Email Security Gateway How To's

5 - Basic Settings

16 views August 1, 2014 June 25, 2018 paolo 0

Introduction

As soon as we have your default Libra Esva installation ready from the first configuration wizard, it’s a good idea to perform some basic additional configuration tasks.

 

  • Verify Network Settings
  • Configure a Time Server
  • Disable SSH Access
  • Check Relay Settings
  • Tune Anti Spam Engine
  • Anti Spam Action Settings
  • Outbound Email Configuration

 

Verify Network Settings

 

Select menù System->Network & System Settings->Network Settings

 

Cross check your hostname and dns settings are correct. It is important to have as first DNS the local resolver integrated in Libra Esva, so verify you have it set to 0.0.0.0 !

 

Configure a Time Server

 

Select menù System->Network & System Settings->System Preferences

 

Specify your NTP server if you have any, or a public one as pool.ntp.org

 

Disable SSH Access

 

Select menù System->Network & System Settings->System Preferences

 

Click on Disable Button next to Enable Tech Support line.

 

Check Relay Settings

 

Select menù System->Relay Configuration

 

The first thing to check is domain relay list. Be sure to verify the default domain is correctly configured and add any new domain you have to manage.
Next Check Trusted Networks. We usually REMOVE the LAN Subnet, and add only the internal mail server as we do not want all LAN to use our gateway as a relay.
Under SPF Filtering leave Fail on both HELO and MAIL FROM.
In the Tab RBL Filtering, activate at least one RBL! SpamCop & Abuseat are free to use for everyone, Spamhause requires a fee for commercial use.

 

Tune Anti Spam Engine

Select menù System->Spam & Quarantine Settings->Antispam General Settings

 

The first thing to verify is to adjust Antispam Engine Processes, and tune this value according to your email traffic volume. The default of 2 is ok for a test system, or a very low production environment.  Refer to the following table as a general raw indication:

 

Engine Processes Messages/Day (*) VM RAM VM vCPU
2 5000 2 Gb 1 vCPU
4 10000 2 Gb 1 vCPU
8 20000 3 Gb 2 vCPU
15 40000 6 Gb 4 vCPU
20 80000 8 Gb 4 vCPU
(*) Messages analyzed, so SMTP Rejects (Reputation rejects) do not count.
NOTE: For large deployments you may need to change System Resources under MTA Advanced Settings

Anti Spam Actions Settings

Select menù System->Spam & Quarantine Settings->Antispam Action Settings

 

Libra Esva uses two spam levels to classify messages. All messages under first score level are considered as good messages and should be always delivered to the final destination, messages in between first and second score level are considered spam, and messages above this second score level high spam.

 

spam actions

 

From this page you can configure, on a per-domain basis, action to perform on messages, based on their categorization (Clean, Spam, Hi-Spam). We recommend to NOT change default scores as they work well for most systems.

 

We suggest the following actions:

 

Category Actions
Clean Deliver, Store (optional)
Spam Store
Hi-Spam Store

 

Those setting are ok if you want to manage user spam quarantine on the Libra Esva gateway.

If you prefer to manage user quarantine elsewhere, change spam action accordingly, delivering and tagging messages with an extra header or modifying email subject.

 

Outbound Email Configuration

In case you want to use Libra Esva also for delivery outgoing email, you have to authorize you internal mail server for relay. To do this please add you mail server address to Libra Esva Trusted Networks.

 

Select menù System->Relay Configuration->Trusted Networks and click New

 

Trusted Networks

 

Remember to Apply Settings when done.

 

Ok, at this point you Libra Esva will do relay for all emails coming from you server.
Now you have to decide if you want to scan outgoing email for spam or not. Please note that antivirus and filename rules are always in place, even if your decision is to not analyze outgoing traffic for spam.

 

If you want to scan outgoing email for spam, verify under menù Lists that your internal mail server is not present. In case you find it as the startup wizard adds it automatically, please remove it’s entry.

 

To avoid spam checks on outgoing emails, cross check you have whitelisted your email server address under menù Lists.
outgoing email

Was this helpful?