The GroupWise Internet Agent includes the following features to help you protect your GroupWise system and users from unwanted e-mail:
Many organizations, such as Mail Abuse Prevention System (MAPS*) and SpamCop*, provide lists of IP addresses that are known to be open relay hosts or spam hosts. If you want to use free blacklist services such as these, or if you subscribe to fee-based services, you can define the blacklist addresses for these services. The Internet Agent then uses the defined services to ensure that no messages are received from blacklisted hosts. The following sections provide information to help you define blacklist addresses and, if necessary, override a host address included in a blacklist.
In ConsoleOne, right-click the Internet Agent object, then click
.Click
to display the Blacklists page.The
list displays the addresses of all blacklists that the Internet Agent checks when it receives a message from another SMTP host. The Internet Agent checks the first blacklist and continues checking lists until the sending SMTP host’s IP address is found or all lists have been checked. If the sending SMTP host’s IP address is included on any of the blacklists, the message is rejected. If you have the Internet Agent’s logging level set to Verbose, the log file includes information about the rejected message and the referring blacklist.This list corresponds with the Internet Agent’s /rbl switch.
Click
to display the New Blacklist Address dialog box.The following list provides the names, Web sites, and blacklist addresses for two services that are free at the time of this release:
Type the blacklist address in the
box, then click to add the address to the list.If you have multiple blacklists in the
list, use the up-arrow and down-arrow to position the blacklists in the order you want them checked. The Internet Agent checks the blacklists in the order they are listed, from top to bottom.Click
to save your changes.In some cases, a blacklist might contain a host from which you still want to receive messages. For example, goodhost.com has been accidentally added to a blacklist but you still want to receive messages from that host.
You can use the Section 47.1.2, Creating a Class of Service.
list on a class of service to override a blacklist. For information about editing or creating a class of service, seeIf you want to block specific hosts yourself rather than use a blacklist (in other words, create your own blacklist), you can configure a class of service that prevents messages from those hosts. You do this on the Internet Agent object’s Access Control Settings page by editing the desired class of service to add the hosts to the
exception list on the tab. For example, if you wanted to block all messages from badhost.com, you could edit the default class of service to add badhost.com to the list of prevented hosts.You can also create a list of hosts that you always want to allow messages from, so you can create your own white list.
For information about editing or creating a class of service, see Section 47.1.2, Creating a Class of Service.
ConsoleOne creates a blocked.txt file that includes all the hosts that have been added to the Prevent Messages From exceptions list for the default class of service (see Section 47.1, Controlling User Access to the Internet).
You can manually edit the blocked.txt file to add or remove hosts. To maintain consistency for your system, you can also copy the list to other Internet Agent installations.
To manually edit the blocked.txt file:
Open the blocked.txt file in a text editor.
Add the host addresses.
The entry format is:
address1 address2 address3
where address is either a hostname or an IP address. You can block on any octet. For example:
You can block on any segment of the hostname. For example:
Hostname |
Blocks |
---|---|
provo*.novell.com |
provo.novell.com provo1.novell.com provo2.novell.com |
*.novell.com |
gw.novell.com (but not novell.com itself) |
There is no limit to the number of IP addresses and hostnames that you can block in the blocked.txt file
Save the file as blocked.txt.
Multiple unsolicited messages (sometimes called a mailbomb or spam) from the Internet can potentially harm your GroupWise messaging environment. You can use the settings on the SMTP Security page to help protect your GroupWise system from malicious or accidental attacks.
To configure the SMTP security settings:
In ConsoleOne, right-click the Internet Agent object, then click
.Click
.Fill in the fields:
Reject Mail if Sender’s Identity Cannot be Verified: This setting lets you prevent messages if the sender’s host is not authentic.
When this setting is turned on, the Internet Agent refuses messages from a smart host if a DNS reverse lookup shows that a PTR record does not exist for the IP address of the sender’s host.
When this setting is turned off, the Internet Agent accepts messages from any host, but display a warning if the initiating host is not authentic.
This setting corresponds with the Internet Agent’s /rejbs switch.
Enable Mailbomb Protection: Mailbomb protection is turned off by default. You can turn it on by selecting this option.
Mailbomb Threshold: When you enable Mailbomb protection, default values are defined in the threshold settings. The default settings are 30 messages received within 10 seconds. You can change the settings to establish an acceptable security level.
Any group of messages that exceeds the specified threshold settings is entirely discarded. If you want to prevent future mailbombs from the mailbomb sender, identify the sender’s IP address (by looking at the Internet Agent’s console) and then modify the appropriate class of service to prevent mail being received from that IP address (Section 47.1.2, Creating a Class of Service.
). For more information, seeThe time setting corresponds with the Internet Agent’s /mbtime switch. The message count setting corresponds with the /mbcount switch.
Click
to save the changes.You can protect your system against mailbombs (spam). With mailbomb protection enabled, if the Internet Agent receives a certain number of messages (the default is 30) from the same host or IP address within a specific time interval (the default is 10 seconds), it discards the messages.
Before GroupWise 7, you could use the /xspam startup switch to flag messages for handling by the client Junk Mail Handling feature if they contained an x-spam-flag:yes in the MIME header. Starting in GroupWise 7, you can configure as many strings as needed to identify junk mail and you can use ConsoleOne to specify the strings.
In ConsoleOne, right-click the Internet Agent, then click
.Click
.Select
, then specify the strings in the text box.Anti-spam services use different indicators to mark potential spam. One might use a string of asterisks; the more asterisks, the greater the likelihood that the message is spam. Another might use a numerical value; the higher the number, the greater the likelihood that the message is spam. The following samples are taken from MIME headers of messages:
X-Spam-Results: ***** X-Spam-Status: score=9
Based on these samples, examples are provided below of lines that you could add to the list to handle the X-Spam tags found in the MIME headers of messages coming into your system.
Example: X-Spam-Results: *****
This line marks as spam any message whose MIME header contained an X-Spam-Results tag with five or more asterisks. Messages with X-Spam-Results tags with fewer than five asterisks are not marked as spam.
Example: X-Spam-Status: Yes
This line marks as spam any message whose MIME header contained the X-Spam-Status tag set to Yes, regardless of the score.
Example: X-Spam-Status: score=9 X-Spam-Status: score=10
These lines marks as spam any message whose MIME header has the X-Spam-Status tag set to Yes and had a score of 9 or 10. X-Spam-Status tags with scores less than 9 are not marked as spam.
You can add as many lines as necessary to the list to handle whatever message tagging your anti-spam service uses.
Click
to save your list of strings.The list is saved in the xspam.cfg file in the domain\wpgate\gwia directory. As described above, each line of the xspam.cfg file identifies an “X” header field that your anti-spam service is writing to the MIME header, along with the values that flag the message as spam. The Internet Agent examines the MIME header for any field listed in the xspam.cfg file. When a match occurs, the message is marked for handling by the GroupWise client Junk Mail Handling feature.
The Internet Agent supports SMTP host authentication for both outbound and inbound message traffic.
For outbound authentication to other SMTP hosts, the Internet Agent requires that the remote SMTP hosts support the AUTH LOGIN authentication method. To set up outbound authentication:
Include the remote SMTP host’s domain name an authentication credentials in the gwauth.cfg file, located in the domain\wpgate\gwia directory. The format is:
domain_name authuser authpassword
For example:
smtp.novell.com remotehost novell
If you have multiple SMTP hosts that require authentication before they accept messages from your system, create an entry for each host. Make sure to include a hard return after the last entry.
If you want to allow the Internet Agent to send messages only to SMTP hosts listed in the gwauth.cfg file, use the following startup switch:
/forceoutboundauth
With the /forceoutboundauth switch enabled, if a message is sent to an SMTP host not listed in the gwauth.cfg file, the sender receives an Undeliverable message.
For inbound authentication from other SMTP hosts, you can use the /forceinboundauth startup switch to ensure that the Internet Agent accepts messages only from SMTP hosts that use the AUTH LOGIN authentication method to provide a valid GroupWise user ID and password. The remote SMTP hosts can use any valid GroupWise user ID and password. However, for security reasons, we recommend that you create a dedicated GroupWise user account for remote SMTP host authentication.
You can have the Internet Agent reject messages from unidentified sources. The Internet Agent refuses messages from a host if a DNS reverse lookup shows that a “PTR” record does not exist for the IP address of the sender’s host.
If you choose not to have the Internet Agent reject messages from unidentified hosts, it accepts messages from any host, but it displays a warning if the sender’s host is not authentic.
To configure the Internet Agent to reject messages from unidentified hosts:
In ConsoleOne, right-click the Internet Agent object, then click
.Click
to display the Security Settings page.Turn on the
option.This setting corresponds with the Internet Agent’s /rejbs switch.
Click
to save your changes.