the keys. 6. Configure and activate an appropriate Crypt job.
Important: Make sure that you sign the public keys and/or mark them as trusted after their import into the PGP key ring, otherwise they cannot be used.
Configuration of the unsynchronized GnuPG Engine
For using GnuPG without iQ.Suite KeyManager, the following preconfigured Crypt Engines (including variables) are available:
GnuPG 1.2.x and 1.4.x GnuPG 1.4.x and 2.0.x GnuPG 2.2.x
Use the Engine which corresponds to the version you have installed on your server.
To configure other versions of GnuPG, proceed as follows:
1. Copy the preconfigured GnuPG engine with right-click > All Tasks > Duplicate. 2. Enter a meaningful name for the new engine, e.g. include the version number in the name. 3. Change the settings and variables for your version. For this, please refer to your GnuPG documentation. 4. Save the Engine. 5. Once you have set up the new GnuPG Engine, it is available for all jobs.
Configuration of the GnuPG engine: 404 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
1. Click on Basic Configuration > Utility Settings > Crypt Settings > Crypt Engines > 'GnuPG Engine'.
In the General tab, perform the following settings:
GBS Crypt Interface: DLL file that links the iQ.Suite with the GnuPG engine. Do not change this entry.
PGP executable: Specify the GnuPG EXE file with its absolute path, e.g. c:\program files\crypt\gnupg\gpg.exe.
Timeout: Number of seconds after which the attempt to connect to the Crypt engine is interrupted if unsuccessful. Take your server’s performance into account when setting this value.
PGP directory: Path to the directory in which the file for the trust status (trustdb.gpg) is stored. Usually, this file is available in the same directory than the key ring files.
Public key ring (not for GnuPG 2.2.x): Absolute path to the file containing the GnuPG public keys, e.g. gnupg\pubring.gpg.
Private key ring (not for GnuPG 2.2.x): Absolute path to the file containing the GnuPG private keys, e.g. c:\program files\crypt\gnupg\secring.gpg.
Key ring passphrase: passphrase for the private key ring. The password may contain all printable characters from the 7-bit ASCII character set (US-ASCII) except the quotation mark.
Signature key ID: Key identification of the (private) corporate key to be systematically used for signing, e.g. [email protected]
405 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
2. Open the PGP Options tab:
Parameters / Options: The parameters/options entered here apply to the respective GnuPG versions. If you have another version of GnuPG installed, you may have to change these parameters/options. In that case, please contact the GBS Support Team.
Add this extension: After encryption with GnuPG, this file extension is appended to each encrypted email section (except for the message body) before being sent. Crypt uses these extensions only for PGP (not for PGP/MIME). Specify the Crypt method in the job.
Remove this extension: During decryption, any file extensions added to encrypted email sections are removed again (except for the message body). The extensions entered here are normally used for PGP encryption and iQ.Suite Crypt assumes that these emails have received the extension during encryption. Crypt uses these extensions only for PGP (not for PGP/MIME). Specify the Crypt method in the job.
3. Open the Fingerprints tab:
406 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
The fingerprints in the upper section of the tab identify the PGP key to be imported. Whenever an email section arrives with a fingerprint specified in this tab, the key import job will know that it is a PGP key.
The fingerprints in the lower section identify emails that have already been PGP- encrypted and/or PGP-signed on the client and are being processed for sending on the server. It is possible to define exceptions for these emails in the Crypt job. The fingerprints apply to the Crypt PGP encryption method only, not to PGP/MIME.
All known fingerprints for identifying PGP keys and encrypted PGP emails are preconfigured.
For further Information on fingerprints, refer to Fingerprints.
4. Open the Variables tab:
407 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
These variables entered here apply to the GnuPG versions 1.2.x, 1.4.x, 2.0.x and 2.2.x. If you are using another GnuPG version, you may have to change these variables. In that case, please contact the GBS Support Team.
5. To add a variable click Add. To edit it, click Edit.
408 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Automatic key import with GnuPG
Using iQ.Suite Crypt, it is possible to automatically import the public keys (sent by communication partners along with the encrypted email) into the key ring.
1. The sender’s public key is copied from the email. 2. The public key is imported into the key ring. 3. The email is delivered to the recipient.
Sample Job: Key Import with GnuPG
This example only illustrates the job-specific details. For a description of the settings in the standard tabs, refer to Standard tabs of Mail Transport Jobs.
1. Consider the preparations for GnuPG usage. Refer to Preliminaries for GnuPG. 2. Copy the Key Import with GnuPG job to Mail Transport Jobs The job should be executed after a decryption job. Activate the job. 3. Open the Options tab:
In the Select method field, the PGP encryption method is preset to 'PGP'. Select a Crypt engine. If you also want to check attachments such as ZIP archives for keys, enable the Scan inside compressed attachments option.
Tip: In case you intend to import a PGP key, make sure you have entered the correct GnuPG version. If you are not using the preset GnuPG version, create a new entry under Basic Configuration > Utility Settings > Crypt Settings > Crypt Engines.
To view the settings for the Crypt engine selected here, click .
4. Open the Actions tab.
In this tab, specify the actions to be performed when the key import has been completed successfully (Success actions button) and those to be performed when 409 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
an error has occurred (Error actions button).
410 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Encryption with GnuPG
Encryption sequence by using the 'PGP' or 'PGP/MIME' method
1. The user sends an email via his/her client in the usual way. 2. On the server, Crypt retrieves the public key for the email recipients from the PGP key ring. 3. The email is encrypted.
With PGP, all of the email elements are encrypted individually (attention: any formatting and embedded images are lost). With PGP/MIME, the email is encrypted as a whole (formatting remains intact).
4. The email is delivered to its recipients.
Sample Job: Encrypting emails with GnuPG
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
1. Consider the preparations for GnuPG usage. Refer to Preliminaries for GnuPG. 2. Copy the Encrypt with GnuPG job to Mail Transport Jobs 1. Activate the job. 2. Configure the recipient addresses in the job. If necessary, create and enable several jobs.
If encryption is configured for a sender-recipient combination, such a sender will normally be unable to send an unencrypted email to one of the configured recipients.
However, if you want to reach some of these recipients with an unencrypted email, select in the iQ.Suite a command: 'Conditions' tab > Condition:...with following subject command. When the sender add this command to the email's subject line, the job will not be executed and the email will be sent in unencrypted form.
Searching for the command is not case-sensitive. The search is stopped as soon as the command has been found and it is removed from the subject.
Notes:
The subject command may only contain characters from the 7-bit ASCII character set (US-ASCII - 126 characters possible). The conditions set in both the Addresses and Conditions tabs must come true for the job to be run (logical AND).
411 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
3. Open the Crypt Engine tab:
Select method: Select the encryption method 'PGP'. Select Crypt engine: Select the version of the Crypt Engine that you have installed. Specify in the following fields how exception emails (special cases) are to be handled, e.g. TNEF emails: 'Ignore': The email is passed to the next job without being further processed by this job. The email is not encrypted. 'Execute actions': The actions specified in the Actions tab are performed. 'Proceed': The job processes the email like those that do not fall into this category.
Special cases:
When emails is in TNEF format, then: The Outlook TNEF format cannot be processed by iQ.Suite Crypt. The TNEF format is used by Exchange when an Outlook user (not Outlook Express!) sends an email within an Exchange organization. This format is not used for communication via the Internet or when using other email clients.
Email already S/MIME or PGP/MIME encrypted/signed Emails that arrive on the server encrypted or encrypted and signed with S/MIME or PGP/MIME. In your corporate email policies, specify how such emails are to be handled.
Email already S/MIME or PGP/MIME signed only Not encrypted emails that are already signed by the user with S/MIME or PGP/MIME and when they arrive on the server.
Email already PGP encrypted and/or signed If PGP/MIME or S/MIME is used, the email structure and the headers allow to determine whether the email is encrypted or signed. If encrypted with PGP, only the contents of the individual email elements are replaced with the encrypted part, not the entire email. The structure remains 412 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
unchanged. As a consequence, to determine whether an email has been partially or entirely encrypted by PGP, the fingerprints set in the configuration are applied to all of the elements of the email (message body and attachments). To define the PGP fingerprints for individual email elements, please refer to Configuration of the unsynchronized GnuPG Engine.
PGP Options: Encrypt attachments only: Only the email attachments will be encrypted. All other elements of the email, such as the message body, remain unencrypted. If this option is disabled, all elements of the email (attachments, body, HTML text) will be encrypted.
PGP Universal Server compatibility: This option ensures compatibility with the PGP Universal Server. Enable this option if an encryption partner uses the PGP Universal Server. Set up two different encryption jobs, if you communicate with encryption partners with Universal Server and encryption partners without Universal Server.
Remove HTML bodies: For HTML emails encrypted with PGP, decryption or display problems may occur on the recipient side. These problems are due to technical PGP/GnuPG restrictions. As a general rule, neither PGP nor GnuPG supports encrypting HTML bodies.
While email programs such as Mozilla Thunderbird or Microsoft Outlook simply display the email body as text and ignore the HTML body, Lotus Notes attempts to display the HTML body as well. This can cause difficulties, especially in reply emails. In this case, enable the option that allows to remove the HTML body before encrypting the email with PGP.
Note: On Exchange: This issue does not occur when iQ.Suite for Microsoft Exchange is also used on the recipient side.
Convert e-mail bodies to UTF-8: The message bodies are converted into Unicode character set.
4. Open the Crypt Mode tab:
In the Crypt Mode tab, specify the encryption mode and security settings (VPN channel) to be called with this job.
413 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
In the sample jobs, the Crypt mode is preconfigured.
The individual options show the possible security settings for outgoing emails (VPN channels). The options only apply to encryption, since signatures are added with the private key. If this key is missing, no signature can be added and the actions specified in the Actions tab are performed.
Optional encryption: The emails are encrypted with the existing public certificates. Any emails to recipients for whom no valid certificate is available are sent unencrypted. The information from the Subject extension field (General tab) is added to the email subject.
Low security: Emails are encrypted with the existing public keys. Emails to recipients for whom a valid key exists are sent encrypted. For all recipients without a valid key, the actions specified in the Actions tab are performed.
Medium security: Emails are encrypted with the available public keys only if at least one valid key exists. All outgoing emails are encrypted. Recipients with a valid key can open the emails with their private key. Thus, recipients without a valid private key that matches one of the public keys used will not be able to open the encrypted emails. The actions specified in the Actions tab are performed only if no valid key exists at all.
High security: Emails are encrypted with the available public keys only if valid keys exist for all recipients. The actions specified in the Actions tab are performed as soon as one key is invalid or missing.
Tip: Jobs are performed only for recipients specified in the Addresses tab. If you enter only the communication partners with a valid public key, you can select a high security setting to create tap-proof channels without missing keys triggering the actions specified in the Actions tab. Create a separate job for each security setting. Thus, to send emails at maximum security to some recipients while offering others optional decryption or verification, set up two jobs. 414 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
5. Open the Mapping tab.
Specify the type of address mapping for encryption and, if necessary, create your own mapping table.
First use mapping list below: The entries in the user-defined mapping table below have priority over the entries in the public key ring. If no key ID is entered in this table, the job looks for this key ID in the public key ring and the associated key is used. The encryption job looks for a key ID under the recipient address in the public key ring only if no suitable entry has been found in the table. This setting is advisable for implementing encrypted communications with another company through secure VPN channels.
First use public key ring (default): The entries in the public key ring have priority over the entries in the user-defined mapping table. The encryption job looks for the required key ID in the mapping table below only if no entry matching the recipient address has been found in the key ring. Example: Separate encryption for emails to the management.
Use public key ring only: The job looks for keys only by recipient address in the public key ring. In this case, the mapping table is not enabled. Some existing entries may not be deleted. Use this option to communicate with individuals who each have their own key.
Use global mappings: If specific recipient addresses are to be used in multiple Crypt jobs, you can create these addresses as 'global mappings' (refer to Global Mappings). Enable this option if you want the job to use all recipient addresses defined as global. Please note that local addresses are read before the global addresses.
More information
415 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
416 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Decryption with GnuPG
Decryption Sequence by using the 'PGP' or 'PGP/MIME' method
1. On the server, iQ.Suite Crypt retrieves the private key for the incoming email from the PGP key ring. 2. The email is decrypted. With PGP, the encrypted email elements are decrypted, with PGP/MIME the email as a whole. 3. The email is delivered to the recipient. 4. Users receive their email through their clients as usual; encryption is completely transparent for the recipients.
Sample Job: Decrypting emails with GnuPG
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
1. Consider the preparations for GnuPG usage. Refer to Preliminaries for GnuPG.
2. Copy the Decrypt with GnuPG job to Mail Transport Jobs 1. Activate the job. 2. Configure the recipient addresses in the job. If necessary, create and enable several jobs. 3. Open the Crypt Engine/Mode tab.
Specify the decryption method and the security settings to be used by this job. You can also select additional options here.
417 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Under Select method, select the desired encryption method. In the subsequent field, select the Crypt engine version installed.
When emails is in TNEF format, then: The Outlook TNEF format cannot be processed by iQ.Suite Crypt. The TNEF format is used by Exchange when an Outlook user (not Outlook Express!) sends an email within an Exchange organization. This format is not used for communication via the Internet or when using other email clients.
Remove S/MIME signature: This setting is not necessary for PGP decryption and available only when the PGP/MIME or S/MIME encryption method is selected. For further Information on this option, refer to Sample Job: Decrypting emails with S/MIME.
Email VPN (inbound security settings): For incoming emails addressed to internal users, the following security settings exist for decryption:
Optional decryption (default): The emails are decrypted with the existing private keys and the signature verified with the existing public keys. If an error occurs during decryption or verification, e.g. because the private key is missing or the email was modified (making verification impossible), the configured actions are performed. Unencrypted emails are delivered to the recipients and the information from the Subject extension field (General tab) is added to the email subject.
Enforce selected mode: The only incoming emails delivered to the recipient are those that match the selected mode. For emails that do not match the selected mode, the actions specified in the Actions tab are performed. Crypt mode 'Decrypt': The email is decrypted only. An existing signature will not be verified, i.e. the email is delivered to its recipient without verification. Process what: 418 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
'All mail contents': All elements of the email are decrypted. This option requires that the entire incoming email was encrypted. If, for instance, only the attachments were encrypted, the specified actions are performed. 'Attachments only': Only the attachments are decrypted. If the email also contains an encrypted message body, the email will be delivered with encrypted message body to the recipient.
Remove HTML bodies: This option is used for decrypted emails which contain either only HTML body parts or HTML and plain text body parts. With this option enabled, all HTML body parts will be removed from the email. If no plain text body part exists in the email, a plain text body is created by using the excerpt from all HTML body parts.This plain text body is then inserted into the email in place of the HTML body parts.
Tip: Jobs are performed only for recipients specified in the Addresses tab. If you enter only the communication partners with whom you have, for instance, agreed that all emails are to be sent both signed and encrypted, you can select the 'Enforce selected mode' to create "tap-proof" channels without errors caused by emails in the wrong mode triggering the specified actions in the Actions tab.
Create a separate job for each security setting. Thus, to send emails at maximum security to some recipients while offering others optional decryption or verification, set up two different jobs.
419 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
S/MIME - General information
To encryt/decrypt or sign/verify emails with S/MIME, certificates are required. The certificate structure is defined in the X.509 standard. As opposed to PGP, at S/MIME the user does not create the key pair himself but receives the keys from a Certification Authority.
For test purposes, you can use the sample certificates stored under
Using S/MIME in iQ.Suite
iQ.Suite supports a new implementation to process emails with S/MIME.
Important: If you are currently using the outdated S/MIME method (tk_smime), you must switch to the new method (tk_smime2) for being able to use future feature implementations. Migration is simple and only takes a few steps. Refer to Migration from S/MIME to S/MIME2.
For more complex scenarios such as synchronization of several servers, you can connect Crypt to iQ.Suite KeyManager. iQ.Suite KeyManager can be used with or without using the local Windows certificate store and includes options to reference your own PKI. Furthermore, S/MIME certificates can be easily managed with iQ.Suite KeyManager. Refer to Using iQ.Suite KeyManager.
Note: If the certificates of your communication partners have been entered in a LDAP server, you can work with iQ.Suite KeyManager to continue using LDAP.
Configuration of the S/MIME2 Engine
To use the new S/MIME method, configure a S/MIME2 engine: Basic Configuration > Utility Settings > Crypt Engines > S/MIME 2.
420 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
1. In the General tab, make the following settings:
GBS Crypt Interface: DLL file that establishes the connection from iQ.Suite to the S/MIME2 engine. Don't change this entry!
Timeout: Enter the number of seconds to pass before a scan order to the Crypt engine is aborted. When choosing the time value, take into account the performance or your server.
Certificates: Select the component ('Windows Certificate Store' or a 'KeyManager') to be used to manage the certificates in the future. Click to configure the selected component.
For configuring the component, refer to Using iQ.Suite KeyManager or Using the Windows Certificate Store.
Encryption / Signing: Select the desired algorithm, respectively for encryption and signing.
Encryption (Padding) / Signing (Padding): Select a padding algorithm, respectively for encryption and signing.
2. Open the Fingerprints tab:
421 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
The fingerprints identify the S/MIME certificates. As soon as an email element includes one of the fingerprints, the key import job recognizes it as a S/MIME certificate. All known fingerprints for the identification of S/MIME certificates and encrypted S/MIME emails are preconfigured.
For further information on fingerprints, refer to Fingerprints.
Using the Windows Certificate Store
Advantages
As a local store, the Windows certificate store replaces the certs.db database that was used in the outdated S/MIME solution. Furthermore, through the Windows MMC, it offers you a user interface that lets you easily manage the S/MIME certificates. Certificates can be classified in the folders iQ.Suite Trusted , iQ.Suite Unknown and iQ.Suite Untrusted according to their trust status and be changed by simply dragging and dropping, for example from "unknown" to "trusted".
Note: The Windows certificate store can only be used locally and not in distributed systems. Multiple iQ.Suite Crypt installations can be synchronized with iQ.Suite KeyManager.
422 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Private keys can be distinguished from certificates by the icons used in the certificate store.
Important: The Windows certificate store can only be used associated with the Crypt engine S/MIME2. If you are working with the Crypt engine S/MIME (outdated S/MIME method), the certificate store cannot be used. We recommend you to migrate to the new S/MIME method. Refer to Migration from S/MIME to S/MIME2.
Using the Windows certificate store is appropriate to manually manage certificates in smaller environments where only few certificates have to be managed. For extensive application environments with a lot of communication partners, multiple mail servers with iQ.Suite Crypt module installed, or with a lot of certificates to be managed, we recommend to use iQ.Suite KeyManager. iQ.Suite KeyManager also allows you to easily manage private keys and validate certificates.
Configuration description
If the Windows certificate store is used without iQ.Suite KeyManager, it can be used to manage S/MIME certificates:
1. In the Active Directory, create a new user who has access to the Windows certificate store, e.g.
2. Add the user to the local administrators' group and assign the right to execute batch files. This allows the iQ.Suite to log in to this account in batch mode.
On Windows 2012:
Local security policy > Local Policies > User Rights Assignments > Logon as a batch job.
3. Log in with the authentication information of the previously created user or open the local Windows certificate store within its user context:
runas /profile /user:
423 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
4. Add the certificate snap-in: File > Add/Remove snap-in > Add > Certificates > Add > My User account > Finish 5. In the iQ.Suite, click Basic Configuration > Utility Settings > Certificates > Windows Certificate Store:
1. Under User and Password, enter the authentication information of the user (here:
6. Save the configuration. 7. The Compatibility tab only applies in connection with the migration from S/MIME to S/MIME2. Refer to Migration from S/MIME to S/MIME2. 8. If you want the Certificate store to be synchronized with iQ.Suite KeyManager, proceed as described under Using the Windows Certificate Store. 9. Create a Crypt engine for S/MIME 2: Crypt > Crypt Engines > S/MIME 2. In the Certificates field, select the previously configured Windows Certificate Store. 10. If you have so far used the certificate database certs.db and you want to continue to use the included certificates, import them into the Windows certificate store: 1. Use, for example, the iQ.Suite Certificate Manager to import certificates from the certificate database first into the file system. For any questions, contact the GBS Support Team. Note that the trust status is automatically set to "Trusted". 2. Copy the Certificate import with S/MIME job to Mail Transport Jobs. Refer to Automatic certificate import with S/MIME. 3. Activate the job. The job is expected to start after the decryption/verification job. 4. In the Options tab under Method, select 'S/MIME' and in the following field, select the previously configured Crypt engine 'S/MIME 2'. Enable Unpack
424 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
compressed attachments. 11. When the Certificate import with S/MIME job starts the next time, in the local Windows certificate store, the folders iQ.Suite Trusted , iQ.Suite Unknown and iQ.Suite Untrusted are created and the certificates edited by the job are stored in the iQ.Suite Untrusted folder. Drag and drop the certificates to assign them to the desired folders. 12. Configure Crypt Inbound Jobs (decryption/signature analysis) and Crypt Outbound Jobs (encryption/signature creation) as described in the corresponding chapters. However, select the new Crypt engine 'S/MIME 2'.
Refer to Decryption with S/MIME and signing with S/MIME. Refer to Encryption with S/MIME and verifying S/MIME signatures.
425 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Automatic certificate import with S/MIME
With iQ.Suite Crypt, it is possible to import the certificates from communication partners automatically into the Windows certificate store or iQ.Suite KeyManager, regardless of whether signatures are verified or not. This allows to import several certificates in attachments simultaneously. For easy S/MIME certificate management, we recommend you to use iQ.Suite KeyManager. Refer to Using iQ.Suite KeyManager.
The Import job identifies certificates from:
Signed emails, i.e. the signed part is recognized. ZIP archives. PKCS#7-encoded file attachments. DER-encoded file attachments.
Importing the certificate
1. The certificate is copied from the email. 1. If using the Windows certificate store the certificate is imported into the local certificate store and stored in the iQ.Suite Unknown folder. 2. If using iQ.Suite KeyManager, the certificate is loaded into iQ.Suite KeyManager. The imported certificates are stored with the status "unknown" in the folder for the external certificates first. Periodically, the certificates are validated and set to the original trust status. 2. The email is delivered to the recipient. 3. For a description for the Windows Certificate Store configuration and for the certificate import job, refer to Configuration description.
426 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Encryption with S/MIME
In S/MIME encryption, the sender’s emails are encrypted with the recipient’s public key, and only the recipient can decrypt them with his own private key.
Note: S/MIME-encrypted emails can be exchanged only with people whose email client also supports S/MIME encryption. If your communication partner also has a server with iQ.Suite Crypt installed, encryption and decryption are performed directly on the server and no longer depend on the email client.
The configuration of iQ.Suite Crypt for using S/MIME is based on policies, i.e. the addresses for encrypting, decrypting, signing and validating signatures can be defined individually for users, user groups, and for the company.
Encryption Sequence with S/MIME
An email is sent from the client to a recipient. The email is to be encrypted.
1. Crypt writes the data to be encrypted to the hard disk in the form of a multipart MIME message body. 2. This data and the recipient name are passed to the S/MIME interface. 3. The certificate is either searched for in the local Windows certificate store or is loaded by iQ.Suite KeyManager. The certificate is used to encrypt the file. 4. Crypt inserts the S/MIME-encrypted part as new MIME message body into the email.
Sample Job: Encrypting emails with S/MIME
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
1. Copy the Encrypt/Sign with S/MIME job to Mail Transport Jobs. 2. Activate the job. 3. If encryption is configured for a sender-recipient combination, such a sender will normally be unable to send an unencrypted email to one of the configured recipients.
However, if you want to reach some of these recipients with an unencrypted email, select in the iQ.Suite a command: Conditions > Condition:...with following subject command. When the sender add this command to the email's subject line, the job will not be executed and the email will be sent in unencrypted form.
Searching for the command is not case-sensitive. The search is stopped as soon as
427 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
the command has been found and it is removed from the subject.
Notes:
The subject command may only contain characters from the 7-bit ASCII character set (US-ASCII - 126 characters possible). The conditions set in both the Addresses and Conditions tabs must come true for the job to be run (logical AND).
4. Open the Crypt Engine tab:
Select method: Select the encryption method 'S/MIME’. Select crypt engine: Select the previously configured Crypt engine for S/MIME2.
5. Specify in the following fields how exception emails (special cases) are to be handled, e.g. TNEF emails:
'Ignore': The email is passed to the next job without being further processed by this job. The email is not encrypted. 'Execute actions': The actions specified in the Actions tab are performed. 'Proceed': The job processes the email like those that do not fall into this category.
Special cases:
When emails is in TNEF format, then: The Outlook TNEF format cannot be processed by iQ.Suite Crypt. The TNEF format is used by Exchange when an Outlook user (not Outlook Express!) sends an email within an Exchange organization. This format is not used for communication via the Internet or when using other email clients.
When email is already S/MIME or PGP/MIME encrypted/signed, then: Emails that arrive on the server have been encrypted and/or signed with S/MIME or PGP/MIME by the client, i.e. by the internal user. In your corporate email policies, 428 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
specify how such emails are to be handled.
When email is already S/MIME or PGP/MIME signed only, then: Emails that arrive on the server have been signed with S/MIME or PGP/MIME by the client, i.e. by the internal user. In your corporate email policies, specify how such emails are to be handled.
Certificate options: These fields are displayed for S/MIME only and work only properly when using the 'S/MIME 2’ Crypt engine. If you are using the outdated Crypt engine 'S/MIME’, please keep the preconfigured job settings.
Ignore certificate purpose: The certificate purpose defines the usage of the certificate, e.g. "server authentication” or "encryption”. If you enable this option, the iQ.Suite will ignore the intended purpose specified within the certificate. With this, the Crypt job is executed even if the intended purpose and the job functionality do not match, e.g. the intended purpose 'encryption' with a job for signature creation.
Allow expired certificates for encryption: For email encryption, expired certificates are not used from Crypt jobs, by default. Enable this option if the emails are to be encrypted though the corresponding certificate is expired.
Allow expired certificates for signing: For signature creation, expired certificates are not used from Crypt jobs, by default. Enable this option if the emails are to be signed though the corresponding certificate is expired.
Allow unknown trust status for encryption: By default, certificates with the trust status "trusted” are used from Crypt encryption jobs only. Enable this option to use certificates with the trust status "unknown”.
KeyManager tenant: This field is relevant for iQ.Suite KeyManager only. Keep this field empty.
6. Open the Crypt Mode tab.
Specify the encryption mode and security settings (VPN channel) to be called with this job:
429 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
The Crypt mode selected in this example is 'Sign and encrypt’.
The available options are:
'Sign and encrypt': The email is signed and encrypted. If you select the Optional encryption option, you can addionally enable the Force signing on unencrypted emails option. With this additional option enabled, also emails for which no encryption certificate is found will be signed. 'Encrypt': The email is encrypted but not signed. 'Sign': The email is signed but not encrypted.
The individual options show the possible security settings for outgoing emails (VPN channels). The options only apply to encryption, since signatures are added with the private key. Signing fails if this certificate is missing, in which case the actions specified in the Actions tab are performed.
Optional encryption: The emails are encrypted with the existing public keys. Any emails to recipients for whom no valid key is available are sent unencrypted and, if configured, the information from the Subject extension field (General tab) is added to the email subject.
Low security: Emails are encrypted with the existing public keys. Emails to recipients for whom a valid key exists are sent encrypted. For all recipients without a valid key, the actions specified in the Actions tab are performed.
Medium security: Emails are encrypted with the available public keys only if at least one valid key exists. All outgoing emails are encrypted. Recipients with a valid key can open the emails with their private key. Thus, recipients without a valid private key that matches one of the public keys used will not be able to open the encrypted emails. The actions specified in the Actions tab are performed only if no valid key exists at all.
430 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
High security: Emails are encrypted with the available public keys only if valid keys exist for all recipients. The actions specified in the Actions tab are performed as soon as one key is invalid or missing.
Automatically request certificates from KeyManager:
With this option enabled, the missing certificates for encryption and/or signing can be created by using iQ.Suite KeyManager.
If the connector you are using in iQ.Suite KeyManager requires specific user information to request a certificate, this information has to be passed by iQ.Suite. Otherwise, no wew certificates can be created, i.e. only the certificates which already exist in KeyManager (e.g. imported or self-produced certificates) can be requested. To be able to create new certificates, the first and last name must be available in the Active Directory.
Tip: Jobs are performed only for recipients specified in the Addresses tab. If you enter only the communication partners with a valid public key, you can select a high security setting to create tap-proof channels without missing certificates triggering the actions specified in the Actions tab. Create a separate job for each security setting, i.e. in order to send mail at maximum security to some recipients while offering others optional decryption, set up two jobs.
7. Open the Mapping tab.
Specify the type of address mapping for encryption and, if necessary, create your own mapping table. You can, for example, use a mapping table to use one certificate for a certain group of communication partners (e.g. a company certificate of a business partner). With the address mapping, this company certificate will be used for all recipients of the partner company.
First use mapping list below: The entries in the user-defined mapping table below have priority. If this table contains a key ID for a recipient address, the job looks for this key ID in the local Windows certificate store and uses the associated certificate. 431 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
The encryption job looks for a key ID under the recipient address in the certificate store only if no suitable entry has been found in the mapping table. In this case, the key ID must be the email address in the certificate. This setting is advisable for implementing encryption with a specific company through secure VPN channels.
First use public key ring: The entries in the certificate store have priority. If no entry matching the recipient address is found in the certificate store, the job looks for a key ID in the mapping table below.
Use public key ring only (default): Certificates are exclusively searched for in the certificate store by way of the recipient address. In this case, the mapping table is not enabled. Any table entries are kept.
Use global mappings: If specific recipient addresses are to be used in multiple Crypt jobs, you can create these addresses as "global mappings". Refer to Global mappings.
Enable this option if you want the job to use all recipient addresses defined as global. Note that local addresses are read before the global addresses.
432 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Decryption with S/MIME
Decryption Sequence with S/MIME
An encrypted email is to be decrypted on the server as it arrives.
1. Crypt writes the data to be decrypted to the hard disk in the form of a multipart MIME message body. This data is passed to the S/MIME interface. 2. If a private key is found for the email recipient in the Windows certificate store or in iQ.Suite KeyManager, the email is decrypted. 3. Crypt then inserts the MIME-encrypted part as new MIME message body into the email.
Sample Job: Decrypting emails with S/MIME
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
1. Copy the Decrypt/Verify with S/MIME job to Mail Transport Jobs. Activate the job.
2. In the Crypt Engine/Mode tab, specify the decryption method and the security settings to be used by this job:
Under Select method, select the 'S/MIME' option. In the subsequent field, select the previously configured Crypt engine for S/MIME2.
433 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
When emails is in TNEF format, then: The Outlook TNEF format cannot be processed by iQ.Suite Crypt. The TNEF format is used by Exchange when an Outlook user (not Outlook Express!) sends an email within an Exchange organization. This format is not used for communication via the Internet or when using other email clients.
Remove S/MIME signature (default): Using Crypt, S/MIME-signed emails can be checked for valid signatures on the server. iQ.Suite Crypt is able to remove the signature without telling the end user (email recipient) that the signature has been verified. This setting is available only if the decryption method is 'PGP/MIME’ or 'S/MIME’.
E-mail VPN (inbound security settings): For incoming emails addressed to internal users the following security settings exist for decryption:
Optional decryption (default): The emails are decrypted with the existing private keys and the signature verified with the existing public keys. If an error occurs during decryption or verification, e.g. because the private key is missing or the email was modified (making verification impossible), the configured actions are performed. Unencrypted emails are delivered to the recipients and the information from the Subject extension field (General tab) is added to the email subject.
Enforce selected mode: The only incoming emails delivered to the recipient are those that match the selected mode. For emails that do not match the selected mode, the actions specified in the Actions tab are performed.
Crypt mode: 'Decrypt': The email is decrypted only. An existing signature will not be verified, i.e. the email is delivered to its recipient without verification.
Crypt mode: 'Decrypt and verify': The emails which are already signed and encrypted when they arrive on the server are both decrypted and verified.
Crypt mode: 'Verify': The email is only verified. It does not depend on whether the email is encrypted or not. Select this mode to be sure that the emails exchanged with a certain communication partner are signed but not encrypted.
3. In the Options tab, you can make the following setings:
434 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Remove HTML bodies: This option is used for decrypted emails which contain either only HTML body parts or HTML and plain text body parts. With this option enabled, all HTML body parts will be removed from the email. If no plain text body part exists in the email, a plain text body is created by using the excerpt from all HTML body parts.This plain text body is then inserted into the email in place of the HTML body parts.
Allow expired certificates for verification: Expired certificates are no longer used by Crypt jobs by default. Enable this option to check the email signature though the corresponding certificate is already expired.
Allow unknown trust status for verification: Only certificates with the trust status "trusted" are used by Crypt jobs by default. Enable this option to use certificates with the trust status "unknown" as well.
No import of certificates on verification: On verification the certificates are imported by Windows Certificate Store. To prevent this, enable this option.
No decryption for invalid certificates (only if the Windows certificate store is used): By default, all available certificates can be used for decryption. With this option enabled, private certificates are rejected for decryption if their validity period has expired or they have the trust status unknown or untrusted.
Signer and sender must match: If this option is enabled and the email address of the sender does not match with the email address of the signer, the error actions will be triggered (Actions tab).
Tip: Jobs are performed only for recipients specified in the Addresses tab. If you enter only the communication partners with whom you have, for instance, agreed that all emails are to be sent both signed and encrypted, you can select forced mode to create "tap-proof" channels without errors caused by emails in the wrong mode triggering the specified actions in the Actions tab. Create a separate job for each 435 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
security setting. Thus, to send emails at maximum security to some recipients while offering others optional decryption or verification, set up two different jobs.
436 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Signing with S/MIME
iQ.Suite Crypt also supports digital signing with S/MIME.
Like a written signature, a digital signature provides verification of the sender’s identity, allowing the recipient to be sure that the email was actually sent by the specified sender and has not been modified on its way. The signature does not prevent viewing of the email along its transmission route. However, iQ.Suite Crypt is able to encrypt signed emails as a whole. The signature is generated with the private key, while the recipient verifies its authenticity with the public key.
Graphically illustrated and somewhat simplified, this process looks like this:
Processing Sequence for S/MIME Signatures
437 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
An email is sent from the client to a recipient. The email is to be signed.
1. Crypt writes the data to be signed to the hard disk. 2. Crypt searches the sender's personal key or the company certificate in the Windows certificate store or in iQ.Suite KeyManager. 3. This data and the private key are then passed to the S/MIME interface. 4. The data to be signed is signed with the private key. 5. Crypt then inserts the signature into the email and attaches the certificate.
Sample Job: Signing emails with S/MIME
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
1. Copy the Encrypt with S/MIME job to Mail Transport Jobs. 2. Activate the job. 3. In the Crypt Mode tab, set the encryption method to 'Sign’. 4. In the Crypt engine tab, define how to proceed on special emails by selecting the appropriate option under When email is already S/MIME or PGP/MIME signed only, then.
For a detailed description of the individual fields, refer to Sample Job: Encrypting emails with S/MIME.
438 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Verifying S/MIME signatures
S/MIME-signed emails arriving on the server are verified with the sender’s public certificate, thereby identifying the specified sender.
Processing Sequence on S/MIME Verification
A S/MIME-signed email arrives on the server. The signature is to be verified.
1. Crypt writes the signed data and the signature to the hard disk.
2. This data and the certificate for verification are then passed to the S/MIME interface. The sender's certificate is searched in the local Windows certificate store or in iQ.Suite KeyManager. If no certificate is found there, Crypt checks whether the certificate is contained in the email. If the certificate is found, it is imported and used.
3. If in the job the Remove S/MIME signature option is enabled (Crypt Engine/Mode tab), the signature is removed with all certificates attached.
Note: The Crypt engine for S/MIME automatically imports the certificates into the Windows certificate store or the iQ.Suite KeyManager. Therefore, importing the certificates (or an Import job) is not absolutely necessary. Use the Crypt Key Import job, if you wish to import certificates with different formats or certificates in attachments. Refer to Automatic certificate import with S/MIME.
Sample Job: Verifying email signatures with S/MIME
To have all signatures - where applicable - automatically verified and encrypted emails automatically decrypted, enable the Optional decryption option in the Crypt Engine/Mode tab of the Decrypt/Verify with S/MIME job.
If you want to allow signed emails only, drag the Encrypt/Verify with S/MIME job to the Mail Transport Jobs folder and set the security settings to Enforce selected mode and the Crypt mode to 'Verify'.
For further information on the individual fields, refer to Sample Job: Decrypting emails with S/MIME.
439 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Using iQ.Suite KeyManager
iQ.Suite KeyManager, as modular extension of iQ.Suite Crypt, can be used for the convenient and complete administration of S/MIME certificates in combination with the iQ.Suite. Keys in OpenPGP standard can be managed, imported in and exported from the KeyManager.
With iQ.Suite KeyManager, self-signed certificates and certificates issued by certification authorities such as VeriSign can be managed centrally. The status of the certificates can be queried and updated automatically with OCSP and/or by using certificate revocation lists (CRLs). However, the KeyManager also offers possibilities for manual control and administration e.g. to avoid unnecessary costs.
Using S/MIME certificates
Whenever a certificate is needed from the iQ.Suite to process an email, a certificate is requested from the KeyManager server. Provided such a certificate is available in the KeyManager database, it is passed to the iQ.Suite, e.g. for encrypting/decrypting emails or signing/signature verification. If no matching certificate is found, iQ.Suite KeyManager addresses the request to a selected certification authority, e.g. S-TRUST (VeriSign).
Communication between iQ.Suite KeyManager and iQ.Suite is possible via HTTP or HTTPS.
Important: The KeyManager server has to be installed and configured before configuring the iQ.Suite. On this server, it must be possible to address the KeyManager web service.
As soon as the server environment is operating properly, perform the following steps:
Configure a KeyManager connection and activate the configuration. Refer to the installation and administration manual for iQ.Suite KeyManager. Download on www.gbs.com. Activate the available Crypt engine for S/MIME. Keep the default settings. Activate the Enctypt/Sign with S/MIME job. In order to use a proxy server, configure a proxy server connection. This connection can be selected afterwards in the configuration document that is used for the connection between Crypt and KeyManager.
Configuration of a KeyManager Connection
1. Click on Basic Configuration -> Utility Settings > Certificates > KeyManager:
440 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
For a standard KeyManager server installation, no settings have to be configured in the General tab.
GBS KMS Interface: This DLL is used to establish the connection between iQ.Suite and the KeyManager server. Do not change this entry!
Timeout Enter the number of seconds after which the attempt to connect to the KeyManager service is canceled if unsuccessful. When entering this value, take into account your server’s performance, the size of the emails and the speed of your network connection between iQ.Suite and the KeyManager server. Possible values range from 30 to 900 seconds.
Run KeyManager connection as: In a standard installation these fields can be ignored. Basically, these settings are used to call the KeyManager interface in a different user context. Under User and Password, enter the user credentials.
Tenant: For tenancy support, enter the tenant GUID specified in the Tenants view of iQ.Suite KeyManager. In case of several tenants, a separate KeyManager connection has to be configured for each tenant: KeyManager > right-click > Alle Tasks > Duplicate.
You can also configure multiple KeyManager connections for the same tenant, provided that different folder IDs are specified in the Cache tab.
Options
Wait for certificate creation If iQ.Suite KeyManager is configured to create new certificates the first job execution fails, since certificate creation is not completed at this point of time. Enable this option and make sure that the 'Automatically request certificates from KeyManager’ option in the Crypt Mode tab of the job is enabled. Refer to Crypt Mode.
Also notified when imported certificates already exist: With this option enabled, you will be informed of the import of certificates from emails into the selected 441 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
component, even if these certificates are already available in the component. Select the component to be used in the Certificates field of the 'S/MIME 2' engine.
Write detailed log data: Creates a log with more detailed processing data of the communication between iQ.Suite KeyManager and iQ.Suite, e.g. for troubleshooting.
2. Open the Options tab:
Server name / address: Enter the FQDN (Fully Qualified Domain Name) or the IP address of the server to which the emails are to be send from the iQ.Suite server.
If using HTTPS as transport protocol between the iQ.Suite server and the web service, the server name must match the "Common Name" specified within the SSL certificate. If using HTTP, you may also enter the IP address of the web service server.
Server port: Enter the port number of the server on which the web service is running. The port is used to establish the connection between the KeyManager server and the iQ.Suite server in order to have emails encrypted. Typically, port 8080 is used for connections via HTTP and port 443 for connections via HTTPS. If set to '0', the default values are used (port 8080 or 443).
Server protocol: Select the desired protocol to be used for transmitting the emails. For security reasons, we recommend to use HTTP for test scenarios only.
If using the HTTPS protocol, also set the following:
Root certificate path: Enter the path to the web service server’s root certificate used (path to trusted certificates). This certificate was used to sign the SSL certificate and stored in the iQ.Suite server file system. User name/User password: Enter the web service user authentication data used to perform the email encryption via HTTPS. This user account must have been set up on the web service server. 442 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Notes:
If no root certificate is specified, the identity of the web service server is not checked. This compromises the protection against attacks in insecure networks provided by SSL. If your are using the Windows Certificate Manager for exporting certificates from the web service server to the iQ.Suite server (Windows > Control Panel > Internet Options), the root certificate must be available in PEM format (base-64 encoded X.509). A binarily exported certificate or a non-root certificate will not be accepted.
3. Open the Proxy Server tab:
To establish the connection to your KeyManager server via a proxy server, select the desired proxy server:
No proxy server: No proxy server is used. Proxy server of iQ.Suite Server: The proxy server used is the one defined for the iQ.Suite server. These proxy server settings can be set during the installation. Custom proxy server: The proxy server used is the one set under Basic Configuration > General Settings.
4. Open the Cache tab:
443 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
5.
Specify whether to use a local cache for the certificates and/or PGP keys which are downloaded from the KeyManager.
If configured accordingly, synchronization between iQ.Suite KeyManager and the local cache is carried out in regular time intervals. This guarantees that always the current certificates and keys are available in the local cache. As a local cache for S/MIME, a local Windows certificate store can be used, for the PGP keys two local key rings are used (pubring.gpg and secring.gpg).
For further information on the Windows certificate store, refer to Using the Windows Certificate Store.
Settings for S/MIME and PGP synchronization:
Update interval: By default, iQ.Suite is synchronized with iQ.Suite KeyManager in a 60-minutes interval.
Update timeout: By default, a timeout occurs 900 seconds (15 minutes) after update start in case the update could not be completed successfully. The update is stopped with an error.
Notify administrator on successful updates: If you want to be notified on successful synchronizations via email, enable this option. In case synchronization fails, you will be always notified.
For S/MIME:
Use local caching for S/MIME: Use this option to enable S/MIME synchronization. Since KeyManager is queried only if the certificate has not been found in the local cache, the server load is reduced. Folder ID: Specify the name of the directory to which the certificates are to be stored in the local cache (e.g. tenant name 'Unit_01'). Allow deletion of certificates in local cache: The certificates which don't exist anymore in the KeyManager are automatically removed from the local 444 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
cache during synchronization. Otherwise, the certificates remain in the local cache and can still be used there.
For PGP:
Use local caching for PGP: Use this option to enable PGP synchronization. For PGP, iQ.Suite cannot directly access the KeyManager. Consequently, iQ.Suite can use the PGP keys managed in the KeyManager only if Local caching is used for PGP.
Version: Select the GnuPG version which you are using.
PGP executable: absolute path to the GnuPG EXE file, e.g. C:\Program Files\crypt\gnupg\gpg.exe. Password: Enter the password to be used for all private PGP keys which will be downloaded from the KeyManager to the local key ring. The password may contain all printable characters from the 7-bit ASCII character set (US-ASCII) except the quotation mark.
When required, synchronization can be initiated manually: iQ.Suite monitor > 'Server' > Server Status > 'Test' tab> Engines Update.
Engine configuration: S/MIME2 Engine
Create an S/MIME2 engine: Basic Configuration > Utility Settings > Crypt > Crypt Engines > S/MIME 2.
Certificates: Select a KeyManager connection or the local Windows certificate store.
For additional information to configure the S/MIME2 engine, refer to Configuration of the S/MIME2 Engine.
Sample Job: Configuring a KeyManager Job (S/MIME)
445 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Assign the previously configured S/MIME2 engine to a KeyManager job:
For email encryption with iQ.Suite KeyManager, you need a Crypt Outbound job. Use, for example, the sample job Encrypt/Sign with S/MIME. Refer to Sample Job: Encrypting emails with S/MIME. In the Crypt Engine tab, leave the KeyManager tenant field empty. In the Crypt Mode tab, select the desired mode:
No matter which Crypt mode is selected, the emails will be encrypted/signed with the certificates stored in iQ.Suite KeyManager.
Missing certificates can be automatically created by using iQ.Suite KeyManager if the Automatically request certificates from KeyManager option is enabled. For a description of this option, refer to Crypt Mode.
For email decryption with iQ.Suite KeyManager, a Crypt Inbound job has to be created. Use, for example, the sample job Decrypt/Verify with S/MIME. Refer to Sample Job: Decrypting emails with S/MIME.
Using the Windows Certificate Store
Certificates that are created and/or managed in iQ.Suite KeyManager can optionally be cached in a local Windows certificate store and be used to encrypt or decrypt emails or to create or verify the signature.
The advantage of this solution is that the S/MIME functionality is not affected even in case of temporary KeyManager server failures. Email processing is not delayed because of missing certificates.
Through persistent synchronization with iQ.Suite KeyManager, it is guaranteed that always the current certificates are used.
Note: Note that an automatic certificate import from the certificate store to the KeyManager server is not possible.
Processing:
By the client, an email is sent to a recipient who is supposed to receive the email which is encrypted.
1. Crypt writes the data to be encrypted to the hard disk in form of a Multipart MIME message body.
2. This data and the recipient name is passed to the S/MIME interface.
3. The certificate is searched for in the local Windows certificate store and is used to encrypt the file. If the corresponding certificate is not found, an appropriate certificate is searched for on the KeyManager server.
4. Crypt adds the resulting S/MIME component to the email as a new MIME message body.
Configuration: 446 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
If you plan to use the Windows certificate store associated with iQ.Suite KeyManager, proceed as follows:
1. Configure a KeyManager server connection. Refer to KeyManager Connection Configuration.
2. Configure the local Windows certificate store in iQ.Suite. Refer to Configuration Description.
3. In the KeyManager connection, enable the 'Use local cache for S/MIME’ option.
Tip: The directory
4. Make a refresh in the Certificate Manager to refresh the views (F5).
5. Create a Crypt Engine for S/MIME 2: Crypt > Crypt Engines > S/MIME 2. In the Certificates field, select the previously configured KeyManager connection.
Important: Since during the initial phase of the synchronization with iQ.Suite KeyManager a very high data volume is synchronized and transferred, the import process can take some time and might produce a timeout. By default, a timeout occurs after 900 seconds. Raise that value if timeouts often occur in your system environment.
6. Certificates stored in iQ.Suite KeyManager are regularly synchronized with the data of the Windows certificate store. New and modified certificates are imported into the corresponding folders (iQ.Suite Trusted , iQ.Suite Untrusted , iQ.Suite Unknown ) according to the specified trust status.
7. Use the KeyManager import function on the KeyManager server to import the users' existing personal certificates, if required.
Using PGP keys
The PGP keys managed in iQ.Suite KeyManager can be used by iQ.Suite Crypt jobs.
It is made sure by regular synchronization with iQ.Suite KeyManager that the respectively most current key managed in the KeyManager is used. With this, PGP functionality remains unimpaired at temporary breakdowns of the KeyManager server.
Synchronization is performed automatically in the intervals defined in the engine.
Engine configuration: PGP synchronized with KeyManager
Configure a Crypt engine of the type PGP synchronized with KeyManager:
Use the General tab to perform the following settings:
1. Click Basic Configuration -> Utility Settings > Crypt > Crypt Engines > PGP 447 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
synchronized with KeyManager.
To create a copy of this engine, right-click on the existing engine and then on All Tasks > Duplicate. To create a completely new engine of this type, click Crypt Engines > right-click > New > PGP2 external program.
In the General tab, make the following settings:
GBS Crypt Interface: DLL file that links iQ.Suite with the GnuPG engine. Do not change this entry!
Timeout: Number of seconds after which the attempt to connect to the Crypt engine is interrupted if unsuccessful. Consider your server performance!
KeyManager: Select a KeyManager connection. The drop-down list contains all KeyManager connections for which PGP synchronization is enabled.
Signature key ID: Key identification of the (private) company key to be systematically used for signing, e.g. [email protected]
2. Open the PGP Options tab:
448 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Options: Use default settings (default): Predefined, not editable PGP options will be used. Use custom settings: You can modify the behavior of the synchronized GnuPG Engine for processing with GnuPG by specifying user-defined options.
For detailled information and support, please contact the GBS Support Team.
Add this extension After encryption with GnuPG, this file extension is appended to each encrypted email section (except for the message body) before being sent. Crypt uses these extensions only for PGP (not for PGP/MIME). Specify the Crypt method in the job.
Remove this extension During decryption, any file extensions added to encrypted email sections are removed again (except for the message body). The extensions entered here are normally used for PGP encryption and iQ.Suite Crypt assumes that these emails have received the extension during encryption. Crypt uses these extensions only for PGP (not for PGP/MIME). Specify the Crypt method in the job.
3. Open the Fingerprints tab:
449 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
The fingerprints in the upper section of the tab identify the PGP key to be imported. Whenever an email section arrives with a fingerprint specified in this tab, the key import job will know that it is a PGP key.
The fingerprints in the lower section identify emails that have already been PGP- encrypted and/or PGP-signed on the client and are being processed for sending on the server. It is possible to define exceptions for these emails in the Crypt job. The fingerprints apply to the Crypt PGP encryption method only, not to PGP/MIME.
All known fingerprints for identifying PGP keys and PGP-encrypted emails are preconfigured. For further information on fingerprints, refer to Fingerprints.
Configuration of a KeyManager Connection
For synchronization with iQ.Suite KeyManager, a KeyManager connection is required. Refer to KeyManager Connection configuration.
Sample Job: KeyManager Job Configuration (PGP)
Assign the previously configured 'PGP synchronized with KeyManager' engine to a KeyManager job:
For email encryption with iQ.Suite KeyManager, you need a Crypt Outbound job. Use, for example, the sample job Encrypt with GnuPG. Refer to Sample Job: Encrypting emails with GnuPG.
In the Crypt Engine tab, select the 'PGP' or 'PGP/MIME' method. In the same tab, select the PGP synchronized with KeyManager engine.
For email decryption with iQ.Suite KeyManager, you need a Crypt Inbound job. Use for example, the sample job Decrypt with GnuPG. Refer to Sample Job: Decrypting emails with GnuPG.
450 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
In the Crypt Engine tab, select the 'PGP' or 'PGP/MIME' method. In the same tab, select the 'PGP synchronized with KeyManager' engine.
451 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Encrypting emails with WebCrypt Pro
WebCrypt Pro is a modular extension of iQ.Suite Crypt and enables secure encrypted email communication with recipients who do not use any encryption solution. With WebCrypt Pro, no S/MIME certificates or PGP keys are required.
WebCrypt Pro requires a separate license.
Note: The WebCrypt Appliance is provided by our partner SEPPmail AG. For further Information, please contact the GBS Sales team. For information on the installation und configuration of the WebCrypt Appliance, please refer to the separate manual. Download unter www.gbs.com.
The WebCrypt Encryption (SMTP) Job adds a marker as a prefix in the subject line of the processed emails.
The WebCrypt Appliance encrypts the marked emails und then removes the marker before delivering the email to the recipients. For each email individually, the WebCrypt Appliance automatically uses the best encryption method.
To encrypt the email, the recipients log on to the WebCrypt user portal with their email address and password. The password is created when the first encryption request arrives on the WebCrypt server and is transmitted using separate means of communication.
Job configuration:
In this example, only the job-specific details are illustrated. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
1. Click Policy Configuration > Mail Transport Jobs > right-click > New > WebCrypt Jobs > WebCrypt Encryption (SMTP). 2. Open the Options tab:
452 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
3. Specify the Marker to be added as a prefix in the subject line of the processed email.
Valid markers are:
[priv] (default) [confidential] 4. If you activate the Use SMTP server checkbox, the emails processed by this job will be sent directly to the WebCrypt SMTP server after they have been processed by the remaining jobs. You can prevent the emails from being processed by the subsequent iQ.Suite jobs by enabling the Skip subsequent Jobs job action. Refer to Additional actions.
If you do not activate the Use SMTP server checkbox, the email routing on the iQ.Suite server has to be configured in a way that all emails are routed via the WebCrypt server. Otherwise, the marker will not be removed and the email will be delivered to the recipient without encryption.
If you want to use the WebCrypt SMTP server, specify the following information:
Name: Host name, FQDN or IP address of the SMTP server. Port: Port number of the SMTP server. User, Password: If authentication is required on the SMTP server, enter the username and password to be used for the authentication. Timeout: Specify the number of seconds after which the job processing will be aborted if connecting to the SMTP server fails.
5. Use the Encryption field to determine whether to use encryption for the transmission of the processed emails to the WebCrypt SMTP server (secure connection). If yes, select the option to be used for this:
'None': No encryption is used. 453 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
'STARTTLS optional': The connection is established without encryption. If the server offers STARTTLS, TLS encryption is used; otherwise, the transmission is done without encryption (optional encryption).
'STARTTLS': This option allows to establish a connection to an unencrypted port. The server must offer STARTTLS. If no STARTTLS is available, no connection is established.
'SSL/TLS': A connection to a port which is intended for encrypted connections is established. After that, the protocol-specific communication begins.
6. Enable the job and save the configuration.
454 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Migration from S/MIME to S/MIME2
Important: If you are currently using the outdated S/MIME method (tk_smime), you must switch to the new method (tk_smime2) for being able to use future feature implementations.
If so far you managed certificates in the certificate database certs.db and now you want to use the Windows certificate store, you can import the certificates used so far into the certificate store to continue using them.
Tip: Use, for example, the iQ.Suite Certificate Manager to import certificates from the certificate database first into the file system. In case of questions, please contact the GBS Support Team. Note that the trust status is automatically set to 'trusted'.
So far, private keys were provided in the file system. They can continue to be used by being imported together with the certificates or by remaining in the file system. For importing/exporting, the Certificate Manager can be used.
If, for S/MIME2, you want to use the local certificate store to manage certificates, proceed as described below. To use iQ.Suite KeyManager, proceed as described under Using iQ.Suite KeyManager.
1. In the iQ.Suite, configure the local Windows certificate store as described under Configuration description. In the Compatibility tab, specify the following settings:
455 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
If private keys were so far stored in the file system according to the outdated S/MIME method, and the certificates stored there are continued to be used, enable the 'Compatibility mode with old S/MIME solution’ option. Keep the root certificate and the company certificate information from the outdated S/MIME configuration (S/MIME Engine > 'General' tab). Newly created private keys will then be stored at the same place as previously. Default:
Root certificate: Directory where the root certificate is stored. Default:
The password may contain all printable characters from the 7-bit ASCII character set (US-ASCII) except the quotation mark.
Note: If, on recipient side, Crypt is also used, no root certificate is required. In such cases, leave the Root certificate field blank.
Company certificate: Directory where the company certificate is stored. The company certificate is created from the root certificate and has to be stored in the same directory as the root certificate.
Default:
2. Import all certificates and keys into the certificate store.
3. Create a Crypt engine for S/MIME 2: Crypt > Crypt Engines > S/MIME 2. In the Certificates field, select the Windows certificate store. Refer to Configuration of the S/MIME2 Engine.
4. Copy the Certificate import with S/MIME job to Mail Transport Jobs. Refer to Automatic certificate import with S/MIME.
1. Activate the job. It is expected to start after the decryption/verification job. 2. In the Options tab under Method, select 'S/MIME' and in the following field, the previously configured Crypt engine 'S/MIME 2'. Enable 'Unpack compressed attachments'.
3. When the job starts the next time, the folders iQ.Suite Trusted , iQ.Suite Unknown and iQ.Suite Untrusted are created in the local Windows certificate store, and the public certificates edited by the job are stored in the iQ.Suite Unknown folder. 4. Drag and drop the certificates to assign them to the desired folders.
5. Open the previously configured Crypt Inbound Jobs (decryption/signature verification) and Crypt Outbound Jobs (encryption/signature creation). However, in the Crypt Engine tab, select the new Crypt engine 'S/MIME 2'. 456 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Crypt Inbound Job: refer to Decryption with S/MIME and Signing with S/MIME. Crypt Outbound Job: refer to Encryption with S/MIME and Verifying S/MIME signatures.
457 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
iQ.Suite PDFCrypt
Topics:
PDFCrypt – Overview PDFCrypt Engine Verifying signatures of PDF Files Signing and/or encrypting PDF attachments Methods of password transmission
458 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
PDFCrypt – Overview
iQ.Suite PDFCrypt offers various possibilities with the following job types:
PDFCrypt Mail Encryption
Converts emails in PDF files and - depending on the job configuration - signs and/or encrypts the generated PDF files before sending them as email attachments.
Refer to Converting emails to (encrypted/signed) PDFs.
PDFCrypt Signature Verification
Verifies the signatures of PDF files to ensure their integrity and authenticity (binding assignment of the PDF to a person).
Refer to Verifying signatures of PDF Files.
PDFCrypt File Signing/Encryption
Signs PDF files attached in emails by means of the sender's certificate and/or encrypts these PDF files with a password. Signing and encryption are performed like with PDFCrypt Mail Encryption.
Refer to Signing and/or encrypting PDF attachments.
459 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
PDFCrypt Engine
The PDFCrypt Engine is available under Utility Settings > PDFCrypt.
The PDFCrypt Engine is integrated into PDFCrypt jobs and is used to convert emails to PDF files (when the PDFCrypt Mail Encryption Job is used), to sign and/or encrypt these PDFs and other PDFs attached to emails. Besides this, this Engine can be used to verify the signatures of PDFs.
Allow signing/verification: This option must be activated to enable the signing of PDFs and the verification of signatures against one of the supported certificate stores ('iQ.Suite KeyManager' or 'Windows Certificate Store'). Certificates: Select the certificate store which contains the certificates to be used for signing and verification. Block download of external contents: By default, contents from external URLs (e.g. ) are downloaded. If you want to prevent access to the web in order to block any download from external URLs, enable this option.
Converting Emails to (Encrypted/Signed) PDFs
For the conversion of emails to PDFs and optionally the encryption of these PDFs with a password, use a PDFCrypt Mail Encryption Job.
By means of the PDFCrypt Utilities, you can define the content of the PDFCrypt mail and the header of the PDF file (text and maybe images).
Refer to PDFCrypt Mail Encryption Job and PDFCrypt Utilities.
PDFCrypt Utilities
Under Utility Settings > PDFCrypt, you can find the PDFCrypt Engine and PDFCrypt Utilities which are needed for PDFCrypt Mail Encryption.
Images can be imported; templates for the PDFCrypt mail and the header of the 460 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
password-protected PDF can be configured. Imported images can be added to these templates via the HTML editor integrated in iQ.Suite.
Importing PDFCrypt images
To import a PDFCrypt image, proceed as follows:
1. Use the preconfigured PDFCrypt image ('Logo’) or create a new image: PDFCrypt Settings > Images> right-click > New.
Sample image:
New image:
2. To change the existing image, click . To create a new image, click on Browse and, select the desired image (GIF, JPG or JPEG) in the file system.
Under Image preview, the selected image is displayed.
Icons:
Import Opens the file system to change the image displayed in the again preview box. 461 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Open The default image viewer is opened. If the program defined as image default image viewer is an image processing application, this viewer allows to directly process the selected image. Then import the image again:
Export Opens the file system to export the image displayed in the preview box, e.g. for image processing.
3. The Information tab contains detailed information about the imported image:
4. In the Usage tab, the templates to which the image was added are displayed:
5. Click Apply > OK and save the changed iQ.Suite configuration. 6. To add the image in a PDFCrypt template, proceed as described under Integrating PDFCrypt images into a PDFCrypt template.
PDFCrypt Templates: PDFCrypt mail and PDF header
The templates for the PDFCrypt mail and the header of the password-protected PDF file are displayed under PDFCrypt > Mail Templates / PDF Headers.
Use the sample templates or create new templates: Mail Templates / PDF Headers > right-click > New.
The following sample templates are available for the PDFCrypt mail:
Sample template in cases when PDFs are encrypted by using the password management. Sample template in cases when PDFs are encrypted without using the password
462 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
management. Sample template in cases when PDFs are signed.
1. In the General tab, specify the name of the template.
2. In the template for the PDFCrypt mail, additionally define the Subject of the PDFCrypt mail. For this, you can specify a text and/or use variables.
Sample template with password management:
3. In the Content tab, define the content of the notification text for the PDFCrypt mail, respectively of the PDF header, in HTML format.
In the sample templates for the PDFCrypt mail, it is assumed that the password of the encrypted PDFs is sent in a separate email notification. Refer to Success/Error Actions.
Sample template when the password management is used:
Various formatting options are available: You can integrate tables, links, variables
and/or images into the text. Internally, these are converted into HTML commands.
463 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
When you call the source text with , you can enter HTML codes manually.
Condition [COND]:
In some cases, it might be appropriate to not show some of the lines. For example, if the original email does not contain any attachments, the variable [VAR]AttachmentLinks[/VAR] or [VAR]AttachmentTable[/VAR] in the PDF header cannot be resolved and therefore should be ignored. Consequently, the associated text (e.g. "This PDF contains the following file(s):") should not be displayed. For this, enter the [COND] variable manually in the source text of the PDF header template:
[COND]
[COND]AttachmentLinks;This PDF contains the following file(s): [VAR]AttachmentLinks[/VAR] Double-click to open a selected file. [/COND]
The shown example condition is used to check whether the original email contains any attachments.
If yes, the content between the semicolon and [/COND] is displayed. The variable for the attachments (link or table with icons) is resolved. If not, a blank line is displayed.
3. Click the Preview icon to check whether it is displayed as desired. Confirm with OK .
Sample template for the PDF header:
Integrating PDFCrypt Images into a PDFCrypt Template
Inserting an image in HTML format
To include images directly in a PDFCrypt template (PDFCrypt mail or PDF header), the
464 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
images must be available on the iQ.Suite server. Refer to Importing PDFCrypt Images.
1. Open the PDFCrypt template into you want to insert a PDFCrypt image. 2. Enable the template, open the Content tab and click Edit.
3. Use the icon to select the desired image.
Example in a PDF header:
4. With Preview, the image is displayed in a preview, like it will appear in the PDF header or in the PDFCrypt mail. 5. Confirm with OK. 6. Enable the job and save the configuration. Send a test email to yourself or to a test user.
For an example of a PDF file with an integrated image and an attachment, please refer to Example of a Use Case.
Inserting an Image via an HTTP Link
To minimize the size of emails, you can also insert an HTTP link rather than the image itself. Email clients are able to load images from this link and display them to the recipient. Depending on the email program used and the applicable user settings, the images are displayed after a confirmation or manual click on the link by the user.
The following requirements must be met:
The image is available online and in a format that can be processed by web browsers, e.g. JPG. The sender’s email client sends emails in HTML format. The recipient is online. The recipient must have enabled the display of external images.
Adjust the PDFCrypt template as follows:
465 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
1. Open the template and click 'Content' tab > Edit. 2. Place the cursor at the position in the text at which you want the image to be inserted and click :
3. Under Picture Source, enter the URL to the desired image file. 4. Where required, use the Alternate Text field to set an alternative text to be shown if the image cannot be displayed in the web browser. 5. Confirm with OK to insert the URL in the text. The Content tab provides a preview.
PDFCrypt Mail Encryption Job
Copy the sample job Encrypt with PDFCrypt to Mail Transport Jobs or create a new job: Mail Transport Jobs > New > PDFCrypt Jobs > PDFCrypt Mail Encryption.
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
Tab: Attachments
Use the Attachments tab to define constraints for the processing of emails which contain file attachments.
With the default settings of the sample job, all emails will be processed - no matter whether they contain attachments or not.
In the example below, emails without attachments and also emails with at least one DOCX file attachment > 60 KB will be processed by the PDFCrypt Mail Encryption job:
466 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Process emails without attachments (default): Use this option to process also emails which do not contain any attachments.
If this option is disabled, emails without attachments are not processed - regardless of whether any constraints are defined.
For emails which contain at least one attachment, you can define Constraints: Attachment size has to be greater/smaller than... KB: You can define a minimum size and/or a maximum size to exclude emails from encryption depending on the size of their attachments. File types: Emails can be encrypted depending on the type of their attachments. Use the option 'Selected file types’ to specify the file types for which to execute the job or not.
If the email contains several attachments, these constraints have to be considered in combination with the option All attachments must match all constraints. This is what determines whether the email is actually getting encrypted.
All attachments must match all constraints: This option is relevant for emails which contain at least two attachments. Option is disabled (default): The email is encrypted when at least one attachment of the email matches with the constraints. Option is enabled: The email is encrypted only when all attachments of the email match with the constraints. When at least one attachment of the email does not match with the constraints, the email is not encrypted.
Blacklisted Extensions
A list of the file types which Adobe Acrobat does not allow as attachments is available under https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/attachments.html (Blacklisted Extensions). Please note that attachments with these file extensions cannot be opened in Acrobat.
467 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Settings for creating the PDF files
Open the Settings tab:
Attachment name: Specify how to name the generated PDF. You can specify a fixed name and/or use variables, e.g. [VAR]Subject[/VAR]. The file extension "PDF” is automatically added to the name in case you do not specify it in this field.
Refer to List of notification variables.
Additionally embed PDF attachments: All PDF attachments of the processed email will be additionally embedded into the created PDF and therefore are part of the encrypted PDF.
Additionally attach email as.eml: The complete email, including attachments, will be attached to the PDF file in EML format.
If the email is in TNEF format, the attached EML file will be automatically converted to MIME.
File attachments only in.eml: If you enable this option, the attachments of the email will be available only in the EML file. Otherwise, they will be additionally available in the PDF file. In the Attachment name of.eml field, specify how to name the EML file. The file extension "EML” is automatically added to the name in case you did not specify it in the field.
Options for encrypting and signing PDFs:
Open the Options tab:
468 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
PDFCrypt Engine: Select the PDFCrypt Engine to be used to generate the PDF and, if applicable, sign and/or encrypt the PDF. Also refer to PDFCrypt Engine. PDFCrypt Mode: Use this option to specify whether to sign and/or encrypt the PDF: 'Encrypt': The PDF will be encrypted. 'Sign': The PDF will be signed, but not encrypted. 'Sign and encrypt': The PDF will be signed and encrypted. All setting options of this tab will be shown. 'No encryption and signing': The PDF will be neither signed nor encrypted.
Depending on the selected mode, you can make additional settings which are described below.
Options for signing
If 'signing' is enabled, additional options are available:
Ignore certificate purposes: The certificate purpose defines the usage of the certificate, e.g. "server authentication” or "encryption”. If you enable this option, iQ.Suite will ignore the intended purpose specified within the certificate. With this option enabled, also certificates with another key usage than signing (e.g. "encryption”) can be used for signing.
Allow expired certificates for signing: By default, PDFCrypt jobs ignore expired certificates for signature creation. With this option, you can allow the use of expired certificates for signing.
Automatically request certificates from KeyManager (only if iQ.Suite KeyManager is the used certificate store):
If no appropriate certificate for signing is found in KeyManager, KeyManager requests a new certificate. If the used connector requires specific user information to request a certificate, this information has to be passed by iQ.Suite. This is only 469 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
possible if this option is enabled and the first and last names of the user is available in the Active Directory.
For a description of the Automatically request certificates from KeyManager option, refer to Crypt Mode.
Options for encryption
For the PDF to be enrypted, make the following settings:
Encryption: Select an encryption algorithm (default: AES-128). Alternatively, 'AES-256’ with password processing according to PDF 1.7 Adobe Extension Level 3 is available. In comparison with AES-128, this algorithm is supported by less PDF readers and is normally less secure due to a weakness in the Extension Level 3 specification for password encryption, particularly for short passwords. Consequently, we recommend to use 'AES-128'.
Password type: Select the password type to be used to create the password for encryption: 'Fixed password': In the Password field, enter the password to be used for all PDFs. For allowed characters, refer to Note below.
'Use command in subject': In the subject line of the email that is to be encrypted, the sender enters a command (e.g. pwd ) and the desired password (e.g. teSt123 ) as follows:
Example: Agreement pwd=teSt123 'One-time password': The Password manager selected below generates for each email a new random password.
Important: One-time passwords are not saved in a database. Therefore, lost passwords cannot be recovered.
'Use password management':The Password manager selected below generates a random password in accordance with your setting in the Password generation field. The passwords created with this method are stored in a database and can be viewed via the iQ.Suite Monitor. The password can be communicated to the recipient, e.g. in the PDFCrypt mail or in a separate email, either directly visible in the email or with a request link.
Note: For 'Fixed password’ and 'Use subject command’, the following characters are allowed in the password:
all small and capital letters of the ASCII character set. Umlauts are not allowed. all digits from 0 to 9 special characters: ! $ & / = ? # * + - _ < >
470 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
The following setting options and statements only apply if the password management is used:
Password generation
'For each email’: A new password is generated for each email. All recipients of the email will use the same password. 'For each recipient’: If several emails are sent to recipient A, the password that was generated for the first email is also used for all following emails to recipient A. 'For each sender-recipient combination’: For each sender-recipient combination, a new password is generated.
Examples: 1. Sender A sends several emails to recipient C. For all emails from sender A to recipient C, the same password is used (e.g. 'Pass1'). 2. Sender B also sends emails to recipient C. A new password is generated (e.g. 'Pass2'). All emails from sender B to recipient C will then be encrypted with this password.
In the Password Management settings, you can define that recipient-specific passwords expire after a certain time and that new passwords are to be generated in case of expiration.
When passwords are requested via email (password request emails), access to the passwords must be guaranteed. For this, ensure that a user mailbox has been set up on the iQ.Suite server and entered under iQ.Suite Servers > 'Server' > User Access in the Mailbox field. Please refer to Enable user access via email request.
For the configuration of Password Managers, refer to Password Management.
Templates for PDFCrypt Mail and PDF Header
Select a template for the PDFCrypt Mail and a template for the PDF Header:
For further information on these templates, refer to PDFCrypt Templates: PDFCrypt Mail and PDF Header.
Success/Error Actions
In the Actions tab, you can specify actions to be executed, respectively in case of a successful job execution and in case of a failed job execution:
471 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
You can, for example, define who should receive which notification. Refer to Actions.
Notification templates for PDFCrypt are available under General Settings > Templates > PDFCrypt Notifications. Refer to Creating notification templates.
Sending the Password to the recipient by email or SMS
The password of the encrypted PDF can be sent by email and/or by SMS to the PDF recipient. For this, select in the Success Actions the option Send notification to all Recipients.
The following dialog will be displayed:
In the following, only the job-specific settings are described. For a description of the standard actions, refer to Actions tab.
Template for email notification / Template for SMS notification:
472 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
In the sample templates for the PDFCrypt mail, it is assumed that the password is sent in a separate email. The Template for email notification is used by default to this end.
For sending the password by SMS, the Template for SMS notification is used if a corresponding template is selected. Otherwise, the template for email notification is used. The notification is sent to the SMS Gateway which then extracts the text for the SMS from the HTML body of the notification and sends it by SMS to the recipient of the encrypted PDF.
Note: For SMS mailing, the notification to the SMS Gateway must contain the password usually as text (variable [VAR]password[/VAR]). Consequently, make sure that the password variable is set in the selected template for SMS notification. Other than the sample template for email notification which contains the placeholder for password image, the sample template for SMS already contains the required password variable.Please also note that some SMS Gateways can only process the email subject and therefore expect the password in the subject.
Notification mode 'No SMS mailing' (default): An email notification is sent to the recipient of the encrypted PDF. 'Send SMS and notification': The recipient is notified by email and additionally by SMS, provided that the SMS number of the recipient is specified in the password entry for the given sender-recipient combination. If no SMS number exists, the recipient is notified only by email. 'Prefer SMS mailing': If an SMS number exists for the recipient, the notification is sent only by SMS. Otherwise, the notification is sent by email.
Important: iQ.Suite has no possibility to check whether the SMS Gateway has received the notification and sent the SMS sucessfully.
Also refer to Password by SMS.
Send notification just once Refer to Option: Send notification to the recipients just once.
Example of a use case
In the following example, encryption is performed according to the job configuration under PDFCrypt Mail Encryption Job.
1. Anna Glenn sends an email to David Galler. This email contains the attachment Contract_draft_dgaller.docx (ca. 87 KB):
473 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
2. Mr. Galler receives a PDFCrypt Mail with the password-protected PDF attachment that is named after the subject of the original email (Contract_Draft.pdf):
3. Mr. Galler receives the password in a separate email that was created based on the predefined Recipient notification in case of success:
4. When the user tries to open the password-protected PDF, the dialog for entering the password is displayed:
474 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
The user has to enter the password and click OK. The PDF opens:
The attachments of the original email are displayed as links in the PDF. In some PDF readers, clicking on the links would not open the attachments. For example, in Adobe Reader, the attachments are listed in a separate area with the paperclip and can be opened from there:
475 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
5. When the password is lost:
The PDFCrypt mail contains the MAIL link that is used to re-request the password. When the recipient (here: Mr. Galler) clicks on this link, a Password request email is created:
Mr. Galler sends this email and then receives a Password email:
476 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Verifying signatures of PDF Files
The PDFCrypt Signature Verification job can be used to verify the signatures of PDF files to ensure the integrity and authenticity of signed PDFs.
Create a PDFCrypt Signature Verification job: Mail Transport Jobs > New > PDFCrypt Jobs > PDFCrypt Signature Verification.
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
Open the Options tab:
PDFCrypt Engine: The PDFCrypt Engine is required for the signature verification. Refer to PDFCrypt Engine.
Check certificates against certificate store:
Option is enabled (default): The signature certificates will be checked against the certificate store selected in the PDFCrypt Engine ('iQ.Suite KeyManager' or 'Windows certificate store'). Here, the trust status and the validity of the certificate will be checked. Additionally, it will be checked whether the signature and the PDF content match together, i.e. whether the PDF has not been modified after signing.
477 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Note: To enable the certificate check against a certificate store, the Allow signing/verification option must be enabled and a certificate store must be selected in the PDFCrypt Engine.
Option is disabled: The signatures will be verified only against the PDF content. In this case, the Allow signing/verification option in the PDFCrypt Engine is not relevant.
Combinable options for checking certificates against the certificate store:
Allow expired certificates for verification: By default, expired certificates are ignored for the signature verification. Enable this option if you want to allow the use of expired certificates for the signature verification.
Allow unknown trust status for verification: By default, the PDFCrypt job only allows the use of certificates which have the trust status "trusted". Enable this option if you want to use also certificates which have the trust status "unknown".
No import of certificates on verification: By default, signature certificates which are not available in the certificate store will be imported into the certificate store. If you do not want this, enable this option.
478 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Signing and/or encrypting PDF attachments
The PDFCrypt File Signing/Encryption job is used to sign and/or encrypt PDF files attached to emails. This applies also to PDFs which are created by Convert PDF, but does not apply to PDFs in archives (e.g. in ZIP or RAR). PDFs in archives can be neither signed nor encrypted.
Signing and encryption are carried out like with PDFCrypt Mail Encryption. Consequently, only the differences to PDFCrypt Mail Encryption are described below.
Options for Signing and Encryption
For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
Open the Options tab:
If signed or encrypted
With "encrypted", we mean PDF files which are encrypted with a password or on which permissions are set. These PDFs will not be processed, i.e. they will be neither signed nor encrypted again.
Determine here whether already encrypted and/or signed PDFs have to be handled:
Ignore: These PDFs will be ignored. Consequently, no error actions will be
479 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
triggered. Ignored PDFs are considered as "processed" and can trigger the error actions. The success actions will be executed if the email... contains only ignored PDFs. contains only successfully processed PDFs. contains only successfully processed and ignored PDFs.
Execute actions: An email with at least one already encrypted and/or signed PDF will trigger the error actions.
For information on the other setting options of this tab, please refer to Options for encrypting and signing PDFs.
Additionally, please note the following information:
Unlike with PDFCrypt Mail Encryption, no PDFCrypt mail is sent in case of PDFCrypt File Signing/Encryption. To transmit the password in written form, you can send a notification.
Note: If the processed email contains several PDFs, the same password is used for all PDFs of the email.
Setting permissions on encrypted PDFs
The Permissions tab can be used to restrict the permissions on the processed PDF files.
Note: The set permissions are only guiding values for PDF readers; they are not binding at all. Furthermore, the different readers may interpret these permissions differently.The provided setting options apply in Adobe Acrobat as described below; this may vary in other PDF readers.
480 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Deny printing: The PDFs cannot be printed. Deny copying: No text can be extracted from the PDFs. Editing: Deny all editing: After the PDF creation, the PDF cannot be modified in the PDF reader, e.g. enter comments, attach files, signing, filling out forms, etc. Deny commenting: No comments can be added. However, signing by using existing signature forms and filling out forms are possible. No editing restrictions: All editing actions are allowed.
Success/Error actions
Use the Actions tab to define the actions to be executed in case of successful, respectively failed email processing.
Emails which contain no PDF files do not trigger any actions.
Also refer to If signed or encrypted and Actions tab.
481 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Methods of password transmission
Methods at a glance
PDFCrypt offers different methods to transmit the password to the recipient of the encrypted PDF:
PDFCrypt mail: The password can be sent in the PDFCrypt mail by using one of the following variables:
Password as text: [VAR]Password[/VAR] Password image (variable)
Refer to Password in clear text in the PDFCrypt Mail.
Email notification: The password can be sent in a separate PDFCrypt notification by using variables: to the recipient of the encrypted PDF to the sender of the encrypted PDF to internal recipients / recipient groups
Path: Basis Configuration > General Settings > Templates > PDFCrypt Success Notifications or Password Management Notification
Senders and internal recipients can transmit the password to the recipient of the encrypted PDF by using another media form, e.g. by phone or SMS.
Refer to Success/Error Actions.
Variables for password in notification templates
Password as text: [VAR]password[/VAR] Password image (placeholder)
The following methods are available only in case the password management is used:
SMS: The password as text can be sent by SMS to the recipient of the encrypted PDF via an SMS Gateway. For this, a PDFCrypt notification template for SMS mailing is available, respectively one for email encryption and one for file encryption.
Depending on where your SMS Gateway expects the password, you will habe to set the password variable [VAR]password[/VAR] either in the subject or in the body of the used notification template.
Refer to Password by SMS.
482 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Password request: By using variables, a password request link or a string and the address for password requests can be sent in the PDFCrypt mail or in a separate PDFCrypt notification:
Password request via a mailto link. Refer to Password request via mailto link. Password request without link. Refer to Password request without mailto link.
Requirements for the password transmission
In reply to the password request, the password is sent in a reply email only if the sender of the password request is recipient of the encrypted PDF. For the reply email, the notification template for password requests selected in the Password Management is used.
Also refer to Variables for password in notification templates.
Password in clear text in the PDFCrypt mail
Open the template for the PDFCrypt mails: Basis Configuration > Utility Settings > PDFCrypt > Mail Templates
Password as The password can be inserted as text into the subject or body of the text PDFCrypt mail:
For this, open the General tab (subject) or the Notification Text editor (body) and select the variable [VAR]Password[/VAR].
Example: The password of the encrypted PDF is: S9G58Kp6=p
Password as To set the password as image in the body of the PDFCrypt mail, click image in the Notification Text editor on (password image (placeholder)).
Example: The password of the encrypted PDF is
Password by SMS
Requirements for sending passwords by SMS
You have an SMS Gateway account.
You must specify the email address of your SMS Gateway in the iQ.Suite Servers settings. Refer to SMS gateway for sending passwords by SMS.
Transmission of the SMS number to the SMS Gateway
The SMS number of the recipient must exist in the password database. This requires that the SMS number was specified when creating a corresponding sender-recipient password in iQ.Suite WebClient. Refer to the online documentation 483 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
of iQ.Suite WebClient.
Additionally, the [VAR]SMSRecipient[/VAR] variable must be set in the email notification template in order to transmit recipient-specific SMS numbers to the SMS Gateway. In which field of the notification the SMS Gateway expects this variable, depends on your SMS Gateway. The variable can be used in the email address of the SMS Gateway or in the subject or body of the notification template.
Example: [VAR]SMSRecipient[/VAR]@gateway.com Template for SMS notification: refer to Sending the Password to the recipient by email or SMS.
A PDFCrypt Mail Encryption Job or a PDFCrypt File Signing/Encryption Job must be configured with the following settings: Password type: Use password management Password generation: For each sender-recipient combination Success Actions: The 'Send Notification to All Recipients’ option is selected and configured as described under Success/Error Actions.
Password request via mailto link
Note: The password request is possible only if the Password Management is used.
With the variable [VAR]Mail_RequestPasswordLink[/VAR] , you can insert a password request link (mailto link) into the body of the PDFCrypt mail or into PDFCrypt notification templates used for the success case.
This variable is replaced with the mailto link MAIL. When clicking on this link, a new password request email is created. In this email, the recipient address, subject and message text are automatically set. The recipient address of the request email corresponds to the address specified under 'iQ.Suite Server' > 'User Access' tab > Mailbox. To request the password, the recipient of the encrypted email has to send the request email.
By clicking the mailto link, the password can be requested again at any time.
Refer to Requirements for the password transmission .
Password request without mailto link
Note: Password requests are only possible if the Password Management is used.
For the password request without link, variables can be used in the PDFCrypt mail or in PDFCrypt notifications, respectively in the subject or body. These variables are:
[VAR]RequestPassword[/VAR]: This variable is replaced with a string (ID) of the password request.
[VAR]RequestPasswordRecipient[/VAR]: This variable is replaced with the mailbox address of the iQ.Suite server (User Access tab). 484 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
To request the password, the recipient of the encrypted email has to copy the string mentioned above in a new email and to send this new email to the address for password requests. The notification or the PDFCrypt mail must contain a adequate instruction text for the recipient.
By means of this string and the address mentioned above, the password can be requested again at any time.
Refer to Requirements for the password transmission.
485 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
iQ.Suite Convert
Topics:
Convert – Overview Sample Job: Compress attachments as ZIP Sample Job: Extract attachments from archives and PDFs (Decompression) Sample Job: Converting attachments to PDF Converting TNEF mail to MIME Sample Job: Conversion via Command Line
486 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Convert – Overview
iQ.Suite Convert allows to perform a rule-based conversion of email attachments prior to delivery, e.g. to PDF, PDF/A, ZIP, 7-ZIP or using the command line to any other format. iQ.Suite Convert can also be used to convert TNEF emails to the MIME format.
PDF reduces the risk of data manipulation and, due to its widespread use, also avoids compatibility problems when opening files on the recipient side. Compression to ZIP additionally allows to reduce the size of the file and therefore of the email, which in turn relieves your infrastructure and increases the overall performance.
Fingerprints allow to restrict the attachments to be converted according to the file type.
Job types
Compress attachments to ZIP or 7-ZIP
Job: Convert Compression
Extract attachments from archives (e.g. RAR, ZIP, 7-ZIP, TAR, etc.) and PDF files
Job: Convert Decompression
Convert attachments to PDF or PDF/A
Job: Convert PDF
Convert TNEF emails to the MIME format
Job: Convert TNEF To MIME
Execute actions for attachments from the command line
Job: Convert Command Line
Note: As a rule, emails encrypted or signed with S/MIME or PGP/MIME are processed by iQ.Suite Convert jobs in order to avoid difficulties on the recipient side.
487 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Sample Job: Compress attachments as ZIP
Before they are delivered, it is possible to compress email attachments to ZIP or 7-ZIP (Open Source software) and, where required, protect them with a password. The significant reduction of the file size resulting from the compression process allows to reduce both the server load caused by the email traffic and the disk space required in the recipients' mailboxes.
Note: As a general rule, images embedded in email bodies are not compressed in order to avoid display errors on the recipient side.
Copy the Convert Compression Job to Mail Transport Jobs. Activate the job.
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
As preconfigured, this job only processes internal emails addressed to external recipients. If an email attachment was successfully compressed, an extension is added to the email subject field.
Selection
Use the Selection tab to set further properties related to the compression and the attachments to be converted.
488 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Under Compression is equal to or greater than, specify the minimum compression percentage to be reached for an attachment to be processed. With the default setting of 10% the file size of a compressed file attachment must be at least 10% smaller than the original file. If this value cannot be reached, the file attachment is not compressed.
Depending on the number and size, it may be useful to limit the processing time allowed for each attachment (< 900 seconds). If an attachment cannot be processed within the period of time specified under Abort compression after, processing is aborted and continued with the next attachment or next email. In this case, the email is delivered with the attachment in original format.
To limit the size of the attachments to be processed, use the Attachment size fields.
Without any size restrictions, even very small attachments will be compressed although the size reduction is negligible as regards the disk space saved. On the other hand, processing a large number of very large files may seriously affect the server’s performance.
By default, the job compresses attachments of any file type except for already compressed archives and embedded (inline) images. Using fingerprints, you can specify further file types to be excluded from compression. Refer to Fingerprints.
Compression options
Open the Options tab:
Compression
The default compression Method is 'ZIP' with the 'Normal compression' level. As an alternative, you can select the compression method '7-ZIP' and/or change the compression Level:
'High compression': The focus is on maximum compression for maximum space saving. Please note that this may significantly increase the duration of the 489 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
compression process. In this case, you may have to adjust the period of time after which the process is aborted (Selection tab).
'Normal compression' (default): The focus is on achieving a compromise between quick and high compression. From experience, this is the setting that yields reasonable results.
'Quick compression': The focus is on quick compression and minimizing the computing time and resources needed. Please note that with this setting the compression level achieved may be less than maximum.
'No compression': The attachments are simply converted to the ZIP format, but not compressed.
Protection:
To protect compressed attachments with a password, proceed as follows:
1. Enable the Protect compressed attachments option.
2. In the Method field, select the encryption method to be used: 'ZIP’ 'AES'
3. Select a Password type:
'Fixed password':
Enter a Password. This password will be used to encrypt all files which will be processed by this job.
Enter any password or generate a random password by using .
With the checkbox Show password, the password will be displayed in clear text.
'Use subject command':
Specify in the condition ... with following subject command (refer to Conditions) the command to be entered by the sender in the subject field of his email as follows:
Note: For Fixed Password and Use subject command, the following characters can be used in the command and password:
all small and capital letters of the Roman alphabet (umlauts are not allowed) all numbers from 0 to 9 special characters: ! $ & / = ? # * + - _ < > 490 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
The command is not case-sensitive.
'One-time password':
iQ.Suite generates a random password which can be sent to all senders, to internal senders only or to the administrator (notification template 'Conversion successful’ in the Actions tab).
For the password complexity, select the Password manager to be used. Refer to Password complexity.
'Use password management’:
iQ.Suite uses the selected Passwort management to generate a password according to the option set in the Password generation field:
'For each email': A new password is generated for each email. All recipients of the email will use the same password.
'For each recipient': If several emails are sent to recipient A, the password that was generated for the first email is also used for all following emails to recipient A.
In the Passwort Management, you can configure that recipient-specific passwords expire after a certain time and that new passwords are to be generated in case of expiration.
'For each sender-recipient combination': For each sender-recipient combination, a new password is generated.
Examples:
1. Sender A sends several emails to recipient C. For all emails from sender A to recipient C, the same password is used (e.g. 'Pass1').
2. Sender B also sends emails to recipient C. A new password is generated (e.g. 'Pass2'). All emails from sender B to recipient C will then be encrypted with this password.
For information on the Password Management, refer to Password Management.
Note: The password must be known to the email recipients and either the unpacker used by the recipient must support the encryption method or a Decompression Job must be configured accordingly and enabled.
Advanced:
All attachments must be processed successfully:
This option applies to emails that contain multiple file attachments. Hereafter, 'processing' means the compression.
If this option is not enabled and no attachment could be processed, the success actions won't be executed. If the job is mission critical (option in General tab), the 491 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
email will be put unchanged in the Badmail quarantine. If at least an attachment could be processed successfully, the success actions (Actions tab) will be executed and the email may be delivered to the recipient with unprocessed attachments.
If this option is enabled and at least an email attachment could not be processed, processing will be cancelled. If the job is not mission critical, the email will be put unchanged in the Badmail quarantine. If the job is not mission critical, the email will be passed unchanged to the subsequent job, for further processing. The defined success actions won't be executed - no matter whether the job is mission critical or not.
Combine multiple files into one archive:
With this option enabled, all files attached to the email are compressed into a single archive. In the Filename field, specify how to name the archive file: Enter any text or select variables, for example the variable [SelectedCount] (Convert: File count).
If this option is disabled, every single file of the email is compressed into an own archive.
Success/Error Actions
Use the Actions tab to specify the actions to be executed, respectively in case of a successful job execution and in case of a failed job execution:
You can, for example, define who should receive which notification. Refer to Actions.
Notification templates for Convert are available under General Settings > Templates > Convert Notifications. Refer to Creating notification templates.
Sending the Password to the recipient by email or SMS
The password of the password-protected file can be sent by email and/or by SMS to the PDF recipient. For this, select in the Success Actions the option Send Notification to All Recipients or Send message to internal users only.
The following dialog will be displayed:
492 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
In the following, only the job-specific settings are described. For a description of the standard actions, please refer to Actions tab.
Template for email notification / Template for SMS notification:
Under Template for email notification, the notification template Compression successful is selected by default. If the Protect compressed attachments option is enabled and you want the passwort to be sent to the recipient by email, select the notification template Recipient: encrypted compression successful.
For sending the password by SMS, the selected Template for SMS notification is used, e.g. the predefined notification template Recipient (SMS): encrypted compression successful. If no template is selected here, the template for email notification is used. The notification is sent to the SMS Gateway which then extracts the text for the SMS from the HTML body of the notification and sends it by SMS to the recipient of the password-protected file.
Note: For SMS mailing, the notification to the SMS Gateway must contain the password as text. The predefined SMS notification template already contains the appropriate password variable [VAR]password[/VAR]. Please also note that some SMS Gateways can only process the email subject and therefore expect the password in the subject.
Notification mode: 'No SMS mailing' (default): An email notification is sent to the recipient of the password-protected file. 'Send SMS and notification': The recipient is notified by email and additionally by SMS, provided that the SMS number of the recipient is specified in the
493 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
password entry for the given sender-recipient combination. If no SMS number exists, the recipient is notified only by email. 'Prefer SMS mailing': If an SMS number exists for the recipient, the notification is sent only by SMS. Otherwise, the notification is sent by email.
Important: iQ.Suite has no possibility to check whether the SMS Gateway has received the notification and sent the SMS sucessfully.
Also refer to Password by SMS.
Methods of password transmission
Methods at a glance
Convert Compression offers different methods to transmit the password to the recipient of the password-protected file:
Email notification: The password can be sent in a separate email notification by using variables. Refer to Success/Error Actions.
Variables for password in notification templates
Password as text: [VAR]password[/VAR] Password image (placeholder)
The following methods are available only in case the password management is used:
SMS: The password as text can be sent by SMS to the recipient of the password- protected file via an SMS Gateway. For this, a Convert notification template for SMS mailing is available.
Depending on where your SMS Gateway expects the password, you will have to set the password variable [VAR]password[/VAR] either in the subject or in the body of the used notification template.
Refer to Password by SMS.
Password request: By using variables, a password request link or a string and the address for password requests can be sent in a Convert notification:
Password request via a mailto link. Refer to Password Request via mailto Link. Password request without link. Refer to Password Request without mailto Link.
Requirements for the password transmission
In reply to the password request, the password is sent in a reply email only if the sender of the password request is recipient of the password-protected file. For the reply email, the notification template for password requests selected in the Password Management is used.
Also refer to Variables for password in notification templates
Password in clear text in the Convert Notification
494 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Open a predefined Convert notification template or create a new one: Basis Configuration > General Settings > Templates > Convert Notification Templates
Password as The password can be inserted as text into the subject or body of the text Comvert notification:
For this, open the General tab (subject) or the Notification Text editor (body) and select the variable [VAR]Password[/VAR]. Example: Password of the password-protected file is: S9G58Kp6=p
Password as To set the password as image in the body of the Comvert notification, image click in the Notification Text editor on (password image (placeholder)).
Example:
Password of the password-protected file is
Password by SMS
Requirements for sending passwords by SMS
You have an SMS Gateway account.
You must specify the email address of your SMS Gateway in the iQ.Suite Servers settings. Refer to SMS Gateway for sending passwords by SMS.
Transmission of the SMS number to the SMS Gateway
The SMS number of the recipient must exist in the password database. This requires that the SMS number was specified when creating a corresponding sender-recipient password in iQ.Suite WebClient. Refer to the online documentation of iQ.Suite WebClient.
Additionally, the [VAR]SMSRecipient[/VAR] variable must be set in the email notification template in order to transmit recipient-specific SMS numbers to the SMS Gateway. In which field of the notification the SMS Gateway expects this variable, depends on your SMS Gateway. The variable can be used in the email address of the SMS Gateway or in the subject or body of the notification template.
Example: [VAR]SMSRecipient[/VAR]@gateway.com Template for SMS notification: refer to Sending the Password to the recipient by email or SMS.
A Convert Compression Job must be configured with the following settings: Password type: Use password management Password generation: For each sender-recipient combination 495 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Success Actions: Sending an SMS notification is enabled, as described under Success/Error Actions.
Password request via mailto link
Note: The password request is possible only if the Password Management is used.
With the variable [VAR]Mail_RequestPasswordLink[/VAR], you can insert a password request link (mailto link) into Convert notifications sent in case of success.
This variable is replaced with the mailto link MAIL. When clicking on this link, a new password request email is created. In this email, the recipient address, subject and message text are automatically set.
The recipient address of the request email corresponds to the address specified under 'iQ.Suite Server' > 'User Access' tab > Mailbox. To request the password, the recipient of the encrypted email has to send the request email.
By clicking the mailto link, the password can be requested again at any time.
Refer to Requirements for the password transmission.
Password request without mailto link
Note: Password requests are only possible if the Password Management is used.
For the password request without link, variables can be used in the Convert notifications, respectively in the subject or body. These variables are:
[VAR]RequestPassword[/VAR]: This variable is replaced with a string (ID) of the password request.
[VAR]RequestPasswordRecipient[/VAR]: This variable is replaced with the mailbox address of the iQ.Suite server (User Access tab).
To request the password, the recipient of the password-protected file has to copy the string mentioned above in a new email and to send this new email to the address for password requests. The notification must contain an adequate instruction text for the recipient.
By using this string and the address mentioned above, the password can be requested again at any time.
Refer to Requirements for the password transmission.
496 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Sample Job: Extract attachments from archives and PDFs (Decompression)
To unpack archives (e.g. RAR, ZIP, 7-ZIP, TAR, etc.) and PDFs attached to emails and this way not to charge the end user with different archive formats, you can use the Convert Decompression Job. Please note that decompression increases the disk space required in the recipients' mailboxes.
Copy the Convert Decompression Job to Mail Transport Jobs. Activate the job. This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard Tabs of Mail Transport Jobs.
With the default settings, this job only processes emails sent by external senders.
Selection
Use the Selection tab to set further properties regarding the extraction and the attachments to be extracted:
Abort decompression after... seconds: With this timeout option, you can set a time limit for a decompression action. In case of timeout, the extraction is aborted.
Extraction options
Use the Options tab to make the following settings:
497 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Maximum depth of extraction: In case emails contain nested archives, specify here the maximum number of recursive decompression actions per archive. With 'nested archives', we mean 'archives which contain archives'.
Example:
An email contains a ZIP archive (A1) which again contains a ZIP archive (A2). A1 contains 2 files (XLS and DOC), A2 contains 3 TXT files. In case of a recursive extraction (Maximum depth of extraction is '2’ or higher), two decompression actions are performed and all files from both archives are added together (2 + 3 = 5).
Note: The maximum depth of extraction defined for the iQ.Suite domain (iQ.Suite Servers > General > Maximum number of extracted archive levels) is not considered here.
In case the following thresholds are exceeded, the job will be aborted and the Error actions will be executed:
Maximum size after decompression (KB): Maximum absolute size of all extracted files per archive.
This size cannot exceed the global maximum per email (iQ.Suite Servers > General > Limit disk workspace per processed email (in KB) to).
Maximum number of files to extract: Maximum number of files that should be extracted per archive. If the archive contains more files, the archive is not unpacked.
Other options:
Use password for decryption:
498 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
To decompress password-protected archives, the Decompression Job needs to know the password to be used for decryption. The selected Password type determines the password to be used:
'Fixed password': Specify the Password to be used. For this, enter a password or generate a random password by using the icon . With the checkbox Show password, the password will be displayed in clear text.
'Use subject command':
Use this option if you want the sender to write the password for decryption as a command in the email subject field. Specify the command to be used in the Conditions tab by using the condition ... with following subject command. Refer to Conditions tab and Conditions.
The sender must enter the command and password in the subject field as follows:
Example: Contract [PWD]=teSt123 The command and password are removed from the subject before the email is delivered to the recipient.
Note: For 'Fixed Password' and 'Use subject command’, the following characters can be used in the command and password:
all small and capital letters of the Roman alphabet (umlauts are not allowed) all numbers from 0 to 9 special characters: ! $ & / = ? # * + - _ < >
The command is not case-sensitive.
'Use password management':
Select the Password management to be used. All passwords which exist in the associated password database and are valid for the sender or the sender- recipient combination are checked for decryption.
Extract PDF files: With this option enabled, the files contained in PDFs will be extracted.
Contrary to archives which are removed from the email after their decompression, the PDF remains unchanged in the email.
Note: The options relative to the depth of extraction, size and number of files after extraction apply to PDF files as well if the 'Extract PDF files' option is enabled. Furthermore, the specified password is also used to decrypt PDFs.
499 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
500 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Sample Job: Converting attachments to PDF
Before they are sent to the recipients, the attachments contained in an email can be converted to PDF or PDF/A. This allows to meet corporate policies and security requirements, for instance that is not allowed to send editable files to external recipients. The conversion to the PDF format allows to reduce the risk of data manipulation, e.g. in Office files or images. Furthermore, once converted, any additional information included in the original files such as markups, metadata, etc. is no longer available to the recipients.
In addition, the conversion to the widely used PDF format avoids the problem that recipients are not able to open the files due to a proprietary format or compatibility issues related to outdated software versions.
Copy the Convert PDF job to Mail Transport Jobs and activate the job.
As preconfigured, this job only processes internal emails addressed to external recipients. Except for PDF files, all attachments are converted. Using fingerprints, it is possible to exclude further file types from conversion.
Note: This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
Selecting attachments
Use the Selection tab to set what is to be done with the original attachments. By default, they are removed and only sent as PDF.
Depending on the number and size, it may be useful to limit the processing time allowed for each attachment (< 900 seconds). If an attachment cannot be processed within the period of time 501 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
specified under 'Abort compression after', processing is aborted and continued with the next attachment or next email. In this case, the email is delivered with the attachment in original format.
To limit the size of the attachments to be processed, use the Attachment size fields.
By default, the job converts the attachments of all file types except for attachments already provided in PDF format. By specifying fingerprints, you can specify further file types to exclude them from conversion. Refer to Fingerprints.
Conversion options
Open the Options tab:
Use PDF/A format: By default, attachments are converted to PDF. If you want the attachments to be converted to the ISO standard PDF/A format, activate this option. In both cases, you can modify the PDF output through variables.
Remove the original file extension: Specify whether to remove the original file extension during conversion for the new created PDF file. Example:
Contract.docx > Contract.docx.pdf or onlyContract.pdf
All attachments must be converted successfully:
This option applies to emails that contain multiple file attachments. Hereafter, 'processing' means the conversion.
If this option is not enabled and no attachment could be processed, the success actions won't be executed. If the job is mission critical (option in General tab), the email will be put unchanged in the Badmail quarantine. If at least an attachment could be processed successfully, the success actions (Actions tab) will be executed and the email may be delivered to the recipient with unprocessed attachments.
If this option is enabled and at least an email attachment could not be processed, processing will be cancelled. If the job is not mission critical, the email will be put unchanged in the Badmail quarantine. If the job is not mission critical, the email will be passed unchanged to the subsequent job, for further processing. The defined success actions won't be executed - no matter whether the job is mission critical or not. 502 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Variable settings
Click Add to create a new variable definition:
Under Variable enter a name and under Value specify a value. Click Apply to confirm.
For further Information on configurable PDF variables, please refer to the separate document on Convert parameters. Download on www.gbs.com.
Example:
Users sometimes use special fonts to format documents. If these fonts are unavailable on the server where the documents are converted to PDF, they are replaced with default fonts. To change these default fonts, you can set the following conversion variables:
Variable Value Description
PRINTFONTALIAS_ORIGINAL<_x> Name of the missing character If the character set specified is set, e.g. Britannic Bold. unavailable, it is replaced with the character set in the variable <_x>: As normally more than PRINTFONTALIAS_ALIAS<_x>. one font will have to be replaced, you can use the <_x> counter (_1, _2, _3 etc.) to specify several fonts.
PRINTFONTALIAS_ALIAS<_x> Name of the replacement Character set to be used character set, e.g. Arial. instead of the character set specified in the PRINTFONTALIAS_ORIGINAL<_x> variable.
PRINTFONTALIAS_FLAGS<_x> SCCVW_FONTALIAS_ALIASNAME: Sets if and how the settings in The replacement character set PRINTFONTALIAS_ORIGINAL<_x> is used. If a default character set and exists, it is overwritten. PRINTFONTALIAS_ALIAS<_x> are used. Further values can be configured besides SCCVW_FONTALIAS_ALIASNAME. For further Information, please refer to the separate document 503 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
on Convert parameters.
504 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Converting TNEF mail to MIME
Some iQ.Suite jobs do not process any TNEF emails. For iQ.Suite jobs to be able to process the emails sent by Outlook users within the same Exchange organization, it is possible to convert internal TNEF emails to the MIME format.
1. Create under Mail Transport Jobs a Convert TNEF To MIME job. Activate the job.
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
2. In general, it is not required to modify the Options tab. We recommend you to keep the default settings:
To be able to influence the representation of TNEF emails in the individual case, please take into account following details.
Conversion: Define whether the Exchange Server or the considerably faster internal method of the iQ.Suite is used for TNEF to MIME conversion. The following options are available:
Only on Exchange:
'Use Exchange conversion': TNEF emails are converted to MIME by the Exchange server. The iQ.Suite internal method is not used. 'Prefer simplified conversion': If the TNEF emails can be converted to MIME by
505 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
the internal method of the iQ.Suite without loss (7-bit TNEF), the conversion is performed without using the Exchange server. If only RTF components are contained in the TNEF email, the Exchange server is used instead (8-bit TNEF).
On Exchange and SMTP:
'Use simplified conversion without Exchange': TNEF emails are converted to MIME without using the Exchange server. Please note that the iQ.Suite converts the message body of the TNEF email into plain text, if there is HTML or if there is no additional message body in the HTML or text format available. Since RTF data might be getting lost, representation errors could occur.
TNEF Correlator: If the TNEF correlator contained in the email header does not comply with the TNEF correlator in the TNEF part (winmail.dat), the Exchange server removes the TNEF part at the conversion instead of converting it (refer to Microsoft Support). This occurs due to a problem of the Exchange server through which the file attachments are missing after the conversion. Enable this option if it is ensured that the TNEF part is valid and shall be converted.
3. Test the MIME conversion with the test function under iQ.Suite Monitor > Server > 'Server name' > Server Status > 'Test' tab > Tnef-To-Mime Decoder Test > Start.
4. Set the job’s priority so that it is started before the iQ.Suite jobs that are unable to process TNEF emails, for instance before a Convert job for PDF conversion. Refer to Sample Job: Converting Attachments to PDF.
Note: For the Bridge Quarantines and the Mail Transport Jobs Bridge Connector and
506 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Store Archiving, the conversion from TNEF to MIME can be configured in the properties of the respective iQ.Suite server. Refer to Converting TNEF-Mails to MIME.
507 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Sample Job: Conversion via Command Line
The Convert Command Line job allows to run your own application (.exe,.bat) that performs specific actions with the attachments, e.g. convert specific file types to TIFF.
When processing the email, the job starts this application. The application must contain certain parameters, which are read by the job and passed to iQ.Suite via the command line. The actions specified in your own application and in the iQ.Suite job are applied to the attachments of the email.
Copy the Convert Command Line job to Mail Transport Jobs. Activate the job.
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
Selecting attachments
Use the Selection tab to set what is to be done with the original attachments. By default, they are preserved and the result of the job action is attached to the email as additional file attachment.
To limit the size of the attachments to be processed, set the Attachment size fields accordingly.
By default, all attachments are processed, except for embedded objects such as embedded images. You can specify fingerprints if you want to exclude specific files from 508 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
being processed. Processing embedded attachments (e.g. embedded images) is also possible.
Conversion options
Use PDF/A format: By default, attachments are converted to PDF. If you want the attachments to be converted to the ISO standard PDF/A format, activate this option. In both cases, you can modify the PDF output through variables.
Remove the original file extension: Specify whether to remove the original file extension during conversion for the new created PDF file.
Example: Contract.docx > Contract.docx.pdf or onlyContract.pdf All attachments must be converted successfully:
This option applies to emails that contain multiple file attachments. Hereafter, 'processing' means the conversion.
If this option is not enabled and no attachment could be processed, the success actions won't be executed. If the job is mission critical (option in General tab), the email will be put unchanged in the Badmail quarantine. If at least an attachment could be processed successfully, the success actions (Actions tab) will be executed and the email may be delivered to the recipient with unprocessed attachments.
If this option is enabled and at least an email attachment could not be processed, processing will be cancelled. If the job is not mission critical, the email will be put unchanged in the Badmail quarantine. If the job is not mission critical, the email will be passed unchanged to the subsequent job, for further processing. The defined success actions won't be executed - no matter whether the job is mission critical or not.
Click Edit to configure the application. 509 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Configuring your own application
Command line: Enter the path to the application. Parameters: iQ.Suite provides a number of parameters for the command line. For any action to be applied to attachments, you have to define at least the parameters [Cmd_InFile] and [Cmd_OutFile] in the application.
[Cmd_InFile] : Content of the original file attachment (input file). [Cmd_OutFile] : Content of the converted attachment (output file). The original file attachment is replaced with the content of this file. If no output file is created, the file attachment is not replaced.
[Cmd_ReportFile] (optional): If the application to be run writes a processing report to this file, the report is later included in the job report.
[AttachmentName_Safe] (optional): This parameter is replaced with the ASCII name of the file attachment without the file extension.
[AttachmentExtension_Safe] (optional): This parameter is replaced with the ASCII file extension of the file attachment.
Note: Not-ASCII characters and most of the ASCII special characters are replaced with underscores.
Timeout: Specify a timeout for the application. If the attachments cannot be processed within the period of time specified here, processing is aborted. User/Password: If the external application is to be started under another account, use these fields to specify the authentication data of the desired user.
Important: When a batch file is called, the batch file uses the DOS codepage for the output of non- ASCII characters such as umlauts. If these characters are not properly shown in the 510 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
report file, you can change the codepage with the command-line command chcp, e.g. 'chcp 1252' changes the codepage to the Windows-1252 character set which is used by Windows for Western European languages.
511 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
iQ.Suite Connect
Topics:
Connect – Overview Connect Engines Storing file attachments in SharePoint Storing file attachments in HCL Connections Connecting iQ.Suite to GBS Workflow Manager
512 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Connect – Overview
With iQ.Suite Connect, social business collaboration plattforms can be connected to the iQ.Suite.
iQ.Suite Connect offers an automated solution for central storage of file attachments. For the pre-processing, filtration and classification of emails and file attachments iQ.Suites' sophisticated rule set is used, to allow rule-based selection and transfer of the file attachments to a collaboration system. If required, the file attachments are replaced in the email by URLs which refer to their location in the collaboration system. This prevents redundant data storage within mailboxes and connected systems, and moreover, reduces the load on the mail server during email transport. By clicking on the URLs, email recipients have access to the file attachments originally attached to the email.
Your individual guidelines and an automated classification guarantee that only file attachments of business relevant emails are transferred to and stored on your collaboration system. Into combination with the spam checking and virus checking modules of the iQ.Suite, safety of your collaboration platform is supported and required disc space is reduced.
Job types
Type: Connect SharePoint
This job exports email attachments to a connected 'Microsoft SharePoint' Social Business Collaboration System.
Type: Connect Connections
This job exports email attachments to a connected 'IBM Connections' Social Business Collaboration System.
Type: Connect Workflow
By using Connect Workflow, you can save documents as well as create and start workflows in GBS Workflow Manager in an automated way.
513 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Connect Engines
Connect engines are used to connect collaboration systems with iQ.Suite. After configuring the Connect engines, they can be selected in Connect jobs. For every supported collaboration platform, an individual engine type is provided for iQ.Suite configuration.
The Connect Workflow Engine is used to connect iQ.Suite to GBS Workflow Manager. The configured engine can then be selected in the Connect Workflow Job.
Tab: General
The General tab is identical in all Connect Engines.
Example for SharePoint:
Connect Interface: DLL file that links the iQ.Suite with the Collaboration System or the Workflow Manager server. Do not change this entry.
Timeout: Usually, the default settings can be kept. If the engine causes frequent timeouts in your system environment, increase the number of seconds in this field.
A timeout can occur if an engine test (per engine) or an upload event (per email attachment for Connections/SharePoint or per processed email for Workflow Manager) is not finished within the specified time period. Please take into account that the size of file attachments affects upload duration. 514 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Write detailed log data: A log with more detailed processing information is written, e.g. for error analysis.
Tab: Proxy Server
To establish the connection to the Collaboration System or to Workflow Manager via a proxy server, select the desired proxy server in the Proxy Server tab:
No proxy server: No proxy server is used. Proxy server of iQ.Suite Server: The proxy server used is the one defined for the iQ.Suite server. These proxy server settings can be set during the iQ.Suite installation.
515 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Storing file attachments in SharePoint
iQ.Suite can be connected to the Collaboration platform Microsoft SharePoint.
The file attachments contained in emails are loaded to the SharePoint server in a rule- based way and stored there according to the SharePoint configuration.
SupportedSharePoint versions: 2013, 2016 and Online
Note: If the file attachments contained in emails are replaced by URLs, internal and external email recipients require appropriate access rights on the SharePoint server. Otherwise the file attachments cannot be opened.
Important: Connection with Microsoft SharePoint requires the installation of SharePoint Client Runtime on the iQ.Suite server: sharepointclientcomponents_16-4351-1000_x_en-us.msi Execute this MSI file which is available in the iQ.Suite program directory under \SUPPORT\INSTALLER\CONNECT. Installation is completed in few installation steps. For the installation of SharePoint Client Runtime, Windows Server 2012 or higher is required.
Configuring a SharePoint Engine
Connection to the SharePoint server is provided via a SharePoint engine.
1. Create a new SharePoint engine: Basic Configuration > Utility settings > Connect Engines > right-click > New > SharePoint Connect Engine. 2. Open the Options tab:
516 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Server name/address: Server name or IP address of the Sharepoint server to which the file attachments are to be sent from the iQ.Suite server.
Server port: Port number of the SharePoint server. The port is used to establish connection between SharePoint and the iQ.Suite server. Typically, port 80 is used for connections via HTTP and port 443 for connections via HTTPS. If set to '0', the standard port is used (port 80 or 443).
Server protocol: Select the protocol to be used for the transport of file attachments. For security reasons, we recommend to use HTTP for test scenarios only.
Important: Using a proxy server is possible only with HTTPS. When using a proxy server with HTTP, an error occurs and uploading attachments is cancelled.
Certificate path: If using HTTPS, you can specify the path to the SharePoint server certificate to be used to validate the certificate returned by SharePoint.
Enter the absolute path or the path relative to the GrpData directory:
Site: Path to the website or Web Site Collection which contains the Library. This path results from the URL of the website or Web Site Collection. A web application may contain several Web Site Collections and each Site Collection may contain top- level sites with subsites.
Library: Name of the SharePoint upload library, e.g. 'Shared Documents’ (SharePoint 2010) or 'Documents’ (SharePoint 2013). This library will be used to store the file attachments. You can specify the SharePoint library in the Connect job
517 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
as well, however, the job settings overwrite the engine settings. This behavior is important if you use several Connect jobs and/or Connect engines.
Domain: Name of the domain in which the user specified below is located.
User / Password: Data for user authentication on the SharePoint server. This user requires read and write permissions on the specified Library.
Microsoft 365 connection (if using SharePoint Online): Since the authentication on SharePoint Online differs from the authentication on traditional SharePoint servers, you must enable this option if the specified server is a SharePoint Online server.
3. Click OK and save the configuration.
4. Test the connection between iQ.Suite and SharePoint server: iQ.Suite Monitor > Server >
Note: The test does not check whether the required user rights are set on the SharePoint server.
5. After successful test, assign the engine to a Connect SharePoint job.
Configuring a Connect SharePoint Job
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
Assign the previously configured Workflow Engine to a Connect SharePoint Job.
1. Under Mail Transport Jobs, create a new Connect SharePoint job. Enable the job. 2. Open the Selection tab.
Additionally to the usual settings of this tab, which are described under Selection / Attachments Tab, the following option is available:
Ignore inline attachments: The file attachments that are embedded in the email body will not be uploaded.
Important: A configurable filter for prohibited file types exists on the SharePoint server. This filter can disable the automatic upload of files, regardless of the SharePoint Job configuration.
Note: If no attachments to be uploaded remain after filtering, the job processing is stopped and none of the selected actions on Success or on Error (Actions tab) is executed.
3. Open the Options tab.
Use this tab to modify upload behavior of the file attachments to the SharePoint
518 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
server:
SharePoint Engine: Select a SharePoint engine.
Library: Name of the SharePoint upload library, e.g. 'Shared Documents' (SharePoint 2010) or 'Documents' (SharePoint 2013). This library will be used to store the file attachments. You can specify the SharePoint library in the Connect engine as well, however, the job settings overwrite the engine settings. This behavior is important if you use several Connect jobs and/or Connect engines. Make sure that the authorized SharePoint user is provided with the required permissions on this library.
Directory path: Path to the directory inside of the llbrary which will be used to store the file attachments.
If the 'Create directories’ option is enabled, the directories specified in the path will be created in the SharePoint library during upload (in case they do not already exist).
Important: If the 'Create directories' option is disabled and the specified directory path does not exist, the attachments will not be uploaded.
Separate the directories specified in the path with a slash. Prohibited characters (: * ? '' < > | # { } % ~ &) will be automatically replaced by underscores.
Example: Development/Share/[VAR]sender[/VAR]/Mails/ Create directories: refer to Directory path.
Collision behavior: Define how to upload a file attachment in case a file with the same name already exists: 'Cancel with error': The upload is cancelled for the colliding file attachment and is evaluated as an upoad error. 519 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
'Cancel with success': The upload is cancelled for the colliding file attachment and is evaluated as an upoad success. 'Overwrite and preserve version': The existing file is overwritten with the new file; the new file gets the version number of the overwritten file. 'Overwrite with new version': The existing file is overwritten with the new file; the new file is handled according to the Check-in behavior settings.
Check-in behavior: Specify whether and how to check in the uploaded file attachments into the SharePoint library: 'No check-in': The file attachments are uploaded but not checked in. 'Check in as minor version': The file attachments are checked in as a minor version (e.g. version number 3.2 > 3.3). 'Check in as major version': The file attachments are checked in as a new major version (e.g. version number 3.2 > 4.0).
Note: Please note that this behavior depends on the settings on the SharePoint server as well.
Check-in comment: For identifying the uploaded file attachments, you can enter a SharePoint comment. Use variables to display the upload date, for example. File attachment links: Specify whether and how to insert the URLs to the uploaded file attachments in the email. 'Do not insert': No URLs are inserted. 'Insert at end of email': The URLs are inserted at the end of the email body. 'Insert at top of email': The URLs are inserted at the beginning of the email body.
Remove file attachments from email: Specify whether successfully uploaded file attachments are to be removed from the email. File attachments that could not be uploaded are kept unchanged. We recommend you not to enable this option, when the 'Do not insert' option is selected under File attachment links.
Perform success actions: Specify when to perform the success actions defined for this job: Option 1: 'At least one upload successful': At least one of the file attachments to be uploaded from an email has been uploaded successfully. If not, the selected error actions will be executed. Option 2: 'All uploads successful': All file attachments to be uploaded from an email have been uploaded successfully. If not, the selected error actions will be executed.
Example of an email with several file attachments, one of those with collision:
Some of the file attachments have been uploaded, but at least one of the file attachments to be uploaded could not be uploaded due to a collision.
If option 1 is selected, the success actions are executed. If option 2 is selected, the success actions are not executed.
520 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
4. Open the Mappings tab.
Use this tab to declare mappings in order to set additional data in existing columns of your SharePoint library:
Column: Specify the name of a column which exists in your SharePoint library. This field is case-sensitive.
Note: If the specified column name does not exist in the SharePoint library, the values entered in Value cannot be set.
Value: For every uploaded email attachment, specify the values which are to be automatically set in the SharePoint library's column specified in the Column field.
For values in the columns, strings and certain variables are supported. With this, a lot of column types can be used since SharePoint interprets and automatically converts the defined strings. For further information, please contact the GBS Support.
The supported variables are those displayed when clicking on the Variables icon under Options tab > Directory path.
Note: In case of errors when setting values in the column of the SharePoint library, no value is set in the columns. This is, for example, the case when a value cannot be interpreted as a number.
Description: Use this field, for example, to write a comment about the field mapping.
Note: If the option for notifying the administrator is enabled in the Actions tab and the [VAR]ToolReportDetails[/VAR] variable is set in the notification template, you will be informed of successful/failed mapping actions in the notification email. 521 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
5. Open the Actions tab.
Use this tab to select the actions to be triggered in case of successful / failed uploads of file attachments. You can, for example, notify the administrator.
6. Click OK and save the configuration.
522 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Storing file attachments in HCL Connections
iQ.Suite Connect allows to connect iQ.Suite to HCL Connections. Email's file attachments are uploaded and stored onto the Connections server according to your configuration.
Supported versions of HCL Connections: version 4.5 or higher.
Note: If the file attachments are replaced by URLs in the emails, internal and external email recipients require appropriate access rights on the Connections server. Otherwise the file attachments cannot be opened.
Configuring a Connections Engine
A Connections engine is used to connect iQ.Suite to the HCL Connections server.
1. Create a new Connections engine: Basis Configuration > Utility Settings > Connect Engines > right-click > New > Connection Connect Engine.
2. Open the Options tab:
Server name/address: Server name or IP address of the Connections server to which the file attachments are to be sent from the iQ.Suite server.
Server port: Port number of the Connections server. The port is used to establish connection between the Connections server and the iQ.Suite server. If set to '0', the 523 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
HTTPS standard port '443' is used.
Server protocol: Uploading files to IBM Connections is only possible via HTTPS. Therefore, the server protocol 'HTTPS' is preset and cannot be changed.
Certificate path: Specify the path to the SSL certificate (Connections server certificate or root certificate) to be used to validate the certificate returned by Connections.
Enter the absolute path or the path relative to the GrpData directory:
Folder name: Specify the name of the Connections folder to which the uploaded file attachments are to be added. If this field is empty, no attachments are added to a folder.
User / Password: Specify the authentication data of the user who has read and write permissions on the Connections server so that the file attachments can be uploaded to the Connections server.
3. Click OK and save the configuration.
Configuring a Connect Connections Job
Assign the previously configured Workflow Engine to a Connect Connections Job.
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
1. Create a new Connect Connections Job under Mail Transport Jobs. Enable the job. 2. Open the Selection tab.
Additionally to the usual settings of this tab, which are described under Selection / Attachments Tab, the following option is available:
Ignore inline attachments: The file attachments that are embedded in the email body will not be uploaded.
3. Open the Options tab.
Use this tab to modify upload behavior of the file attachments to the Connections server:
524 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Connections Engine: Select a Connections engine.
Publish files: If enabled, the uploaded files are published. In case of publishing, all users which have access to the Connections server can view and download these files - i.e. also unregistered users. To be able to add files to Public Folders or Shared Folders, this option must be enabled.
Cancel upload on first error: If enabled, the whole upload process is cancelled in case of upload errors. If the option is not enabled and an upload error occurs, only the affected file is skipped. Uploading continues for the other files.
File attachment links: Specify whether and how to insert the URLs (links) to the uploaded file attachments in the email. 'Do not insert': No URL is inserted. 'Insert at end of email': The URLs are inserted at the end of the email body. 'Insert at top of email': The URLs are inserted at the beginning of the email body.
Create direct attachment link: This option is editable if you have configured that links to the attachments are to be inserted in the email. If this option is enabled, direct download links to the uploaded files are returned. Otherwise, links to the Connections pages containing the files are returned.
Remove file attachments from email: If enabled, successfully uploaded file attachments are removed from the email. File attachments that could not be uploaded are kept unchanged. We recommend you not to enable this option, when the 'Do not insert’ option is selected under File attachment links.
Run success actions: Specify when to perform the success actions defined for the job:
525 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
'At least one upload successful': At least one of the email's file attachments to be uploaded has been uploaded successfully. 'All uploads successful': All file attachments to be uploaded have been uploaded successfully.
4. Click OK and save the configuration.
More information
526 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Connecting iQ.Suite to GBS Workflow Manager
By using iQ.Suite Connect, you can save documents as well as create and start workflows in GBS Workflow Manager in an automated way, provided that you have an appropriate license for GBS Workflow Manager and your Workflow Manager is configured accordingly.
Supported GBS Workflow Manager Server versions: 3.1 or higher.
As a prerequisite for Connect Workflow, a Workflow Manager application must exist and contain forms and workflows which are involved in the connection. Refer to Configuring Connect Workflow Job.
For Workflow Manager-specific information, please refer to https://gbs.com/de/workflowmanagement and the Workflow Manager documentation.
Configuring a Workflow Engine
The connection with the Workflow Manager server is provided through a Workflow Engine. A separate Workflow Engine is required for each application of a Workflow Manager domain.
1. Create a new Workflow engine: Basic Configuration > Utility settings > Connect Engines > right-click > New > Workflow Connect Engine.
2. Open the Options tab:
527 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Server name/address: Server name or IP address of the Workflow Manager server to which iQ.Suite shall be connected.
Server port: Port number of the Workflow Manager server. This port is used to establish connection between Workflow Manager server and iQ.Suite server. Typically, port 80 is used for connections via HTTP and port 443 for connections via HTTPS. If set to '0’, the standard port is used (port 80 or 443).
Server protocol: Select the protocol to be used for the transport of the emails and email data from iQ.Suite to Workflow Manager. For security reasons, we recommend to use HTTP for test scenarios only.
Certificate path: If using HTTPS, you can specify the path to the Workflow Manager server certificate to be used to validate the certificate returned by Workflow Manager.
Important: If no path is entered, the returned server certificate is considered as trustable without previous validation.
Enter the absolute path or the path relative to the GrpData directory:
Application: Specify the Workflow Manager application to which you want to connect iQ.Suite.
User / Password: iQ.Suite uses the authentication data of the Workflow Manager user specified here to communicate with the selected Workflow Manager application. This user must have appropriate rights in Workflow Manager to be able to execute the action selected in the Connect Workflow Job.
3. Click OK and save the configuration.
Configuring Connect Workflow Job
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
The configuration basically consists of three steps and is spread across the following tabs:
Options: Selection of the action (e.g. 'Create and start workflow') and basic mapping of the engine and workflow or form created in Workflow Manager. Selection: Handling of file attachments Mapping: Mapping between email fields and document or workflow fields in Workflow Manager.
528 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
1. Under Mail Transport Jobs create a new Connect Workflow job. Enable the job. 2. Configure the job by using the tabs mentioned above and described hereafter. 3. Click OK and save the configuration.
Tab: Options
Workflow Engine: Select a Workflow Engine.
Action: Select one of the following actions:
Create document: In the configured Workflow Manager application, a document will be created based on a form which is available in the Workflow Manager application. The mapping set up between the email data type and the fields that are available in the respective Workflow Manager form determines which email data will be transferred to the document. The document will not be part of a workflow. Enter the form name in the Form field. Upload email body option (optional) - Body field name: Name of the field into which the email body will be entered. The content of the email body will be saved in the HTML format in the Workflow Manager field.
Create and start workflow: A configured workflow will automatically be started in the Workflow Manager application. As an example, a received email which has been identified as a complaint by the iQ.Suite, could trigger a complaints workflow. The mapping set up between the email data type and the fields available in the respective workflow start task determines which email data will be transferred to the workflow.
Enter the information:
Workflow field: Name of the workflow (is required) 529 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Task field: Name of this workflow's start task. In case, no task is entered, and the workflow has several start tasks, the first one found will be used. Upload email body option (optional) - Body field name: Name of the field into which the email body will be entered. The content of the email body will be saved in the Workflow Manager field in HTML format.
Create workflow: A configured workflow will automatically be created but not started yet. The settings needed for this job are the same as for the 'Create and start workflow' action.
Tab: Selection
Use this tab to specify whether file attachments from the email should be uploaded to the Workflow Manager application and if so, how this should be done.
Additionally to the usual settings of this tab, which are described under Selection / Attachments Tab, the following options are available:
Attachments field name: All attachments which are uploaded will be added to one field in Workflow Manager. This field (control) must be an 'attachment' type field and be present in the Workflow Manager form. Enter the field name (control name).
Ignore inline attachments: The file attachments that are embedded in the email body will not be uploaded.
Tab: Mappings
Use this tab to declare mappings in order to set email data or also meta data of the email in user-defined fields of the Workflow Manager form:
530 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Click Add to create new fields.
Field: Enter the name of the field (control name) exactly the way it is specified in the Workflow Manager form. Note that in Workflow Manager the field names are case- sensitive.
Value: Use the variable selection button [V] , to select a standard variable or alternatively, enter the value for the desired variable manually according to the required syntax.
Possible values for user-defined fields:
Fixed strings
Example: incomingType = email
Standard variables: jobname , date , dateonly, timeonly , subject , msgid
Syntax: [VAR]
Syntax: [VAR]MailTag::
Syntax: [VAR]MailHeader::
More information
531 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Copy To Mailbox: Update sent items in the sender's mailbox
Notes:
Copy To Mailbox is always available and no separate license is required to use it. This feature requires EWS. Refer to Configuring access to the Information Store via EWS.
What is "Copy To Mailbox"?
By default, a sent email is put in the 'Sent' folder before processing (e.g. without trailer), since the email is processed by the iQ.Suite job only after it has left the email client.
The Copy To Mailbox Job updates sent emails in the 'Sent' folder of the sender's mailbox: The emails are copied to the folder mentioned above after they have been processed by the iQ.Suite Jobs. This allows the sender to see the email exactely like it is delivered to the recipient (e.g. with an added trailer).
In some jobs (e.g. in Trailer or Crypt jobs), the Update sent items action is available and has the same role as the Copy To Mailbox Job. However, by using the action, updating emails in the sender mailbox is very difficult to operate if several jobs shall execute the action. In this case, the Copy To Mailbox Job, which should logically be positioned at the end of the job chain, simplifies the process significantly.
Besides this, updating the sent items in the 'Sent' folder allows the sent emails to be archived in compliance with the legal requirements.
Make the job-specific settings in the Options tab. For a description of the settings in the other, not job-specific tabs, refer to Standard tabs of Mail Transport Jobs.
532 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
If you are using collective mailboxes, two use cases are possible:
Case 1 The user has added the collective mailbox in his Outlook profile.
In this case, the user can use "Send as". In the email, the email addresses of both mailboxes (user mailbox and collective mailbox) are specified (header field
Ony in this case, the setting Target mailbox is relevant.
Case 2 The user has his own Outlook profile for the collective mailbox.
In this case, the user of the Outlook profile is used. In the email, only the email address of the collective mailbox is specified. Therefore, only the data from the collective mailbox can be used in the trailer and the email can only be copied to the collective mailbox.
Use the Target mailbox to specify the mailbox to which the email shall be copied:
'Default mailbox': The email will be copied to the mailbox of the sender of the
If the
'SMTP sender address': The email will be copied to the mailbox of the SMTP sender.
For a description of the other setting options, refer to Other Action: Update sent items.
Notification templates for Success and Error are available under General Settings > Notifications > Wall Notifications.
533 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
534 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
iQ.Suite Bridge
Topics:
Bridge – Overview Job: RPost Registered Email Job: Bridge PST Journaling
535 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Bridge – Overview
iQ.Suite Bridge provides an interface between your email environment and CRM, ERP and archiving systems.
iQ.Suite Bridge helps you fulfill any regulatory compliance requirements, such as SOX, HIPAA, GDPdU, etc. Emails are reviewed before delivery (Pre-Review mode) and after delivery (Post-Review mode). Your corporate policies and an automated classification ensure that only business-related emails are reviewed. The classification results and other information are passed to the compliance system for further evaluation. The interaction between the iQ.Suite and your compliance system ensures that emails are processed in compliance with legal requirements and according to the results of the review.
The iQ.Suite Bridge interface and integration module is the first archiving tool that uses fine-tunable email preprocessing, filtering and classification policies. As an integrated, highly customizable solution, it lets you implement rule-based long-term email archiving that conforms with legal requirements and with your corporate policies.
536 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Job: RPost Registered Email
With RPost, emails can be sent as registered email. Registered email provides evidence that an email has been sent, that its content has not been manipulated and that the recipient has received the email.
Note: Please note that RPost Registered Email requires a separate license. For further Information, please contact the GBS Sales Team.
To send an email as registered email, create a new job: Mail Transport Jobs > right-click > New > Bridge Jobs > RPost Registered Email. Activate the job.
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
RPost Settings
Use the Settings tab to set how the registered email is to be sent:
Sending a registered email can be triggered in two different ways. The first one is based on job rules, for instance by setting that specific recipients are to receive registered email as a general rule. As to the second one, the sender can provide the message with a special mark meaning that it is to be sent as registered email.
537 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
As a general rule, any email sent as registered email must be redirected to an rpost.com domain. By default, the RPost Domains field is set to rpost.org. When processed, the job checks whether the recipient address has already been extended to one of the RPost domains, i.e. whether the sender has already specified an RPost domain. If that is not the case, the default domain set in the job is appended to the email address. Thus, the address [email protected] becomes [email protected].
To be able to distinguish between a standard email and a registered email, a special mark is inserted at the beginning of the subject line of a registered email. By default, the RPost Markers field is set to (R. It is also possible to use (C as marker, in which case the email is also registered but the recipient is not informed of this fact. When processed, the job checks whether the email subject line has already been provided with an RPost mark. If that is not the case, the default marker set in the job is used.
Defining Actions
The Actions tab is used to set special actions to be performed when a registered email has been successfully sent.
Possible options include notifying the administrator in case of success by enabling the template Admin: RPost successful or placing a copy of the email in quarantine with a specific label in order to log registered emails.
Tip: As registered emails are more expensive than "normal" emails (similar to standard email), logging the sending of registered emails can be used for cost control purposes.
538 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Job: Bridge PST Journaling
Bridge PST Journaling can be used to archive any emails in PST files, which can then directly be integrated into Microsoft Outlook.
System requirements
The MAPI subsystem must be installed on your system: If you are using Outlook 2016 (32-bit), no further installation is necessary. When Outlook is installed, the MAPI subsystem is also installed automatically. If you are using no Outlook 2016 (32-bit), after the iQ.Suite installation, install the following component: Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1
In order to install, execute the ExchangeMapiCdo.exe (path: ...\GBS\iQ.Suite\Support\Installer\CDO\). To afterwards use the MAPI subsystem, you might need to restart your computer.
Outlook Redemption: Since MAPI uses this library, it must be installed on your system and be registered. Redemption is automatically installed with iQ.Suite.
Overview
Once the Bridge PST Journaling job has been configured and the iQ.Suite configuration been saved, a quarantine folder is created for the job:
Default: ...\GBS\iQ.Suite\GrpData\Quarantine\SafeQ_
This SafeQ quarantine folder includes the following elements:
Mail Queue folder: mails This is the folder into which the PST Journaling job copies the emails to be imported. The format used is the EML format with the DAT file extension. These email files are temporarily saved in this folder until they have successfully been imported into a PST file (Queue). An external import application performs the import into the PST file. Its path results from the settings in the PST Journaling job. The folder that contains the created PST file is called "PST folder" in the following. Refer to Configuration of the Bridge PST Journaling Job.
By default, the import is triggered every 60 seconds. 539 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
PST work file work.pst
For each import, first a local work PST is used. Only once all emails have been imported successfully, the changes are transferred to the "real" PST of which the path was specified in the job. If import errors occur, the real PST will not be modified and the work PST be reset when the next import is started.
Work log file: work.pst.log
For each import, a log message (success/error) is written into this log file. This log file is copied to the PST folder and renamed there, e.g. mysafe_2018W42.pst.log.
Temporary files
Temporary files are created during the import. After import completion, these files are deleted automatically.
Configuration of the Bridge PST Journaling Job
The 'PST Journaling Job' primarily copies the emails to be imported to the Queue folder of the SafeQ quarantine.
In the example, only the job specific details are explained. For information on the settings of the standard tabs, refer to Standard tabs of Mail Transport Jobs.
1. Create a Bridge PST Journaling job: Policy Configuration > Mail Transport Jobs > New > Bridge Jobs.
Note: It is not possible to create multiple PST Journaling jobs with the same information in the Folder name and Prefix for file name fields. Therefore, when a job is duplicated, the Prefix for PST file field is cleared in the job copy.
2. Use the PST Settings tab, to specify the settings that are needed for the creation of the PST files:
540 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Folder name: Path to the folder in which the PST files should be created.
If a UNC path is used on a Share, the iQ.Suite service requires special permissions on the Share. When setting these permissions, please note that the iQ.Suite service runs under the "Local System" Windows service account.
After a successful import, the PST folder includes at least one PST file and the corresponding log file.
Prefix for PST file: Enter a name prefix for the created PST files. Example: mysafe
The names of the PST files are composed as follows:
The naming scheme depends on the settings in the Create PST by and Time interval/ Maximum size fields.
Example: mysafe_20181001.pst
PST format: Specifies in which format the PST files should be written:
'ANSI': The local ANSI character set is used. Unicode characters, e.g. Cyrillic characters are not supported. 'Unicode': all Unicode characters are supported. Outlook must be in use.
Create PST by: Specifies the intervals for the creation of new PST files: 'by time': As soon as the Time interval is passed, a new PST file is written: 'Daily': Every day, a new PST file is written.
Scheme:
'Weekly': Every week, a new PST file is written.
Scheme:
'Monthly': Every month, a new PST file is written.
Scheme:
Important: The files from the Queue folder are not filtered by days, weeks, or months before being imported. Therefore, when the PST file changes, emails rather belonging to the previous PST file can still be imported (because these emails are still in the Queue folder).
'by size': As soon as the configured maximum size (MB) is exceeded, a new PST file is written.
Maximum size (MB): Specifies the file size in MB from which a new PST file is written.
The file size of the current PST file is determined prior to the import. If the maximum size is not exceeded, all emails from the Queue are exported. This may result in a file size which might be significantly bigger than the configured
541 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
maximum size.
Furthermore, a fixed maximum size for PST files exists from which on independently from the chosen creation type always a new PST file is created: 1,5 GB for "ANSI" and 4 GB for "Unicode". A time stamp is then added to the old PST file.
Use password: Optionally, the PST files can be protected with a password which you can define yourself or generate by clicking the icon next to the field.
Thresholds for warning / error
The Queue folder is checked periodically every five minutes for warnings and errors based on the threshold specified in the job.
Issue error if import queue exceeds the threshold: Specify the maximum allowed number of emails in the Queue folder. As soon as this threshold is reached, the job does not add any more emails to the Queue folder. In addition, the error actions defined in the job are executed and an event log error is issued.
Issue warning if import queue exceeds the threshold: Specify from which number of emails in the Queue folder an event log warning should be issued.
Local folder name: This 'Read-only' field is displayed only after the job had been saved. It indicates the name of the corresponding quarantine folder which is created in the GrpData Quarantine folder when the iQ.Suite is started:
.../GBS/iQ.Suite/GrpData/Quarantines/
542 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
iQ.Suite DLP
The iQ.Suite DLP module (Data Leakage Prevention) consists of two sub-modules:
DLP Review
Enables dual control check.
DLP Anomaly Detection
Enables detection of anomalies relative to the email behavior of senders.
DLP Review and DLP Anomaly Detection can be used individually or combined.
Job types
Job: DLP Review
This job puts emails in the Review quarantine for dual control check.
Job: DLP Data Analyze
This job analyzes emails by using definable analysis criteria in order to detect anomalies.
Job: DLP Data Collection
This job collects email data which is used to calculate Baselines for the detection of anomalies.
543 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
DLP Review
For dual control check, you can use DLP Review. With DLP Review, emails can be intercepted on the mail server and put in the selected DLP Review quarantine. They can there be checked (e.g. for compliance with guidelines) and afterwards approved or rejected by a reviewer before sending it to the recipient.
Depending on the configuration, the reviewer and/or the sender can be notified when an email has been put in the Review quarantine or has been approved or rejected. Approved emails are sent to the recipients.
Configuring Review Quarantine
1. Create a Review quarantine: Basis Configuration > Folder Settings > Quarantine > New > Review Quarantine
For a description of the settings in the standard tabs, refer to Standard tabs of Mail Transport Jobs and Setting permissions for Quarantine access.
2. Use the Options tab to make the following settings:
Reviewer addresses: Specify which persons/groups shall act as reviewers. Select the corresponding addresses from the Active Directory (or LDIF) or enter the desired addresses manually.
544 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Allow approval only if reviewer is not sender: With this option enabled, reviewers are not allowed to approve the emails they have sent. This ensures dual control check.
Notifications
Sending notifications is possible only if appropriate notification templates exist and the desired notification options are enabled:
Notification of incoming email to reviewer: As soon as a new email is put in the Review quarantine, a notification is sent to the reviewer. Notification of rejection to sender: The sender of a quarantined email will receive a notification as soon as the reviewer has rejected this email. Notification of approval to sender: The sender of a quarantined email will receive a notification as soon as the reviewer has approved this email.
You can use the preconfigured notification templates under General Settings > Templates > Quarantine Notifications.
Note: Summary notifications cannot be used. It is also not possible to resend emails from the Review quarantine according to a time schedule.
Setting up access to the Review Quarantine
Grant Review quarantine access to the reviewers via the iQ.Suite Monitor and/or the iQ.Suite WebClient to allow them to review the quarantined emails and to perform actions on these emails (e.g. approve or reject email).
Prerequisite to enable access: Set access permission for the reviewers. Refer to Setting access permission to iQ.Suite Servers and Quarantines.
Prerequisite for using iQ.Suite Monitor: Make sure that the reviewers have access to an iQ.Suite Management Console which enables access to the Review quarantine. The iQ.Suite Management Console can be installed locally on the reviewer's workstation. The backend has not to be installed; only the corresponding iQ.Suite servers must be specified in the local iQ.Suite configuration (ConfigData.xml).
Prerequisite for using iQ.Suite WebClient: Configure the iQ.Suite as described under Configuring web access to the Quarantines. The iQ.Suite WebClient must be separately installed. Refer to iQ.Suite WebClient.
Configuring an iQ.Suite Job
General
Use a DLP Review Job to define by means of job rules the criteria to be used to put emails in the Review quarantine. Alternatively, any other iQ.Suite job can be used (e.g. a Wall or Watchdog Job), provided that a corresponding license is available.
Note: For accessing the Review quarantines, a valid license for the 'iQ.Suite DLP’ module is required - no matter which job is used.
545 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
For information on the job configuration, please refer to the module-specific sections of this manual. Settings which are especially valid for the DLP Review Job are described in the next section. For a description of the settings in the standard tabs, refer to Standard tabs of Mail Transport Jobs.
No matter which job is used, enable in the Actions tab the 'Copy to Quarantine' option and then select a Review quarantine.
DLP Review Job: Settings for attachments
Use the Attachments tab to specify the constraints for quarantining emails with file attachments in the Review quarantine:
Use the Review emails without attachments option (Default) to quarantine emails which do not contain any attachments. If this option is disabled, emails without attachments are not put in the Review quarantine - regardless of whether any constraints are defined.
For emails which contain at least one attachment, you can define Constraints: Attachment size has to be greater/smaller than... KB: You can define a minimum size and a maximum size to exclude emails from the review depending on the size of their attachments. File types: Emails can be reviewed depending on the type of their attachments. Use the option 'Selected file types' to specify the file types for which to execute the job or not.
If the email contains several attachments, these constraints have to be considered in combination with the option All attachments must match all constraints. This is what determines whether the email is actually put in the Review quarantine.
546 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
All attachments must match all constraints: This option is relevant for emails containing at least two attachments. Option is disabled (default): The email is put in the review quarantine when at least one attachment of the email matches to the constraints. Option is enabled: The email is put in the review quarantine only when all attachments of the email match to the constraints. When at least one attachment of the email does not match to the constraints, the email is not put in the Review quarantine.
Reviewing emails via the iQ.Suite Monitor
In order to review emails in Review quarantines, proceed as described under Reviewing emails in Review Quarantines (iQ.Suite DLP).
More information
547 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
DLP Anomaly Detection
Note: For the feature 'DLP Anomaly Detection', a SQL server is required.
With DLP Anomaly Detection, the mailing behavior of your company's employees can be monitored to detect possible anomalies. For example, you might be able to prevent employees from sending business-critical data intentionally or not.
Email data of different types is collected per sender, stored in the selected database and then analyzed by using analysis criteria and thresholds. For the analysis, different email properties can be evaluated individually or combined, e.g. email size, number of recipients and/or size of the file attachments. With this, sending suspicious emails, for example in case of an unusually high data volume or number, can be first stopped for review. These emails can then be approved or rejected by a reviewer in accordance with the dual control principle (DLP Review). In case the thresholds are exceeded, the Warning or Error actions defined in the DLP Data Analyze Job are executed.
Example of a use case:
The user David Galler usually sends emails with an average size of 20 KB. If Mr. Galler now sends an email with a size of 200 KB, this large difference could be a sign of an "anomaly". This anomaly can be detected by collecting email sizes and configuring appropriate analysis criteria.
Important definitions
DLP database: SQL database where the data for Anomaly Detection is written to. It consists of multiple tables for the Collect data, the Live data and the Baseline data. For each data type there will be two tables, one for general email data and one for attachment data.
Collect data (Collect entries): Collect data is general email data and attachment data, both collected by the DLP Data Collection Job. This data is written per sender and server. Attachment data depends on a fingerprint category.
Live data (Live entries): Like the Collect data, Live data (real-time data) consists of general email data and attachment data which is collected by the DLP Data Analyze Job. Unlike for the Collect data, a single data record per day (from 00:00 AM to 11:59 PM) is written for each sender and server.
Every iQ.Suite server collects its own Live data. If Live data is required for the evaluation of analysis criteria, then the Data Analyze Job sums up the Live data of all servers.
548 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Note: Which email information is collected, depends on your settings in the DLP Configuration.
Baseline data (Baseline entries): The data collected by the DLP Data Collection Job is accumulated per sender at the configured date and time. Based on this data, average values and daily values are calculated. The calculated values are afterwards saved as "Baselines" in the database. One Baseline (data record) is created per sender. Based on the Baselines, thresholds can be defined in the DLP Data Analyze Job. In case these thresholds are exceeded, it may be a sign of an anomaly (suspicious or dangerous email) and, if so, the defined Warning or Error actions are triggered.
Creating a DLP Configuration
For the DLP Anomaly Detection, at least one DLP Configuration is required. This one must be selected in the DLP Data Collection Job and in the DLP Data Analyze Job.
In the DLP Configuration, define which data is to be collected and written to which database and how the Baselines are to be calculated. Beside this, make settings concerning the database maintenance.
You can create configurations for the DLP Anomaly Detection under Basis Configuration > Utility Settings > DLP > Configurations > New.
General settings
Name: Specify a name for the DLP Configuration. Database connection: Select via a database connection the SQL database where the collected data and calculated Baselines are to be written to.
Important: To avoid undesired effects, each DLP Configuration must use its own database.
549 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Defining the data to be collected
In the Data Collection tab, essentially define the email properties to be collected by the DLP Data Collection Job (Collect data) and by the DLP Data Analyze Job (Live data):
The following email properties can be collected:
General email data: Size of emails (including file attachments) Size of email bodies Number of recipients
Attachment data
Number of file attachments Overall number of attachments Overall number of attachments per selected fingerprint category
Size of the file attachments per selected fingerprint category
Fingerprint categories: If you want to collect email information on file attachments (number and/or size), you can qualify the data collection for certain file types.
Enable data accumulation (only for Collect data): If data accumulation is enabled, the Collect data is not written to the database as a separate data record for every single email, but the data is accumulated per sender. During the set time interval (minutes), the data accumulated in this interval is written as one record. A short time interval improves the temporal resolution of the data, a long time interval reduces the memory consumption of the database.
550 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
By using data accumulation, one entry with all values for the time period, which results from the defined time interval (e.g. from 9:30 AM to 10:00 AM), is written in the database per sender. If data accumulation is disabled, an entry is written directly in the database for each processed email. Therefore, more space is used in the database if data accumulation is disabled.
Example: David Galler sent in the last 30 minutes three emails. The email property "Size" shall be observed like defined in the DLP Configuration. The collected sizes were:
Email 1 = 19 KB Email 2 = 71 KB Email 3 = 5 KB
Overall size: 19 KB + 71 KB + 5 KB = 95 KB
With the data accumulation enabled, one entry with the overall size is written in the database; without data accumulation, three database entries are written.
Calculation of the Baseline data
Baseline calculation is performed for every sender with existing Collect data, that means usually for senders specified in the Addresses tab of the DLP Data Collection Job.
Refer to definition of "Baseline" under Important Definitions.
Open the Baseline Calculation tab:
Calculation server:
When sharing configuration with multiple iQ.Suite servers, email data from multiple iQ.Suite servers can be collected in the same database - depending on your configuration. Define here which iQ.Suite server is responsible for calculating and writing the Baselines. The calculation server is additionally responsible for deleting 551 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
older Baseline data - regardless of whether it is a deletion as part of the maintenance process or caused by the 'Delete old Baseline data' option.
Calculate Baseline for the last
Baseline calculation starts at the dates and times specified below. When you click Add, a schedule dialog opens.
The values used to calculate the Baselines are the Collect data of the last
Calculate overall Baseline for all senders:
Additionally to the sender-specific Baselines, an overall Baseline can be calculated over all email data from all senders available in the calculation period. Unlike the sender-specific Baselines, no daily values are saved for the overall Baseline.
This overall Baseline values are used during email analysis as comparison values for senders for whom no sender-specific Baseline exists in the database.
Delete old Baseline data:
With this option enabled, the Baseline values for which new updated values exist are deleted from the database during new calculation. The new calculated Baseline values will replace the deleted values. The thresholds are always determined based on the newest Baselines. Keeping the old values can be useful, for example, to observe the Baseline evolution of users over the time.
This option differs from the option Delete Baseline data older than
Database maintenance
In the Maintenance tab, specify whether old Collect data, Baseline data and Live data is to be deleted from the database and when (dates and times) this maintenance is to be started:
552 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
The data which is older than
If maintenance starts on 06/12/2016, all data which was stored in the database before 06/05/2016 at 1:00 AM is deleted.
The option 'Delete Baseline data older than
For further information on the data types mentioned above, refer to Important definitions.
Defining analysis criteria
To create criteria to be used to analyze emails, click Basic Configuration > Utility Settings > DLP > Analysis Criteria > New. Then, created analysis criteria can be selected in the DLP Data Analyze Job.
An analysis criterion consists of a main criterion and a sub-criterion.
1. Select a main criterion. Here, decide on the one hand between 'Baseline data' and 'Live data' and on the other hand between 'Email data' and 'Attachment data'.
Example with the 'Baseline email data (average)' criterion:
553 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Note: Make sure that appropriate data is collected for the selected criterion (refer to DLP Configuration > 'Data Collection' tab).
2. In the General tab, proceed as follows:
Read the description text carefully to understand the purpose of the selected criterion.
Use the Name field to specify a name for the analysis criterion. We recommnend to use a meaningfull name so that you can easily identify the target of the criterion.
3. In the Options tab, select a sub-criterion.
Example:
554 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Read the description text carefully to understand the purpose of the selected sub- criterion.
The available sub-criteria depend on the selected main criterion. With the sub- criterion, specify which email property is to be analyzed, e.g. email size. Depending on your setting, the average value (property per email) or the daily value (property per day) is considered.
The average/daily value is checked against the thresholds specified below.
4. Concerning the criteria with Baseline data, you can specify absolute and/or relative thresholds respectively for Error and Warning, and you can activate/deactivate these values for the analysis:
Here, the real-time email data of the sender is compared with the thresholds. These thresholds are calculated by adding the specified relative and/or absolute values (deltas) to the Baseline values of the sender. With '0’ (no tolerance), the Baseline itself is the threshold.
Examples for the calculation of average values and daily values:
Example 1: With the settings on the screenshot above, an average value is considered. To calculate the average value, the selected email property (here: email size) is divided by the number of emails which were sent by the sender during the Baseline calculation period. Example:
Mr. Galler sent within the calculation period 5 emails with an overall size of 112 KB. Average value: 112 KB : 5 = 22,4 KB
Example 2: With the setting 'Baseline email data (daily)’ and the sub-criterion 'email size (daily)’, a daily value is considered. To calculate the daily value, the email property (e.g. email size) is divided by the number of days in the calculation period. Example:
The Baseline calculation period has 7 days. Mr. Galler sent in this time period 5 emails 555 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
with an overall size of 112 KB. Daily value: 112 KB : 7 = 16 KB
In the following tables, you will find respectively three examples with different Baselines and different threshold settings. The email to be analyzed has 113 KB.
Examples with absolute thresholds:
Baseline Absolute threshold Absolute Thresholds exceeded? email-size for Warning threshold for Error
120 KB 10 30 None of the thresholds was exceeded. (120 KB+10 KB=130 (120 KB+30 KB) KB=150 KB)
90 KB 20 50 Only the threshold for Warning was exceeded. (90 KB+20 KB=110 (90 KB+50 KB=140 KB) KB)
60 KB 20 40 Both thresholds were exceeded. (60 KB+20 KB=80 (60 KB+40 KB=100 KB) KB)
Examples with relative thresholds:
Baseline Relative Absolute Thresholds exceeded? email-size threshold for threshold for Warning Error
120 KB 20 % 40 % None of the thresholds was exceeded. 120 KB+(120 KB x 120 KB+(120 KB x 0,2)=144 KB 0,4)=168 KB
90 KB 20 % 40 % Only the threshold for Warning was exceeded. 90 KB+(90 KB x 90 KB+(90 KB x 0,2)=108 KB 0,4)=126 KB
60 KB 20 % 40 % Both thresholds were exceeded. 60 KB+(60 KB x 60 KB+(60 KB x 0,2)=72 KB 0,4)=64 KB 556 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
If you activate absolute AND relative thresholds, the option Both thresholds must apply to hit job actions is available. Which actions are executed in which case, depends on whether this option is enabled. The following table indicates some of the possible scenarios (cases):
Case Absolute Relative Absolute Relative threshold threshold threshold threshold Warning Warning Error Error
1 exceeded exceeded not exceeded not exceeded
2 exceeded not exceeded exceeded not exceeded
3 not exceeded not exceeded exceeded exceeded
4 not exceeded not exceeded not exceeded not exceeded
5 exceeded exceeded exceeded exceeded
6 exceeded exceeded exceeded not exceeded
Which actions are triggered?
Fall Option is enabled. Option is disabled.
1 Warning Warning
2 Success Error
3 Success Error
4 Success Success
5 Error Error
6 Warning Error
5. Concerning the criteria with Live data, you can enter an absolute threshold (Limit per day), respectively for Warning and Error.
557 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
In the following example, the main criterion 'Live attachment data (daily)' and the sub-criterion 'attachment count (daily)' are selected:
The thresholds for the analysis with Live data are not sender-specific, but the Live data is collected per sender.
These thresholds are absolute values. They are used to define a daily limit for all senders respectively for Warning and Error. For each sent email, the Live data is compared with the defined limits. The time from 00:00 AM to 23:59 PM is considered.
For attachment criteria, select the Fingerprint category for which the analysis criterion is to be valid.
Note: The fingerprint category selected here should be also selected in the DLP Configuration specified in the DLP Data Analyze Job which uses this criterion. Otherwise, no data will be available in the database for the analysis based on this criterion and the criterion will have no effect.
Example:
Each sender is not allowed to send more than 7 attachments of the category "Microsoft Office" per day.
David Galler sends on 02/01/2016 several emails (refer to table). The sender- specific daily value growths in the course of the day if the sender sends several emails with attachments. For each email, the daily value is compared with the limit (here: 7):
Sender Sent on 02/01/2016 at Number of Daily value >
558 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
David 07:10 AM 3 3 > Success Galler 07:47 AM 2 5 > Success
08:05 AM 0 5 > Success
10:11 AM 1 6 > Success
13:05 PM 0 6 > Success
15:47 PM 2 8 > Warning
16:36 PM 3 10 > Error
Up to the email at 1:05 PM, Mr. Galler does not reach his daily limit. With the email at 3:47 PM, the daily limit for Warning (7 attachments) is exceeded; with his email at 4:36 PM, Mr. Galler exceeds his daily limit for Error.
Collecting Collect data and calculating Baselines
The DLP Data Collection Job is responsible for the extraction and collection of email data which is then used to calculate the Baselines. The information required by the job for collecting data and calculating the Baselines is defined in a DLP Configuration.
Create a DLP Data Collection Job by clicking Mail Transport Jobs > right-click > New > DLP Jobs > DLP Data Collection.
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
Open the Options tab:
DLP Configuration: Select a DLP Configuration to determine the database to be used by the job.
Important: To avoid undesired effects, use for each DLP Data Collection Job a own DLP Configuration with a own database. Under these conditions, different data can be collected in different databases by configuring multiple Data Collection Jobs.
Collect data for emails without file attachments: With this option enabled, also data from emails which do not contain any file attachments is collected. If this option is not enabled, only data from emails with file attachments is collected.
559 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Live data collection and email analysis
The DLP Data Analyze Job analyzes emails. The analysis is based on Baseline data and/or Live data and considers the analysis criteria defined in the job. Live data can be collected optionally.
Selecting DLP Configuration and analysis criteria
This example only illustrates the job-specific details. For a description of the settings under standard tabs, refer to Standard tabs of Mail Transport Jobs.
1. Create a DLP Data Analyze Job: Mail Transport Jobs > right-click > New -> DLP Jobs > DLP Data Analyze. 2. Use the Options tab to make the following settings:
DLP Configuration: Select a DLP Configuration to determine the database to be used by the job.
Note: If you are using multiple DLP Data Analyze Jobs with the same DLP Configuration, make sure that the Live data of different users is not collected several times. Otherwise, the analysis of Live data criteria will be falsified.
Analyze emails without attachments: With this option, determine whether also emails which do not contain any file attachments are to be analyzed and whether Live data is to be collected for such emails (in case the option 'Collect Live data’ is enabled as well). If this option is not enabled, emails without attachments are skipped, i.e. for these emails, no Live data is collected and no analysis is performed.
Collect Live data: With this option, determine whether Live data is to be collected by this job. If the DLP Configuration does not contain any Live data, analysis can only be performed with Baselines.
560 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
DLP Analysis criteria: Select the desired analysis criteria from the list of the criteria previously created. Note that only the activated criteria will be considered for the analysis.
Actions in case 'No data exists' / in case 'Limits are exceeded'
Use the Actions tab of the DLP Data Analyze Job to define which actions are to be executed in which case:
If an analysis criterion cannot be evaluated, e.g. because there is no Baseline for the given sender, the criterion is considered invalid for this sender. If all configured criteria are invalid, the analysis itself is considered invalid. Select in the drop-down list the actions to be executed in this case.
If no analysis criterion exceeds at leat one of the thresholds, the defined Success actions are executed.
If at least one analysis criterion exceeds the Warning threshold, the defined Warning actions are executed.
If at least one analysis criterion exceeds the Error threshold, the defined Error actions are executed.
561 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Glossary
ACL
Access Control List; list of entries in an object used for controlling access rights.
Active/Passive Clustering
Windows cluster to enhance reliability of the Exchange Server.
Active Directory (AD)
Directory of network objects (users, mailboxes, etc.) This is the directory service for Windows Server, which stores information about objects within the network and provides this information to authorized administrators and users. Active Directory allows network users to access all network resources to which they have access rights with a single login. Administrators are provided with an intuitive, hierarchical representation of the network and a single management location for all network objects.
ADO
Active Data Objects; ActiveX control element used to establish a connection to a database in order to access the database contents. Within iQ.Suite, an ADO connection string also allows to integrate local or remote SQL database servers, e.g. for Quarantine databases or to configure central whitelists.
AES
Advanced Encryption Standard; symmetric encryption system based on the Rijndael algorithm with a variable block size/key length of 128, 192 or 256 bits. The variable key length is used to distinguish between different AES variants, i.e. AES-128, AES-192 and AES-256.
API
Application Programming Interface; software user interface for calling program functions and exchanging data.
ASCII
American Standard Code for Information Interchange; ISO-standardized 7-bit code used to display characters such as upper case and lower case letters, digits and special characters. As each character is represented with 7 bits, 128 characters are represented altogether and used in many databases. National special characters outside the English language (e.g. German umlauts) are available in the Extended ASCII version with an 8-bit 562 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
character set.
ASP
Application Service Provider. Single-source provider of IT services at an agreed price.
asymmetric encryption
Public-private key encryption method, which uses two keys - a public key and a private key, which together form a pair. Each sender needs the public key of each recipient. Because the two keys are different, this method is called asymmetrical. The public key is published so that any recipient can choose to receive encrypted messages. The private key used to decrypt messages is known only to its owner.
authentication
A procedure to verify whether a person is entitled to access specific services. Authentication may, for example, use digital signatures. See also digital signature.
bitmap
A bitmap is a non-compressed, pixel-based image format for graphics and photos. Because it does not support compression, the bitmap file format (*.BMP files) is not commonly used on the Internet. Also refer to GIF and JPEG.
CA
Certification Authority. See Certification Authority.
certificate
Digital certificates are electronic documents linked to a public key. Certificates are digitally signed by a trustworthy authority (Certification Authority / trust center; also refer to PKI) that certifies that the key belongs to a specific person and has not been altered. The certification authority’s digital signature is an integral part of the issued certificate. and allows anyone with access to this certification authority’s public key to verify its authenticity. Using this method at multiple levels results in a Public Key Infrastructure (PKI). The advantage of such an infrastructure is that only the public key of the so-called root instance, i.e. the root certificate, will be required for complete verification, as the intermediate certificates are validated automatically. Also refer to public key and private key.
Certification Authority
The Certification Authority (CA) is a trustworthy public authority that certifies cryptographic keys (see certificate). It is part of a PKI. The CA issues certificates and adds its digital signature to confirm the validity of the data they contain. This is usually the name of the key owner of the and any additional information to allow identification of the owner, the owner’s public key, its validity period, and the name of the certification body. The degree of trust put in such a certificate depends on the operational procedures applied by the Certification Authority, i.e. the methods used to check the owner’s identity. Once a certificate has been issued, the CA must provide a possibility to revoke the certificate and must provide revocation lists (CRLs) if any of the certificate data 563 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
becomes invalid. This is in particular the case, when any of the owner’s private keys have been compromised. Also refer to public key and private key.
client/server systems
The server is a program that provides a service and a client is a program that uses this service. These services can both be installed on the same computer or be distributed across a network consisting of at least one central computer (the server), which makes its data, programs and any other connected devices available to one or more network stations (the clients).
compression
File size reduction to reduce network load and transfer times and/or save storage space. Multiple files can be compressed into a single archive. There are many compression formats, some of which are self-extracting. The most common ones are ZIP, TAR, ARJ, GZip, ARC and LZH. Which of these are used depends in part on the computer system: on UNIX systems, for example, GZip and TAR tend to be used, while ZIP and ARJ are the preferred choice for Windows systems (also refer to packer). Because viruses can easily hide in archives, content security tools must be able to perform recursive analyses on nested archives, i.e. decompress the files repeatedly to scan them in their original state.
console
A collection of administration tools in the MMC containing objects, such as snap-ins, extension snap-ins, monitoring controls, tasks, wizards and documentation used to manage the Windows 2000 system hardware, software and network components.
content security
The management and scanning of the content of digital correspondence. Content security products protect computer networks and users from dangerous content that is either deliberately or accidentally embedded in emails or Internet transmissions.
CORE
COntent Recognition Engine; a language-independent method used for checking and classifying emails according to categories. The analysis of the emails is performed through a vector-related evaluation of representative text, e.g. business emails, newsletters, offers etc., based on SVM (Support Vector Machines). As spammers use frequently changing (and often non-existing) addresses and varying contents, CORE is better suited for blocking spam than working with dictionaries or keywords. The statistical method used by CORE deals with this difficulty by providing a company-specific "learning program". You can define your own categories and CORE will "learn" how to assign mails and documents to the appropriate categories. This allows emails to be identified and categorized where a dictionary would fail.
CRL
Certificate Revocation List. When information in a certificate becomes invalid during its lifetime, it must be revoked. Because certificates are digital documents, they can not be collected or destroyed. Revoked certificates are therefore registered in another document, the revocation list. A standard for revocation lists is defined in the X.509 564 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
protocol.
digital signature
The electronic equivalent of a handwritten signature. It is used to verify the authenticity of an electronic document (i.e. its originator), its integrity as well as its binding character (i.e. the sender must not be able to contest its creation). This can be achieved with asymmetric encryption, which uses private keys to generate information with which others can verify the integrity and authenticity of received mail using the associated public key.
DLL
Dynamic Link Library. DLLs are libraries under Windows, which contain objects that can be loaded (dynamically) whenever they are needed at runtime. This technology is not only used to save memory, but also, and primarily, to set up widely accessible libraries with ready-to-use (standard) objects, which can be used when developing software.
DNS
Domain Name Service; assigns IP addresses to the logical names of computers on the Internet.
encryption
Making a message illegible to prevent it from being read by unauthorized people. A range of different encryption methods can be used. Also refer to PGP, GnuPG and S/MIME.
EWS
Exchange Web Services provide an interface for managing the contents of the Exchange Information Store. These web services allow client applications to access certain functions of the Exchange server. iQ.Suite uses EWS for virus scans on the Information Store, updating sent items in the sender mailbox and displaying (synchonizing) Clerk absences in Outlook.
false positives
Inbound email wrongly classified as spam.
fingerprint
Unique feature of a file, by which it can be identified. Consists, for example, of the file’s content or, if this is not possible, of a unique characteristic of the filename, such as its extension. Fingerprints are used to determine whether files should be blocked or passed by a mail filter. You can create your own file patterns, which Watchdog uses to identify the file types of attached files.
GIF
Graphics Interchange Format; standard Internet graphics format. Supports a color depth of 256 (8 bits per pixel) and compression of image data to reduce file size, which results in shorter transfer times and relieves network load. As opposed to the JPEG format, GIF does not provide gradual color transitions. Also refer to compression. 565 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
global settings
General settings that apply to the entire iQ.Suite.
GnuPG
GNU Privacy Guard; free cryptographic system used to encrypt/decrypt data (e.g. emails) and create/verify digital signatures. Emails containing confidential information can thus be sent to one or more recipients, who are the only ones capable of decrypting this information. A digital signature is created to ensure the authenticity and the integrity of the data transmitted. Both functions can be combined. Typically, the signature is created first and attached to the data. This package is then encrypted and sent to the recipient(s).
Grabber
Basic module used to verify emails. The Grabber acts as an interface that actively "grabs" the emails. Also refer to MailGrabber .
IIS
A Microsoft Web server. IIS provides Internet functions, from the creation of web pages to the development of server-based web applications. IIS supports most Internet protocols such as NNTP, FTP and SMTP. Exchange 2000 extends the IIS functionality, using the server for message routing.
Information Store for public folders
The part of the Information Store used for managing information in public folders. An Information Store for public folders consists of a Rich Text file with the extension.EDB and a system-specific streaming Internet content file with the extension.STM. Also refer to MIME.
Information Store
Storage technology used in Exchange 2000 for storing user mailboxes and mail folders. There are two kinds of stores: mailbox stores and Information Stores for public folders.
Installable File System - IFS
Storage technology for setting up archiving systems. Makes mailboxes and public folders available as conventional folders and files for Win32 standard processes Web storage system such as Microsoft’s Internet Explorer and the command prompt. Also refer to Web storage system.
iQ.Suite domain
All the iQ.Suite servers that you are using and that are configured under Basic Configuration > Genaral Settings> iQ.Suite Servers. The settings at the iQ.Suite domain (iQ.Suite Servers > Right-click > Properties) are valid for all iQ.Suite servers of the domain.
566 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
ISO
International Standards Organization; developers of the OSI model for communication networks.
job
A job defines a sequence of actions that are performed when a particular event takes place or a particular rules applies. Jobs can be selectively disabled and enabled. Several jobs can be defined for each module, which are then processed according to their assigned priority for all modules.
JPEG
Joint Photographic (Experts) Group Format; also JPG; standard Internet format for photographs and other images with a high level of detail or a high color resolution. Supports high compression ratios up to a color depth of 16 777216 (24 bits per pixel), which results in shorter transfer times and relieves network load. As opposed to the GIF format, the JPEG format is particularly well suited for images with many color tones.
junk mail
All forms of unsolicited emails, such as invitations to view websites, images, chain letters, hoax virus warnings, advertising etc. Junk mails cost company resources and time for their recipient. Also refer to spam (often used as synonyms). "junk mail" is also the name of a folder in Microsoft email programs (e.g. Outlook, Windows Live Mail). In the GBS documentations, we only use the term "junk mail" to name the folder. In other cases, we use the term "spam" or the generic term "unsolicited email".
key ring
The key ring contains all keys required for encryption. One key ring is used for the public keys, a second one for the private keys. For PGP or GnuPG, this key ring file is stored in the directory specified by the user at installation. For GnuPG, these are the pubring.gpg and secring.gpg files, for PGP the pubring.pkr and secring.skr files. Also refer to public key and private key.
label
Labels can be used to provide quarantined emails with additional information. For instance, a virus-infected email can be labeled VIRUS or spam labeled with the corresponding spam level. The label is written to the selected quarantined email and displayed in the quarantine view.
LDAP
Lightweight Directory Access Protocol; Internet protocol developed to promote the adoption of the X.500 directory standard after the original DAP (Directory Access Protocol) proved too complex for use with simple Internet clients. LDAP provides a standard for Internet-based communication with databases, enabling, for example, access to an online directory service to retrieve information such as email addresses or certificates. Using gateways, it is not restricted to that specific directory service. The entries are packed as objects and structured in a hierarchical tree. They consist of 567 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
attributes with types and values, with object classes defining which value types can be assigned to which attributes. Possible types include IA5 (ASCII) character strings, ASCII images, sound, URLs and JPEGs.
LDIF
LDAP Data Interchange Format; used for exchanging address data on LDAP servers. Being (ASCII) text-based, LDIF files can be conveniently edited with standard text editors. It is supported by many clients for importing and exporting address books (e.g. Outlook, Outlook Express, Netscape,...).
Mail flooding
Mail flooding is bulk sending of a large number of emails, usually from a single domain at intervals of a few seconds. These "attacks" overload the mail server handling the flood of messages, which severely affects its performance. These messages are usually unwanted mail sent with malicious intent. Also refer to spam).
MailGrabber
Extension of the Grabber. The MailGrabber is a module that actively "grabs" emails from the email traffic and then processes them directly on the server. To do so, the MailGrabber calls the associate function modules configured.
MIME
Multi-purpose Internet Mail Extensions; STM files. Originally a method for encrypting non-text objects to allow their transmission using SMTP and email. Today, this method is used universally for data transfers through the Internet. Providing the ability to define custom control codes for special characters - such as accents - and to attach all types of files extends the functionality of email communications. Also refer to S/MIME.
MMC
Microsoft Management Console - administration environment containing administration tools and applications used to manage networks, computers, services, etc. The MMC lets you create, save and open collections of tools and applications.
module
A program unit with definable boundaries and action, which is embedded in an overall system as an independent, autonomous program component.
object
The basic unit of Active Directory (AD). A defined and named set of attributes representing a real object or person, such as a user, a printer, a computer or an application.
OEM
Original Equipment Manufacturer; company that buys other manufacturers’ products or components and incorporates these in other products that it sells under its own name.
568 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
on-access scanner
Virus scanner component that usually runs in the background and continuously checks the files accessed by the computer. The on-access scanner ensures permanent monitoring of the file system on servers and workstations.
organization unit
An Active Directory (AD) container used for storing objects, such as user accounts, groups, computers, printers, applications, file sharing and other organization units. Organization units can be used for assigning and saving specific rights to object groups (for example users and printers). An organization unit can not contain objects from other domains. The organization unit is the smallest unit to which administration rights can be assigned or delegated.
Outlook Web Access
Outlook Web Access for Microsoft Exchange 2000 Server provides user access to email, personal calendars, group scheduling, contacts and applications for cooperation via a web browser. Can be used by UNIX and Macintosh users, users without access to an Outlook 2000 client and for users connecting through the Internet. Provides platform- independent access for users stored on the server, for users with limited hardware resources, and for users without access to their own computers.
packer
Compression program. See compression.
passphrase
A long but easy-to-memorize character sequence (e.g. short sentences with punctuation) used in place of a password for increased security.
PDF/A
Portable Document Format (for Archiving); ISO standard for the PDF format used for long-term archiving of electronic documents. Defines a number of requirements for a standard-compliant PDF and sets the use of PDF/A for outputs to screen or printer.
PGP
Pretty Good Privacy; program for encrypting and decrypting emails. Uses the public key and asymmetric encryption, i.e. the sender and the recipient use two different keys (one public, the other private). Can also be used to electronically sign documents. Guarantees the recipient of such a document that the sender is the real author and the document was not sent or modified by another user. PGP is freeware and available from many shareware archives. In the context of email, PGP is a platform-independent standard, like GnuPG and S/MIME.
Phishing
Phishing is a fraud method used to obtain personal access information like passwords, account data etc. are found out by fraudsters. A phishing email is sent to the Internet 569 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
users, which pretends to be from a trustworthy, mostly commercial source address, e.g. from a bank or an insurance company. The email contains a request to log-in to the company's home page or gateway and to confirm/correct the personal data for this user. By clicking on the link in the phishing email a forged web presence is displayed for the user.
PKCS#12
PKCS#12 is a file format in the PKI environment that securely saves key pairs and provides built-in security mechanisms. PKCS#12 file are normally used to distribute keys.
policies
Overall configuration of all jobs within a company.
POP3
Post Office Protocol 3 (3 for the version of the protocol); a transfer protocol used for controlling the receipt of email from a remote server on which messages are stored until their retrieval by the recipient. POP3 uses TCP/IP. Developed specifically for receiving email, it does not (as opposed to SMTP) require a dedicated line.
private key
The private key is the part of a pair of keys that a user has to store at a safe place. It is used to decrypt information addressed to the owner of the private key and to generate digital signatures. Private keys are protected by a password or a passphrase. The safest place is a security token such as a smartcard. Also refer to public key.
PST
The Personal Store (PST) of Microsoft Outlook is a proprietary container file in which tasks, memos, emails and the calendar are stored. Additionally to a standard file, Outlook can manage a lot of other PST files.
public folder hierarchy
The structure or hierarchy of public folders on a single Information Store for public folders.
public key
The public key is the part of a pair of keys that is made publicly accessible, e.g. on a trust center ( LDAP) server. It is used to encrypt messages addressed to the owner of the public key and to check his digital signatures. A public key certified by a CA is termed certificate.
Quarantine
An archive folder in which virus-infected and/or blocked files are stored and where they can be accessed by authorized persons.
registry
570 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
The Windows registry is a central hierarchical built-up Windows database in which the system configurations are stored. The registry contains information, which is questioned on by the operating system during running operation. Use the registry editor "Regedit" to edit the registry data.
replication
Synchronization of data between two identical databases on two different server s.
RFC
The Request for Comments is a document for specification of a technology suggested for standardization of the Internet. If a suggestion is accepted after a substantial check by the audience, a RFC can be established as a standard.
RFC 821
Defines the SMTP protocol and is today's basis for transporting emails on the Internet.
RFC 822
Defines the email format.
RFC 2822
Subsequent document of RFC 822.
RFC 5322
Subsequent document of RFC 2822.
root certificate
The highest instance of a certificate. Refer to certificate.
RSA
Commonly used encryption method named after its inventors - Rivest, Shamir and Adleman. Used also with PGP. In RSA encryption, two large prime numbers are linked to form an even larger single prime number, which is then used for encryption. As of a certain bit width (about 100 bit), not even the fastest supercomputers can crack this encryption. The required processing capacity is doubled with every additional bit. Also refer to ECC.
RTF
Rich Text Format; generic file format used for transferring formatted text between applications, also between different operating systems.
rules
Rules are used to restrict the number of emails or databases to be checked by an
571 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
iQ.Suite job. The rules filter the messages and databases according to user-defined policies, which allows to optimize the company’s security concept.
Sandbox
A Sandbox is a secure environment which is completely isolated from the IT infrastructure of a company. In this secure environment, various computer systems with different operating systems are provided in order to simulate a real IT environment. Unknown and suspicious programs and files are executed in this secure environment in order to observe their behavior and impacts on the computer system. These observations are used to determine whether the file is dangerous for the system or not. The decision on whether the program or the file should be admitted or blocked on the end device is based on this evaluation.
S/MIME
Secure Multipurpose Internet Mail Extensions; as the secure version of MIME, S/MIME is the industry standard for the encryption of emails sent between the same and different types of email systems. S/MIME can use a range of signature and encryption algorithms. Also refer to PGP.
SCL
The Spam Confidence Level is a threshold value, which defines the spam probability of an email. According to the SCL value certain actions can be performed. The SCL is an integer numeric value between -1 and 9 in which -1 denotes the lowest and 9 the highest spam probability. In dependence of the settings for the single values, corresponding actions are performed, such as forwarding into the quarantine. The threshold value is determined by the spam filter IMF, which analyzes the email content. The result is a calculated SCL value.
SMTP
Simple Mail Transfer Protocol; protocol for sending and receiving email. Based on RFC 821 and belonging to the TCP/IP family. SMTP messages consist of a header containing at least a sender and recipient ID, and the actual message. An email program - the User Agent (UA) - forwards messages to a dedicated server - the Message Transfer Agent (MTA) - in its own network. The MTA, in turn, forwards the email to other MTAs along the transmission path according to the "store and forward" principle until the email reaches its recipient. Because SMTP works with 7-bit ASCII, special characters (accents, umlauts, etc.) cannot be represented and no protection is provided against unauthorized access. On the other hand, ESMTP uses 8 bits for transmission. Unlike POP3, SMTP requires a dedicated line.
snap-in
Software representing the smallest unit of an MMC extension. Each snap-in represents one unit of management behavior. The System Manager is such an Exchange snap-in in MMC.
SOAP
Simple Object Access Protocol; an XML-based communications protocol that provides a 572 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
common language for completing transactions. Allows platform-independent communication between applications through the Internet. With SOAP, goods orders can, for example, be placed without knowing the actual structure of the target system.
SQL
Structured Query Language; a declarative database language for relational databases. With Database Connection local and external SQL database servers can be connected to the iQ.Suite, e.g. for quarantine databases or for configuration of central Whitelists.
SSL
Secure Socket Layer; a method for sending data securely through a network. Developed by Netscape, SSL allows data to be encrypted for transmission ( RSA encryption) to protect it from third-party access. Used, for example, for sending credit card information.
SVM
Support Vector Machines; mechanism used by CORE to analyze and classify emails.
symmetrical method
In this case, emails are decrypted using the same key with which they were encrypted. This is called the symmetrical method as the keys are identical. This means that the key has to be accessible to both the sender and the recipient of the email. Keys are exchanged between recipient and sender using password-protected key files. The recipient of an email receives the password for the key file required to decrypt the email from the sender via an alternative route, i.e. on a "secure line".
TCP
Transmission Control Protocol; Besides IP (see IP address), the main protocol used on the Internet. Provides applications with a connection-oriented, reliable duplex service in the form of a data stream.
TCP/IP
Combination of TCP and IP (see IP address); originally developed for UNIX networks, it is today used as the main network protocol of the Internet. It splits data into convenient packages and sends them across the network using IP addresses to find the message destination. There, TCP reassembles the data packets again. TCP/IP also allows several Internet applications to be run using a single modem or ISDN line.
TNEF
Transport Neutral Encapsulation Format; file format for Microsoft Exchange® for attachments.
trust center
Trust centers are typically commercial service providers that issue, manage and provide public keys, e.g. under http:www.d-trust.net/. They usually combine three functions: the actual Certification Authority ( CA) certifies the information submitted; the Registration 573 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
Authority (RA) is responsible for identifying the participants and issuing out the certificates; the Directory Service provides the information required for the creation and verification of certificates and signatures (e.g. timestamps or CRLs).
trusted domain
A domain that is trusted by another domain. Users in trusted domains can, for example, access the resources or receive user rights in a trusting domain.
trusting domain
Refer to trusted domain.
trust level
A certificate can be classified as trusted. Whenever a CA certificate is considered trustworthy, this trust also applies to all lower-ranking certificates.
UAC
User Account Control;
UNC
Universal Naming Convention. A naming convention for files and other resources. The two backslashes (\) at the beginning of a name indicate that the corresponding resource is located on a network station. The syntax for UNC names is\\server name\shared resource.
unpacker
Program for decompressing files and unpacking file archives. Refer to compression.
UPN
User Principal Name; UPN consists of a user account name and a domain name which identifies the domain of the user account. Format:
variables
Refer to metasymbol.
VPN
Virtual Private Network; a simulated private network that uses public networks (for example the Internet) to connect its nodes. Encryption is used to prevent unauthorized
574 iQ.Suite 20.0 for Exchange/SMTP Installation and Administration
listening to communications across the VPN.
Web storage system
Web-based Information Store which provides access to a wide variety of information, such as email and multimedia files. The Web Store concept combines messaging, file access and Exchange database functions (e.g. multiple databases and transaction logging). Web Store is the technology embedded in the Exchange 2000 Information Store and provides a logical view of physical databases. Also refer to Information Store and Installable File System.
wildcard
A character which represents another character or a character string. The most common wildcards are the question mark and the asterisk, which are used by the DOS command interpreter. The question mark (?) represents individ?al letters and num??rs, while the asterisk (*) represents a string of one or more consecutive ch*cters.
X.509
Standard for creating and coding certificates, CRLs and authentication services. X.509 is globally the most commonly used standard for certificate structures.
ZIP of Death
A rather small 42 KB email containing an attachment of recursively packed ZIP files which, in themselves, are neither dangerous nor virus-infected. They do, however, contain over 1 million packed files that, once unpacked, add up to 49,000,000 Gigabytes. When processed by a virus scanner decompression tool, this inconspicuous email initiates virtually endless loops, usually resulting in a system crash. This not only affects the virus scanners of client computers but also the mail servers which usually crash and paralyze the entire email traffic within a few minutes.
575