Email Security Gateway Online Manual

Dashboard

636 views June 22, 2017 June 21, 2018 giorgio 1

The dashboard is the main page of Libra Esva and gives an overview of the status of the appliance. All the data shown here are automatically refreshed every 120 seconds (by default).

Status Monitor

The status monitor contain summary of the most useful information in the system, to quickly spot anomalies.

Memory Swap Usage Swapped memory is normal in a mail gateway, especially when there are multiple antivirus. As the swap usage increase however, the performance drop exponentially, so it is always required to keep this value below 50-60% on average.

Mailer Status LibraEsva is composed of multiple engine working in synergy to create security. The most important engines are listed here, as well as their statuses (enabled, partially enabled, disabled).

  • Message scanning: the main engine of Libra Esva, is only disabled when the license is expired
  • MailScanner engines: status of MailScanner and number of parallel process currently running
  • Antivirus engines: ClamAV is the default antivirus and is always active. Avira and Bitdefender engines are available as an option
  • URLSand: LibraEsva proprietary sandboxing for link threat identification and real-time disarm
  • Quicksand: LibraEsva proprietary sandboxing to sanitize attachment on the gateway
  • License usage: current license usage
  • Load average: the load avarage is combination of many appliance factors, such us cpu usage, locked process, io waiting process and the like. This value should usally be equals or lower than the number of CPUs

Last Week Summary: SPAM Rates This is an overview of all the email which reached LibraEsva, distinguished by SMTP reject, Spam, Bounce and Virus. Usually, there are a lot of SMTP reject since is the first defence in Libra Esva from botnet and bad spam. The quantity of Spam, Bounces, and Virus greatly depends on the traffic, but as a general rule a great variation from normal traffic could be related to some high threat being detected.

Last Week Summary: Threat sources Similar to the last week summary, but geographically distributed. Allows you to see from where all the threat are generated.

Version info When you don’t have a cluster setup, you will see here only the current version of Libra Esva.

Cluster status When a cluster is setup, this box shows the nodes surrent load and the replica status. If there is any issue with the cluster replica a warning or an error is immediately displayed.

Daily Monitor

This panel shows the overall of the messages processed today (i.e. starting with 00:01am in local time). All data are real-time values coming from the application. The graph shown here is a complement to the “Last week summary”.

Today’s total A detailed count of all messages received or rejected. By clicking on the magnifying-glass beside the SMTP rejected, you can see the full list of all sender rejected today.

Mail Queues These represent the emails which are currently actively processed by Libra Esva. The incoming queue contains all the messages received (i.e. passed SMTP checks) which are waiting to be scanned and sanitized. The outgoing queue contains all the sanitized messages which are ready to be delivered. As for the SMTP reject, by clicking magnifying-glass is it possible to see the queue status; from that page the administrator may manually drop or flush the messages.

NOTE: Queue sizes are possibly the most important metric of your appliance. If you see an higher value then usual for the incoming queue, you may have a peak of traffic which may deteriorate the overall performance; in case of performance drop, or DoS situation, you should decide whether to increase the available resources (e.g. RAM or CPU) or to impose SMTP rate limits (e.g. 20 email per minutes). If you see an higher value than usual on the outgoing queue, the messages had been scanned but are not delivered to the final recipients; this means that you may have a problem with the company mailserver (refusing to accept message from Libra Esva) or with an external mail provider.

Last accepted messages

This list contains the last messages processed by Libra Esva in the last 24 hours updated in real-time. Every message shown here has successfully completed all the analysis, and is now either blocked in the quaranting or moved to the ouotgoing queue for delivery.

Administrator will find this list useful to monitor the mail flow through Libra Esva. In case of service abuse, this list gives an immediate feedback which greatly help in reducing threat response time.

Was this helpful?