1. About this Manual
  2. Introduction
    1. Prerequisites
    2. Version Information
  3. Login
    1. Reset Password
  4. User Settings
    1. Changing Password
    2. Changing Location
  5. Roles (DAP)
  6. Email Live Tracking
    1. Overview
    2. Customizing Email Display
    3. Filtering Emails
    4. Advanced Search (DAP)
    5. Email Details
      1. Open the Email Details
      2. Initiate an ATP Scan Manually
      3. Extended Email Information
    6. Email Fields
    7. Processing Emails
    8. Processing Actions
  7. 365 Total Protection
    1. Onboard Office 365 customers
      1. Create Onboarding Link
      2. Onboard 365 Customers in the Control Panel
    2. Set up 365 Total Protection (DAP)
    3. Configuration of Microsoft Services
      1. Set Firewall Settings
      2. Adjust SPF Records
      3. Adding MX Records to the DNS Zone
      4. Set Autodiscover for 365 Total Protection
      5. Configuration of Outbound Emails
        1. Configure outbound email traffic automatically
        2. Setup New Connector for Outbound Email Traffic
        3. Setup a New Transport Rule
      6. Setup Archiving for Internal Emails
        1. Archiving Internal Emails
        2. Option A: Relaying Internal Traffic
        3. Option B: Use Journaling to Archive Internal Emails
          1. Create a New Journal Rule
          2. Create a New Connector for Journal Reports
    4. Activate Email Encryption
    5. Activate Contingency Covering
    6. Group management for the Signature and Disclaimer service (DAP)
      1. Creating Groups for Signature and Disclaimer in the Control Panel
      2. Add Users to a Group
    7. Order 365 Total Protection
    8. Offboarding
      1. Delete or Deactivate Connector
  8. Reporting & Compliance
    1. Statistic
    2. Threat Live Report
      1. Displaying Global Data
      2. Selecting the Period
      3. Description of Statistics and Diagrams
        1. Live Attack Overview
        2. Attempted attacks – Attack Type by Date
        3. Threat Statistic – By Attack Type
        4. Threat Statistic - By Attack Vector
        5. Attempted Attacks - Attack Vectors by Date
      4. URL Rewriting Statistic
        1. Clicks by Time of Day
        2. Clicks by Device
        3. Clicks by Operating System
      5. Description of Attack Vectors
      6. Description of Attack Types
    3. Auditing 2.0
      1. Description of Categories
      2. Filtering Events
        1. Select Displayed Categories in the Auditing
        2. Search for Events
        3. Filter by Action
        4. Filter by Event Type
        5. Select Period
      3. Reset Settings
    4. Webfilter
      1. Edit Settings in the Webfilter Module
      2. Release Requests
      3. Blocked Websites
      4. Allowed Websites
      5. Report Incorrectly Categorized Website
      6. Group URLs
      7. Webfilter Statistics
  9. Management (DAP)
    1. Management Elements
      1. Administrative Elements
    2. Basic Partner Settings
      1. User Data
      2. Contact Data
      3. Add Contact Data
    3. Rights Management
      1. Create new Role
      2. Assign Role Authorizations
      3. Default Settings
      4. Advanced Settings
        1. Assign Special Rights
      5. Restrictions
      6. Settings
    4. Setup Templates
      1. Create new Templates
    5. Setup Customers / Domains
      1. Create new Customers/Domains
      2. Create new Office 365 Customer
    6. Basic Domain Settings
      1. Register new Alias Domain
      2. Search Alias Domains
      3. Export Alias Domains
      4. Import Alias Domains
    7. Postboxes
      1. Administration of User Settings
      2. Create Postboxes automatically
      3. Create Postboxes manually
      4. Import Postboxes
    8. Groups
      1. Create new Groups
      2. Delete Groups
      3. Manage Groups
    9. Domain Administration
      1. Filtering
      2. Advanced Threat Protection (ATP)
        1. Activate ATP
        2. Start ATP-Scan
        3. Real-Time Notification
        4. ATP-Report
        5. Ex Post Alert
      3. Aeternum Email Archiving
        1. Setup and Activate Archiving
        2. Add exceptions
        3. Deactivate Archiving
        4. Audit Access
        5. Create Audit Access
      4. Continuity Service
      5. Spam report
      6. Content Filter
        1. Activate Content Filter
        2. Add new Group
        3. Setup Content Filter
        4. Forbidden File Types
      7. Compliance Filter
        1. Setup Compliance Filter
        2. Add Filter
        3. Define Filter Rules
        4. Define Actions
        5. Filter Sequence and Classification
        6. Regular Expressions
      8. Encryption
        1. Activate Encryption
        2. Check Encryption Capability
        3. Encryption Methods
        4. Sequence of Encryption Methods
        5. Display Encryption Method in Subject
        6. Certificate Administration
          1. Ordering Certificates
          2. Certificate Settings
        7. Websafe
          1. Setup Websafe
          2. Encrypt Emails with Websafe
          3. Websafe Encryption through Email Subject
          4. Select Websafe Templates
    10. Setup Email Footer
    11. Setup Advanced Routing
  10. Security Settings
    1. Signature and Disclaimer
      1. Activate LDAP for Signature and Disclaimer
      2. Activate Signature and Disclaimer
      3. Create Signatures and Disclaimers
      4. Edit or Delete Signature and Disclaimer Templates
      5. Using the WYSIWYG-Editor
        1. Hide Empty Active Directory Elements
        2. Include Subsignatures
        3. Insert HTML Source Code
        4. Preview Signatures and Disclaimers
      6. Data synchronization via LDAP
      7. Troubleshooting: Variables Are Not Referenced
    2. Hornetdrive
      1. Perform Actions
        1. Create Account
        2. Upgrade Account
        3. Assign Accounts to Other Partners or Customers
        4. Delete Accounts
        5. Export Data as CSV
      2. Account Area
        1. Open the Account Details
        2. Account Details
  11. Whitelabeling – Control Panel Customization
    1. Prerequisites to Customize the Control Panel
    2. Customize the Control Panel
    3. Example: Customize the Control Panel
    4. Fallback Design
    5. Displayed Email Information
      1. Add Email Information
    6. Contact Data in the Control Panel
      1. Contact Data Processing
      2. Add Support Information in the Control Panel
  12. Email Categories
  13. Classification Reasons
    1. Classification ATP/Content/Virus
    2. Classification Quarantined
    3. Classification Rejected
    4. Classification Valid
  14. Ruleset order
  15. Email Authentication Methods
    1. SPF Functionality
    2. DKIM Functionality
    3. Combination of SPF and DKIM
    4. DMARC Functionality
    5. Setting up SPF
      1. SPF Variants
      2. SPF logic
      3. Add SPF Record to DNS Zone
      4. Activate SPF
    6. Setting up DKIM
      1. Set the CNAME Record
      2. Activate DKIM
    7. Setting up DMARC
      1. Activate DMARC
      2. Decision Matrix of DMARC Policies
    8. Emails in the Control Panel
      1. Troubleshooting: Increased Outbound False Positive Rate
      2. Troubleshooting: Increased False Positive Rate on Inbound Emails with SPF Variant 2
  16. Glossary

About this Manual

This manual is for both users and administrators of the Control Panel. It describes the usage as well as the administrative tasks.

The administrative roles are divided into two levels:

  • Domain administrator: Is responsible for a primary email domain, the related alias email domains and all email addresses.
  • Partner: Is responsible for several clients. Each client corresponds to a primary email domain, its alias email domains and all email addresses.

The administrative sections in this manual are marked as follows:

  • DA: This section is for domain administrators only.
  • P: This section is for partners only.
  • DAP: This section is for both domain administrators and partners.

All unmarked sections are for users and all administrator levels.

Note:
Depending on the level of rights assigned to you, it is possible that you cannot see all the menus described.

Introduction

The Control Panel is designed for handling incoming emails and evaluating the email traffic. It provides you with an easy-to-use web interface with a responsive design. Thus you can use it on your desktop and on your mobile device from everywhere you are. You can install the Progressice Web App to use the Control Panel on your mobile device. Read the documentation of the Progressive Web App for further information.

 

The main functionality of the Control Panel is to monitor and control the flow of your emails. For example, you can mark emails as spam or release emails that have been marked as spam. You can also blacklist or whitelist senders.

Note:
The email search has been completely revised and new functions have been added.
The modules from the old version are included, so that you can use them as usual until the development is completed.
Note:
The new Control Panel contains an option to add and maintain black- and whitelists. The current Control Panel version contains the option to set these lists, but entries set there are without any function for the time being. Once the Black-/Whitelist function has been implemented for the new Control Panel, any lists already setup in the old Control Panel will be automatically implemented.
Any Black-/Whitelist existing in the new Control Panel will be overwritten once the data will be migrated from the old Control Panel. Therefore it is recommended to maintain the Black-/Whiteist from the old Control Panel exclusively.

Prerequisites

The new Control Panel is designed to run on all relevant web browsers in the latest versions.

The support of the browsers starts with the following versions:

  • Chrome version 55
  • Firefox version 50
  • IE Version 11
  • Safari version 9
  • Edge version 38

Version Information

  1. Check the current version of the Control Panel by clicking on next to the user settings in the upper right corner of the window.
  2. To view the version information, click on the version number.

Login

  1. Go to the Control Panel website provided by your partner or the support department.
    The login screen appears:
  2. Enter your username.
    Note:
    Enter your personal email address as username. You can change the role after logging in. After a new registration, you will receive your access data from your partner or support.
  3. Click on Continue.
  4. Perform the following steps if your account is synchronized with LDAP or was created in the Control Panel directly. Go to step 5 if your account is synchronized with Office 365.
    • Enter your password in the field Password.
    • Click on Login.

You are logged in at the Control Panel.

Note:
At your first login you can choose the time zone which defines the time, the date and the language. You can change the language in your user settings every time.

  1. Perform the following steps if your account is synchronized with Office 365.
    • Enter your email address in the application form of Microsoft again.
    • Click on Next.
    • Enter your password.
    • Click on Sign in.
    • Select if you would like to stay signed in or not.

You are logged in at the Control Panel.

Note:
At your first login you can choose the time zone which defines the time, the date and the language. You can change the language in your user settings every time.

Reset Password

Prerequisite: Your account is not synchronized via LDAP or Office 365.

You cannot reset your password if your account is synchronized via LDAP or Office 365. If you want to reset your password, contact your administrator.

  1. Click on Reset password?.

You get an email with a new password and an activation link.

 

  1. Click on the activation link in the email.

A window with the application form for the Control Panel opens.

 

  1. Enter the password which you got in the email.

You are logged in.

User Settings

You can change your password and your location in the user settings.

The location is responsible for the language and timezone used in the Control Panel.

Note:
It is possible to change the settings individually or all at once.

Open the User Settings

  • Click on in the upper right corner of the window.

Changing Password

Change your current password

  1. Enter your current password in the text field Old Password.
  2. Enter your new password in the text fields New Password and Repeat.
  3. Click on Save, to save your new password.

Changing Location

The location influences the time format, the date and time and the language in the Control Panel.

Note:
New customers are automatically classified in the same location as their partner. The location can be adjusted individually afterwards.

Change the time zone

  1. Select the location from the dropdown menu.
  2. Click on Save to save the selected location.

Roles (DAP)

Depending on your assigned rights, you can administrate different customers, domains and users.

The Control Panel provides an easy way for partners and domain administrators to change the current role. Thus you can limit the focus on a customer, domain or user.

Change the role

Select either of the following:

  • Select the customer, domain or user directly from the drop-down menu.

Search in list of drop-down menu

  • Enter the name of a customer, a domain or a user in the search bar.

Search by name

Filter your search results

You can filter your search results:

  • To search for partners, customers and users, activate the search for users.
  • To limit the search for partners and customers, deactivate the search for users.

Email Live Tracking

In the Email Live Tracking you can examine your email traffic.

You can search your current emails as well as the Email Archive.

Note:
You can only see the emails which correspond to your level of authorization.
  • Users will only see their own emails including the emails of their alias addresses.
  • Domain administrators can see all emails of the domain they administrate, including the alias domains.
  • Partners can see all emails of their clients’ domains.

All users including the administrators will view their own personal emails after logging in.

The following sections start with an overview of the Email Live Tracking module.

The functionalities are explained individually afterwards.

Overview

The Email Live Tracking module is divided into three sections:

Filter Section

You can filter the emails shown in the email display. The different functions are described in Filtering Emails.

The filter section inherits the selection and processing actions for emails.

Filter options

Email Display

The email display is the main component of the window and shows all the emails following your search and filter criteria.

You can customize the email display individually by changing the email fields.

Extensive e-mail lists can be searched with the scroll function . The scroll function is located in the center of the lower display area. By selecting the arrow at the bottom right, the statistics can be hidden and displayed.

Email display

Email Category Statistics

The statistics evaluate the categories of your emails shown in the email display. The statistics can be hidden and displayed using the arrow   in the lower right area of the email display.

Amount of emails per category

Customizing Email Display

You can customize the email display individually by

  • Selecting and deselecting email fields.
  • Changing the positions of email fields.
  • Resizing the fields.

 

Customize the email fields

  1. Click on the button on the right.
  2. Select the desired field from the drop-down menu.
  3. Click on Default to retrieve the original settings.
Note:
You can select or deselect multiple fields at once.

Change the position of email fields

  1. Drag the field you want to reposition.
  2. Drop it in the position you desire.

Resizing the fields

  1. Place the mouse between two fields.

    A green line appears.
  2. Drag the line and resize the field as desired.

 

Filtering Emails

The Email Live Tracking module provides various filter functions. You can use them individual or in combination on your emails.

Category Filter

You can filter your emails by categories.

Note:
Rejected emails are not shown per default. To view them, activate the category Rejected.

Filter your emails by category

  • Select or deselect the category in the filter section.

Note:
To only display emails of a specific category, double-click on the desired category and all other categories will be disabled.

Search Bar

You can filter your results entering terms in the search bar. All email fields are searched unless you select a field suggested to search for.

Note:
You must enter at least three characters to use the search.

Search your emails

  • Enter a term in the search bar.

The results in the email display are filtered while typing.

Search only in certain fields

  1. Select a field from the suggestions.
  2. Enter a term in the field to be searched for.

Email Field Filters

Filter your results with the following email field filters:

Field Filter Description
Date You can select a time interval from the drop-down menu or define a custom range. The current day (“Today”) is the default setting.
Direction Filter for incoming or outgoing emails. The default is both.
Encryption Select the encryption type you want to filter for, multi-selection is possible. The default includes all encryption types and no encryption.
Status Filter for delivered, deferred or rejected emails.
Size Filter for emails with a specific size, selected from the drop-down menu.

Filter results from Email Display

You can directly select a value of an email from the email display to filter for.

  • Double-click on the desired field value (e.g. Communication-Partner) of an email.

Reset all Filters

  • Click on Reset Filter/Search.

Advanced Search (DAP)

In the Email Live Tracking module, you can search the individual email fields combined or use the full-text search to search in all fields at once. Defining queries, the search is completing and you can search for word beginnings. It is not intended to search within words.
For each individual field, there are delimiters to separate words.

The following table shows examples for valid and invalid queries as well as the delimiters for the individual fields.

Type Delimiter Example
valid search query
invalid search query
Email address “@” and last “.” moc.t1550970605set@o1550970605fni1550970605 info; test; com o@test; nfo@
Hostname “-” and “.” gateway07-rz01.test.com gate; rz01; test; com eway; 07; 01;
Attachments “;” and last “.” text.txt; image.jpg text; txt; image.jpg xt; mage; pg
Text special characters
Reason “:” linktag:lt_exprx_15_10_442:auto linktag; lt_exprx; auto tag; exprx; 10_442

Email Details

You can view the details of a single email and perform the following actions:

  • Report the email as spam.
  • Report the email as infomail.
  • Deliver the email.

The email details contain meta information, that are described in Email Fields, as well as the email header and the SMPT dialog for the email.

Open the Email Details

  1. Click on the arrow symbol.
    Note:
    The colour indicates the category of the email.
  2. Click on the action that you would like to perform on the email.

Note:
To blacklist or whitelist the email sender, use the Selection.

Initiate an ATP Scan Manually

You can scan incoming emails with potentially dangerous attachments in the Control Panel using ATP. You can perform two ATP scans for email attachments each month for free. For additional analyzes you have to activate Advanced Threat Protection.

Note:
The ATP scan is only available for emails with executable attachments (e.g. .exe file). Furthermore, clean emails that have already been delivered can only be scanned when the products Aeternum (email archive) or the Continuity Service are active.

 

  1. Open the module Email Live Tracking in the Control Panel.
  2. Open the details for the email you want to scan by ATP.
  3. Click on the magnifying glass ATP to start the scan.

 

You will get a notification that the scan has been started. The scan process can take up to 15 minutes until it is finished.

 

After the scan is done, you can open the ATP report for the analyzed file under ATP in the extended information for the scanned email.

 

Extended Email Information

You can find detailed information about the selected email under Infos.

The detailed information of a specific email is separated in three sections.

Details Header SMTP ATP
Here, you can find further information concerning the selected email.The following email fields are shown:
  • Owner
  • Communication partner
  • Subject
  • Message-ID
  • Category filter
  • Reason
  • Connect
  • SMTP-Code
  • Encryption
  • Date
The header tab provides the header information of the selected email.

The header is not shown for rejected emails.

In the SMTP tab, the whole SMTP-Dialog is shown. The last row is also shown in the details under SMTP-Code After an ATP analysis has been performed, the ATP reports for the attached files are displayed here.

You can find a description of the shown email fields under Email fields.

Email Fields

The following table describes the email fields shown in the email display and the email details.

 

Field Description
Date The date and time when the email was sent.
Depending on the selected time zone.
Communication partner The owner’s communication partner. Sender or receiver of emails to/from the owner.
Direction <> Incoming or outgoing message from the owner’s point of view.
Owner The email was sent or received by the owner.
Subject The subject of the email.
Encryption The lock only shows, whether the email is encrypted or not. You can see the encryption type in the email details.
Status Indicates, whether the email is delivered, deferred or rejected.
Size Size of the email.
Reason The reason, why the email has been classified as spam, virus etc.
msg id Internal id of the email.
source hostname Outgoing server hostname.
destination hostname Incoming server hostname.
gateway The gateway.
source IP Sender’s IP address.
destination IP Receiver’s IP address.
message id The id of the email.
Connect Depending on the direction of the email, the hostname of the incoming or outgoing mail server is shown.
SMTP-Code Shows the last row of the SMTP dialog.

Processing Emails

To select and process emails:

  1. Click on the button in the filter section. A tool bar opens.
  2. Click on the emails in the result display to select them.

    Note:
    You can select and process multiple emails at once.

    Furthermore, it is possible to select all displayed emails at once:

  3. Click on the action you want to perform for the selected emails.

 

Note:
All actions are described in Processing Actions.

Processing Actions

The actions you can perform on emails in the Email Live Tracking module are described in the following table.

ActionDescription
Deliver EmailDelivers the selected email.
Report as SpamThe email is classified as spam and the support and quality management system is informed in order to conduct any further investigation. This is the preferred method of dealing with spam emails since the sender address is usually forged anyway.
Report as InfomailThe email is classified as infomail. The options for infomails are individually adjustable.
Blacklist SenderThe email from this sender is added to the user's blacklist. Any future emails from this sender will be classified as spam.
Whitelist + DeliverDeliver this email and additionally deliver all emails from this sender in the future automatically. The sender’s address is added to the user's whitelist.
Mark as privateThe selected emails are treated as private emails. Thus the access to them is blocked and can only be restored by our support. With an audit access, emails marked as private cannot be read. However, emails marked as private are exported with the Aeternum Export Manager.
Note:
Once you have marked an email as private, you cannot undo it.
Blacklist for All Users (DAP)The email from this sender is added to the public blacklist. Any future emails from this sender will be classified as spam.
Whitelist for all users (DAP)The sender’s address is added to the public whitelist.
Send email to adminThe email is sent to the provided email address of your administrator under ManagementSettingsData.
Note:
The blacklisting and whitelisting rules are processed in the following order:
  • Administrator Blacklist
  • Administrator Whitelist
  • User Blacklist
  • User Whitelist

For Example: A user adds the account moc.e1550970605lpmax1550970605e@elp1550970605maxe1550970605 to their whitelist and the administrator adds this account to the global blacklist. The emails from that account will be delivered to the user, but not to any other user who has not whitelisted that account.

365 Total Protection

365 Total Protection offers comprehensive protection for Microsoft cloud services – specially developed for Office 365 and seamlessly integrated. Benefit from the fact that it is easy to set up and extremely intuitive to use, simplifying your IT Security management from the very start.

Here you get all the information you need to set up 365 Total Protection.
 

Note:
The 365 Total Protection onboarding addresses new customers. Existing customers and domains cannot be created again.

Onboard Office 365 customers

If your customer has an account at Microsoft Office 365, you have the option to set it up automatically using the Control Panel. All domains, users and groups of the customer created in Office 365 are automatically transferred and displayed in the control panel.

 

There are two ways to set up the customer: You can either login to Microsoft with the customer’s administrative credentials and perform the onboarding process yourself, or you can send the customer an onboarding link to do the setup themselves.

Afterwards some DNS settings for the domains have to be done to redirect the email traffic.

Onboard 365 Customers in the Control Panel

If you have the administrative credentials for the Office 365 environment of the customer you are setting up, you can onboard the customer directly via the Control Panel.

  1. Open the Control Panel.
  2. In the role selection, select the partner under which the new customer is to be created.
  1. Select 365 Total Protection.
  1. Click on the desired product.

You will then be redirected to the Onboarding form.

Set up 365 Total Protection (DAP)

  1. Please enter your contact details in the onboarding form so that we can contact you in case of problems or questions.

  1. Then click on Start Now to start the process.
  2. Log in to Microsoft Office 365 with administrative rights.


Note:
During the subsequent synchronization, only the domains, user groups and mailboxes are transferred. No changes are made to Microsoft’s configuration settings.

  1. Accept the requested permissions to connect our services with Microsoft.

Your domains, user groups and mailboxes are created in the Control Panel.

 

Example: 365 Total Protection customer in the Control Panel

The new 365 Total Protection customer is always created with his .onmicrosoft domain.

365 Total Protection customer with .onmicrosoft domain

Note:
Due to different group administrations, the multiple assignment of a user in several user groups under Microsoft can not be transferred consistently into the group system of 365 TP. After synchronization, check the assignment of users for their correct group affiliation and reassign users to their correct user groups under 365 TP if required.

365 Total Protection has been set up successfully.

 

Note:
To use the Signature and Disclaimer service, the groups must be maintained separately.

 

After the synchronization, you must adjust the DNS settings of the synchronized domains so that you can make full use of our services.

Configuration of Microsoft Services

To take advantage of all 365 Total Protection services, you must customize the configuration of Office 365.

Set Firewall Settings

Note:
The configuration of the inbound email traffic described in this chapter can be done automatically. For an explanation, go to Configure outbound email traffic automatically. The automatic configuration of the outbound email traffic also configures the inbound email traffic automatically.

  1. Open the website Office.com and log in with your administrative credentials.
  2. Navigate to AdminAdmin centersExchange.
  3. Under mail flow select the tab connectors.
  4. Click + to create a new connector.

  1. Under From: select the item Partner organization and under To: select the item Office 365.

  1. Click on Next.
  2. Enter a name for the new connector in the field Name.

  1. Optional: Enter a description of the connector.

Note:
The checkbox Turn it on activates the Connector automatically after creation. It is activated by default.

  1. Click on Next.
  2. Select Use the sender’s domain and click on Next.

  1. Click on +, enter * as domain and click on OK.

  1. Click on Next.
  2. Select Reject email messages if they aren’t sent over TLS and Reject email messages if they aren’t sent from within this IP address range as security restrictions.
  3. Then click on + under Reject email messages if they aren’t sent from within this IP address range.
  4. Enter the following IP addresses:
    83.246.65.0/24, 94.100.128.0/24, 94.100.129.0/24, 94.100.130.0/24, 94.100.131.0/24, 94.100.132.0/24, 94.100.133.0/24, 94.100.134.0/24, 94.100.135.0/24, 94.100.136.0/24, 94.100.137.0/24, 94.100.138.0/24, 94.100.139.0/24, 94.100.140.0/24, 94.100.141.0/24, 94.100.142.0/24, 94.100.143.0/24, 185.140.207.0/24, 185.140.206.0/24, 185.140.205.0/24, 185.140.204.0/24, 173.45.18.0/24

The IP addresses authorized for sending are registered.

  1. Click on Next.
  2. Check the summary and click on Save to create the connector.

Adjust SPF Records

To make sure that emails routed through the Hornetsecurity Services are not filtered as spam, add Hornetsecurity as valid sender for your domain.

  1. Open the Office 365 Admin Center.
  2. Navigate to SetupDomains.
  3. Select the domain you have registered with Hornetsecurity.
  4. Include the following SPF/TXT record: TXT “v=spf1 include:spf.protection.outlook.com include:antispameurope.com ~all”

Note:
If you have additional systems, which send outbound emails for the corresponding domain, include them to the SPF Record as well.

Adding MX Records to the DNS Zone

To route and filter email traffic through our infrastructure, you need to adjust the MX records of all synchronized domains.

  1. Set the following MX records in the DNS settings of your domains in the Office 365 Admin Center:
DomainClassTYPEPRIORITYMAILSERVER
customerdomain.tld INMX10mx01.hornetsecurity.com
customerdomain.tld INMX20mx02.hornetsecurity.com

Note:
Enter your actual domain for <customerdomain.tld>.

  1. To check if the MX records are set correctly, click on SHOW CONFIGURATION.

If you set the MX records correctly, a green hook appears under MX status report.

Set Autodiscover for 365 Total Protection

Setting the Autodiscover service facilitates the process of setting up user accounts in email clients. Users do not need to enter a server name or port number, this information is automatically shared by the Autodiscover service.

Additionally, the Autodiscover service passes information to the clients.

 

  1. Set a CNAME record for the Autodiscover service:
TYPE PRIORITY HOSTNAME POINTS TO TTL
CNAME autodiscover autodiscover.hornetsecurity.com 1 hour

You have set the Autodiscover service for 365 Total Protection.

Configuration of Outbound Emails

To use the Hornetsecurity services the outbound email traffic has to be configured. The following chapter explains how to set up a new connector and a transport rule.

Note:
You can configure the outbound email traffic automatically (see: Configure outbound email traffic automatically) or you can do this manually (see from: Setup New Connector).

Configure outbound email traffic automatically

Note:
The automatic configuration of the outbound email traffic also configures the inbound email traffic automatically. This replaces the manual configuration of the inbound email traffic from the chapter Set Firewall Settings.

  1. On the status page click on CONFIGURE AUTOMATICALLY to start the automatic configuration of the outbound email traffic.

    The outbound email traffic is configured.

The outbound email traffic was successfully configured.

Important:
Already installed connectors can cause errors in the automatic configuration of the outbound email traffic.

Problem solving

  • Delete already configured connectors and click on
    CONFIGURE AGAIN to start the configuration OR
  • click on SUPPORT ASSISTANCE to contact the support.

Setup New Connector for Outbound Email Traffic

  1. In the Office 365 Admin Center, navigate to Admin centersExchangemail flowconnectors.
  2. Click on New.
  3. Select Office 365 in the drop-down menu From:.
  4. Select Your organizations’s email server in the drop-down menu To:.
  5. Click on Next.
  6. Define a name.
  7. Define a description.
  8. Click on Next.
  9. Select Only when I have a transport rule set up that redirects messages to this connector.
  10. Click on Next.
  11. Add the smarthost for outbound traffic: hsrelay01.antispameurope.com

  12. Click on Save.
  13. Leave the settings on default.
  14. Click on Next.
  15. Enter an external email address to verify your settings.

Office 365 will send a test email to that address. If you receive this email, you can proceed.

Setup a New Transport Rule

  1. In the Exchange Admin Center, select mail flowrulesCreate a new rule….
  2. Select More options….
  3. Define a name for the new rule.
  4. Select The recipient is located… → Outside the organisation in the drop-down menu Apply this rule if….
  5. Select Redirect the message to…the following connector in the drop-down menu Do the following….
  6. Select the connector created in Setup new connector.
  7. Save your settings.

Setup Archiving for Internal Emails

This section explains in two options how to add internal emails to the archive.

This configuration is necessary for 365 Total Protection Enterprise only.

Archiving Internal Emails

If you want to archive internal emails with Aeternum, the archive service, you can forward internal emails or create a journaling mailbox.

Note:
You cannot use both options at the same time. Also make sure to have the archiving service enabled within the Control Panel for all domains before you continue. (The archive is only available for 365 Total Protection Enterprise.)

Example: Archiving of internal emails

Option A: Relaying Internal Traffic

If you choose this option, all internal emails leave your Office 365 environment and are routed to the archive. These emails are redirected to Office 365 after archiving.

 

  1. In the Exchange Admin Center, select mail flowrulesCreate a new rule….
  2. Select More options….
  3. Define a name for the new rule.
  4. Select The recipient is located…Inside the organization… in the drop-down menu Apply this rule if….
  5. Select Redirect the message to…the following connector in the drop-down menu Do the following….
  6. Select the connector created in Setup new connector.
  7. Click on add exception and select The sender  is external/internal Outside the organization in the drop-down menu Except if….
  8. Save your settings.

Option B: Use Journaling to Archive Internal Emails

Another option for archiving internal emails is the journaling feature. That means that Office 365 generates a journal report for each internal email and sends it to the archive, while keeping your internal emails routing within your organization.

Create a New Journal Rule

  1. In the Exchange Admin Center, select compliance managementjournal rules.
  2. Click on New.
  3. Define an email address for undeliverable journal reports.
    Note:
    This can belong to any user in the Office 365 environment.
  4. Define a name in the field Name.
  5. Enter following in the input field Send journal reports to:
    <customer_domain.tld>moc.e1550970605porue1550970605mapsi1550970605tna.l1550970605anruo1550970605j@70015509706052_1550970605
    Note:
    The placeholder <customer_domain.tld> represents the main domain which is defined in the Control Panel.
  6. Select [Aplly to all messages] in the drop-down menu If the message is sent to or received from….
  7. Select Internal messages only in the drop-down menu Journal the following messages….
  8. Click on Save.

Create a New Connector for Journal Reports

  1. In the Exchange Admin Center, select mail flowconnectorsNew.
  2. Select Office 365 in the drop-down menu From:.
  3. Select Partner organization in the drop-down menu To:.
  4. Click on New.
  5. Define a name for the new connector (e. g. Relay via HSE (Journal)).
  6. Click on Next.
  7. Select Only when email messages are sent to these domains and enter the following domain:
    journal.antispameurope.com

  8. Click on Next.
  9. Select Route email through these smart hosts and enter following domain:
    hsrelay01.antispameurope.com

  10. Click on Next on the following TLS configuration without making adjustments.

You can see a review of the configured connector. This should look similar to this:

  1. Click on Next.
  2. To confirm that the connector is working as intended, send a test email using the following email address scheme for this test email:
    <customer_domain.tld>moc.e1550970605porue1550970605mapsi1550970605tna.l1550970605anruo1550970605j@70015509706052_1550970605
    Note:
    Replace <customerdomain.tld> with your actual domain.

  3. Save your settings if the test was successful.

Activate Email Encryption

The email encryption is part of the products 365 Total Protection Business and Enterprise.
Encryption must be activated manually because some settings must be configured here.

 

Follow the instructions under Encryption.

Activate Contingency Covering (Only 365 Total Protection Enterprise)

Should the Microsoft services fail or the services be temporarily unavailable, this also affects your access to your mailbox. Emails can then be neither sent nor received, which can harm your entire business processes. In such an event, Contingency Covering is your stand-by system, which – activated in mere seconds – keeps your email correspondence up and running.

Note:
Contingency Covering is only included in 365 Total Protection Enterprise and you must activate it manually to configure the settings.

 

Proceed as described in the following:

  1. Navigate to ManagementEmailContinuity Service.
  2. Activate the checkbox Continuity Service, stores clean Emails for 3 month. With 365 Total Protection Enterprise you do not have to pay any additional fees for this service.
  3. Select whether all mailboxes of the domain or only certain mailboxes should be covered by the service:
    1. If you select All users, all mailboxes of the domain will be covered.
    2. If you select Selected users only, then click Select and select the mailboxes you want.

Activate Contingency Covering

Group management for the Signature and Disclaimer service (DAP)

To use the Signature and Disclaimer service, you must recreate the user groups, because Office 365 allows a different group management than the Signature and Disclaimer service.

Creating Groups for Signature and Disclaimer in the Control Panel

You can create new groups to group users together for specific actions.

  1. Open the Management menu in the Control Panel.
  2. Select the desired domain from the drop-down list.
  3. Select the Groups tab.
  4. Enter the desired group name.
  5. Click on Add.
  1. Then click Save to save the group.

You have created a new group. In the next step, you can add users to the created group.

Add Users to a Group

You can add users to a group.

Note: A user can only belong to one group at a time. All users that are not assigned to a group are grouped in the group Default. That group is not displayed in the group definition.

  1. Under Groups, select the Group Settings tab.
  2. Click on the preselected group to change it.
  3. Select the desired group.
  4. Click on Apply.
  5. Select the tab Member.
    The left part of the window shows users without a group assignment and the right part shows users in the selected group.
  6. Click on + behind a user to add it to the group.
  7. After you have added all desired users to the group, click on Save.

Order 365 Total Protection

If you would like to order the product after 14-day test, you have the possibility to order 365 Total Protection in the Control Panel directly.

  1. Select 365 Total Protection.
  2. Click on BUY NOW.

An overview appears showing the amount of postboxes and the prize.

  1. Click on ORDER NOW CHARGEABLE to buy 365 Total Protection.

You get a confirmation email with an overview of the product.

Offboarding

At the end of the 365 Total Protection trial period, if you no longer wish to use the product, or if you canceled 365 Total Protection at any time, you will need to make some settings in your Office 365 configuration to ensure that your emails are delivered.

  1. Delete or deactivate the connector for the inbound email traffic. (firewall setting)
  2. If you have changed the outbound email traffic, delete or deactivate this connector as well. (Relaying)

Note:
Information on how to delete or disable the connectors in your Office 365 environment can be found here.

  1. Remove the MX records in the DNS zone of your domains.

Your emails will then no longer be routed through our services.

Delete or Deactivate Connector

  1. Open Office.com and log in with your administrative credentials.
  2. Navigate to AdminAdmin centersExchange.
  3. Select mail flow and click on the tab connectors.
  4. Select the corresponding connector.
  5. You can either delete or deactivate the connector:
  • To delete the connector, click on Delete.
  • To deactivate the connector, click on Deactivate in the connector overview.

  1. Confirm the notification with Yes.

You have deleted or deactivated the selected connector.

Reporting & Compliance

The menu item Reports & Compliance bundles all statistics, as well as the overview of the audit logs.

Statistic

Shows the email statistic of the selected customer or partner.

Threat Live Report

Note:
The Threat Live Report is only available for Advanced Threat Protection (ATP) customers.

In this documentation the module Threat Live Report under Management is explained. You can find the texts used here in the module in the Control Panel.

Move over the behind the respective statistic or diagram.

Displaying Global Data

With the global button you can switch the LIVE ATTACK OVERVIEW and diagrams and statistics under ATTEMPTED ATTACKS and THREAT STATISTIC to the available data of all Hornetsecurity customers.
If global is activated, you can see attacks and threats which have been occurred to all customers of Hornetsecurity in the chosen period. If global is deactivated, you can only see those attacks and threats for the customer chosen in the role selection.

Selecting the Period

Here you can select the period for the displayed statistics. The selection of the period affects the diagrams and statistics under ATTEMPTED ATTACKS, THREAT STATISTIC and URL REWRITING STATISTIC.

Description of Statistics and Diagrams

In this chapter the categories and diagrams are explained which are displayed by the Threat Live Report.

Live Attack Overview

The LIVE ATTACK OVERVIEW shows all attacks with their source and destination caught at this moment. Furthermore, the attack type is shown. Here you can find a description of all attacks types.

Attempted attacks – Attack Type by Date

The statistic shows how many attacks per attack type took place at a certain time in the chosen period. Move the mouse over the vertical lines to display the absolute numbers of the attacks per attack type for a certain time. Move over the points of each attack type to display the respective diagram and information about the number of attacks.

Threat Statistic – By Attack Type

The diagram shows the proportions of attack types in relation to the total number of attacks in the selected period. The total number of attacks that took place is shown in the middle. It refers to the selected period. Here you can find a description of all attack types.

Threat Statistic - By Attack Vector

The diagram shows the proportions of attack vectors in relation to the total number of attacks in this period. The total number of attacks that took place is shown in the middle. It refers to the selected period. Here you can find a description of all attack vectors.

Attempted Attacks - Attack Vectors by Date

The statistic shows how many attacks per attack vector took place at a certain time in the chosen period. Move the mouse over the vertical lines to display the absolute numbers of the attacks per attack vector for a certain time. Move over the points of each attack vector to display the respective diagram and information about the number of attacks.

URL Rewriting Statistic

The statistics and charts under URL REWRITING STATISTIC each represent the number of clicked links in emails rewritten by the URL rewriting engine in the selected time period.

Clicks by Time of Day

The statistic shows the percentage of clicks on a link at a certain time.

Clicks by Device

The statistic shows the distribution of clicks per device in percent.

Clicks by Operating System

The diagram shows the distribution of clicks per operating system in percent.

Description of Attack Vectors

Name of the Attack Vector Description
Attachment An attachment of an email is a file which can contain malware.
Link A link in an email is a connection to another website. Malware can hide behind this link.
Link Dropper Link Droppers are links that serve as carriers for malware. The link itself is not harmful but allows the malware behind it to execute itself.
Link Downloader Link Downloaders are links in emails that contain malware. If the victim clicks on this link, the malware is downloaded.
Malware Downloader Malware Downloaders are considered Trojans because they secretly download malicious files from a remote server.
Malware Dropper Malware Droppers are not malware, but transport malware into the system. From the outside, the Malware Dropper appears harmless and can camouflage itself as a file. However, the files it contains can run themselves and infect the system with malware.
Malware Packer Malware Packers are a malware type in which criminals compress their malicious programs using a variety of methods. This is an attempt to bypass malware analysis.
Fraud Fraud in relation to the Internet means obtaining sensitive data, money or bank details of users through Internet services. For example, websites or transactions can pretend to be real, but are programmed by cybercriminals. A well-known variant is the CEO fraud, in which criminals pose as managing directors and contact the accounting department of a company by phone or email to instruct the transfer of large sums of money.
Phishing Phishing is a combination of the words “password” and “fishing” and thus refers to “fishing for passwords”. Cyber criminals claim that emails or websites are genuine and thus cause users to enter sensitive data there. Users thus voluntarily disclose their data without knowing that the data will fall into the hands of the criminals.

Description of Attack Types

Name des Angriffsvektors Erklärung
Backdoor A Backdoor malware has a similar goal as a remote access Trojan but uses a different approach. The attackers use so-called backdoors, which are sometimes deliberately placed in programs or operating systems. However, they may also have been installed secretly. The peculiarity of backdoors is the fact that they bypass the usual defense mechanisms and are therefore very attractive for cyber criminals. For example, they are very popular for creating botnets.
Banking Trojans Banking Trojans are a malware type that attempts to steal sensitive data such as bank details or email data. Attackers often succeed by combining this with phishing attacks, where a website pretends to be an official bank website.
Bot A Bot does not always have to be a malware, initially a bot is a computer program that executes tasks independently and automatically. If several bots communicate with each other, this is called a botnet. Botnets are large collections of infected computers that an attacker builds up. An attacker can send commands to all computers simultaneously to trigger activities. The perfidious thing is that the owners of the computers do not notice the “membership” in a botnet until it already executes the externally controlled activities.
Crypto Miner A Crypto Miner is a malware used to mine digital currencies. Criminals infect computers with Crypto Miners to take advantage of their computing power or cloud CPU load. This reduces the performance of the computer as well as the lifespan. Furthermore, entire company networks can be shut down by Crypto Miners.
Keylogger Keyloggers are malware types that can be implemented by hardware or software. Keyloggers record a user’s keystrokes and speech and are able to access sensitive data or passwords.
Point-of-Sale Trojans Point-of-Sale Trojans are a type of malware that attacks sales systems in which transactions with sensitive payment data take place. Cyber criminals use point-of-sale Trojans to gain access to  unencrypted customer data from bank and credit cards.
Ransomware Ransomware is an attack that encrypts files on the target system. The files cannot be opened without a key. The attackers demand a large sum of ransom money to hand over the key. Even if only one computer is infected initially, Ransomware can spread across the entire network.
Remote Access Trojans (RAT)
A Remote Access Trojan (RAT) allows attackers to take over computers and control them remotely. This allows them to execute commands on the victim’s systems and distribute RATs to other computers with the goal of building a botnet.
Root Kit A Root Kit can be used to hide malicious code from
detection. This form of attack involves the attacker intruding deeply into the computer system, gaining root privileges and general access rights. Cyber criminals then change the system so that the user no longer recognizes when processes and activities are started. Attacks based on rootkit obfuscations are therefore very difficult to detect.
Spyware Spyware is malware that collects information on the
victim’s computer. This information can be, for example, access data for user accounts, sensitive banking data or surfing behavior. Users usually do not know that they have become victims of spyware.
Trojan Horses
Trojan Horses are programs that disguise themselves as benign but contain harmful code. The user only detects the clean application, while the background execution of malicious code infects the system. The user can no longer influence the effects from this point on.

Auditing 2.0

This documentation explains the function of the Auditing in the Control Panel. The options for filtering events and executable actions are explained.

 
With the Auditing you can track the activities of users in the Control Panel. As an administrator, you can find out who is responsible for creating, editing or deleting data sets and when the event occurred. This enables you to undo the actions if required.

Description of Categories

Example: Data in categories of audit protocol

Every event is divided into different categories and is displayed in the Auditing. These categories are explained in the listed below.

 

Property Explanation
Timestamp Shows at which time the action was performed.
User Shows which user has performed the action.
Target Shows the user for whom the action was performed.
Action Explains if an event has created, updated or deleted
something. Success or failure indicate if a login was successful or not.
Event Shows if the action is a modification of the user setting, the black- or whitelist, the credentials or the login.
Target path Shows under which domain the user is created for whom the action is executed.
App ID Shows the identification numbers of the applications which use the API. Applications can communicate with the services via the API.
App version Shows the version of the application which communicates with the API.
IP Shows the IP address of the user who performed the action.
URL Shows the path to the API endpoint which is used.

 

The categories Timestamp, User, Target, Action and Event type are displayed per default. Furthermore, you can activate Target path, App ID, App version, IP and URL. To that go to the chapter Select Displayed Categories.

Filtering Events

This section explains how you can filter for events in the Auditing.

Select Displayed Categories in the Auditing

  1. Click on the button on the right side.
  2. Select the category which you would like to display.

A multi-selection is possible.

Search for Events

You can search for specific events in the search bar.

  • Select a category in the search bar and enter a term to search the events listed.

 

You can find a description of all categories in the chapter Description of Categories.

Filter by Action

You can filter the displayed events by actions in the appropriate drop-down menu. After the selection only results of the chosen action are displayed. You can only filter by one action at a time.

 

Filterable actions

The following table lists the user actions by which you can filter.

Action Explanation
All Shows all actions that took place in the selected period.
Created Shows all actions that created something.
Updated Shows all actions that updated something.
Deleted Shows all actions that deleted something.
Success Shows all logins that were successful.
Failure Shows all logins that failed.

Filter by Event Type

Filterable event types

You can filter the displayed action by the event type in the appropriate drop-down menu. Depending on the filtering you can show or hide certain modules. You can only filter by one event type at a time.

In the following table event types are listed by which you can filter.

Module Explanation
All Shows all types of events.
User settings Filters for all events that modified the user settings.
Black-/Whitelist Filters for all events that modified the black- or whitelist.
Credentials Filters for all events that modified user credentials.
Login Filters for all login events.
Appearance Filters for all events that modified the appearance in the Whitelabeling module.
Support information Filters for all events that modified the support information in the Whitelabeling module.
Email informationen Filters for all events that modified the email information in the Whitelabeling module.

Select Period

  1. Click on the data selection.
  2. Select the period for which logged events should be displayed.

Reset Settings

  • Click on Reset to set all filter values on default.

Webfilter

Hornetsecurity’s Web Filter Service blocks prohibited or dangerous websites and provides reliable protection against viruses and other malware.

 

In this section, you’ll learn how to manage approval requests as well as blocked and allowed web pages in the web filter you’ve set up.

 

If you want to set up Web filter within your Control Panel, go to Managed Webfilter Services.

Edit Settings in the Webfilter Module

Basically websites can be filtered by different categories whereby you can only change the displayed period of time for blocked websites and allowed websites.
 
If desired, you can add the categories User, Group and IP address to the Webfilter display range. Only the domain administrator can add these categories for all users of the domain. There are different editing functions for the websites marked on the left column:

  • Release Requests can be rejected or added to the whitelist on a user, group or global level.
  • Blocked websites can be added to the whitelist on a user, group or global level.
  • Valid websites can be added to the blacklist on a user, group or global level.

Release Requests

In this area all release requests are displayed.

Example: release requests

The automatic sorting of the release requests is done according to the the actuality. The latest release request is ranked first. If you want to see the oldest release request at the top of the table, click on Date. Additionally, you can sort the requests by Display Filter and Cause.
You can reject release requests or put them on the appropriate whitelist and thus release the requests.

The administrator also receives every release request with related information via email. These release requests can be rejected or released directly in the email. The user asking for a release subsequently receives an appropriate message automatically.

Blocked Websites

Blocked websites

In this area all blocked websites are displayed.

The automatic sorting of the blocked websites is done according to the actuality. The latest blocked website thus is ranked first. If you would like to see the oldest blocked website at the top of the table, click on Date. Click on the drop-down menu in the first column Date to select the period for which you would like to display blocked websites. Additionally, you can sort by Cause.

Allowed Websites

In this area all allowed websites are displayed.

Allowed websites

The automatic sorting of the released websites is done according to the the actuality. The latest allowed website is ranked first. If you would like to see the oldest allowed website at the top of the table, click on Date. Click on the drop-down menu in the first column Date to select a period. Additionally, you can sort the websites by Cause.

Report Incorrectly Categorized Website

You can report websites that are assigned to an incorrect category. The category of the website is then checked and if necessary reclassified.

 

  1. Under Reporting & Compliance → WebfilterRelease requests, Blocked websites or Allowed websites in the Control Panel select the websites with the wrong category.
  2. Click on Wrong category to have the category of the website checked.

Group URLs

Activate group URLs

With the function Group URL websites, which are opened several times, are summarized and only displayed once.
If you activate the function, the Control Panel summarizes all URLs that are opened multiple times. The appropriate URL is only displayed once.
You can find the appropriate function under Reporting & ComplianceWebfilterRelease request, Blockes sites ans Valid sites.

Example: Group URLs

If a user visits the website www.searchengine.com several times per day, the Webfilter module shows the URL only once. The date shows the time when the website was visited for the first time.

Webfilter Statistics

The Webfilter statistics enable a comprehensive evaluation of the email traffic.

In the Control Panel you can display comprehensive statistics of the email traffic under WebfilterStatistic. The period can be the current day, the preceding three days or the preceding months. When a day is selected, all blocked and allowed domains as well as the most frequently blocked and allowed domains per hour are displayed.
When a month is selected, the distribution per day is shown.
Additionally, you have the possibility to show the hourly distribution of the respective day if you click on a day of the month. If you select a month, the distribution per day is displayed. The information of the percentage distribution are independent from the period. They show the current distribution of blocked and allowed domains of the current hour, the current day or the month.
In addition to the total value, the distribution per topic is displayed.

Management (DAP)

Management forms the central part of the administrative work. Here you can configure settings for users and domains or book additional services. A registered partner can create new customers, manage existing customers and book new services for his customers. A registered domain administrator can manage his domain and book new services.

Management Elements

The management window is divided into a left and a right subwindow. Depending on the selection of the management element in the left subwindow, various options and configuration options are available in the right subwindow.

View: management elements (left) and options (right)

Administrative Elements

The administration tree is divided into two primary levels:

All domains assigned to the partner are displayed in the partner level.

Various options can be made in the customer  level:

  • Customer management
  • Manageable customers
  • Domain
  • Email address management
  • Management of redirects
  • Administration of domain configuration
  • Management of groups

The buttons in the lower left window   can be used to add new domains or users or to remove existing ones.

Note: Partner level is only available for the partner permission level. To display a next lower layer, select the current layer and click the gray triangle to the left of the element name.

A search operation can be started with the search function. The management-display changes depending on the search terms you have entered.

Search function

Basic Partner Settings

If a partner is selected on the left of the window, a window with two tab levels appears on the right. Under Settings you can make basic settings for the respective partner.

User Data

The following basic settings can be assigned to the user in the Data area:

  • Username (corresponds to the login name)
  • Password
  • Email address for sending forgotten passwords
  • Account status (activated/deactivated)
  • Time zone

Basic setting of user data

Contact Data

The master data for companies and contact partners can be added in the tab Contact data.

Management of Contact data

Add Contact Data

Note:
Contact details for support information should be set under Control Panel → Whitelabeling.

  1. Select the tab Contact Data.
  2. Choose Add.
  3.  Enter the required contact data and confirm with Add:
    a) Select the tab Company to add contact information for a company.
    b) Select the tab Person to add contact information for a person.
  4. Save your entries with Save.

Input mask for company contact data

 

Input mask for personal contact data

Contact data is added. 

 

Rights Management

Assign rights

In the Rights management tab, partners and administrators can assign or deny certain rights to their hierarchically subordinate levels.

These rights are defined globally at the partner, customer and user levels. Rights can be assigned individually for each user. Rights management is based on a role-based system and is divided into three categories:

  • Roles
  • Default settings
  • Advanced settings

Create new Role

In the Roles area, the partner can view the predefined roles for users, customers and partners and define their own roles.

Info: Roles default_user, default_customer, default_partner are default roles and cannot be changed.

  1. Click New Role on the tab Roles.
  2. Click into the field Template and select a template.
  3. Enter a title for the template.
  4. Click OK to create a new role.
  5. Click Save to save changes.

New role has been created. 

Selection of templates

Assign Role Authorizations

If user roles have been created, it is possible to assign individual authorizations to each user.

  1. Click on the role stored in the Roles tab.
  2. Activate the corresponding checkboxes for the desired permissions in the right window.
  3. Confirm the assigned authorizations with Save.

 

Distribution of roles in rights management

 

Authorizations have been assigned.

Default Settings

Under Default Settings, standard roles can be assigned for all levels that are subordinate to a partner.

Default settings

Advanced Settings

Under Advanced Settings special rights can be assigned to the users. These settings allow a Helpdesk employee, for example, to look after several domains and customers simultaneously.

Note:
For the assignment of special rights, the stored users must be known to the system. Users do not necessarily have to be within a domain or a customer.

Functionality:

Each user is assigned another user, who must derive from within the partner. You can then assign a specific role to the user. If this user logs into the Control Panel with the user name and password, he can now change roles without re-logging in.

 

Advantages:

Required rights for helpdesk or administration tasks can be added to each user individually. This eliminates the need to share the same account. Individual changes are indicated by the precise logging in the Auditing view, indicating individual steps and the respective login name.

Assign Special Rights

  1. Click on Advanced Settings in the Rights management tab.
  2. Enter a user name under User.
  3. Select the desired level to be assigned to the user from the pull-down menu under Assigned authorisation level.
  4. Select the desired role to be assigned to the user from the pull-down menu under Role.
  5. Click on   to deposit the role.
  6. Confirm the changes with Save.

Special rights have been assigned. . 

Attention:
Changes in the rights management will only become active after logging in again!

Restrictions

Under the tab Restrictions you can define IP and password policies. This allows the partner or domain administrator to determine which IP addresses can be used for surfing. He can also specify certain criteria for assigning passwords, such as a minimum length for the password to contain capital letters, numbers or special characters.

Assignment of restrictions

Settings

Administrators can manage two configurations in the settings:

  • Continuity Service
  • Deliver support

 

If a partner or customer does not want to use the webmailer provided by the Continuity Service, but his own, the corresponding URL can be entered here. You can also specify here whether users can relay emails from the email display.

Furthermore, the type of email can be specified:

  • Spam emails
  • Emails that are quarantined due to the content filter
  • Info emails
  • Virus emails

 

Affected emails can be delivered to a registered user or to a specified address.

Overview of the Settings tab

Setup Templates

Templates can be individually created and adapted via the Template tab. Predefined templates can be selected from a table.

Setup templates

Depending on the desired function, the following templates can be created:

  • Email templates
  • HTML templates
  • Notification templates

Selection of templates

Create new Template

  1. Navigate via Management Partner to the tab Template.
  2. Click on Add.
    A new window with new selection options opens.
  3. Select a template category from the drop-down menu Category.
  4. Select a template type from the drop-down menu Type.

    Info:
    The templates differ according to the selected category.

  5. Select the language of the template from the drop-down menu Language.
    The source code for the selected template is generated and displayed.
  6. Enter a name for the template in the field Name .

    Note:
    For email and notification templates, you must also enter the sender address and the subject. You can also make the fields Reply-To and Return-Path visible by checking the Advanced box. By default, the Reply-to or Return-Path address matches the sender address. Changes can be entered here.

  7. Design the (source) text of the template according to your wishes.

    Note:
    You can also specify in which form the notification should be sent (Text/HTML or Text/plain).

  8. Click on Apply to create template.

    Note:
    Already created templates can be edited with a double click.

The template has been created and is displayed in the table.

Setup Customers / Domains

If your domain does not yet exist, you must create a new customer in the Control Panel. In this chapter, you will learn how to:

  • Create New Customers/Domains in the Control Panel
  • Create new Office 365 customers/domains

In addition to the basic settings, further filter options are available which can be set individually in the Control Panel.

Important:
Activating filter options can cause additional license fees. Please inform yourself about the costs before activating.

Filter options:

Option Function
Domain Selection of the domain (or alias domain).
Filter type Select whether premium filtering (spam and viruses, high filtering rate) or only blocking based on blacklists and some mass spam rules (lower filtering rate) should be carried out.
Destination Server to which filtered emails are sent.
Note:
If you specify a host name, an MX record resolution is always performed first, followed by an A record resolution. Several addresses can be entered. Addresses must be separated from each other by a comma. It is possible to enter CIDR ranges.
Outgoing relay / Email traffic Specifies mail servers whose outgoing email is to be sent via the spam filter service. Several addresses can be entered here.
Info:
Bounce Management checks incoming undeliverability notifications to determine whether outgoing emails were actually sent via the domain’s relay server or via a fake sender address as a return of a spam attack.
Relay check Rejects non-existent email addresses.
Relay check per SMTP Checks the validity of the email address using the address of the target server.
Note:
For Relaycheck via SMTP, you can select alternative IP address for Relay Check. It is useful, for example, if the valid emails are first sent to a relay gateway after the check.
Relay check per LDAP Checks the validity of the email address
Important:
LDAP synchronization must first be set up for this function. Please contact our support team.
Relay check per Control Panel For incoming emails, the system checks whether the recipient is already configured as a user in the Control Panel.
Spamhandling Configuration for handling with spam mails:
  • Store in quarantine (default, recommended): Lists of detected spam mails are sent to recipients at intervals (digest).
  • Tag: All spam mails with a prefix in the subject will be delivered. You can enter the prefix in the field Phrase.

Filter options

Create new Customers/Domains

If your domain does not yet exist, you must create a new customer in the Control Panel.

  1. Log on to the Control Panel with your administrative authentication data.
  2. Select the customer or partner from the role selection under which a new customer or domain is to be created.
  3. Select ManagementAdd Customer.

    Note:
    A new customer corresponds to a primary email domain. Optionally, you can set up additional alias domains or additional services in a second step.

  4. Specify the name of the customer’s primary email domain in the field Primary domain.
  5. Enter the administrator’s email address into the field Email:

    a)  If you select the Send login information to checkbox, the password will be sent to the email address entered in the Email field.

    b) Alternatively, you can manually enter a password in the Password field. In this case the password will not be sent.

  6. Select the status in the field Status.

    Note:
    If you set the status to Deactivated, the system tries to deliver emails to the mail server entered above for seven days without user verification. If the sender does not accept the emails after this time, a bounce email is sent to the sender with the information that the message could not be delivered.

  7. Click on Save, to safe your changes.

New customer / new domain has been created.

Create new Office 365 Customer

Prerequisite: A customer domain has been created.

  1. Enter the destination address of your Office 365 environment into the field IP/Host Address.

    Note:
    You can find the destination address in your Office 365 environment. At portal.office.com, navigate to Admin centerSetupDomains. You can find the corresponding entry under Exchange OnlineMX.

  2. Enter the following value under Outgoing relay / Email traffic in order to filter outgoing emails from Office 365 as well: 1.1.1.1
  3. Click Save to save your changes.

A new Office365 customer has been created.

Basic Domain Settings

In the tab Domains you can register new alias domains, display and  delete existing alias domains.

Note:
In order to access the tab Domains, you have to select the partner and the domain located under it.

Under Settings you will find the same configuration options as described in the chapter Basic Settings of a Partner.

Register new Alias Domain

  1. Open the menu Management in the Control Panel.
  2. Select the main domain from the selection on the left side of the window.
  3. Select the tab Alias domains in the area Domains.
  4. Enter the desired alias domain in the upper input field.
  5. Click Add to enter alias domain.
    The entered alias domain is displayed in the field.
  6. Click Save to apply changes.

New alias domain has been registered.

Search Alias Domains

  1. Select under Domains the Tab Alias domains.
  2. Enter the search term into input field Search … under Filter.
  3. Click on Filter.

Alias domains are searched and the matching results are displayed in the lower window.

Export Alias Domains

  1. Select the tab Alias Domains under Domains.
  2. Click on Export (.csv).
  3.  Select the desired export option between Display, Download or Email to.
  4. Click on Export.

The list of registered alias domains is exported in .csv format.

Import Alias Domains

In addition to the manual creation of alias domains, it is also possible to import alias domains.

  1. Navigate to Management Domains Import.
  2. Click Select File to select a .csv file with registered alias domains.

    Note:
    The .csv_file must have the following syntax:
    aliasdomain1.de
    aliasdomain2.de
    aliasdomain3.de

  3. Select the file with the alias domains.
  4. Click Import.


    The specified domains are checked for system doublets and syntactical correctness.
  5. After the scan is complete, click Import.

    Domains are imported and are displayed in the object hierarchy of the alias domains window.
  6.  Click Save to close the window.

Alias domains have been imported.

Postboxes

Postboxes are the license basis for all services. In addition to a main mailbox, several associated alias mailboxes can be created for which no fees are incurred. There are three options for creating mailboxes:

  • Automatic creation of postboxes in the Control Panel
  • Manual creation of main postboxes
  • Importing of postboxes

Addresses listed under Postboxes have no influence on the acceptance, filtering or delivery of emails (exception: LDAP address matching). The addresses are used primarily for the generating and delivery of daily spam reports.

 

Alias addresses as main addresses

If alias addresses are assigned to a main address, the end user additionally sees all emails in the email search. The addresses are used to authenticate the user when the web filter system is activated. New users can be added either manually or via the Import interface.

 

Function Relay

The function Relay is only available for customers who have configured and retrieved their email messages via POP3 accounts using the setting EmailFiltering. Customers can only use this functionality for the domain whose postboxes are assigned to the manufacturer’s servers.

 

If POP3/IMAP is not configured as a destination server, the management element is not displayed in the Control Panel. If the user sets up a redirection, all emails are delivered to the destination address(es) specified by the customer, regardless of which domain it is assigned to.

 

Blacklists and whitelists can also be created for the redirection addresses. A list of all users can be read out via the Export (csv.) button.

Administration of User Settings

The tab User Settings allows you to manage the settings for registered users. The following settings can be made:

  • Entry of user data such as user name, password, email, status
  • Setting the time zone
  • Setting up redirects
  • Activate/deactivate the Infomail filter
  • Delivery times of spam reports
  • Creating alias addresses
  • Setting a proxy for the user’s email traffic

Administration of user settings

Create Postboxes automatically

Control Panel offers various options for automatically creating mailboxes.

These settings can be found in the Control Panel under ManagementEmailFiltering →  Relay check (check recipient adress).

Automatic creation of postboxes

 

SMTP

All emails marked as spam-free (Clean) will be delivered to the customer environment. If three emails are accepted for the same email address within eight hours, a main mailbox is automatically created. This is the default configuration. The disadvantage of this configuration is that alias addresses cannot be identified. There is consequently a risk of a high number of incorrectly created mailboxes.

 

LDAP

You can synchronize the postboxes with a directory service, such as Active Directory (AD). This ensures that the correct postboxes and their alias postboxes are always created in the system. A disadvantage can be the increased configuration effort, where the customer has to transmit the directory service information.

 

Control Panel

Control Panel is the easiest way to control a large number of postboxes. You can create postboxes manually or using the function Import. If this method is selected, postboxes are not created automatically.

Create Postboxes manually

  1. Click Management in the Control Panel.
  2. Select the desired domain from the selection on the left.
  3. Select the tab Postboxes → Postboxes.
  4. Enter a name for the postbox in the field User name.
  5. Select the domain for which you want to enter the postbox.

    Info:
    You can also enter postboxes for created alias domains. These mailboxes are main mailboxes and will be charged separately.

  6. Enter a password for the postbox in the field provided.
  7. Select one of the following options:
    User: Creates a main postbox
    Forward: Creates a postbox for redirection

    Note:
    A Forward feature is only available to customers who use email filtering to retrieve their email messages from POP3 accounts.

  8. Click Add to create the postbox.
  9. Click Save to create the postbox for a fee.

Postbox is created.

Steps for creating a postbox 

Import Postboxes

In addition to manually creating mailboxes, you can import mailboxes using a .csv file. This can be done both initially, if no addresses have yet been entered, and additionally during operation.

 

  1. Click Management in the Control Panel.
  2. Select the desired domain from the selection on the left.
  3. Select Postboxes → Import.
  4. Click Select file.

    A window opens in which the corresponding .csv file can be selected. After selection, the mailboxes are displayed in the User Import field.

  5. Click Import.

    Note:
    The import process checks all addresses for the validity of the customer domain and for syntactical correctness.

  6. Click Import to transfer postboxes.

    Attention:
    If you want to replace all existing mailboxes, select the option Add + delete old. This option deletes all existing postboxes!

Postboxes have been imported.

Note:
The imported mailboxes are then displayed as main postboxes under the tab Postboxes. Alias mailboxes are assigned to the respective main postbox and displayed in User Settings under the tab Aliases.

Groups

New groups can be created and all existing groups can be managed via the tab Groups.

 

You can add Groups via Groups → Group.

 

Existing groups can be managed under GroupsGroup Settings. You can add descriptive information, add members to a group, or remove members from a group.

Management of groups

Create new Groups

  1. Click on the tap Group.
  2. Enter a group name.
  3. Click Add.
  4. Confirm the changes with Save.

New group is created.

Delete Groups

Important:
All users created in the group will be deleted!
  1. Click on the tab Group.
    Groups that have already been created are displayed in the field.
  2. Click x to the right of the group to delete the group.
  3. Confirm changes with Save.

Group was deleted.

Manage Groups

Stored groups can be selected and managed under Group Settings.

  1. Click on the tab Group Settings.
  2. Select a group from the list Group and confirm with Apply.
  3. Enter additional information for the group under Data.
  4. Click on the tab  Member.

    Note:
    New addresses that have not yet been assigned can be added to the selected group under Member.

    • Click + to assign a member to the group.
    • Click x to remove a member from the group.

     

     

  5. Confirm changes with Save.

Domain Administration

After a new customer has been created, the appropriate primary domain always exists below the administration element Domains for the customer entry. If you select the primary domain, you can activate and configure additional services in the right window.

Selection of primary domain

Filtering

Filtering options:

Option Funktion
Domain Selection of the domain (or alias domain).
Filter type Select whether premium filtering (spam and viruses, high filtering rate) or only blocking based on blacklists and some mass spam rules (lower filtering rate) should be carried out.
Destination Server to which filtered emails are sent.
Note:
If you specify a host name, an MX record resolution is always performed first, followed by an A record resolution. Several addresses can be entered. Addresses must be separated from each other by a comma. It is possible to enter CIDR ranges.
Outgoing relay / Email traffic Specifies mail servers whose outgoing email is to be sent via the spam filter service. Several addresses can be entered here.
Info:
Bounce Management checks incoming undeliverability notifications to determine whether outgoing emails were actually sent via the domain’s relay server or via a fake sender address as a return of a spam attack.
Relay check Rejects non-existent email addresses.
Relay check per SMTP Checks the validity of the email address using the address of the target server.
Note:
For Relaycheck via SMTP, you can select an alternative IP address for Relay Check. It is useful, for example, if the valid emails are first sent to a relay gateway after the check.
Relay check per LDAP Checks the validity of the email address.
Important:
LDAP synchronization must first be set up for this function. Please contact our support team.
Relay check per Control Panel For incoming emails, the system checks whether the recipient is already configured as a user in the Control Panel.
Spamhandling Configuration for handling with spam mails:
  • Store in quarantine (default, recommended): Lists of detected spam mails are sent to recipients at intervals (digest).
  • Tag: All spam mails with a prefix in the subject will be delivered. You can enter the prefix in the field Phrase.

Filter options

Advanced Threat Protection (ATP)

Advanced Threat Protection (ATP) protects your business from targeted and individual attacks from the first malicious email. Highly innovative forensic analysis engines ensure that attacks are stopped immediately. At the same time, the solution provides detailed information about the attacks on your company.

Spam and virus filter process with ATP

Activate ATP

Attention:
Activating the ATP may cause additional costs!
  1. Navigate to Managementyour primary domain within the Control Panel.
  2. Select Email →  ATP.
  3. Select the checkbox at Activate Advanced Threat Protection.
  4. Confirm the booking with OK.
  5. Specify one or more email addresses for notification to be immediately notified of the acute attacks.

Note:
Ideally, enter the email address of your company’s security department here .

Info:
From now on there is the possibility to start the ATP scan for incoming emails with potentially dangerous attachments in the email display (see: Email Live Tracking) also on administrator level, who do not yet use ATP.

ATP is activated.

Start ATP-Scan

You can use the ATP scan to manually scan emails with executable attachments (for example, .exe files).

Note:
The ATP scan is only possible for emails with executable attachments (e.g. .exe files). In addition, valid emails that have already been delivered can only be scanned if the products Aeternum (email archive) or Continuity Service are activated.

Info:
You can perform two ATP scan analyses per month free of charge. For further analysis the booking of Advanced Threat Protection is necessary.

  1. Open the Email Live Tracking module in the Control Panel.
  2. Open the extended function view to the right of the selected email.
  3. Click on ATP-Scan to start the scan.

Note:
The analysis process may take up to 15 minutes.

If a file has been successfully scanned, a link to the ATP report is created. 

Real-Time Notification

As soon as ATP detects an attack, a notification is sent to your company to inform you immediately about a possible threat. The person in charge receives various details about the type and target of the attack, the sender and the reason why the email was intercepted.

Info:
Notifications are sent when:
  • Malware code was found in the sandbox.
  • URL scanning has found a suspect URL.
  • URL rewriting has blocked a website or download.

Real-time notification

Incoming emails that are classified as potentially dangerous by ATP are grouped together in the Control Panel under the ATP category and displayed in dark blue.

ATP category

ATP-Report

The ATP report gives you detailed information about the analyzed file.

To view an ATP report, select ATP ReportView ATP Report from the details window to the right of the selected email.

View ATP-Report

 

The ATP report is divided into four main sections:

  • Summary
  • Static Analysis
  • Network Analysis
  • Behavioral Analysis

 

 

Summary

Here you will find an overview of the analyzed file. In addition, the file is rated with a score from 0 to 10, where 0 is no danger and 10 is the most dangerous rating. The Signatures section classifies the behavior of the file into three categories:

  • Information
  • Attention
  • Warning

If you click on a signature, the advanced process information is displayed.

ATP-Summary

 

Static Analysis

The static analysis is divided into three subcategories:

  • Static Analysis – Static analysis of the file (depending on the file format).
  • Strings – Output of the occurring strings of the file.
  • Antivirus – analysis of the file by different antivirus programs.

ATP-Static Analysis

 

Network Analysis
In the network analysis, all network traffic is analyzed and listed according to protocols (e.g. HTTP, TCP, UDP).

ATP-Network Analysis

 

Behavioral Analysis

The behavior analysis analyzes the behavior of the file at runtime. Displays all system API calls and processes logged during dynamic sandbox analysis.
The results are divided into two sections:

  • Process Tree: Here the processes are displayed in hierarchical order.
  • Process Contents: If you select a process from the Process Tree, the executed API queries are displayed here in chronological order.

ATP-Behavioral Analysis

Ex Post Alert

If it turns out that an already delivered email must after all be considered as potentially harmful, the respective company’s IT security team is notified about the extent and possible countermeasures as soon as this is known. This permits rapid containment of a dangerous situation.

 

With Ex Post Alerts, your IT security team receives an automatic notification if an email that has already been delivered is subsequently classified as malicious. You will receive a detailed evaluation of the attack so that you can immediately initiate actions such as checking the systems or sensitizing your own employees.

Note:
Ex Post Alerts is automatically activated for all ATP customers.

Aeternum Email Archiving

Note:
The use of Aeternum requires the use of the product Spamfilter Service (Premium Filter). Note that initially only external mails are archived. To also archive internal emails, you must configure redirection to the archive.

In order to archive outgoing emails, they must be sent via the spam filter service.
You can archive internal emails in your email archive by setting up a journaling postbox. Instructions for this can be obtained from your provider, your mail server provider or from our support.

Setup and Activate Archiving

  1. Navigate to Managementyour domain.
  2. Click on Email → Archiving.
  3. Select the domain to be archived under Select.
  4. Insert the domain to be archived under Add.
  5. Confirm with Apply and then with Save.
    Email archiving is activated.

Email archiving is set up.

Info:
The archiving period for emails takes n+1 year. Here is n the number of years that was set as the “archive duration” in the Control Panel for the domain or, alternatively, for the user. After the deadline, all emails are deleted from the archive.

Add exceptions

Groups / users that should be excluded for data protection reasons can be added to an exception list.

  1. Select the tab Email → Archiving.
  2. Select the domain concerned in the field Exceptions → Select and confirm with Apply.
  3. Select the desired archiving duration from the  drop-down menu Archive duration.
  4. Click Add and confirm the change with OK.
  5. Save your changes with Save.

Exceptions are added.

Deactivate archiving

  1. Select the tab Email → Archiving.
  2. Select the domain concerned in the field Exceptions → Select.
  3. Select the entry Deactivated from the Archive duration drop-down menu.
  4. Select the type of deactivation:
    a) User/Group: Emails for the user/group are not archived in the user’s/group’s own archive.
    b) All: All email traffic with the group/user is not archived.
  5. Confirm the changes with Save.

Email Archiving is deactivated.

Audit Access

With the audit access, an auditor can check the audit safety.

An audit access gives authorized users the possibility to read emails from certain mailboxes. Read access can be restricted at user, domain or group level. The time period for audit access can also be restricted. As an administrator, you have the option of tracking revision activities via the audit log.

 

The administrator can mark an archived email as “private”. Users can also enable this option. In order to guarantee the audit security according to GDPdU, the email marked as private in the archive is displayed slightly darkened and can then no longer be viewed by any auditor or user. As an  administrator, you have the option of tracking audit activities via the audit log.

Create Audit Access

Attention:
The email marked as private in the archive can no longer be viewed by any auditor or user. Only the support team can make an email marked as private readable again.

  1. Click on Email → Archiving  → Audit-access.
  2. Activate the checkbox Activate audit access.
    Additional field with further settings is activated.
  3. Click Select under Choose user and select the user.
  4. Select the period for the audit access under Audit-access activate.
  5. Select the period for accessing emails under Access to emails.
    Note:
    For reasons of dual control principle, a second auditor must be specified who will release the audit activities using a password.
  6. Click Select under Choose control user and choose the second auditor.
  7. Confirm your changes with Save.

Audit-access is created.

Continuity Service

The Continuity Service is an additional email service that guarantees continuous email functionality in the event of an email service failure. With the Continuity Service enabled, users can continue to receive and send email if their email server fails.

Attention:
This service is subject to a charge!

If the Continuity Service is set up for a domain or an individual user, automatic activation is set by default in the event of a mail server failure. In addition, the user can recognize in the email search which emails were delivered by the individual user via the Continuity Service.

Domains with Continuity Service enabled can see their emails from the last three months in the email archive.

Note:
The function “Send outgoing emails to own mail server during server failure” is deprecated, will be removed with future releases and should not be used.

Continuity Service

Spam report

Spam report allows to configure individual settings for spam corrections of a domain. Following settings can be activated or deactivated via the spam report:

  • Delivery of certain types of email such as Infomail, Spam, Virus, Content
  • Setting for user-defined delivery times
  • Delivery of a report for all detected and quarantined spam emails to an email address
  • Selection of an individual template for a spam report

Setting the spam report

Content Filter

Content Filter provides domain administrators and partners with the ability to manage attachments from incoming and outgoing emails. The administrator can remove suspicious email attachments from emails or block affected emails after exceeding a maximum allowed size. Unwanted attachments can be explicitly forbidden by specifying file types. File types can be assigned in collective terms and excluded (see Forbidden File Types).

Activate Content Filter

Prerequisite: A group is entered under the level customer domain (see Create new Group).

  1. Navigate to Management your domain.
  2. Select the tab Email → Content Filter.
  3. Activate the checkbox Content Filter.

Aktivieren des Content Filters

Content Filter is activated.

Add new Group

  1. Click Select under Group to select the stored groups.
    A new window opens.
  2. Select the desired group and click Apply.

    The selected group is displayed.
  3. Click  to add a group.

Group is added. Content Filter can be set for this group.

Setup Content Filter

Incoming and outgoing emails can be managed in the Content Filter.

  1. Click the tab Content Filter and select the policy for which you want to make filter settings:
    a) For incoming emails click on Incoming Email Policy.
    b) For outgoing emails click on Outgoing Email Policy.

  2. Specify the maximum email size in kilobytes.
    Note:
    The maximum email size must not exceed the size limit of the email server used.
  3. Select the action to be performed for emails with forbidden attachments:
    a) Cut the attachment and inform the receiver
    b) Block Email
  4. Optionally, activate Forbid encrypted attachments to detect encrypted attachments and define the file types that the content filter should prohibit. Click Add to save the file types.
    Note:
    Content filter not only checks the file extension but also the MIME type of the file. MIME type may differ from the file extension.
  5. Optionally, activate Settings like above to prohibit contained file types in archives. Click Add to save the file types.
  6. Confirm the changes with Save.

Content Filter is set up.

Forbidden File Types

Unwanted file types can be prohibited by specifying collective terms.

Colective term Forbidden file type
 .executable .action .apk .app .bas .bat .bin .cab .chm .cmd .com .command .cpl .csh .dll .exe .gadget .hta .inf .ins .inx .ipa .isu .job .jar .js .jse .ksh .lnk .msc .msi .msp .mst .osx .paf .pcd .pif .prg .ps1 .reg .rgs .run .scr .sct .sh .shb .shs .u3p .vb .vba .vbe .vbs .vbscript .vbx .workflow .ws .wsc .wsf .wsh
.mediafile .aif .flv .mp1 .mid .mp5 .mpa .wma .mp2 .mpe .swf .wmf .wav .mp4 .wmv .mpg .avi .mov .mp3 .mpv2 .mp2v .aiff .mpeg
.docmacro Heuristic detection of macro patterns in .doc attachments. Not all types of macros are captured by this filter.
.xlsmacro Heuristic detection of macro patterns in .xls attachments. Not all types of macros are captured by this filter.

Compliance Filter

Compliance Filter lets you create custom filter rules to categorize incoming email as Clean, Spam, or Virus, for example. In addition, you can reject emails, send them to another email server or change the recipients.

Attention:
The use of incorrect filter rules has a considerable negative effect on email traffic. Filter rules can also be used to override email services. Compliance Filter is also not suitable for address rewriting.

Compliance Filter checks both incoming and outgoing email traffic. You can set up three different filter types:

  • Advanced filter type where the sender, recipient, IP , hostname and subject are checked for search terms
  • Filter for content in the email header
  • Filter for content in the email body

In the email and body header, only the search term must be entered in the input field. With the extended filter type, several criteria can be evaluated in parallel.

Actions can be defined for the individual filters, which are automatically executed by the filter if an email matches the set filter criteria. Different actions are possible for incoming and outgoing emails.

Setup Compliance Filter

Note:
Compliance Filter settings can only be made via a partner account or as a domain administrator.

  1. Open the Control Panel and log in.
  2. Select the domain for which you want to activate the Compliance Filter.
  3. Click on Management.
  4. Click Email → Compliance Filter.
  5. Activate the checkbox Activate Compliance Filter.

     

  6. Confirm activation with Save.

The Compliance Filter is activated.

Add Filter

To define a filter, you must add a new filter.

  1. Open Compliance Filter in the Control Panel and click Add.

    Note:
    Compliance Filter distinguishes between rules for incoming and outgoing emails.
  2. Select the email direction for your filter from the field Direction. Compliance Filter distinguishes between three filter types:
  • Email-Body: Expression searched in the email body.
  • Email-Header: Expression that is searched for in the email header.
  • Advanced: You can define expressions for each of the seven occurring fields and use them individually or in combination.
  1. Define your individual filter rules. Examples of this can be found in the chapters Filter Sequence and Classification.
  2. Optionally, add a description in the field Info .
    Info:
    The text entered into the field Info  has no effect on the filter rule.
  3. Click OK to create the rule.
  4. Confirm your entries with Save.
Filter was added.

 

Define Filter Rules

Compliance Filter searches emails for terms that you define in the fields provided.

The following are simple examples of how to create filter rules in the different filter types.

Note:
In order to define filters more precisely and versatilely, it is also possible to use regular expressions. For a description of the structure and functionality of regular expressions, see Regular Expressions.

Examples:

FeldKurzbeschreibungBeispiel
E-Mail-HeaderDurchsucht den E-Mail-Header auf den eingegebenen Begriff.Rechnung
FromFilterung auf Envelope-SenderAdressemoc.e1550970605nnove1550970605g@res1550970605u1550970605
ToFilterung auf EnvelopeRecipient-Adresse.moc.o1550970605ohay@1550970605nretx1550970605e.res1550970605u1550970605
IPÖffentliche IP-Adresse des absendenden E-Mail-Servers.
Anmerkung: Die Angabe der IP-Adresse erfolgt immer ohne Subnetzmaske.
Richtig: 0.0.0.0 Falsch: 0.0.0.0/24
HostnamePTR-Record (Hostname der Rückwärtsauflösung der IP).mailserver.gevonne.com
SubjectFilterung nach dem Betreff der E-Mail.Spammanagement
AttachmentsFilterung nach E-Mail-Anhängen..jpg
Greater than (KB/MB)Gewünschte Maximalgröße der E-Mails.500

Attachments

You can filter for email attachments within the field Types → Advanced. Enter the file type (e.g. .exe or .jpg) in the field Attachments .

Note:
The Compliance Filter cannot apply the collective terms for file attachments.

Define Actions

You can define an action for each filter rule, that is executed if the rule matches.

Note:
Compliance Filter differs between actions for incoming and outgoing emails. The actions Tag as Clean, Spam or Virus can only be used on incoming emails. The action Notify Sender can only be used on outgoing emails.
Action Description
Reject The email server is informed about the disconnection error with an error code and a text. (554 5.6.9 customer rule based reject by compliance filter). The notification of the sender lies in responsibility of the email server.
Redirect The email is redirected to one or more email addresses.
Note:
You can enter as many email addresses as you want. Separate the different addresses with spaces.
Reroute The email is sent to another IP address or hostname.
Note:
You can only enter one IP address or hostname into the field.
Add BCC This action automatically adds one or more BCC Recipients.
You can add as many email addresses as you want. Separate the email addresses with spaces.
Notify Sender The Sender automatically receives an infomail, as soon as their email is accepted by the destination server.
Tag as Clean Classifies the incoming email as clean.
Tag as Spam Classifies the incoming email as spam..
Tag as Virus Classifies the incoming email as Virus.

Filter Sequence and Classification

You can change the sequence of the filter rules in the overview of the compliance filter.

Important:
You must observe the predefined sequence of filter rules (see figure below). If a rule applies and a filter rule therefore takes precedence, processing is stopped and defined filter rules are not applied if necessary.

Sequence of filter rules

 

Note:
The compliance filter cannot be used to create exceptions for the content filter. In this case the content filter takes precedence over the compliance filter and thus deviates from the regular ruleset order.

 

The following examples illustrate the sequence in which rules are processed.

Example: Simple filter application sequence

Initial situation::

The filter rule above is defined as the only rule. There are no other rules applied to the case study.

 

Procedure:

  1. An email from “ed.ro1550970605tider1550970605k@neg1550970605nunhc1550970605er1550970605” is sent to any user of the domain “debitor.de”.
  2. Compliance Filter first searches the Body rules, then the
    header rules and matches the rule in the advanced rules
  3. The rule is applied and the Compliance Filter does not search for further rules.

 

Example: Simple sequence

 

Example: Conflict between two rules of one type

Initial situation:

Two different rules are defined for outgoing emails to “moc.y1550970605napmo1550970605cyna@1550970605redro1550970605”. In the overview the rule (ID 281503) stands before the rule (ID 281523). No other rules apply to that case.

 

Procedure:

  1. An email from any user will be sent to “ed.ro1550970605tider1550970605k@neg1550970605nulle1550970605tseb1550970605”.
  2. The Compliance Filter first searches the body rules, then the
    header rules and finds a match in the advanced rules.
  3. The rule to add the CEO to the BCC (ID 281503) is processed and the execution is stopped. The rule to add the purchase department to the BCC (ID 281523) is not being processed.

 

Filter rile: Add BCC to ceo@

 

Filter rule:  Add BCC to einkauf@

 

Status of defined filters

 

Example: Conflict between multiple rules in different types

Initial situation:

Incoming emails that contain a link to Facebook are marked as spam. The marketing department is partly excluded from that rule, when receiving emails from Facebook directly, they are marked as clean. In the overview the rule (ID 259163) stands before the rule (ID 259143). No other rules apply to that case.

 

Procedure:

  1. A marketing recipient receives an email from Facebook containing a link.
  2. The Compliance Filter searches the body rules and hits the rule (ID 259143).
  3. The email is marked as spam, no other rule is applied.
  4. Rule (ID 259163) is being ignored, although it is above the
    other rule in the overview as the body rules are applied first.

 

Filter rule: mark emails as “valid”

 

Filter rule: mark emails as “spam”

 

Filter rules

Example: conflict between Compliance Filter rule and an existing Hornetsecurity filter

Initial Situation:

Due to an increased amount of spam from a certain IP address, a rule is defined that always marks emails from this IP address as spam. No further compliance filter rules are defined to that case.

 

Procedure:

  1. A sender of the domain behind the IP address sends an email to any recipient.
  2. Compliance Filter first searches the body rules, then the
    header rules and matches a rule in the advanced rules.
  3. The email is marked as spam and the execution is stopped.
  4. Hornetsecurity has defined a filter rule for that specific domain and the increased spam occurrence could be localized to the sender “info@”. No other email address sent spam from that domain. The rule from Hornetsecurity is not being searched and therefore the defined filter rule has a to large scope. Clean emails could now be tagged as spam.

 

Filter rule: mark emails as “spam”

Regular Expressions

You can use regular expressions (RegEx) within the Compliance Filter to extract information from a string. This makes it possible to recognize patterns in subject lines or other email components and filter emails accordingly.

Note that the system automatically places a “.*” in front of the beginning and end of the subject line and in the email body and header.

Note:
Within the Compliance Filter you can create regular expressions according to Perl Compatible Regular Expressions. Other libraries are not supported. (Further information can be found at: http://www.pcre.org/). In addition, there are special restrictions, which are explained below.

Example: Using Regular Expressions in the Compliance Filter

Initial situation:

Users often received emails with the subject containing the word “porn”. A filter rule has been defined to mark it as spam. Recently, however, there has been an increase in the number of emails using Leetspeak to bypass this filter. For example, emails with the subject “p0rn” are received that are not marked by the compliance filter. In this case, the use of a regular expression is more effective:

Using a Regular Expression in the Compliance Filter

Instead of the dot any character is interpreted as valid. Therefore, the filter is not determined to an “o”, it reacts to any letter, digit and special character

Encryption

This guide explains how to configure and use the encryption service. Starting from the basic configuration, the encryption methods that can be used are explained and different rules are created using examples. In addition, the options for ordering and managing certificates are presented to you. The use of the Websafe for encrypted communication as well as the use of keywords within the email subject are also part of this manual.

Activate Encryption

  1. Navigate via Management your domain to the tab Email.
  2. Select the tab Encryption in the section Email .
  3. Activate the checkbox Activate Policy.
Note:
Activating the encryption service will incur a fee.

Encryption is activated.

Check Encryption Capability

You can check the encryption capability before you configure the encryption policies further.

  1. In the tab Encryption click on Encryption capability of the communication partner.
  2. Enter the email addresses you want to check.
  3. Click Check to check the encryption capability of the entered email addresses.

    Encryption types are displayed.

Encryption Methods

Under Encryption Methods, you can select the encryption methods to be used.

 

Activate encryption methods

 

Encryption method Description
TLS  Encrypts the email between the outgoing and incoming servers. The check mark is set permanently, as this type of encryption is performed globally.
EmiG E-Mail made in Germany transmits encrypted messages from the terminal device to the email server and between the various EmiG providers (according to the EmiG guidelines). In addition, the identity of each provider is checked against a validation of the email server certificates and assigned IP addresses within the EmiG association. EmiG must be booked previously  by the customer. After checking the box, it is automatically used for the communication between EmiG users.
DANE  Is currently in preparation for rollout. If you are interested contact the support for a quick implementation.
PGP Is a hybrid process for signing and encrypting emails. This procedure is based on the so-called Web of Trust: Instead of a hierarchical arrangement of the certification authorities, users are validating their keys among each other.
S/MIME  Is a standard for the encryption and signature of MIME-encapsulated emails using a hybrid encryption process. The certification authority (CA) assures the authenticity of the email address and the name of the sender.
WEBSAFE Is a fallback encryption method.
Note:
After activation of the encryption service you can use PGP, S/MIME and Websafe in order to define encryption policies. However, you must explicitly specify who is to communicate with whom end-to-end encrypted.
TLS and EmiG are automatically applied if the communication partner supports the encryption methods.

Sequence of Encryption Methods

You can use several encryption methods at once. They are processed in the following sequence:

S/MIMEPGPEmiG(DANE)TLSWebsafe

Additionally, you can combine the different encryption methods.

Display Encryption Method in Subject

For a simple handling of encrypted emails, you can tag them in the email subject. The tag content can be chosen freely.

Subject tagging

Certificate Administration

You will find the administration of certificates under Certificate. Here you can order and manage S/MIME certificates for users of the selected domain.

Ordering Certificates

  1. Select the tab Certificate.
  2. Select one of the predefined users.
  3. Enter the first and last name of the user.
    Note:
    Be sure to enter the correct information before ordering the certificate. It is only valid as a signature if the entered name is valid.
  4.  Click on Order to complete the order bindingly.

Certificate is ordered.

Certificate Settings

In the certificate overview, you can specify for each certificate whether it is to be used for the digital signature and/or for encryption. By default, signing and encrypting is enabled.

 

In addition, the overview offers to activate or deactivate a subscription for this certificate. Certificates with an active subscription will automatically be renewed 29 days before expiration. The subscription is activated by default.

Info:
If you do not want a subscription, you should remove the checkmark at the latest 30 days before the expiration date of the old certificate at Overview on certificates in the overview for the user.

Certificate overview and options

Websafe

The Hornetsecurity Websafe is a method to encrypt the email communication with partners using no encryption technologies. The outgoing emails are sent to the Websafe and saved. After that, the communication partner receives an email with login credentials, but will need an additional PIN to unlock the personal Websafe. The email sender must provide the PIN on a separate communication channel (phone, text message, fax). With the PIN and the login credentials, the user can access his personal Websafe.

 

Note:
A Websafe account is automatically created and can be used for additional Websafe communication.
As soon as the communication partner opens a new email in the Websafe, the sender receives a confirmation message that the email has been read.
Note:
Messages remain stored in the Websafe for 12 months and are then automatically deleted
Important:
Before configuring the Websafe, you must activate it in the encryption methods (see: Select Encryption Methods).

Setup Websafe

  1. Click on Policy → Encryption → Add.
  2. Select Outgoing as the direction.
  3. Activate the checkbox at To.
  4. Enter the recipient in the text field.
  5. Select Encrypt always under Action.
  6. Activate the checkbox at Websafe.

Websafe is set up and now used.

Encrypt Emails with Websafe

You can also use the Websafe to send encrypted emails whenever no other encryption method is available.

  1. Click Add under Policy.
  2. Select Outgoing as the direction.
  3. Select the From and To checkboxes.
  4. Enter .* in both fields.
  5. Select Encrypt always as action and activate the checkbox Websafe.
  6. Save the entries with Save.

Websafe is set up. If no other encryption method can be used for the email communication, Websafe will be used.

Websafe Encryption through Email Subject

You can create a rule to encrypt emails with the Websafe by marking them in the subject line.

  1. Click Add under Policy .
  2. Select Outgoing as the direction.
  3. Activate the checkbox Subject.
  4. Enter the keyword WEBSAFE in the field.
    Info:
    If you enter WEBSAFE in the subject of an email, this email will be encrypted via the Websafe.
  5. Select Encrypt always as action and activate the Websafe checkbox.
  6. Save the entries with Save.

     

Websafe activated via subject keyword.

Select Websafe Templates

You can select different templates for the Websafe emails for sender and recipient as well as for the Websafe activation web page.

Note:
As a partner, you can create new templates and modify existing ones.
  1. Navigate to Websafe Templates under the tab Encryption.
  2. Select the desired templates.

Websafe templates are selected.

see also: Create new Templates

Setup Advanced Routing

You can use the Advanced Routing function to assign different mail servers to individual users or groups. Email traffic is then routed through these servers.

  1. Navigate to Managementyour domain → Email.
  2. Click on the tab Advanced Routing.
  3. Activate the checkbox Activate Advanced Routing.
    Further selection windows are activated.
  4. Select whether routing is to be performed for specific users or a user group.
  5. Click Select to select a user or user group.
  6. Enter the IP or host address that you want to use to route email traffic.
  7. Click Add.
    The selected group is displayed in the list below.
  8. Confirm the changes with Save.

Advanced Routing is set up.

Security Settings

In the security settings you will find configuration options for the following services:

  • Signature & Disclaimer
  • Hornetdrive

Signature and Disclaimer

Signature and Disclaimer controls the automated provision of email signatures and disclaimers on all Hornetsecurity gates. The tool dynamically generates user specific signatures, matching the Active Directory. The signatures are based on predefined templates and are included automatically after the current text of the email.

Activate LDAP for Signature and Disclaimer

To use Signature and Disclaimer, you must first activate it in the Control Panel. After the activation, you can optionally configure a different LDAP server for the synchronization and enter filters for the user synchronization.

 

  1. Select ManagementLDAP connectionAdvanced Signature and Disclaimer in the Control Panel.
  2. Activate the checkbox Activate Signature and Disclaimer.

    Note:
    Activating Advanced Email Signature and Disclaimer could be additionally charged depending on your license.

  3. Confirm the notification with OK.
  4. Note:
    Follow this step if you want to use a different directory service for the user synchronization with Signature and Disclaimer.

    Deactivate the checkbox Use LDAP information for Signature and Disclaimer.

    • Define the logon information in the appearing fields.
  5. Enter the desired filter in the field LDAP Filter.

    Note:
    The value proxyaddresses=* selects all users in an Active Directory.

    Note:
    If your template does not comply with your directory structure, you can customize it here individually.

  6. Click on Save in the lower left corner of the window.

 

LDAP for Signature and Disclaimer has been activated in the Control Panel.

Now you can configure Signature and Disclaimer for users and groups of your directory service.

Activate Signature and Disclaimer

To use Signature and Disclaimer, you must organize the users in an Active Directory and have the LDAP synchronization for the domain activated in the Control Panel.

Note:
Signature and Disclaimer can be used for plain text messages as well.

You can access the Signature and Disclaimer web interface in the Control Panel under Security SettingsSignature and Disclaimer.

  1. Select the domain from the role selection for which you want to activate the product for.

    Note:
    Activate the checkbox Activate Signature and Disclaimer.

    Activate Signature and Disclaimer

  2. Click on OK to confirm the activation.

Create Signatures and Disclaimers

The main functionality of the web interface is to create templates for signatures or disclaimers.
The different templates for signatures and disclaimers are applied on groups.
The groups are visible on the left side of the main window. If you have not created any groups in the Control Panel, you can select the group default to assign the same signature or disclaimer to all users.

Note:
In the Control Panel you can create groups under the area ManagementGroups. Further information about groups are available in the Control Panel manual at:
Groups administrative component

  1. Select a group on the left side of the main window under Groups.

    Note:
    You can click on the Search field to search for and select a group from the drop-down menu.

  2. Select the group in the list of added groups to create signatures and disclaimers for.

    On the right side of the main window appears the selection of signatures and disclaimers.
  3. Click on the + under Disclaimer or Signature to create a new template.
  4. Enter a name for the new template.
    You can create the templates for signatures or disclaimers for both HTML and plain emails at the same time. The templates are created separately.
  5. Select the format for which you want to create the template:
    • HTML
    • Plain

    Note:
    You can switch between the formats during editing.

  6. Define the template in the What You See Is What You Get Editor (WYSIWYG).
  7. Click on Save and select the created template in the main window.

You have created a signature or a disclaimer.

Edit or Delete Signature and Disclaimer Templates

Edit or delete the defined templates for signatures and disclaimers.

  1. Click on the field Search in the main window under Signature or Disclaimer and select the desired template.
  2. Select one of the following actions:
    • To edit the selected template, click on the pen next to the template’s name. The editor appears and you can edit the template.
    • To delete the selected template, click on the red and confirm the deletion with OK.

You have edited or deleted a signature or a disclaimer.

Using the WYSIWYG-Editor

You can enter user attributes from the Active Directory into the WYSIWYG editor by selecting them from the drop-down menu AD-Variables.
You can easily create templates for signatures and disclaimers in the WYSIWYG editor.
The editor provides simple formatting options for example, paragraph alignment, font style and bulleting. Furthermore, you can use variables from the Active Directory to, for example, insert the first and last name of a user.
The following table provides all Active Directory attributes that you can select under AD-Variables in the editor.

Note:
You must have defined the variables in your Active Directory to use them in the
editor.

AD-Variable Description
cn Common name
company Company
CountryCode Country Code
department Department
Description Description
directReports Employee
displayName Complete name
facsimile TelephoneNumber
Fax
givenName First name
homePhone
Private phone number
info Jobtitle/Position

Note:
The field Title is often used for other purposes. Therefore, the term Info is used here for the LDAP-attribute Title (Jobtitle/Position).

ipPhone IP Phone
I (kleines L) City
mail Email address
manager Manager
mobile Mobile phone number
msExchlMAddress IM address
pager Pager number
physicalDeliveryOfficeName Office
postalCode Postal code
postOfficeBox Post office box
samAccountName User account name
sn Surname
st State
streetAddress Street
telephoneNumber Phone number
wwwHomepage Website

Hide Empty Active Directory Elements

You can use the If Not Empty function to hide content in signatures and disclaimers if certain AD variables are not filled for users.

  1. Create a new signature or disclaimer or edit an existing one.
  2. Select the line in the editor in which you want to insert the AD variable.
  3. Click on If Not Empty.
  4. Select the desired AD variable from the field Variable.
  5. Enter the text that you want to hide if the element is not filled for the user.
  6. Confirm with OK.
  7. It is also possible to enter an AD variable in the text to be hidden:
    • Click on the position in the editor between the If Not Empty tag at which you want to insert the AD variable to be hidden.
    • Select the AD variable from the drop-down menu.
  8. Click on Save to save the signature or disclaimer.

Example: Hiding non-existent AD variables

The following signature is created for all users:

Signature in the Editor

The following signature is displayed for users with a mobile phone number:

The following signature is displayed for users without a mobile phone number:

Include Subsignatures

You can use subsignatures to include previously created signatures in a signature.

Important:
Subsignatures can only be used in signatures. At least one signature must exist that you can include as a subsignature.

  1. Create a new signature or edit an existing one.
  2. Select the line in the editor, in which you want to insert the subsignature.
  3. Click on Sub-Signatures and select the subsignature from the existing signatures.

    A placeholder is inserted or the subsignature.
  4. Click on Save.
  5. Note:
    In order to use a signature as a subsignature, it must be activated first.

    To activate a signature to use as a subsignature:

      1. Open the edit mode of the signature you want to use as a subsignature.
      2. Set the toggle to Active.

    Activated and deactivated signatures are marked in the selection.

Insert HTML Source Code

You can use the editor to insert HTML source code.

  1. In the WYSIWYG editor select the tab Tools and click on Source Code.

    Note:
    You can also edit the text that you have created previously in the WYSIWYG editor.


    A window appears.

  2. Enter the desired HTML source code and confirm with OK.
  3. In the editor click on Save to save your changes.

Preview Signatures and Disclaimers

Example: Preview of a signature

With the preview you can apply a templates to specific users of your Active Directory.
You can get a preview of the template you are creating or editing. Therefore, you can select any user in your Active Directory.

Data synchronization via LDAP

Changes to the Active Directory cause a new synchronization.
If you change the Active Directory, these changes will be synchronized.

The changes in the Active_Directory are tracked using the USNChangedNr attribute. If the value changes, the dataset is synchronized.

Note:
If you perform a backup, the USNChangedNr is not increased but reset to an earlier value. The dataset is then also synchronized again.

Troubleshooting: Variables Are Not Referenced

Condition:
You have inserted an AD variable or a subsignature and they are displayed incorrectly in the signature created.
Cause: AD Variable does not exist
The variable is not defined in the Active Directory.

Remedy:
Select the AD variables in the editor from the drop-down menu.

 

Cause: Subsignature does not exist
The referenced signature does not exist or the name of the signature has been changed. Therefore, it cannot be included.

Remedy:
Select the signature to be included again from the Sub-Signatures drop-down menu.

Hornetdrive

The main component of the window is the Hornetdrive administration, which sorts and displays the existing accounts according to the current search criteria.

View of Hornetdrive management

In the Actions area in the upper left corner, you can trigger certain actions for the selected accounts. To the right is the area Number of licenses. The number of licenses assigned to customers and partners is displayed here. The Help and View areas are located on the right-hand side. The existing Hornetdrive accounts are displayed in the account area in the middle part of the window.

Perform Actions

In the Actions area in the upper left corner, you can trigger certain actions for the selected accounts.

  1. Click on the drop-down menu.
  2. Select the desired action.

A window appears with the respective setting options in the foreground.

Create Account

  1. In the Actions area, select the action Create Account from the drop-down menu.
  2. Enter the email address of the new account in the field Email.
  3. Enter a password in the field Password.
  4. Select the desired license from the drop-down menu License.
  5. Select the language from the drop-down menu Language, in which emails to the user can be sent.
  6. Select Status from the drop-down menu which status the license should get.
  • active contract: An active contract license
  • NFR: A not for resale license
  • test customer: A test license

Note:
If you have selected test customer, you can then enter the expiration date of the test license.

  1. Under Parent/Customer you can select the partner or the domain under which the new account is to be created.
  2. Read and confirm the license agreement with a single click to the checkbox Accept license agreements.
  3. Click on Save to create the account and close the window.

Note:
To create another account directly, click Save & Continue.

A new Hornetdrive account has been created.

Upgrade Account

This function allows various upgrades or extensions of an existing account:

  • Upgrade a test account into a contract account
  • Upgrade a guest account into a business or enterprise account
  • Upgrade business accounts in an enterprise account
  • Increasing the volume of storage space and traffic contained in an enterprise account
  1. Select one or more accounts in the account area of the Hornetdrive module.
  2. In the Actions area, select the Order/Upgrade action from the drop-down menu.

A new window opens.

  1. Select the desired licenses for the previously selected accounts.
  2. Read and confirm the license agreements with a click on the checkbox Accept license agreements.
  3. Click on OK to complete the order.

Account has been upgraded/extended.

Assign Accounts to Other Partners or Customers

This action allows you to assign accounts to another partner or customer.

  1. Select one or more accounts in the account area of the Hornetdrive module.
  2. In the Actions area, select the Assign Account action from the drop-down menu.

A new window opens.

  1. Select the desired partner or customer from the drop-down menu.
  2. Click on OK to make the assignment.

Account has been assigned to a Partner/Customer.

Delete Accounts

  1. Select one or more accounts in the account area of the Hornetdrive module.
  2. In the Actions area, select the Delete Account action from the drop-down menu.

A new window opens in which all accounts to be deleted are listed.

  1. Click on OK to delete the previously selected accounts.

Accounts have been deleted.

Export Data as CSV

You can export a list of accounts as a CSV file. A window with the corresponding settings opens.

  1. Select the columns you want to export in the upper area.

Note:
The checkbox All activate/deactivate selects or deselects all columns in the upper area.

  1. Activate the checkbox Show column name in 1. row, to export the column headers as well.
  2. Activate the checkbox Export only selected rows to only export the previously selected rows.
  3. Select the format of the export under Export type.
  • Display: Displays the data to be exported in a new window..
  • Download: Downloads the data as a CSV file.
  • Email to: Sends the data to the entered email address.
  1. Click on Export to export the data.

Data has been exported as a CSV file.

Account Area

In this area you can view the data of all assigned users.
Search fields are located below the Partner/Customer, Email and License Number columns. These filter the data sets according to the value in the corresponding column. Selection menus are located under the licence and status column headings. These filter the data sets according to the value in the associated column.

The following columns are available:

  • A selection box to select the data sets is located on the far left for each data set.
  • The column Partner/Customer displays the superordinate customer or partner for the user.
  • The column Created on displays the date on which the Hornetdrive account was created.
  • The column Email displays the email address provided by the user. This is also the username.
  • The column Licence number displays the user’s
    licence number.
  • The column Licence displays the type of user licence. A distinction is made between Guest, Business and Enterprise.
  • The column Last use displays when the user last signed in to a client.
  • The column Status displays whether the user is a contract customer, webshop customer or test customer. Test customers that have not purchased a full version within the test period
    are also listed as Expired for the period prior to the final cancellation of their account. Customers whose follow-up time has expired are no longer listed.
  • The column Valid until displays the date on which the current licence expires. For test customers this refers to the end of the test period, while for contract customers this refers to the
    end of the paid-up licensing period.

Open the Account Details

  1. Double-click on an account row in the account area to open the detailed view for this account.

Account Details

Username

  • Username: Displays the user’s email address, which is also the username.
  • Password: A new password is accepted on re-entering the password and saving the change.
  • License: This displays the user’s license. The license cannot be changed here.
  • Languages: Either German or English can be selected. This setting determines the language in which emails are sent to the user.
  • Status: This allows a distinction to be made between contract customers and test customers. Another field appears for test customers for the end date of the test phase.
  • Partner/Customer: This function allows the new user to be created / to be allocated to a partner or customer.
  • License number: Displays the user’s license number.
  • Memory usage: Displays how much memory the user has used and how much is available in total.
  • Traffic limit: This display provides information on how much traffic volume the user has used this month and how much is available for this month in total.

Account details under User name

Drive

  • Name of the drive
  • Date of creation
  • Memory
  • Currently used traffic
  • Volume used this month.

Account details under Drive

The drive is deleted by clicking on the “Remove” cross in the corresponding row.

Devices

  • Name of the device
  • Date of creation
  • Time of last use
  • Last IP address used
  • Version of the client installed on the device
  • Operating system version

You can delete the device by clicking on the x under Delete.

Note:
This device can then no longer be used to access the drives.

Account details under Devices

Whitelabeling – Control Panel Customization

You can customize the Control Panel to embed your company’s color, logo and favicon.

Furthermore, you can select a theme for your Control Panel and add support and email information.

The customization is displayed to all users logging in to the domain you provide.

Prerequisites to Customize the Control Panel

  • You have an administrator role or a partner role.
  • You have provided your domain’s certificate to the support. The certificate must at least support SHA256 and use 2048 bit key length.
  • Additionally, you must create a CNAME record for your domain.
    Otherwise, the URL of the original Control Panel domain is shown in the browser.

Following a CNAME record is set for the domain controlpanel.customerdomain.com

 

controlpanel.customerdomain.com IN CNAME cp.hornetsecurity.com

Customize the Control Panel

  1. Login to the Control Panel.

Note:
You need administration or partner authorization to customize the Control Panel.

  1. Select the domain or the partner role from the role selection you want to customize the Control Panel for.

Note:
You can only change the customization with the selected role.

  1. Select the section Whitelabeling on the left side.
  2. Select Appearance.

  1. Enter the URL of your Control Panel website in the field URL.

Note:
If you change the URL subsequently, you must also update the CNAME record for your domain.

  1. Select a primary color for your Control Panel. The primary color is responsible for the font color and other design elements.
    1. Click in the field under Primary color to open a color selection.
    2. Pick the desired color. The selected color is represented in the field as HEX or sRGB.
    3. You can insert the color code directly into the field as well.
  1. Select a theme for your Control Panel under Theme.
  • Activate the radio button Dark to select a dark theme.
  • Activate the radio button Bright to select a bright theme.
  1. Click on Browse… under Logo to select your Logo.

Note:
For the best result, upload a logo with a minimum resolution of 160 × 80 pixel.

  1. Click on Browse… under Favicon to select your favicon.

Note:
The favicon must be uploaded in ICO file type (filename extension .ico). For the best result upload the favicon with a resolution of 128 × 128 pixel.

  1. Click on Save to confirm your customization. The deployment can take up to five minutes.
  2. Refresh the Website to see your customized Control Panel.

Note:
You must be logged in to your Control Panel domain to see the customization.

Example: Customize the Control Panel

Below is an example for customizing the Control Panel which explains and visualizes what the customizations do.

Fallback Design

The fallback design ensures, that the Control Panel is shown without any company specific attributes, in case of misconfiguration.

In the case, that your domain has not been recorded and your configuration cannot be set, an alternative design is selected.
Therefore, the Control Panel gets the dark theme, without any logo or favicon. For the primary color a default green will be used.

Displayed Email Information

The system automatically sends emails in various situations, for example when users reset their passwords. You can define a greeting formula, a contact person, the sender address and a disclaimer for these emails.

Add Email Information

  1. Select Email information.
  2. Enter the name of the contact in the field Contact.
  3. Enter the sender address for outgoing system emails in the field Sender address for email templates.
  4. Enter the required information for a disclaimer in the field Disclaimer.

All data below is just an example. Inform yourself in your company which information is required for outgoing system emails.

  1. Click on Save to apply the settings.

Contact Data in the Control Panel

The contact data phone number and email address is shown in the Control Panel.

If you want to change the contact data, you must provide them under Support information (See: Add Support Information in the Control Panel).

Contact Data Processing

The contact data is processed hierarchically from bottom up.

Underneath a customer are several domains. That customer has provided his contact data on the top level.
Thus, every user of the underlying domains gets the contact data of the customer. If contact data for a underlying domain is provided, it will be shown to the users of that specific domain.

Add Support Information in the Control Panel

  1. Select Support information.
  2. Enter the support phone number of your company in the field Support phone number.
  3. Enter the support email address of your company in the field Support email address.

  1. Click on Save.

Email Categories

Your emails are classified into the following categories:

Email Category Description
Clean The category clean indicates that no threat was found.
Infomail Infomails are promotional emails that can either be classified as clean or spam.
Spam Emails classified as spam.
Content Emails with illegal attachments. Defined by the partner or domain administrator.
Virus Emails containing a virus.
ATP Emails containing threats identified by Advanced Threat Protection.
Rejected Rejected emails.

Classification Reasons

The following sections are structured in the different classification types for emails.
The tables list the reasons shown in the email display with their explanations.

Note:
The classification reasons are incomplete and are extended in a later version of this manual.

Classification ATP/Content/Virus

ReasonDefinitionActivity
Virus-scan01Found identical attributes of classified virus emails in metadataVirus
Virus-scan01-XARG-VFound known virus structure in multiple attributes of the emailVirus
Virus-scan02-Header-VFound virus signature in email headerVirus
Virus-scan03-Link-VaLinking of a compromised URLVirus
Virus-scan04-Body-VFound virus signature in email bodyVirus
Virus-scan05-<VirusName>Virus found – known, classified virusVirus
virus-scan07-doubleextensionFound a file with veiled or faked file type in an archiveVirus
Virus-scan07-archive-in.archiveFound nested archives in an archiveVirus
virus-scan07-heur-exploitFound minimum one unknown and potentially dangerous file in an archiveVirus
Virus-scan07-fakeoffice2003Found macro code of office 2007 in an office 2003 fileVirus
virus-scan07-potential-fake-archiveFound an archive with wrong declaration of content type (MIME-Content-Type)Virus
Virus-scan06-<VirusName>Virus scanner 2 found a virusVirus
Virus-scan08-executableFound potentially dangerous file in attachmentVirus
Virus-scan09-ASEzipHeuristicsEvidence of phishing and suspicious attachment foundVirus
Virus-scan09-asehtmlheuristicsEvidence of phishing and suspicious attachment foundVirus
Virus-scan09-ASEurl 0xHeuristicsEvidence of phishing and suspicious link foundVirus
Virus-scan10-<VirusName>Indistinct virus message through Heuristic intend analysisVirus
Virus-scan12-AttachmentVFound virus signature in attachmentVirus
Virus-scan13-ASE-PhishingHeuristicsEvidencce of phishing and suspicious email header foundVirus
Virus-scan14-Short-URL-obfuscationLinks are veiled through nested URL shorteningVirus
Virus-scan15-ASE-PhishingDirect link to malware or phishing websiteVirus
Virus-scan16-ASE-Phishing-heurEvidence of phishing and inconsistent sender address Virus
Virus-scan17-ASE-office-macro-exploitFound evidence of malware and office file with macros, OLE-object or VBS code as attachmentVirus
Virus-scan17-office-webarchive-exploit-heurEvidence of malware and attachment with suspicious content foundVirus
virus-scan17-office-rtf-exploit-heurEvidence of malware and attachment with suspicious content foundVirus
virus-scan17-MacroEvidence of malware and attachment with suspicious content foundVirus
Virus-scan17-office-macroEvidence of malware and attachment with suspicious content foundVirus
Virus-scan18Evidence of malware and the email was sent by different senders or email serversVirus
Virus-scan21-<Virusname>Virus message by optional virus scanner 3Virus
Virus-scan22-<Virusname>Virus message by optional virus scanner 4Virus
ContentfilterCustomer defined forbidden attachmentContent

Classification Quarantined

ReasonDefinitionActivity
admin-blblacklist controlled by adminQuarantined
ase-blindividual blacklist controlled by support dep.Quarantined
ase-recap1diffuse spam fingerprintQuarantined
ase-rep1IP reputation list 1Quarantined
ase-rep2IP reputation list 2
Quarantined
ase-recap4diffuse spam fingerprintQuarantined
asespf7-1SPF filter variant 1Quarantined
asespf7-2SPF filter variant 2Quarantined
bodytagspam signature in mail textQuarantined
bouncetagbounce mail managementQuarantined
dirtyipreputation filter on IP basis Quarantined
fingerprintre - captured spam mail by hashQuarantined
headerspam signature in mail headerQuarantined
linkad linkQuarantined
rbl50pre-stage to 554 5.5.4 but not blocking yetQuarantined
sameipsignature recognition through spam enginesQuarantined
scoredynamic content evaluationQuarantined
Score Tagdynamic content evaluationQuarantined
spamreputation filter based on sender serverQuarantined
spamip-netIP range of servers with poor reputationQuarantined
spam-sumspam fingerprintQuarantined
subjecttagspam signature in subject lineQuarantined
user-blblacklist controlled by the userQuarantined
wcspam pattern recognitionQuarantined
xargbounce attack or individual customer ruleQuarantined
zombiebotnet computerQuarantined

Classification Rejected

GrundDefinitionAktion
450 4.1.1rejection when relay check is enabledBlocked
450 4.1.8sender address rejected : domain not foundBlocked
450 4.5.5early spam detection (temporarily blocked) Blocked
450 4.5.6temporary failure in MTA - please retryBlocked
450 4.5.7temporary failure in MTA - please retryBlocked
504 5.5.2recipient address rejected : fully - qualified adress is neededBlocked
504 5.5.2sender adress rejected: fully - qualified address is neededBlocked
550 5.1.1unknown recipient (SMTP check)Blocked
550 5.2.2explicit blocking of sender or recipient addressBlocked
550 5.5.3recipient address rejected: multi-recipient bounceBlocked
552 5.5.2message size (content filter)Blocked
554 5.5.3email rejected due to Content Filter Size LimitBlocked
554 5.5.4IP sender address with a negative reputationBlocked
554 5.5.5email rejection due to SpamBlocked
554 5.5.6loop detectionBlocked
554 5.5.7email rejected due to content of attachmentBlocked
554 5.6.1signature of spam in mail header resp. subjectBlocked
554 5.6.2spam link signature detectedBlocked
554 5.6.3spam text signature detectedBlocked
554 5.6.4virus email blockedBlocked
554 5.6.5TLS encryption required by customer ruleBlocked
554 5.7.1unknown domain or unknown recipient (LDAP check)Blocked

Classification Valid

ReasonDefinitionActivity
asespf1familiar sender, type 1Valid
asespf2familiar sender, type 2Valid
asespf3familiar sender, type3Valid
ase-wlindividual whitelist controlled by the support dep.Valid
big2email size increased email reputation in multi-criterial scoring functionValid
bigmessageemail size increased email reputation in multi-criterial scoring functionValid
body-wlwhitelist signature in mail text, type 1Valid
body-wl2whitelist signature in mail text, type 2Valid
header-wlWhitelist signature in header, type 1Valid
header-wl2Whitelist signature in header, type 2Valid
knownsendersender address with positive reputation, type 1Valid
noreasonunevaluated emailValid
qsender2sender address with positive reputation, type 2Valid
realbouncesent via bounce managementValid
scoredynamic contents evaluationValid
sender-ipIP sender address with positive reputationValid
subject-wlwhitelist signature in subject line, type 1Valid
subject-wl2whitelist signature in subject line, type 2Valid
user-wlwhitelist controlled by userValid
xarg-wlbounce mail or individual customer ruleValid

Ruleset order

The spam filter rules are processed according to a specific priority. Once a higher level priority has taken effect, processing typically stops.

In some cases, this can lead to messages being blocked despite a whitelist entry for the sender’s address, because the IP address of the sending server is on the RBL blacklist.

 

Rule order (from top to bottom in descending priority) mail inbox

email arrival

  • RBL list (block)
  • Mass spam detection (block)
  • Compliance filter (deliver)
  • Virus check (quarantine)
  • Content filter, if activated (quarantine)
  • User-based whitelist string (deliver)
  • User-based blacklist string (quarantine)
  • Administrative whitelist (deliver)
  • Administrative blacklist (quarantine)
  • General whitelist (deliver)
  • General spam rules (quarantine)

Delivery

Note:
The compliance filter cannot be used to create exceptions for the content filter, so in this case the content filter takes precedence over the compliance filter.

Email Authentication Methods

These email authentication capabilities are available at Hornetsecurity:

  • SPF validation (Sender Policy Framework)
  • DKIM validation and signing (DomainKeys Identified Mail)
  • DMARC validation (Domain-based Message Authentication, Reporting and Conformance)

All of these methods are designed to additionally protect your company’s email infrastructure from spam and phishing.

SPF Functionality

SPF (Sender Policy Framework) is an email authentication method designed to prevent the forgery of sender addresses. For this purpose, the IP addresses of the authorized servers are entered in the DNS zone in the form of a TXT record. The receiving mail server can use this SPF entry of the domain to check whether the received email was sent from an authorized or an unauthorized mail server. If the sender information of the e-mail matches the TXT record, the email will be delivered, otherwise it will be rejected or treated as spam.

DKIM Functionality

DKIM (DomainKeys Identified Mail) is a method of email authentication designed to prevent emails from being manipulated during transfer. DKIM adds a signature to the email header when an email is sent. When an email with a DKIM signature is received, the receiving mail server queries the public key that was entered in the DNS zone of the sending domain via TXT record. This key is used to check whether the signature is correct.

Combination of SPF and DKIM

The introduced methods SPF and DKIM can be combined to provide better protection against forged senders and altered emails. If only DKIM is used, it is possible to exploit a valid email signed by DKIM. As long as it is not changed, this email can be sent in bulk to different people with a valid DKIM signature. To prevent this, SPF can be used additionally. SPF checks the origin of the email (real IP/DNS of the mail server) so that forwarding is prevented. This is because a valid email cannot be sent again and emails from other IP addresses are rejected. This prevents the re-sending of “valid” DKIM messages as spam.

DMARC Functionality

DMARC (Domain-based Message Authentication, Reporting & Conformance) defines how the recipient should handle emails depending on the results of the SPF and DKIM checks.

 

With DMARC, email recipients should be able to determine whether the alleged message matches what the recipient knows about the sender. Otherwise DMARC contains instructions on how to handle inconsistent messages. Assuming a recipient uses SPF and DKIM, the procedure looks approximately like this:

For information on how DMARC handles passed and failed SPF and DKIM checks, see the Decision Matrix of DMARC Policies.

Note:
DMARC reporting is currently not supported.

Setting up SPF

To set up SPF, it is necessary that you choose a SPF filter variant. Subsequently, enter the desired SPF entries in your DNS zone. Afterwards you can order the SPF filter.

SPF Variants

Two different filter variants are available for SPF.

 

Variant 1: Verification for the same sender and recipient domain
In variant 1, the SPF check only takes place if the sender domain matches the recipient domain of the email, thus only internal emails are checked. This method is recommended to prevent targeted attacks under fake email addresses of your own domain.

 

Variant 2: Check all sender domains
Variant 2 runs the SPF check for every sender domain, if there is a TXT record for it.This method should be used if there is a high incidence of address forgery from different sender domains. Be aware that using this variant may cause the false-positive rate to increase if several communication partners have not configured the TXT records correctly.

SPF logic

The IP addresses of the sending servers are checked with the stored entries from the TXT record. When checking the SPF entry, a distinction is made between a hard or soft fail. This check takes effect if the SPF entry does not match the sender information. A decision matrix then indicates how to handle the incoming email.

 

The following logic is taken into account when checking the TXT record:

Step Checked part of the email
Configuration Type of fail Action
1 Envelope (MAIL FROM) -all Hardfail reject
2a Header (From) ~all Softfail quarantine
2b Header (From) -all Hardfail quarantine

Explanation:
Step 1: Checking the envelope sender address (MAIL FROM)

In the first step, an SPF check of the sending MAIL FROM address from the envelope of the email takes place. If this is not entered in the TXT record, the email is rejected (hardfail). If the sender address is authorized, a further check of the From address takes place in step 2.

Step 2: Checking the header address (From)

In the second step, the From address from the header of the email is checked. If the address is not entered in the TXT record, the email is quarantined, regardless of the configured setting to Hard- or Softfail (-all/~all).

Add SPF Record to DNS Zone

Note:
If you are using the SPF filter of variant 1, you must set a TXT record in your DNS zone. This entry must contain all mail servers that are allowed to send emails from your own domain.
This entry is optional for variant 2 of the SPF filter.

  1. Set the TXT record for the Hornetsecurity mail servers in your DNS zone: v=spf1 include:antispameurope.com ~all
    With this TXT-Record, all mail servers of Hornetsecurity are authorized for sending. If emails are sent via other mail servers, they are marked as spam by the softfail mechanism.
  2. Optional:
    If you use other services that may send in the name of your respective domain such as newsletter services or ERP and ticket systems, you can also add them to the TXT record.

    Note:
    If you are not capable configuring the settings on your own, we recommend contacting the responsible provider.

Activate SPF

Set the corresponding TXT record in your DNS zone before commissioning SPF.

Setting up DKIM

To set up DKIM, you must use a CNAME record to refer to the public key in Hornetsecurity’s DNS. Then open a ticket at Hornetsecurity’s support to order DKIM.

Set the CNAME Record

Set the following CNAME record in the corresponding DNS zone of your domain: hse._domainkey.DOMAIN.TLD CNAME hse._domainkey.hornetsecurity.com
Enter your actual domain for DOMAIN.TLD.

Note:
If you only want to use DKIM to check incoming emails (validate only), you do not need to set the CNAME record.

Activate DKIM

Before commissioning DKIM, set the corresponding CNAME entry in your DNS zone.

Setting up DMARC

To set up DMARC, you must first activate SPF in variant 2 and/or DKIM. Then open a ticket at the Hornetsecurity support to activate DMARC.

Activate DMARC

To use DMARC it is necessary to activate SPF in variant 2 and/or DKIM for the desired domain.

Decision Matrix of DMARC Policies

The DMARC decision matrix shows how DMARC handles messages in case of passed or failed DKIM and SPF checks.

SPF and DKIM Check DMARC Result Result
SPF pass + DKIM pass DMARC pass Deliver
SPF pass + DKIM fail DMARC fail Quarantine
SPF fail + DKIM pass DMARC fail Quarantine
SPF fail + DKIM fail DMARC fail Quarantine

The table shows that only if both the SPF and DKIM checks have been passed, the DMARC result is positive and the email will be delivered. Otherwise the email will be quarantined.

Emails in the Control Panel

DKIM
Emails for which the DKIM signature does not match the corresponding entry in the DNS will be quarantined. In the spam report and in the control panel, the affected emails are marked as spam, so you can deliver them as required.
Under the column Reason you will see ase-dkim if DKIM applies to a specific email.

 

SPF
Emails that have been detected by the SPF filter and found not to have been sent by a server registered in the DNS will be quarantined. In the spam report and in the control panel, the emails concerned are classified as spam and can be delivered as required.
In the control panel these emails are displayed with the
reason asespf7-[1|2]. 1 or 2 indicate the selected variant of the SPF filter.

 

DMARC
Emails detected by DMARC and found not to comply with the SPF and/or DKIM policies will be quarantined and displayed in the spam report and control panel, rejected or delivered (nothing) depending on the policy you have chosen.
These emails are displayed in the control panel with ase-dmarc as reason.

Troubleshooting: Increased Outbound False Positive Rate

Emails that should be delivered are reported as spam by the SPF filter.
 
Condition:

  • Either the SPF filter in variant 1 is active and incoming internal emails are incorrectly detected as spam
  • Or you have activated the SPF filter of variant 2 and a communication partner informs you that emails from your domain are detected as spam.

Cause: Faulty TXT record
The IP addresses of your mail servers entered in the TXT record are incorrect or missing.
Remedy: Customize TXT Record

  • Add the IP addresses of your mail servers to the TXT record or correct the incorrect IP addresses.

Remedy: Adding IP addresses to the whitelist

  1. Open the Control Panel.
  2. Select the respective domain from the role selection.
  3. Select Black- & Whitelist.
  4. Select the Tab Whitelist.
  5. Click on Insert and enter the corresponding IP address
  6. Click on Submit to confirm.

Troubleshooting: Increased False Positive Rate on Inbound Emails with SPF Variant 2

Emails that should be delivered are reported as spam by the SPF filter.
Condition:
Your SPF filter runs in variant 2 and incoming emails from certain domains are incorrectly detected as spam.
Cause: Incorrect TXT record of the communication partner
Remedy: Informing the communication partner

  • Inform the communication partner about a possibly incorrect SPF configuration.

Adding IP addresses to the whitelist

  1. Open the Control Panel.
  2. Select the respective domain from the role selection.
  3. Select Black-/Whitelist.
  4. Select the Tab Whitelist.
  5. Click on Insert and enter the corresponding IP address of the sender domain.
  6. Click on Submit to confirm.

Glossary

The Glossary defines all uncommon words used in this manual.

Note:
Since the manual is not completed, the glossary will be updated.

WordDefinition
Control PanelUserinterface to manage the email traffic and services.
Domain administratorIs responsible for a primary email domain, the related alias mail domains, as well as all email addresses defined or definable by them.
Partner Is responsible for several clients. Each client corresponds to a primary email domain, its alias mail domains and all email addresses defined or definable by them.
InfomailAn email classified as advertisement
BlacklistSender emails that should always be classified as spam are entered on the blacklist.
WhitelistSender emails that should always be classified as clean are entered on the whitelist.
Schlagen  Sie  bearbeiten