1. About this Manual
  2. Introduction
    1. Prerequisites
    2. Version Information
  3. Login
    1. Reset Password
  4. User Settings
    1. Changing Password
    2. Changing Location
  5. Roles (DAP)
  6. Email Live Tracking
    1. Overview
    2. Customizing Email Display
    3. Filtering Emails
    4. Advanced Search (DAP)
    5. Email Details
      1. Open the Email Details
      2. Initiate an ATP Scan Manually
      3. Extended Email Information
    6. Email Fields
    7. Processing Emails
    8. Processing Actions
  7. Black- and Whitelist Module
    1. Create Black- and Whitelist Entries
    2. Delete Blacklist or Whitelist Entries
    3. Search Functionality
    4. Hierarchy of Blacklist and Whitelist Entries
  8. Management (DAP)
    1. Management Elements
      1. Administrative Elements
    2. Basic Partner Settings
      1. User Data
      2. Contact Data
      3. Add Contact Data
    3. Rights Management
      1. Create new Role
      2. Assign Role Authorizations
      3. Default Settings
      4. Advanced Settings
        1. Assign Special Rights
      5. Restrictions
      6. Settings
    4. Setup Templates
      1. Create new Templates
    5. Setup Customers / Domains
      1. Create new Customers/Domains
      2. Create new Office 365 Customer
    6. Basic Domain Settings
      1. Register new Alias Domain
      2. Search Alias Domains
      3. Export Alias Domains
      4. Import Alias Domains
    7. Postboxes
      1. Administration of User Settings
      2. Create Postboxes automaticly
      3. Create Postboxes manually
      4. Import Postboxes
    8. Groups
      1. Create new Groups
      2. Delete Groups
      3. Manage Groups
    9. Domain Administration
      1. Filtering
      2. Advanced Threat Protection (ATP)
        1. Activate ATP
        2. Start ATP-Scan
        3. Real-Time Notification
        4. ATP-Report
        5. Ex Post Alert
      3. Aeternum Email Archiving
        1. Setup and Activate Archiving
        2. Add exceptions
        3. Deactivate Archiving
        4. Audit Access
        5. Create Audit Access
      4. Continuity Service
      5. Spam report
      6. Content Filter
        1. Activate Content Filter
        2. Add new Group
        3. Setup Content Filter
        4. Forbidden File Types
      7. Compliance Filter
        1. Setup Compliance Filter
        2. Add Filter
        3. Define Filter Rules
        4. Define Actions
        5. Filter Sequence and Classification
        6. Regular Expressions
      8. Encryption
        1. Activate Encryption
        2. Check Encryption Capability
        3. Encryption Methods
        4. Sequence of Encryption Methods
        5. Display Encryption Method in Subject
        6. Certificate Administration
          1. Ordering Certificates
          2. Certificate Settings
        7. Websafe
          1. Setup Websafe
          2. Encrypt Eemails with Websafe
          3. Websafe Encryption through Email Subject
          4. Select Websafe Templates
    10. Setup Email Footer
    11. Setup Advanced Routing
  9. 365 Total Protection
    1. Onboard Office 365 customers
      1. Create Onboarding Link
      2. Onboard 365 Customers in the Control Panel
    2. Set up 365 Total Protection (DAP)
    3. Configuration of Microsoft Services
      1. Set Firewall Settings
      2. Adding MX Records to the DNS Zone
      3. Set Autodiscover for 365 Total Protection
      4. Configuration of Outbound Emails
        1. Setup New Connector for Outbound Email Traffic
        2. Setup a New Transport Rule
        3. Contact Support for Setup
      5. Setup Archiving for Internal Emails
        1. Archiving Internal Emails
        2. Option A: Relaying Internal Traffic
        3. Option B: Use Journaling to Archive Internal Emails
          1. Create a New Journal Rule
          2. Create a New Connector for Journal Reports
    4. Activate Email Encryption
    5. Activate Contingency Covering
    6. Group management for the Signature and Disclaimer service (DAP)
      1. Creating Groups for Signature and Disclaimer in the Control Panel
      2. Add Users to a Group
    7. Order 365 Total Protection
    8. Offboarding
      1. Delete or Deactivate Connector
  10. Threat Live Monitoring
    1. Displaying Global Data
    2. Selecting the Period
    3. Description of Statistics and Diagrams
      1. Live Attack Overview
      2. Attempted attacks – Attack Type by Date
      3. Threat Statistic – By Attack Type
      4. Threat Statistic - By Attack Vector
      5. Attempted Attacks - Attack Vectors by Date
    4. URL Rewriting Statistic
      1. Clicks by Time of Day
      2. Clicks by Device
      3. Clicks by Operating System
    5. Description of Attack Vectors
    6. Description of Attack Types
  11. Audit Log
    1. Description of Categories
    2. Filtering Events
      1. Select Displayed Categories in the Audit Log
      2. Search for Events
      3. Filter by Action
      4. Filter by Event Type
      5. Select Period
    3. Reset Settings
  12. Whitelabeling – Control Panel Customization
    1. Prerequisites to Customize the Control Panel
    2. Customize the Control Panel
    3. Fallback Design
    4. Displayed Email Information
      1. Add Email Information
    5. Contact Data in the Control Panel
      1. Contact Data Processing
      2. Add Support Information in the Control Panel
  13. Email Categories
  14. Classification Reasons
    1. Classification ATP/Content/Virus
    2. Classification Quarantined
    3. Classification Rejected
    4. Classification Valid
  15. Ruleset order
  16. Glossary

About this Manual

This manual is for both users and administrators of the Control Panel. It describes the usage as well as the administrative tasks.

The administrative roles are divided into two levels:

  • Domain administrator: Is responsible for a primary email domain, the related alias email domains and all email addresses.
  • Partner: Is responsible for several clients. Each client corresponds to a primary email domain, its alias email domains and all email addresses.

The administrative sections in this manual are marked as follows:

  • DA: This section is for domain administrators only.
  • P: This section is for partners only.
  • DAP: This section is for both domain administrators and partners.

All unmarked sections are for users and all administrator levels.

Note:
Depending on the level of rights assigned to you, it is possible that you cannot see all the menus described.

Introduction

The Control Panel is designed for handling incoming emails and evaluating the email traffic. It provides you with an easy-to-use web interface with a responsive design. Thus you can use it on your desktop and on your mobile device from everywhere you are.

The main functionality of the Control Panel is to monitor and control the flow of your emails. For example, you can mark emails as spam or release emails that have been marked as spam. You can also blacklist or whitelist senders.

Note:
The email search has been completely revised and new functions have been added.
The modules from the old version are included, so that you can use them as usual until the development is completed.
Note:
The new Control Panel contains an option to add and maintain black- and whitelists. The current Control Panel version contains the option to set these lists, but entries set there are without any function for the time being. Once the Black-/Whitelist function has been implemented for the new Control Panel, any lists already setup in the old Control Panel will be automatically implemented.
Any Black-/Whitelist existing in the new Control Panel will be overwritten once the data will be migrated from the old Control Panel. Therefore it is recommended to maintain the Black-/Whiteist from the old Control Panel exclusively.

Prerequisites

The new Control Panel is designed to run on all relevant web browsers in the latest versions.

The support of the browsers starts with the following versions:

  • Chrome version 55
  • Firefox version 50
  • IE Version 11
  • Safari version 9
  • Edge version 38

Version Information

  1. Check the current version of the Control Panel by clicking on next to the user settings in the upper right corner of the window.
  2. To view the version information, click on the version number.

Login

  1. Go to the Control Panel website provided by your partner or the support department.
    The login screen appears:
  2. Enter your username.
    Note:
    Enter your personal email address as username. You can change the role after logging in. After a new registration, you will receive your access data from your partner or support.
  3. Click on Continue.
  4. Perform the following steps if your account is synchronized with LDAP or was created in the Control Panel directly. Go to step 5 if your account is synchronized with Office 365.
    • Enter your password in the field Password.
    • Click on Login.

You are logged in at the Control Panel.

Note:
At your first login you can choose the time zone which defines the time, the date and the language. You can change the language in your user settings every time.

  1. Perform the following steps if your account is synchronized with Office 365.
    • Enter your email address in the application form of Microsoft again.
    • Click on Next.
    • Enter your password.
    • Click on Sign in.
    • Select if you would like to stay signed in or not.

You are logged in at the Control Panel.

Note:
At your first login you can choose the time zone which defines the time, the date and the language. You can change the language in your user settings every time.

Reset Password

Prerequisite: Your account is not synchronized via LDAP or Office 365.

You cannot reset your password if your account is synchronized via LDAP or Office 365. If you want to reset your password, contact your administrator.

  1. Click on Reset password?.

You get an email with a new password and an activation link.

 

  1. Click on the activation link in the email.

A window with the application form for the Control Panel opens.

 

  1. Enter the password which you got in the email.

You are logged in.

User Settings

You can change your password and your location in the user settings.

The location is responsible for the language and timezone used in the Control Panel.

Note:
It is possible to change the settings individually or all at once.

Open the User Settings

  • Click on in the upper right corner of the window.

Changing Password

Change your current password

  1. Enter your current password in the text field Old Password.
  2. Enter your new password in the text fields New Password and Repeat.
  3. Click on Save, to save your new password.

Changing Location

The location influences the time format, the date and time and the language in the Control Panel.

Note:
New customers are automatically classified in the same location as their partner. The location can be adjusted individually afterwards.

Change the time zone

  1. Select the location from the dropdown menu.
  2. Click on Save to save the selected location.

Roles (DAP)

Depending on your assigned rights, you can administrate different customers, domains and users.

The Control Panel provides an easy way for partners and domain administrators to change the current role. Thus you can limit the focus on a customer, domain or user.

Change the role

Select either of the following:

  • Select the customer, domain or user directly from the drop-down menu.

  • Enter the name of a customer, a domain or a user in the search bar.

Filter your search results

You can filter your search results:

  • To search for partners, customers and users, activate the search for users.
  • To limit the search for partners and customers, deactivate the search for users.

Email Live Tracking

In the Email Live Tracking you can examine your email traffic.

You can search your current emails as well as the Email Archive.

Note:
You can only see the emails, which correspond to your level of authorization.
  • Users will only see their own emails including the emails of their alias addresses.
  • Domain administrators can see all emails of the domain they administrate, including the alias domains.
  • Partners can see all emails of their clients’ domains.

All users including the administrators will view their own personal emails after logging in.

The following sections start with an overview of the Email Live Tracking module.

The functionalities are explained individually afterwards.

Overview

The Email Security module is divided into three sections:

Filter Section

You can filter the emails shown in the email display. The different functions are described in Filtering Emails.

The filter section inherits the selection and processing actions for emails.

Email Display

The email display is the main component of the window and shows all the emails following your search and filter criteria.

You can customize the email display individually by changing the email fields.

Extensive e-mail lists can be searched with the scroll function . The scroll function is located in the center of the lower display area. By selecting the arrow at the bottom right, the statistics can be hidden and displayed.

Email Category Statistics

The statistics evaluate the categories of your emails shown in the email display. The statistics can be hidden and displayed using the arrow   in the lower right area of the email display.

Customizing Email Display

You can customize the email display individually by

  • Selecting and deselecting email fields.
  • Changing the positions of email fields.
  • Resizing the fields.

 

Customize the email fields

  1. Click on the button on the right.
  2. Select the desired field from the drop-down menu.
  3. Click on Default to retrieve the original settings.
Note:
You can select or deselect multiple fields at once.

Change the position of email fields

  1. Drag the field you want to reposition.
  2. Drop it in the position you desire.

Resizing the fields

  1. Place the mouse between two fields.

    A green line appears.
  2. Drag the line and resize the field as desired.

 

Filtering Emails

The Email Security module provides various filter functions. You can use them individual or in combination on your emails.

Category Filter

You can filter your emails by categories.

Note:
Rejected emails are not shown per default. To view them, activate the category Rejected.

Filter your emails by category

  • Select or deselect the category in the filter section.

Note:
To only display emails of a specific category, double-click on the desired category and all other categories will be disabled.

Search Bar

You can filter your results entering terms in the search bar. All email fields are searched unless you select a field suggested to search for.

Note:
You must enter at least three characters to use the search.

Search your emails

  • Enter a term in the search bar.

The results in the email display are filtered while typing.

Search only in certain fields

  1. Select a field from the suggestions.
  2. Enter a term in the field to be searched for.

Email Field Filters

Filter your results with the following email field filters:

Field Filter Description
Date You can select a time interval from the dropdown menu or define a custom range. The current day (“Today”) is the default setting.
Direction Filter for incoming or outgoing emails. The default is both.
Encryption Select the encryption type you want to filter for, multiselection is possible. The default includes all encryption types and no encryption.
Status Filter for delivered, deferred or rejected emails.
Size Filter for emails with a specific size, selected from the dropdown menu.

Filter results from Email Display

You can directly select a value of an email from the email display to filter for.

  • Double-click on the desired field value (e.g. Communication-Partner) of an email.

Reset all Filters

  • Click on Reset Filter/Search.

Advanced Search (DAP)

In the Email Security module, you can search the individual email fields combined or use the full-text search to search in all fields at once. Defining queries, the search is completing and you can search for word beginnings. It is not intended to search within words.
For each individual field, there are delimiters to separate words.

The following table shows examples for valid and invalid queries as well as the delimiters for the individual fields.

Type Delimiter Example
valid search query
invalid search query
Email address “@” and last “.” moc.t1544998795set@o1544998795fni1544998795 info; test; com o@test; nfo@
Hostname “-” and “.” gateway07-rz01.test.com gate; rz01; test; com eway; 07; 01;
Attachments “;” and last “.” text.txt; image.jpg text; txt; image.jpg xt; mage; pg
Text special characters
Reason “:” linktag:lt_exprx_15_10_442:auto linktag; lt_exprx; auto tag; exprx; 10_442

Email Details

You can view the details of a single email and perform the following actions:

  • Report the email as spam.
  • Report the email as infomail.
  • Deliver the email.

The email details contain meta information, that are described in Email Fields, as well as the email header and the SMPT dialog for the email.

Open the Email Details

  1. Click on the arrow symbol.
    Note:
    The colour indicates the category of the email.
  2. Click on the action that you would like to perform on the email.

Note:
To blacklist or whitelist the email sender, use the Selection.

Initiate an ATP Scan Manually

You can scan incoming emails with potentially dangerous attachments in the Control Panel using ATP. You can perform two ATP scans for email attachments each month for free. For additional analyzes you have to activate Advanced Threat Protection.

Note:
The ATP scan is only available for emails with executable attachments (e.g. .exe file). Furthermore, clean emails that have already been delivered can only be scanned when the products Aeternum (email archive) or the Continuity Service are active.

 

  1. Open the module Email Security in the Control Panel.
  2. Open the details for the email you want to scan by ATP.
  3. Click on the magnifying glass ATP to start the scan.

    Start ATP scan

 

You will get a notification that the scan has been started. The scan process can take up to 15 minutes until it is finished.

 

After the scan is done, you can open the ATP report for the analyzed file under ATP in the extended information for the scanned email.

Open ATP report

 

 

Extended Email Information

You can find detailed information about the selected email under Infos.

The detailed information of a specific email is separated in three sections.

Details Header SMTP ATP
Here, you can find further information concerning the selected email.The following email fields are shown:
  • Owner
  • Communication partner
  • Subject
  • Message-ID
  • Category filter
  • Reason
  • Connect
  • SMTP-Code
  • Encryption
  • Date
The header tab provides the header information of the selected email.

The header is not shown for rejected emails.

In the SMTP tab, the whole SMTP-Dialog is shown. The last row is also shown in the details under SMTP-Code After an ATP analysis has been performed, the ATP reports for the attached files are displayed here.

You can find a description of the shown email fields under Email fields.

Email Fields

The following table describes the email fields shown in the email display and the email details.

 

Field Description
Date The date and time when the email was sent.
Depending on the selected time zone.
Communication partner The owner’s communication partner. Sender or receiver of emails to/from the owner.
Direction <> Incoming or outgoing message from the owner’s point of view.
Owner The email was sent or received by the owner.
Subject The subject of the email.
Encryption The lock only shows, whether the email is encrypted or not. You can see the encryption type in the email details.
Status Indicates, whether the email is delivered, deferred or rejected.
Size Size of the email.
Reason The reason, why the email has been classified as spam, virus etc.
msg id Internal id of the email.
source hostname Outgoing server hostname.
destination hostname Incoming server hostname.
gateway The gateway.
source IP Sender’s IP address.
destination IP Receiver’s IP address.
message id The id of the email.
Connect Depending on the direction of the email, the hostname of the incoming or outgoing mail server is shown.
SMTP-Code Shows the last row of the SMTP dialog.

Processing Emails

To select and process emails:

  1. Click on the buton in the filter section. A tool bar opens.
  2. Click on the emails in the result display to select them.

    Note:
    You can select and process multiple emails at once.

    Furthermore, it is possible to select all displayed emails at once:

  3. Click on the action you want to perform for the selected emails.

 

Note:
All actions are described in Processing Actions.

Processing Actions

The actions you can perform on emails in the Email Security module are described in the following table.

ActionDescription
Deliver EmailDelivers the selected email.
Report as SpamThe email is classified as spam and the support and quality management system is informed in order to conduct any further investigation. This is the preferred method of dealing with spam emails since the sender address is usually forged anyway.
Report as InfomailThe email is classified as infomail. The options for infomails are individually adjustable.
Blacklist SenderThe email from this sender is added to the user's blacklist. Any future emails from this sender will be classified as spam.
Whitelist + DeliverDeliver this email and additionally deliver all emails from this sender in the future automatically. The sender’s address is added to the user's whitelist.
Mark as privateThe email is marked as unrelated to business.
Note:
Once you have marked an email as private, you cannot undo it.
Blacklist for All Users (DAR)The email from this sender is added to the public blacklist. Any future emails from this sender will be classified as spam.
Whitelist for All Users (DAR)The sender’s address is added to the public whitelist.
Send Email to AdminThe email is sent to the provided email address of your administrator under Management > Settings > Data.
Note:
The blacklisting and whitelisting rules are processed in the following order:
  • Administrator Blacklist
  • Administrator Whitelist
  • User Blacklist
  • User Whitelist

For Example: A user adds the account moc.e1544998795lpmax1544998795e@elp1544998795maxe1544998795 to their whitelist and the administrator adds this account to the global blacklist. The emails from that account will be delivered to the user, but not to any other user who has not whitelisted that account.

Black- and Whitelist Module

In the black- and whitelist module you can define that emails from specific senders or domains are always quarantined (blacklist) or delivered (whitelist).

Create Black- and Whitelist Entries

Adding entries to the blacklist or whitelist.

  1. DAP: Select the role, for which you want to create an entry from the role selection.

If you select a partner role, you can only create global entries for all underlying domains.

If you select a domain, you can create entries for the whole domain or for specific groups of that domain.

Note:
If you have not selected a role from the selection, the user you logged in with is selected.

Role or domain selection

Depending on the selected role, you can create entries that are valid globally for the domain, for specific groups or specific users.

  1. Select the module Black- & Whitelist under Email Security.

  1. Select the tab with the corresponding list:
  • Blacklist
  • Whitelist
  1. Click on Insert.

An input field opens.

  1. Enter an email address or domain name into the field Value.

Note:
If entering a domain name use the following syntax: domainname.tld

Global blacklist entry partner

Domain blacklist entry

User blacklist entry

  1. DAP: Optional: If entering an entry as domain administrator, you can select a group.

a) Activate the checkbox under Group.

b) Click on the group selection and select a group from the drop down menu.

Create blacklist entries for groups

  1. Click on Submit.

Delete Blacklist or Whitelist Entries

  1. Open the black- & whitelist module.
  2. Select the tab with the desired list.
  3. Click on the arrow symbol on the right side of the entry you would like to delete.
  4. Click on Delete.

You will receive a notification after successfully deleting the entry.

Example: Deleting entries from black- or whitelists

Following, the blacklist entry test@testdomain is deleted

Entry deletion

Search Functionality

The search functionality is similar to the search in the Email Security module.
Just enter the search phrase into the search field and the results are filtered dynamically.

Example: Search entries in the blacklist and whitelist module

The blacklist of the user admin(at)talltara.com is searched for the term test. Only results starting with test are shown.

Search the blacklist

Hierarchy of Blacklist and Whitelist Entries

The blacklist and whitelist entries are processed in the following order from the highest to the lowest priority:

  • User whitelist
  • User blacklist
  • Domain and group whitelist
  • Domain and group blacklist
  • Partner whitelist
  • Partner blacklist

If the system finds a fitting entry on either list, the execution is stopped and the remaining entries are not checked.

Example: Processing hierarchy of blacklist and whitelist entries

A user adds the sender address moc.e1544998795lpmax1544998795e@elp1544998795maxe1544998795 to the user whitelist. The domain administrator adds this account to the domain blacklist. The emails from that account will be delivered to the user, but not to any other user who has not whitelisted that account.

Management (DAP)

Management forms the central part of the administrative work. Here you can configure settings for users and domains or book additional services. A registered partner can create new customers, manage existing customers and book new services for his customers. A registered domain administrator can manage his domain and book new services.

Management Elements

The management window is divided into a left and a right subwindow. Depending on the selection of the management element in the left subwindow, various options and configuration options are available in the right subwindow.

Management panel: management elements (left) and options (right)

Administrative Elements

The administration tree is divided into two primary levels:

All domains assigned to the partner are displayed in the partner level..

Various options can be made in the customer  level:

  • Customer management
  • Manageable customers
  • Domain
  • Email address management
  • Management of redirects
  • Administration of domain configuration
  • Management of groups

The buttons in the lower left window   can be used to add new domains or users or to remove existing ones.

Note: Partner level is only available for the partner permission level. To display a next lower layer, select the current layer and click the gray triangle to the left of the element name.

A search operation can be started with the search function. The management-display changes depending on the search terms you have entered.

Search function

Basic Partner Settings

Navigation in the Control Panel

If a partner is selected on the left of the window, a window with two tab levels appears on the right. Under Settings you can make basic settings for the respective partner.

User Data

The following basic settings can be assigned to the user in the Data area:

  • Username (corresponds to the login name)
  • Password
  • Email address for sending forgotten passwords
  • Account status (activated/deactivated)
  • Time zone

Basic setting of user data

Contact Data

The master data for companies and contact partners can be added in the tab Contact data.

Management of Contact data

Add Contact Data

Note: Contact details for support information should be set under Control Panel → Whitelabeling.

Setting Support Information in Whitelabeling

  1. Select the tab Contact Data.
  2. Choose Add.
  3.  Enter the required contact data and confirm with Add:
    a) Select the tab Company to add contact information for a company.
    b) Select the tab Person to add contact information for a person.
  4. Save your entries with Save.

Input mask for company contact data

 

Input mask for personal contact data

Contact data is added. 

 

Rights Management

In the Rights management tab, partners and administrators can assign or deny certain rights to their hierarchically subordinate levels.

Rights management

These rights are defined globally at the partner, customer and user levels. Rights can be assigned individually for each user. Rights management is based on a role-based system and is divided into three categories:

  • Roles
  • Default settings
  • Advanced settings

Create new Role

In the Roles area, the partner can view the predefined roles for users, customers and partners and define their own roles.

Info: Roles default_user, default_customer, default_partner are default roles and cannot be changed.

  1. Click New Role on the tab Roles.
  2. Click into the field Template and select a template.
  3. Enter a title for the template.
  4. Click OK to create a new role.
  5. Click Save, to save changes.

New role has been created. 

Selection of templates

Assign Role Authorizations

If user roles have been created, it is possible to assign individual authorizations to each user.

  1. Click on the role stored in the Roles tab.
  2. Activate the corresponding checkboxes for the desired permissions in the right window.
  3. Confirm the assigned authorizations with Save.

 

Distribution of roles in rights management

 

Authorizations have been assigned.

Default Settings

Under Default Settings, standard roles can be assigned for all levels that are subordinate to a partner.

Default settings

Advanced Settings

Under Advanced Settings special rights can be assigned to the users. These settings allow a Helpdesk employee, for example, to look after several domains and customers simultaneously.

Note: For the assignment of special rights, the stored users must be known to the system. Users do not necessarily have to be within a domain or a customer.

Functionality:

Each user is assigned another user, who must derive from within the partner. You can then assign a specific role to the user. If this user logs into the Control Panel with the user name and password, he can now change roles without re-logging in.

 

Advantages:

Required rights for helpdesk or administration tasks can be added to each user individually. This eliminates the need to share the same account. Individual changes are indicated by the precise logging in the Auditing view, indicating individual steps and the respective login name.

Assign Special Rights

  1. Click on Advanced Settings in the Rights management tab.
  2. Enter a user name under User.
  3. Select the desired level to be assigned to the user from the pull-down menu under Assigned authorisation level.
  4. Select the desired role to be assigned to the user from the pull-down menu under Role.
  5. Click on , to deposit the role.
  6. Confirm the changes with Save.

Special rights have been assigned. . 

Attention: Changes in the rights management will only become active after logging in again!

Restrictions

Under the tab Restrictions you can define IP and password policies. This allows the partner or domain administrator to determine which IP addresses can be used for surfing. He can also specify certain criteria for assigning passwords, such as a minimum length for the password to contain capital letters, numbers or special characters.

Assignment of restrictions

Settings

Administrators can manage two configurations in the settings:

  • Continuity Service
  • Deliver support

 

If a partner or customer does not want to use the webmailer provided by the Continuity Service, but his own, the corresponding URL can be entered here. You can also specify here whether users can relay emails from the email display.

Furthermore, the type of email can be specified:

  • Spam emails
  • Emails that are quarantined due to the content filter
  • Info emails
  • Virus emails

 

Affected emails can be delivered to a registered user or to a specified address.

Overview of the Settings tab

Setup Templates

Templates can be individually created and adapted via the Template tab. Predefined templates can be selected from a table.

Setup templates

Depending on the desired function, the following templates can be created:

  • Email templates
  • HTML templates
  • Notification templates

Selection of templates

Create new Template

  1. Navigate via ManagementPartner to the tab Template.

    Navigation to menu item Template

  2. Click on Add.
    A new window with new selection options opens.

    Selection of templates

  3. Select a template category from the drop-down menu Category.
  4. Select a template type from the drop-down menu Type.

    Info: The templates differ according to the selected category.

  5. Select the language of the template from the drop-down menu Language.
    The source code for the selected template is generated and displayed.
  6. Enter a name for the template in the field Name .

    Note: For email and notification templates, you must also enter the sender address and the subject. You can also make the fields Reply-To and Return-Path visible by checking the Advanced box. By default, the Reply-to or Return-Path address matches the sender address. Changes can be entered here.

  7. Design the (source) text of the template according to your wishes.

    Note: You can also specify in which form the notification should be sent (Text/HTML or Text/plain).

    Template configuration

  8. Clik on Apply,to create template.

    Note: Already created templates can be edited with a double click.

The template has been created and is displayed in the table.

Setup Customers / Domains

If your domain does not yet exist, you must create a new customer in the Control Panel. In this chapter, you will learn how to:

  • Create New Customers/Domains in the Control Panel
  • Create new Office 365 customers/domains

In addition to the basic settings, further filter options are available, which can be set individually in the Control Panel.

Important: Activating filter options can cause additional license fees. Please inform yourself about the costs before activating.

Filter options:

Option Function
Domain: Selection of the domain (or alias domain).
Filter type: Select whether premium filtering (spam and viruses, high filtering rate) or only blocking based on blacklists and some mass spam rules (lower filtering rate) should be carried out.
Destination: Server to which filtered emails are sent.
Note: If you specify a host name, an MX record resolution is always performed first, followed by an A record resolution. Several addresses can be entered. Addresses must be separated from each other by a comma. It is possible to enter CIDR ranges.
Outgoing relay / Email traffic: Specifies mail servers whose outgoing email is to be sent via the spam filter service. Several addresses can be entered here.
Info: Bounce Management checks incoming undeliverability notifications to determine whether outgoing emails were actually sent via the domain’s relay server or via a fake sender address as a return of a spam attack.
Relay check: Rejects non-existent email addresses.
Relay check per SMTP: Checks the validity of the email address using the address of the target server.
Note: For Relaycheck via SMTP, you can select alternative IP address for Relay Check. It is useful, for example, if the valid emails are first sent to a relay gateway after the check.
Relay check per LDAP: Checks the validity of the email address
Important: LDAP synchronization must first be set up for this function. Please contact our support team.
Relay check per Control Panel: For incoming emails, the system checks whether the recipient is already configured as a user in the Control Panel.
Spamhandling: Configuration for handling with spam mails:
  • Store in quarantine (default, recommended): Lists of detected spam mails are sent to recipients at intervals (digest).
  • Tag: All spam mails with a prefix in the subject will be delivered. You can enter the prefix in the field Phrase.

Filter options

Create new Customers/Domains

If your domain does not yet exist, you must create a new customer in the Control Panel.

  1. Log on to the Control Panel with your administrative authentication data.
  2. Select the customer or partner from the role selection under which a new customer or domain is to be created.

    Select Roles

  3. Select ManagementAdd Customer.

    Note: A new customer corresponds to a primary email domain. Optionally, you can set up additional alias domains or additional services in a second step.

  4. Specify the name of the customer’s primary email domain in the field Primary domain.

    Configuration of the domain in the Control Panel

  5. Enter the administrator’s email address into the field Email:

    a)  If you select the Send login information to checkbox, the password will be sent to the email address entered in the Email field.

    b) Alternatively, you can manually enter a password in the Password field. In this case the password will not be sent.

  6. Select the status in the field Status.

    Note: If you set the status to Deactivated, the system tries to deliver emails to the mail server entered above for seven days without user verification. If the sender does not accept the emails after this time, a bounce email is sent to the sender with the information that the message could not be delivered.

  7. Click on Save, to safe your changes.

New customer / new domain has been created.

Create new Office 365 Customer

Prerequisite: A customer domain has been created.

  1. Enter the destination address of your Office 365 environment into the field IP/Host Address.

    Note: You can find the destination address in your Office 365 environment. At portal.office.com, navigate to Admin centerSetupDomains. You can find the corresponding entry under Exchange OnlineMX.

    MX record in the Office 365 portal

  2. Enter the following value under Outgoing relay / Email traffic in order to filter outgoing emails from Office 365 as well: 1.1.1.1

    Enter value

  3. Click Save to save your changes.

A new Office365 customer has been created.

Basic Domain Settings

In the tab Domains you can register new alias domains, display and  delete existing alias domains.

Note: In order to access the tab Domains, you have to select the partner and the domain located under it.

Under Settings you will find the same configuration options as described in the chapter Basic Settings of a Partner.

Register new Alias Domain

  1. Open the menu Management in the Control Panel.
  2. Select the main domain from the selection on the left side of the window.
  3. Select the tab Alias domains in the area Domains.
  4. Enter the desired alias domain in the upper input field.
  5. Click Add to enter alias domain.
    The entered alias domain is displayed in the field.
  6. Click Save to apply changes.

New alias domain has been registered.

Search Alias Domains

  1. Select under Domains the Tab Alias domains.
  2. Enter the search term into input field Search … under Filter.
  3. Click on Filter.

Alias domains are searched and the matching results are displayed in the lower window.

Export Alias Domains

  1. Select the tab Alias Domains under Domains.
  2. Click on Export (.csv).

    Export alias domains

  3.  Select the desired export option between Display, Download or Email to.
  4. Click on Export.

The list of registered alias domains is exported in .csv format.

Import Alias Domains

In addition to the manual creation of alias domains, it is also possible to import alias domains.

  1. Navigate to Management Domains Import.
  2. Click Select File to select a .csv file with registered alias domains.

    Note: The .csv_file must have the following syntax:
    aliasdomain1.de
    aliasdomain2.de
    aliasdomain3.de

  3. Select the file with the alias domains.
  4. Click Import.
    The specified domains are checked for system doublets and syntactical correctness.
  5. After the scan is complete, click Import.

    Status of imported domain lists

    Domains are imported and are displayed in the object hierarchy of the alias domains window.

  6.  Click Save to close the window.

Alias domains have been imported.

Postboxes

Postboxes are the license basis for all services. In addition to a main mailbox, several associated alias mailboxes can be created for which no fees are incurred. There are three options for creating mailboxes:

  • Automatic creation of postboxes in the Control Panel
  • Manual creation of main postboxes
  • Importing of postboxes

Addresses listed under Postboxes have no influence on the acceptance, filtering or delivery of emails (exception: LDAP address matching). The addresses are used primarily for the generating and delivery of daily spam reports.

 

Alias addresses as main addresses

If alias addresses are assigned to a main address, the end user additionally sees all emails in the email search. The addresses are used to authenticate the user when the web filter system is activated. New users can be added either manually or via the Import interface.

 

Function Relay

The function Relay is only available for customers who have configured and retrieved their email messages via POP3 accounts using the setting EmailFiltering. Customers can only use this functionality for the domain whose postboxes are assigned to the manufacturer’s servers.

 

If POP3/IMAP is not configured as a destination server, the management element is not displayed in the Control Panel. If the user sets up a redirection, all emails are delivered to the destination address(es) specified by the customer, regardless of which domain it is assigned to.

 

Blacklists and whitelists can also be created for the redirection addresses. A list of all users can be read out via the Export (csv.) button.

Administration of User Settings

The tab User Settings allows you to manage the settings for registered users. The following settings can be made:

  • Entry of user data such as user name, password, email, status
  • Setting the time zone
  • Setting up redirects
  • Activate/deactivate the Infomail filter
  • Delivery times of spam reports
  • Creating alias addresses
  • Setting a proxy for the user’s email traffic

Administration of user settings

Create Postboxes automaticly

Control Panel offers various options for automatically creating mailboxes.

These settings can be found in the Control Panel under ManagementEmailFiltering →  Relay check (check recipient adress).

Automatic creation of postboxes

 

SMTP

All emails marked as spam-free (Clean) will be delivered to the customer environment. If three emails are accepted for the same email address within eight hours, a main mailbox is automatically created. This is the default configuration. The disadvantage of this configuration is that alias addresses cannot be identified. There is consequently a risk of a high number of incorrectly created mailboxes.

 

LDAP

You can synchronize the postboxes with a directory service, such as Active Directory (AD). This ensures that the correct postboxes and their alias postboxes are always created in the system. A disadvantage can be the increased configuration effort, where the customer has to transmit the directory service information.

 

Control Panel

Control Panel is the easiest way to control a large number of postboxes. You can create postboxes manually or using the function Import. If this method is selected, postboxes are not created automatically.

Create Postboxes manually

  1. Click Management in the Control Panel.
  2. Select the desired domain from the selection on the left.
  3. Select the tab Postboxes → Postboxes.
  4. Enter a name for the postbox in the field User name.
  5. Select the domain for which you want to enter the postbox.

    Info: You can also enter postboxes for created alias domains. These mailboxes are main mailboxes and will be charged separately.

  6. Enter a password for the postbox in the field provided.
  7. Select one of the following options:
    User: Creates a main postbox
    Forward: Creates a postbox for redirection

    Note: A Forward feature is only available to customers who use email filtering to retrieve their email messages from POP3 accounts.

  8. Click Add to create the postbox.
  9. Click Save to create the postbox for a fee.

Postbox is created.

Steps for creating a postbox 

Import Postboxes

In addition to manually creating mailboxes, you can import mailboxes using a .csv file. This can be done both initially, if no addresses have yet been entered, and additionally during operation.

 

  1. Click Management in the Control Panel.
  2. Select the desired domain from the selection on the left.
  3. Select Postboxes → Import.
  4. Click Select file.

    Import postboxes

    A window opens in which the corresponding .csv file can be selected. After selection, the mailboxes are displayed in the User Import field.

  5. Click Import.

    Info: The import process checks all addresses for the validity of the customer domain and for syntactical correctness.

  6. Click Import to transfer postboxes.

    Attention: If you want to replace all existing mailboxes, select the option Add + delete old. This option deletes all existing postboxes!

Postboxes have been imported.

Note: The imported mailboxes are then displayed as main postboxes under the tab Postboxes. Alias mailboxes are assigned to the respective main postbox and displayed in User Settings under the tab Aliases.

Groups

New groups can be created and all existing groups can be managed via the tab Groups .

 

You can add Groups via Groups → Group.

 

Existing groups can be managed under GroupsGroup Settings. You can add descriptive information, add members to a group, or remove members from a group.

Management of groups

Create new Groups

  1. Click on the tap Group.
  2. Enter a group name.
  3. Click Add.
  4. Confirm the changes with Save.

    Create new group

New group is created.

Delete Groups

Important: All users created in the group will be deleted!
  1. Click on the tab Group.
    Groups that have already been created are displayed in the field.
  2. Click x to the right of the group to delete the group.

    Delete group

  3. Confirm changes with Save.

Group was deleted.

Manage Groups

Stored groups can be selected and managed under Group Settings.

  1. Click on the tab Group Settings .
  2. Select a group from the list Group and confirm with Apply.

    Management of groups

  3. Enter additional information for the group under Data.
  4. Click on the tab  Member.

    Note: New addresses that have not yet been assigned can be added to the selected group under Member.

    • Click + to assign a member to the group.
    • Click x to remove a member from the group.

    Add a member to a group

     

    Delete a member from a group

     

  5. Confirm changes with Save.

Domain Administration

After a new customer has been created, the appropriate primary domain always exists below the administration element Domains for the customer entry. If you select the primary domain, you can activate and configure additional services in the right window.

Selection of primary domain

Filtering

Filteroptionen:

Option Funktion
Domain: Selection of the domain (or alias domain).
Filter type: Select whether premium filtering (spam and viruses, high filtering rate) or only blocking based on blacklists and some mass spam rules (lower filtering rate) should be carried out.
Destination: Server to which filtered emails are sent.
Note: If you specify a host name, an MX record resolution is always performed first, followed by an A record resolution. Several addresses can be entered. Addresses must be separated from each other by a comma. It is possible to enter CIDR ranges.
Outgoing relay / Email traffic: Specifies mail servers whose outgoing email is to be sent via the spam filter service. Several addresses can be entered here.
Info: Bounce Management checks incoming undeliverability notifications to determine whether outgoing emails were actually sent via the domain’s relay server or via a fake sender address as a return of a spam attack.
Relay check: Rejects non-existent email addresses.
Relay check per SMTP: Checks the validity of the email address using the address of the target server.
Note: For Relaycheck via SMTP, you can select an alternative IP address for Relay Check. It is useful, for example, if the valid emails are first sent to a relay gateway after the check.
Relay check per LDAP: Checks the validity of the email address.
Important: LDAP synchronization must first be set up for this function. Please contact our support team.
Relay check per Control Panel: For incoming emails, the system checks whether the recipient is already configured as a user in the Control Panel.
Spamhandling: Configuration for handling with spam mails:
  • Store in quarantine (default, recommended): Lists of detected spam mails are sent to recipients at intervals (digest).
  • Tag: All spam mails with a prefix in the subject will be delivered. You can enter the prefix in the field Phrase.

Filter options

Advanced Threat Protection (ATP)

Advanced Threat Protection (ATP) protects your business from targeted and individual attacks from the first malicious email. Highly innovative forensic analysis engines ensure that attacks are stopped immediately. At the same time, the solution provides detailed information about the attacks on your company.

Spam and virus filter process with ATP

Activate ATP

Attention: Activating the ATP may cause additional costs!
  1. Navigate to Managementyour primary domain within the Control Panel.
  2. Select Email →  ATP.
  3. Select the checkbox at Activate Advanced Threat Protection.

    Activating the ATP filter

  4. Confirm the booking with OK.
     

    Confirm ATP activation

  5. Specify one or more email addresses for notification to be immediately notified of the acute attacks.

Note: Ideally, enter the email address of your company’s security department here .

Email setting for notifications

Info: From now on there is the possibility to start the ATP scan for incoming emails with potentially dangerous attachments in the email display (see: Workplace Email Security) also on administrator level, who do not yet use ATP.

ATP is activated.

Start ATP-Scan

You can use the ATP scan to manually scan emails with executable attachments (for example, .exe files).

Note: The ATP scan is only possible for emails with executable attachments (e.g. .exe files). In addition, valid emails that have already been delivered can only be scanned if the products Aeternum (email archive) or Continuity Service are activated.

Info: You can perform two ATP scan analyses per month free of charge. For further analysis the booking of Advanced Threat Protection is necessary.

  1. Open the E-mail Security module in the Control Panel.
  2. Open the extended function view to the right of the selected email.

    Show email details

  3. Click on ATP-Scan to start the scan.

    Start ATP-Scan

Note: The analysis process may take up to 15 minutes.

If a file has been successfully scanned, a link to the ATP report is created. 

Link to ATP-Report

Real-Time Notification

As soon as ATP detects an attack, a notification is sent to your company to inform you immediately about a possible threat. The person in charge receives various details about the type and target of the attack, the sender and the reason why the email was intercepted.

Info: Notifications are sent when:
  • Malware code was found in the sandbox.
  • URL scanning has found a suspect URL.
  • URL rewriting has blocked a website or download.

Real-time notification

Incoming emails that are classified as potentially dangerous by ATP are grouped together in the Control Panel under the ATP category and displayed in dark blue.

ATP category

ATP-Report

The ATP report gives you detailed information about the analyzed file.

To view an ATP report, select ATP ReportView ATP Report from the details window to the right of the selected email.

View ATP-Report

 

The ATP report is divided into four main sections:

  • Summary
  • Static Analysis
  • Network Analysis
  • Behavioral Analysis

 

 

Summary

Here you will find an overview of the analyzed file. In addition, the file is rated with a score from 0 to 10, where 0 is no danger and 10 is the most dangerous rating. The Signatures section classifies the behavior of the file into three categories:

  • Information
  • Attention
  • Warning

If you click on a signature, the advanced process information is displayed.

ATP-Summary

 

Static Analysis

The static analysis is divided into three subcategories:

  • Static Analysis – Static analysis of the file (depending on the file format).
  • Strings – Output of the occurring strings of the file.
  • Antivirus – analysis of the file by different antivirus programs.

ATP-Static Analysis

 

Network Analysis
In the network analysis, all network traffic is analyzed and listed according to protocols (e.g. HTTP, TCP, UDP).

ATP-Network Analysis

 

Behavioral Analysis

The behavior analysis analyzes the behavior of the file at runtime. Displays all system API calls and processes logged during dynamic sandbox analysis.
The results are divided into two sections:

  • Process Tree: Here the processes are displayed in hierarchical order.
  • Process Contents: If you select a process from the Process Tree, the executed API queries are displayed here in chronological order.

ATP-Behavioral Analysis

Ex Post Alert

If it turns out that an already delivered email must after all be
considered as potentially harmful, the respective company’s IT security team
is notified about the extent and possible countermeasures as soon as this is
known. This permits rapid containment of a dangerous situation.

 

With Ex Post Alerts, your IT security team receives an automatic notification if an email that has already been delivered is subsequently classified as malicious. You will receive a detailed evaluation of the attack so that you can immediately initiate actions such as checking the systems or sensitizing your own employees.

Note: Ex Post Alerts is automatically activated for all ATP customers.

Aeternum Email Archiving

Note: The use of Aeternum requires the use of the product Spamfilter Service (Premium Filter). Note that initially only external mails are archived. To also archive internal emails, you must configure redirection to the archive.

In order to archive outgoing emails, they must be sent via the spam filter service.
You can archive internal emails in your email archive by setting up a journaling postbox. Instructions for this can be obtained from your provider, your mail server provider or from our support.

Setup and Activate Archiving

  1. Navigate to Managementyour Domain

    Selection of Domain under Management

  2. Click on Email → Archiving.
  3. Select the domain to be archived under Select.
  4. Insert the domain to be archived under Add.

    Navigation to archiving under Email

  5. Confirm with Apply and then with Save.
    Email archiving is activated.

Email archiving is set up.

Info: The archiving period for emails takes n+1 year. Here is n the number of years that was set as the “archive duration” in the Control Panel for the domain or, alternatively, for the user. After the deadline, all emails are deleted from the archive.

Add exceptions

Groups / users that should be excluded for data protection reasons can be added to an exception list.

  1. Select the tab Email → Archiving.
  2. Select the domain concerned in the field Exceptions → Select and confirm with Apply.

    Add exceptions

  3. Select the desired archiving duration from the  drop-down menu Archive duration.
  4. Click Add and confirm the change with OK.
  5. Save your changes with Save.

Exceptions are added.

Deactivate archiving

  1. Select the tab Email → Archiving.
  2. Select the domain concerned in the field Exceptions → Select.
  3. Select the entry Deactivated from the Archive duration drop-down menu.
  4. Select the type of deactivation:
    a) User/Group: Emails for the user/group are not archived in the user’s/group’s own archive.
    b) All: All email traffic with the group/user is not archived.

    Deactivation of Archiving

  5. Confirm the changes with Save.

Email Archiving is deactivated.

Audit Access

The administrator can mark an archived email as “private”. Users can also enable this option. In order to guarantee the audit security according to GDPdU, the email marked as private in the archive is displayed slightly darkened and can then no longer be viewed by any auditor or user. As an administrator, you have the option of tracking audit activities via the audit log.

Create Audit Access

Attention: The email marked as private in the archive can no longer be viewed by any auditor or user. Only the support team can make an email marked as private readable again.

  1. Click on Email → Archiving  → Audit-access.
  2. Activate the checkbox Activate audit access.
    Additional field with further settings is activated.
  3. Click Select under Choose user and select the user.
  4. Select the period for the audit access under Audit-access activate.
  5. Select the period for accessing emails under Access to emails.
    Note: For reasons of dual control principle, a second auditor must be specified who will release the audit activities using a password.
  6. Click Select under Choose control user and choose the second auditor.

    Create an audit-access

  7. Confirm your changes with Save.

Audit-access is created.

Continuity Service

The Continuity Service is an additional email service that guarantees continuous email functionality in the event of an email service failure. With the Continuity Service enabled, users can continue to receive and send email if their email server fails.

Attention: This service is subject to a charge!

If the Continuity Service is set up for a domain or an individual user, automatic activation is set by default in the event of a mail server failure. In addition, the user can recognize in the email search which emails were delivered by the individual user via the Continuity Service.

 

Domains with Continuity Service enabled can see their emails from the last three months in the email archive.

Continuity Service

Spam report

Spam report allows to configure individual settings for spam corrections of a domain. Following settings can be activated or deactivated via the spam report:

  • Delivery of certain types of email such as Infomail, Spam, Virus, Content
  • Setting for user-defined delivery times
  • Delivery of a report for all detected and quarantined spam emails to an email address
  • Selection of an individual template for a spam report

Setting the spam report

Content Filter

Content Filter provides domain administrators and partners with the ability to manage attachments from incoming and outgoing emails. The administrator can remove suspicious email attachments from emails or block affected emails after exceeding a maximum allowed size. Unwanted attachments can be explicitly forbidden by specifying file types. File types can be assigned in collective terms and excluded (see Forbidden File Types).

Activate Content Filter

Prerequisite: A group is entered under the level customer domain (see Create new Group).

  1. Navigate to Managementyour Domain.
  2. Select the tab Email → Content Filter.
  3. Activate the checkbox Content Filter.

Aktivieren des Content Filters

Content Filter is activated.

Add new Group

  1. Click Select under Group to select the stored groups.
    A new window opens.
  2. Select the desired group and click Apply.

    Group selection

    The selected group is displayed.

  3. Click  to add a group.

Group is added. Content Filter can be set for this group.

Setup Content Filter

Incoming and outgoing emails can be managed in the Content Filter.

  1. Click the tab Content Filter and select the policy for which you want to make filter settings:
    a) For incoming emails click on Incoming Email Policy.
    b) For outgoing emails click on Outgoing Email Policy.

    Selection of email policy

  2. Specify the maximum email size in kilobytes.
    Note: The maximum email size must not exceed the size limit of the email server used.
  3. Select the action to be performed for emails with forbidden attachments:
    a) Cut the attachment and inform the receiver
    b) Block Email

    Selection of actions

  4. Optionally activate Fobid encrypted attachments to detect encrypted attachments and define the file types that the content filter should prohibit. Click Add to save the file types.
    Note: Content filter not only checks the file extension but also the MIME type of the file. MIME type may differ from the file extension.
  5. Optionally activate Settings like above to prohibit contained file types in archives. Click Add to save the file types.
  6. Confirm the changes with Save.

Activation of forbidden file types

Content Filter is set up.

Forbidden File Types

Unwanted file types can be prohibited by specifying collective terms.

Colective term Forbidden file type
 .executable .action .apk .app .bas .bat .bin .cab .chm .cmd .com .command .cpl .csh .dll .exe .gadget .hta .inf .ins .inx .ipa .isu .job .jar .js .jse .ksh .lnk .msc .msi .msp .mst .osx .paf .pcd .pif .prg .ps1 .reg .rgs .run .scr .sct .sh .shb .shs .u3p .vb .vba .vbe .vbs .vbscript .vbx .workflow .ws .wsc .wsf .wsh
.mediafile .aif .flv .mp1 .mid .mp5 .mpa .wma .mp2 .mpe .swf .wmf .wav .mp4 .wmv .mpg .avi .mov .mp3 .mpv2 .mp2v .aiff .mpeg
.docmacro Heuristic detection of macro patterns in .doc attachments. Not all types of macros are captured by this filter.
.xlsmacro Heuristic detection of macro patterns in .xls attachments. Not all types of macros are captured by this filter.

Compliance Filter

Compliance Filter lets you create custom filter rules to categorize incoming email as Clean, Spam, or Virus, for example. In addition, you can reject emails, send them to another email server or change the recipients.

Attention: The use of incorrect filter rules has a considerable negative effect on email traffic. Filter rules can also be used to override email services. Compliance Filter is also not suitable for address rewriting.

Compliance Filter checks both incoming and outgoing email traffic. You can set up three different filter types:

  • Advanced filter type where the sender, recipient, IP , hostname and subject are checked for search terms
  • Filter for content in the email header
  • Filter for content in the email body

In the email and body header, only the search term must be entered in the input field. With the extended filter type, several criteria can be evaluated in parallel.

Actions can be defined for the individual filters, which are automatically executed by the filter if an email matches the set filter criteria. Different actions are possible for incoming and outgoing emails.

Setup Compliance Filter

Note: Compliance Filter settings can only be made via a partner account or as a domain administrator.

  1. Open the Control Panel and log in.
  2. Select the domain for which you want to activate the Compliance Filter.

    Domain selection

  3. Click on Management.
  4. Click Email → Compliance Filter.

    Email menu

  5. Activate the checkbox Activate Compliance Filter.

    Activating the Compliance Filter

     

  6. Confirm activation with Save  .

The Compliance Filter is activated.

Add Filter

To define a filter, you must add a new filter.

  1. Open Compliance Filter in the Control Panel and click Add.

    Compliance Filter: Advanced view

    Compliance Filter distinguishes between rules for incoming and outgoing emails.
  2. Select the email direction for your filter from the field Direction. Compliance Filter distinguishes between three filter types:
  • Email-Body: Expression searched in the email body.
  • Email-Header: Expression that is searched for in the email header.
  • Advanced: You can define expressions for each of the seven occurring fields and use them individually or in combination.
  1. Define your individual filter rules. Examples of this can be found in the chapters “Filter Sequence and Classification”.
  2. Optionally, add a description in the field Info .

    Field Info

    Info: The text entered into the field Info  has no effect on the filter rule.
  3. Click OK to create the rule.
  4. Confirm your entries with Save.
Filter was added.

 

Define Filter Rules

Compliance Filter searches emails for terms that you define in the fields provided.

The following are simple examples of how to create filter rules in the different filter types.

Note: In order to define filters more precisely and versatilely, it is also possible to use regular expressions. For a description of the structure and functionality of regular expressions, see Regular Expressions.

Examples:

FeldKurzbeschreibungBeispiel
E-Mail-HeaderDurchsucht den E-Mail-Header auf den eingegebenen Begriff.Rechnung
FromFilterung auf Envelope-SenderAdressemoc.e1544998795nnove1544998795g@res1544998795u1544998795
ToFilterung auf EnvelopeRecipient-Adresse.moc.o1544998795ohay@1544998795nretx1544998795e.res1544998795u1544998795
IPÖffentliche IP-Adresse des absendenden E-Mail-Servers.
Anmerkung: Die Angabe der IP-Adresse erfolgt immer ohne Subnetzmaske.
Richtig: 0.0.0.0 Falsch: 0.0.0.0/24
HostnamePTR-Record (Hostname der Rückwärtsauflösung der IP).mailserver.gevonne.com
SubjectFilterung nach dem Betreff der E-Mail.Spammanagement
AttachmentsFilterung nach E-Mail-Anhängen..jpg
Greater than (KB/MB)Gewünschte Maximalgröße der E-Mails.500

Attachments

You can filter for email attachments within the field Types → Advanced. Enter the file type (e.g. .exe or .jpg) in the field Attachments .

Note: The Compliance Filter cannot apply the collective terms for file attachments.

Define Actions

You can define an action for each filter rule, that is executed if the rule matches.

Compliance Filter differs between actions for incoming and outgoing emails. The actions Tag as Clean, Spam or Virus can only be used on incoming emails. The action Notify Sender can only be used on outgoing emails.
Action Description
Reject The email server is informed about the disconnection error with an error code and a text. (554 5.6.9 customer rule based reject by compliance filter). The notification of the sender lies in responsibility of the email server.
Redirect The email is redirected to one or more email addresses.
You can enter as many email addresses as you want. Separate the different addresses with spaces.
Reroute The email is sent to another IP address or hostname.
You can only enter one IP address or hostname into the field.
Add BCC This action automatically adds one or more BCC Recipients.
You can add as many email addresses as you want. Separate the email addresses with spaces.
Notify Sender The Sender automatically receives an infomail, as soon as their email is accepted by the destination server.
Tag as Clean Classifies the incoming email as clean.
Tag as Spam Classifies the incoming email as spam..
Tag as Virus Classifies the incoming email as Virus.

Filter Sequence and Classification

You can change the sequence of the filter rules in the overview of the compliance filter.

Important: You must observe the predefined sequence of filter rules (see figure below). If a rule applies and a filter rule therefore takes precedence, processing is stopped and defined filter rules are not applied if necessary.

Sequence of filter rules

 

The compliance filter cannot be used to create exceptions for the content filter. In this case the content filter takes precedence over the compliance filter and thus deviates from the regular ruleset order.

 

The following examples illustrate the sequence in which rules are processed.

Example: Simple filter application sequence

Initial situation::

The filter rule above is defined as the only rule. There are no other rules applied to the case study.

 

Procedure:

  1. An email from “ed.ro1544998795tider1544998795k@neg1544998795nunhc1544998795er1544998795” is sent to any user of the domain “debitor.de”.
  2. Compliance Filter first searches the Body rules, then the
    header rules and matches the rule in the advanced rules
  3. The rule is applied and the Compliance Filter does not search for further rules.

 

 

Example: Conflict between two rules of one type

Initial situation:

Two different rules are defined for outgoing emails to “moc.y1544998795napmo1544998795cyna@1544998795redro1544998795”. In the overview the rule (ID 281503) stands before the rule (ID 281523). No other rules apply to that case.

 

Procedure:

  1. An email from any user will be sent to “ed.ro1544998795tider1544998795k@neg1544998795nulle1544998795tseb1544998795”.
  2. The Compliance Filter first searches the body rules, then the
    header rules and finds a match in the advanced rules.
  3. The rule to add the CEO to the BCC (ID 281503) is processed and the execution is stopped. The rule to add the purchase department to the BCC (ID 281523) is not being processed.

 

Filter rile: Add BCC to ceo@

 

Filter rule:  Add BCC to einkauf@

 

Status of defined filters

 

Example: Conflict between multiple rules in different types

Initial situation:

Incoming emails that contain a link to Facebook are marked as spam. The marketing department is partly excluded from that rule, when receiving emails from Facebook directly, they are marked as clean. In the overview the rule (ID 259163) stands before the rule (ID 259143). No other rules apply to that case.

 

Procedure:

  1. A marketing recipient receives an email from Facebook containing a link.
  2. The Compliance Filter searches the body rules and hits the rule (ID 259143).
  3. The email is marked as spam, no other rule is applied.
  4. Rule (ID 259163) is being ignored, although it is above the
    other rule in the overview as the body rules are applied first.

 

Filter rule: mark emails as “valid”

 

Filter rule: mark emails as “spam”

 

Filter rules

Example: conflict between Compliance Filter rule and an existing Hornetsecurity filter

Initial Situation:

Due to an increased amount of spam from a certain IP address, a rule is defined that always marks emails from this IP address as spam. No further compliance filter rules are defined to that case.

 

Procedure:

  1. A sender of the domain behind the IP address sends an email to any recipient.
  2. Compliance Filter first searches the body rules, then the
    header rules and matches a rule in the advanced rules.
  3. The email is marked as spam and the execution is stopped.
  4. Hornetsecurity has defined a filter rule for that specific domain and the increased spam occurrence could be localized to the sender “info@”. No other email address sent spam from that domain. The rule from Hornetsecurity is not being searched and therefore the defined filter rule has a to large scope. Clean emails could now be tagged as spam.

 

Filter rule: mark emails as “spam”

Regular Expressions

You can use regular expressions (RegEx) within the Compliance Filter to extract information from a string. This makes it possible to recognize patterns in subject lines or other email components and filter emails accordingly.

Note that the system automatically places a “.*” in front of the beginning and end of the subject line and in the email body and header.

Note: Within the Compliance Filter you can create regular expressions according to Perl Compatible Regular Expressions. Other libraries are not supported. (Further information can be found at: http://www.pcre.org/). In addition, there are special restrictions, which are explained below.

Example: Using Regular Expressions in the Compliance Filter

Initial situation:

Users often received emails with the subject containing the word “porn”. A filter rule has been defined to mark it as spam. Recently, however, there has been an increase in the number of emails using Leetspeak to bypass this filter. For example, emails with the subject “p0rn” are received that are not marked by the compliance filter. In this case, the use of a regular expression is more effective:

Using a Regular Expression in the Compliance Filter

Instead of the dot any character is interpreted as valid. Therefore, the filter is not determined to an “o”, it reacts to any letter, digit and special character

Encryption

This guide explains how to configure and use the encryption service. Starting from the basic configuration, the encryption methods that can be used are explained and different rules are created using examples. In addition, the options for ordering and managing certificates are presented to you. The use of the Websafe for encrypted communication as well as the use of keywords within the email subject are also part of this manual.

Activate Encryption

  1. Navigate via Management your Domain to the tab Email.
  2. Select the tab Encryption in the section Email .
  3. Activate the checkbox Activate Policy.
Activating the encryption service will incur a fee.

Activate encryption

Encryption is activated.

Check Encryption Capability

You can check the encryption capability before you configure the encryption policies further.

  1. In the tab Encryption click on Encryption capability of the communictaion partner.
  2. Enter the email addresses you want to check.

    Enter communication partner

  3. Click Check to check the encryption capability of the
    entered email addresses.

    Encryption Capibility

    Encryption types are displayed.

Encryption Methods

Under Encryption Methods, you can select the encryption methods to be used.

 

Activate encryption methods

 

Encryption method Description
TLS  Encrypts the email between the outgoing and incoming servers. The check mark is set permanently, as this type of encryption is performed globally.
EmiG E-Mail made in Germany transmits encrypted messages from the terminal device to the email server and between the various EmiG providers (according to the EmiG guidelines). In addition, the identity of each provider is checked against a validation of the email server certificates and assigned IP addresses within the EmiG association. EmiG must be booked previously  by the customer. After checking the box, it is automatically used for the communication between EmiG users.
DANE  Is currently in preparation for rollout. If you are interested contact the support for a quick implementation.
PGP Is a hybrid process for signing and encrypting emails. This procedure is based on the so-called Web of Trust: Instead of a hierarchical arrangement of the certification authorities, users are validating their keys among each other.
S/MIME  Is a standard for the encryption and signature of MIME-encapsulated emails using a hybrid encryption process. The certification authority (CA) assures the authenticity of the email address and the name of the sender.
WEBSAFE   Is a fallback encryption method.
Note: After activation of the encryption service you can use PGP, S/MIME and Websafe in order to define encryption policies. However, you must explicitly specify who is to communicate with whom end-to-end encrypted.
TLS and EmiG are automatically applied if the communication partner supports the encryption methods.

Sequence of Encryption Methods

You can use several encryption methods at once. They are processed in the following sequence::

S/MIMEPGPEmiG(DANE)TLSWebsafe

Additionally, you can combine the different encryption methods.

Display Encryption Method in Subject

For a simple handling of encrypted emails, you can tag them in the email subject. The tag content can be chosen freely.

Subject tagging

Certificate Administration

You will find the administration of certificates under Certificate. Here you can order and manage S/MIME certificates for users of the selected domain.

Ordering Certificates

  1. Select the tab Certificate.
  2. Select one of the predefined users.

    Selecting Users for Certificate Requests

  3. Enter the first and last name of the user.
    Note: Be sure to enter the correct information before ordering the certificate. It is only valid as a signature if the entered name is valid.
  4.  Click on Order to complete the order bindingly.

    Order a certificate

     

Certificate is ordered.

Certificate Settings

In the certificate overview, you can specify for each certificate whether it is to be used for the digital signature and/or for encryption. By default, signing and encrypting is enabled.

 

In addition, the overview offers to activate or deactivate a subscription for this certificate. Certificates with an active subscription will automatically be renewed 29 days before expiration. The subscription is activated by default.

Info: If you do not want a subscription, you should remove the checkmark at the latest 30 days before the expiration date of the old certificate at Overview on certificates in the overview for the user.

Certificate overview and options

Websafe

The Hornetsecurity Websafe is a method to encrypt the email communication with partners using no encryption technologies. The outgoing emails are sent to the Websafe and saved. After that, the communication partner receives an email with login credentials, but will need an additional PIN to unlock the personal Websafe. The email sender must provide the PIN on a separate communication channel (phone, text message, fax). With the PIN and the login credentials, the user can access his personal Websafe.

 

Note: A Websafe account is automatically created and can be used for additional Websafe communication.
As soon as the communication partner opens a new email in the Websafe, the sender receives a confirmation message that the email has been read.
Note: Messages remain stored in the Websafe for 12 months and are then automatically deleted
Important: Before configuring the Websafe, you must activate it in the encryption methods (see: Select Encryption Methods).

Setup Websafe

  1. Click on Policy → Encryption → Add.
  2. Select Outgoing as the direction.
  3. Activate the checkbox at To.
  4. Enter the recipient in the text field.
  5. Select Encrypt always under Action.
  6. Activate the checkbox at Websafe.

Setup Websafe 

Websafe is set up and now used.

Encrypt Eemails with Websafe

You can also use the Websafe to send encrypted emails whenever no other encryption method is available.

  1. Click Add under Policy.
  2. Select Outgoing as the direction.
  3. Select the From and To checkboxes.
  4. Enter .* in both fields.
  5. Select Encrypt always as action and activate the checkbox Websafe.
  6. Save the entries with Save.

    Activate websafe for a specific communication partner

Websafe is set up. If no other encryption method can be used for the email communication, Websafe will be used.

Websafe Encryption through Email Subject

You can create a rule to encrypt emails with the Websafe by marking them in the subject line.

  1. Click Add under Policy .
  2. Select Outgoing as the direction.
  3. Activate the checkbox Subject.
  4. Enter the keyword WEBSAFE in the field.
    Info: If you enter WEBSAFE in the subject of an email, this email will be encrypted via the Websafe.
  5. Select Encrypt always as action and activate the Websafe checkbox.
  6. Save the entries with Save.

    Websafe as subject keyword

     

Websafe activated via subject keyword.

Select Websafe Templates

You can select different templates for the Websafe emails for sender and recipient as well as for the Websafe activation web page.

Note: As a partner, you can create new templates and modify existing ones.
  1. Navigate to Websafe Templates under the tab Encryption.
  2. Select the desired templates.

    Selection of Websafe templates

Websafe templates are selected.

see also: Create new Templates

Setup Advanced Routing

You can use the Advanced Routing function to assign different mail servers to individual users or groups. Email traffic is then routed through these servers.

  1. Navigate to Management → your Domain → Email.
  2. Click on the tab Advanced Routing.
  3. Activate the checkbox Activate Advanced Routing.
    Further selection windows are activated.
  4. Select whether routing is to be performed for specific users or a user group.
  5. Click Select to select a user or user group.
  6. Enter the IP or host address that you want to use to route email traffic.
  7. Click Add.
    The selected group is displayed in the list below.
  8. Confirm the changes with Save.

Setup Advanced Routing

Advanced Routing is set up.

365 Total Protection

365 Total Protection offers comprehensive protection for Microsoft cloud services – specially developed for Office 365 and seamlessly integrated. Benefit from the fact that it is easy to set up and extremely intuitive to use, simplifying your IT Security management from the very start.

Here You get all the information you need to set up 365 Total Protection.
 

Note: The 365 Total Protection onboarding addresses new customers. Existing customers and domains cannot be created again.

Onboard Office 365 customers

If your customer has an account at Microsoft Office 365, you have the option to set it up automatically using the Control Panel. All domains, users and groups of the customer created in Office 365 are automatically transferred and displayed in the control panel.

 

There are two ways to set up the customer: You can either login to Microsoft with the customer’s administrative credentials and perform the onboarding process yourself, or you can send the customer an onboarding link to do the setup themselves.

Afterwards some DNS settings for the domains have to be done to redirect the email traffic.

Onboard 365 Customers in the Control Panel

If you have the administrative credentials for the Office 365 environment of the customer you are setting up, you can onboard the customer directly via the Control Panel.

  1. Open the Control Panel.
  2. In the role selection, select the partner under which the new customer is to be created.

  1. Select Onboarding under Management.

  1. Click on the desired product.

You will then be redirected to the onboarding form.

Set up 365 Total Protection (DAP)

  1. Please enter your contact details in the onboarding form so that we can contact you in case of problems or questions.

  1. Then click on Start Now to start the process.
  2. Log in to Microsoft Office 365 with administrative rights.

  1. Accept the requested permissions to connect our services with Microsoft.

During the subsequent synchronization, only the domains, user groups and mailboxes are transferred. No changes are made to Microsoft’s configuration settings.

Example: 365 Total Protection customer in the Control Panel

The new 365 Total Protection customer is always created with his .onmicrosoft domain.

365 Total Protection customer

 

The domains, user groups and mailboxes are created in the Control Panel. To use the Signature and Disclaimer service, the groups must be maintained separately.

After the synchronization, you must adjust the DNS settings of the synchronized domains so that you can make full use of our services.

Configuration of Microsoft Services

To take advantage of all 365 Total Protection services, you must customize the configuration of Office 365.

Set Firewall Settings

  1. Open the website Office.com and log in with your administrative credentials.
  2. Navigate to Admin > Admin centers > Exchange.
  3. Under mail flow select the tab connectors.
  4. Click + to create a new connector.

Create a new connector

  1. Under From: select the item Partner organization and under To: select the item Office 365.

Mail flow scenario

  1. Click on Next.
  2. Enter a name for the new connector in the field Name.

Connector name

  1. Optional: Enter a description of the connector.

The checkbox Turn it on activates the Connector automatically after creation. It is activated by default.

  1. Click on Next.
  2. Select Use the sender’s domain and click on Next.

Identify partner organization by domain

  1. Click on +, enter * as domain and click on OK.

Enter sender domain

  1. Click on Next.
  2. Select Reject email messages if they aren’t sent over TLS and Reject email messages if they aren’t sent from within this IP address range as security restrictions.
  3. Then click on + under Reject email messages if they aren’t sent from within this IP address range.
  4. Enter the following IP addresses:
    83.246.65.0/24, 94.100.128.0/24, 94.100.129.0/24, 94.100.130.0/24, 94.100.131.0/24, 94.100.132.0/24, 94.100.133.0/24, 94.100.134.0/24, 94.100.135.0/24, 94.100.136.0/24, 94.100.137.0/24, 94.100.138.0/24, 94.100.139.0/24, 94.100.140.0/24, 94.100.141.0/24, 94.100.142.0/24, 94.100.143.0/24, 185.140.207.0/24, 185.140.206.0/24, 185.140.205.0/24, 185.140.204.0/24, 173.45.18.0/24

Enter IP address ranges

The IP addresses authorized for sending are registered.

  1. Click on Next.
  2. Check the summary and click on Save to create the connector.

Connector Summary

Adding MX Records to the DNS Zone

To route and filter email traffic through our infrastructure, you need to adjust the MX records of all synchronized domains.

  1. Set the following MX records in the DNS settings of your domains in the Office 365 Admin Center:
DomainClassTYPEPRIORITYMAILSERVER
customerdomain.tld INMX10mx01.hornetsecurity.com
customerdomain.tld INMX20mx02.hornetsecurity.com

Note: Enter your actual domain for <customerdomain.tld>.

  1. To check if the MX records are set correctly, click on SHOW CONFIGURATION.

If you set the MX records correctly, a green hook appears under MX status report.

Set Autodiscover for 365 Total Protection

  1. Set a CNAME record for the Autodiscover service:
TYPE PRIORITY HOSTNAME POINTS TO TTL
CNAME autodiscover autodiscover.hornetsecurity.com 1 hour

Configuration of Outbound Emails

This section explains how to configure the outbound email traffic by setting up a new connector and send outbound emails via 365 Total Protection from your Office 365 environment.

Note: You can do this yourself by following the instructions below or contact our support team who can automate the setup for you.

Setup New Connector for Outbound Email Traffic

  1. In the Office 365 Admin Center, navigate to Admin centers > Exchange > mail flow > connectors.
  2. Click on New.
  3. Select Office 365 in the drop-down menu From:.
  4. Select Your organizations’s email server in the drop-down menu To:.
  5. Click on Next.
  6. Define a name.
  7. Define a description.
  8. Click on Next.
  9. Select Only when I have a transport rule set up that redirects messages to this connector.
  10. Click on Next.
  11. Add the smarthost for outbound traffic: hsrelay01.antispameurope.com

  12. Click on Save.
  13. Leave the settings on default.
  14. Click on Next.
  15. Enter an external email address to verify your settings.

Office 365 will send a test email to that address. If you receive this email, you can proceed.

Setup a New Transport Rule

  1. In the Exchange Admin Center, select mail flow > rules > Create a new rule….
  2. Select More options….
  3. Define a name for the new rule.
  4. Select The recipient is located… > Outside the organisation in the drop-down menu Apply this rule if….
  5. Select Redirect the message to… > the following connector in the drop-down menu Do the following….
  6. Select the connector created in Setup new connector.
  7. Save your settings.

Contact Support for Setup

  1. Click on REQUEST SUPPORT under Configure outgoing email traffic.

You sent a request to the support.

Setup Archiving for Internal Emails

This section explains in two options how to add internal emails to the archive.

This configuration is necessary for 365 Total Protection Enterprise only.

Archiving Internal Emails

If you want to archive internal emails with Aeternum, the archive service, you can forward internal emails or create a journaling mailbox.

Note: You cannot use both options at the same time. Also make sure to have the archiving service enabled within the Control Panel for all domains before you continue. (The archive is only available for 365 Total Protection Enterprise.)

Option A: Relaying Internal Traffic

If you choose this option, all internal emails leave your Office 365 environment and are routed to the archive. These emails are redirected to Office 365 after archiving.

 

  1. In the Exchange Admin Center, select mail flow > rules > Create a new rule….
  2. Select More options….
  3. Define a name for the new rule.
  4. Select The recipient is located… > Inside the organization… in the drop-down menu Apply this rule if….
  5. Select Redirect the message to… > the following connector in the drop-down menu Do the following….
  6. Select the connector created in Setup new connector.
  7. Select The sender is located > Outside the organization in the drop-down menu Except if….
  8. Save your settings.

Option B: Use Journaling to Archive Internal Emails

Another option for archiving internal emails is the journaling feature. That means that Office 365 generates a journal report for each internal email and sends it to the archive, while keeping your internal emails routing within your organization.

Create a New Journal Rule

  1. In the Exchange Admin Center, select compliance management > journal rules.
  2. Click on New.
  3. Define an email address for undeliverable journal reports.
    Note:
    This can belong to any user in the Office 365 environment.
  4. Define a name in the field Name.
  5. Enter following in the input field Send journal reports to:
    <customer_domain.tld>moc.e1544998795porue1544998795mapsi1544998795tna.l1544998795anruo1544998795j@700154499879521544998795
    Note:
    The placeholder <customer_domain.tld> represents the main domain which is defined in the Control Panel.
  6. Select [Aplly to all messages] in the drop-down menu If the message is sent to or received from….
  7. Select Internal messages only in the drop-down menu Journal the following messages….
  8. Click on Save.

Create a New Connector for Journal Reports

  1. In the Exchange Admin Center, select mail flow > connectors > New.
  2. Select Office 365 in the drop-down menu From:.
  3. Select Partner organization in the drop-down menu To:.
  4. Click on New.
  5. Define a name for the new connector (e. g. Relay via HSE (Journal)).
  6. Click on Next.
  7. Select Only when email messages are sent to these domains and enter the following domain:
    journal.antispameurope.com

  8. Click on Next.
  9. Select Route email through these smart hosts and enter following domain:
    hsrelay01.antispameurope.com

  10. Click on Next on the following TLS configuration without making adjustments.

You can see a review of the configured connector. This should look similar to this:

  1. Click on Next.
  2. To confirm that the connector is working as intended, send a test email using the following email address scheme for this test email:
    <customer_domain.tld>moc.e1544998795porue1544998795mapsi1544998795tna.l1544998795anruo1544998795j@70015449987952_1544998795
    Note:
    Replace <customerdomain.tld> with your actual domain.

  3. Save your settings if the test was successful.

Activate Email Encryption

The email encryption is part of the products 365 Total Protection Business and Enterprise.
Encryption must be activated manually because some settings must be configured here.

 

Follow the instructions under Encryption.

Activate Contingency Covering (Only 365 Total Protection Enterprise)

Should the Microsoft services fail or the services be temporarily unavailable, this also affects your access to your mailbox. Emails can then be neither sent nor received, which can harm your entire business processes. In such an event, Contingency Covering is your stand-by system, which – activated in mere seconds – keeps your email correspondence up and running.

Note: Contingency Covering is only included in 365 Total Protection Enterprise and you must activate it manually to configure the settings.

 

Proceed as described in the following:

  1. Navigate to Management > Email > Continuity Service.
  2. Activate the checkbox Continuity Service, stores clean Emails for 3 month. With 365 Total Protection Enterprise you do not have to pay any additional fees for this service.
  3. Select whether all mailboxes of the domain or only certain mailboxes should be covered by the service:
    1. If you select All users, all mailboxes of the domain will be covered.
    2. If you select Selected users only, then click Select and select the mailboxes you want.

Activate Contingency Covering

Group management for the Signature and Disclaimer service (DAP)

To use the Signature and Disclaimer service, you must recreate the user groups, because Office 365 allows a different group management than the Signature and Disclaimer service.

Creating Groups for Signature and Disclaimer in the Control Panel

You can create new groups to group users together for specific actions.

  1. Open the Management menu in the Control Panel.
  2. Select the desired domain from the drop-down list.
  3. Select the Groups tab.
  4. Enter the desired group name.
  5. Click on Add.

  1. Then click Save to save the group.

You have created a new group. In the next step, you can add users to the created group.

Add Users to a Group

You can add users to a group.

Note: A user can only belong to one group at a time. All users that are not assigned to a group are grouped in the group Default. That group is not displayed in the group definition.

  1. Under Groups, select the Group Settings tab.
  2. Click on the preselected group to change it.
  3. Select the desired group.

  1. Click on Apply.
  2. Select the tab Member.
    The left part of the window shows users without a group assignment and the right part shows users in the selected group.
  3. Click on + behind a user to add it to the group.

  1. After you have added all desired users to the group, click on Save.

Order 365 Total Protection

If you would like to order the product after 14-day test, you have the possibility to order 365 Total Protection in the Control Panel directly.

  1. Select Management > Onboarding.
  2. Click on BUY NOW.

An overview appears showing the amount of postboxes and the prize.

  1. Click on ORDER NOW CHARGEABLE to buy 365 Total Protection.

You get a confirmation email with an overview of the product.

Offboarding

At the end of the 365 Total Protection trial period, if you no longer wish to use the product, or if you canceled 365 Total Protection at any time, you will need to make some settings in your Office 365 configuration to ensure that your emails are delivered.

  1. Delete or deactivate the connector for the inbound email traffic. (firewall setting)
  2. If you have changed the outbound email traffic, delete or deactivate this connector as well. (Relaying)

Information on how to delete or disable the connectors in your Office 365 environment can be found here.

  1. Remove the MX records in the DNS zone of your domains.

Your emails will then no longer be routed through our services.

Delete or Deactivate Connector

  1. Open Office.com and log in with your administrative credentials.
  2. Navigate to Admin > Admin centers > Exchange.
  3. Select mail flow and click on the tab connectors.
  4. Select the corresponding connector.
  5. You can either delete or deactivate the connector:
  • To delete the connector, click on Delete.
  • To deactivate the connector, click on Deactivate in the connector overview.

Delete or deactivate connector

  1. Confirm the notification with Yes.

You have deleted or deactivated the selected connector.

Threat Live Monitoring

Note: The Threat Live Monitoring is only available for Advanced Threat Protection (ATP) customers.

In this documentation the module Threat Live Monitoring under
Management is explained. You can find the texts used here in the module in the Control Panel.

Move over the behind the respective statistic or diagram.

Displaying Global Data

With the global button you can switch the diagrams and statistics under ATTEMPTED ATTACKS and THREAT STATISTIC. If the global button is activated, you can see attacks and threats which have been occurred to you and to your customers in the chosen period. If the global button is deactivated you can only see those attacks and threats for the customer chosen in the role selection.

Selecting the Period

Here you can select the period for the displayed statistics. The selection of the period affects the diagrams and statistics under ATTEMPTED ATTACKS, THREAT STATISTIC and URL REWRITING STATISTIC.

Description of Statistics and Diagrams

In this chapter the categories and diagrams are explained which are displayed by the Threat Live Monitoring.

Live Attack Overview

The LIVE ATTACK OVERVIEW shows all attacks with their source and destination caught at this moment. Furthermore, the attack type is shown. Here you can find a description of all attacks types.

Attempted attacks – Attack Type by Date

The statistic shows how many attacks per attack type took place at a certain time in the chosen period. Move the mouse over the vertical lines to display the absolute numbers of the attacks per attack type for a certain time. Move over the points of each attack type to display the respective diagram and information about the number of attacks.

Threat Statistic – By Attack Type

The diagram shows the proportions of attack types in relation to the total number of attacks in the selected period. The total number of attacks that took place is shown in the middle. It refers to the selected period. Here you can find a description of all attack types.

Threat Statistic - By Attack Vector

The diagram shows the proportions of attack vectors in relation to the total number of attacks in this period. The total number of attacks that took place is shown in the middle. It refers to the selected period. Here (Link) you can find the description of attack types. Here you can find a description of all attack vectors.

Attempted Attacks - Attack Vectors by Date

The statistic shows how many attacks per attack vector took place at a certain time in the chosen period. Move the mouse over the vertical lines to display the absolute numbers of the attacks per attack vector for a certain time. Move over the points of each attack vector to display the respective diagram and information about the number of attacks.

URL Rewriting Statistic

The statistics and charts under URL REWRITING STATISTIC each represent the number of clicked links in emails rewritten by the URL rewriting engine in the selected time period.

Clicks by Time of Day

The statistic shows the percentage of clicks on a link at a certain time.

Clicks by Device

The statistic shows the distribution of clicks per device in percent.

Clicks by Operating System

The diagram shows the distribution of clicks per operating system in
percent.

Description of Attack Vectors

Name of the Attack Vector Description
Attachment An attachment of an email is a file which can contain malware.
Link A link in an email is a connection to another website. Malware can hide behind this link.
Link Dropper Link Droppers are links that serve as carriers for malware. The link itself is not harmful but allows the malware behind it to execute itself.
Link Downloader Link Downloaders are links in emails that contain
malware. If the victim clicks on this link, the malware is downloaded.
Malware Downloader Malware Downloaders are considered Trojans because they secretly download malicious files from a remote server.
Malware Dropper Malware Droppers are not malware, but transport malware into the system. From the outside, the Malware Dropper appears harmless and can camouflage itself as a file. However, the files it contains can run themselves and infect the system with malware.
Malware Packer Malware Packers are a malware type in which criminals compress their malicious programs using a variety of methods. This is an attempt to bypass malware analysis.
Fraud Fraud in relation to the Internet means obtaining
sensitive data, money or bank details of users through Internet services. For example, websites or transactions can pretend to be real, but are programmed by cybercriminals. A well-known
variant is the CEO fraud, in which criminals pose as managing directors and contact the accounting department of a company by phone or email to instruct the transfer of large sums of money.
Phishing Phishing is a combination of the words “password” and “fishing” and thus refers to “fishing for passwords”. Cyber criminals claim that emails or websites are genuine and thus cause users to enter sensitive data there. Users thus voluntarily disclose their data without knowing that the data will fall into the hands of the criminals.

Description of Attack Types

Name des Angriffsvektors Erklärung
Backdoor A Backdoor malware has a similar goal as a remote access Trojan but uses a different approach. The attackers use so-called backdoors, which are sometimes deliberately placed in programs or
operating systems. However, they may also have been installed secretly. The peculiarity of backdoors is the fact that they bypass the usual defense mechanisms and are therefore very attractive for cyber criminals. For example, they are very popular for creating botnets.
Banking Trojans Banking Trojans are a malware type that attempts to steal sensitive data such as bank details or email data. Attackers often succeed by combining this with phishing attacks, where a website pretends to be an official bank website.
Bot A Bot does not always have to be a malware, initially a bot is a computer program that executes tasks independently and automatically. If several bots communicate with each other, this is called a botnet. Botnets are large collections of infected computers that an attacker builds up. An attacker can send commands to all computers simultaneously to trigger activities. The perfidious thing is that the owners of the computers do not notice the “membership” in a botnet until it already executes the externally controlled activities.
Crypto Miner A Crypto Miner is a malware used to mine digital
currencies. Criminals infect computers with Crypto Miners to take advantage of their computing power or cloud CPU load. This reduces the performance of the computer as well as the lifespan. Furthermore, entire company networks can be shut down by Crypto Miners.
Keylogger Keyloggers are malware types that can be implemented by hardware or software. Keyloggers record a user’s keystrokes and speech and are able to access sensitive data or passwords.
Point-of-Sale Trojans Point-of-Sale Trojans are a type of malware that attacks sales systems in which transactions with sensitive payment data take place. Cyber criminals use point-of-sale Trojans to gain access to  unencrypted customer data from bank and credit
cards.
Ransomware Ransomware is an attack that encrypts files on the target system. The files cannot be opened without a key. The attackers demand a large sum of ransom money to hand over the key. Even if only one computer is infected initially, Ransomware can spread across the entire network.
Remote Access Trojans (RAT)
A Remote Access Trojan (RAT) allows attackers to take over computers and control them remotely. This allows them to execute commands on the victim’s systems and distribute RATs to other computers with the goal of building a botnet.
Root Kit A Root Kit can be used to hide malicious code from
detection. This form of attack involves the attacker intruding deeply into the computer system, gaining root privileges and general access rights. Cyber criminals then change the system so that the user no longer recognizes when processes and activities
are started. Attacks based on rootkit obfuscations are therefore very difficult to detect.
Spyware Spyware is malware that collects information on the
victim’s computer. This information can be, for example, access data for user accounts, sensitive banking data or surfing behavior. Users usually do not know that they have become victims of spyware.
Trojan Horses
Trojan Horses are programs that disguise themselves as benign but contain harmful code. The user only detects the clean application, while the background execution of malicious code infects the system. The user can no longer influence the effects
from this point on.

Audit Log

This documentation explains the function of the Audit Log in the Control Panel. The options for filtering events and executable actions are explained.

 
With the Audit Log you can track the activities of users in the Control Panel. As an administrator, you can find out who is responsible for creating, editing or deleting data sets and when the event occurred. This enables you to undo the actions if required.

Description of Categories

Every event is divided into different categories and is displayed in the Audit Log. These categories are explained in the listed below.

 

Property Explanation
Timestamp Shows at which time the action was performed.
User Shows which user has performed the action.
Target Shows the user for whom the action was performed.
Action Explains if an event has created, updated or deleted
something. Success or failure indicate if a login was successful or not.
Event Shows if the action is a modification of the user setting, the black- or whitelist, the credentials or the login.
Target path Shows under which domain the user is created for whom the action is executed.
App ID Shows the identification numbers of the applications which use the API. Applications can communicate with the services via the API.
App version Shows the version of the application which communicates with the API.
IP Shows the IP address of the user who performed the action.
URL Shows the path to the API endpoint which is used.

 

The categories Timestamp, User, Target, Action and Event type are displayed per default. Furthermore, you can activate Target path, App ID, App version, IP and URL. To that go to the chapter Select Displayed Categories.

Filtering Events

This section explains how you can filter for events in the Audit Log.

Select Displayed Categories in the Audit Log

  1. Click on the button on the right side.
  2. Select the category which you would like to display.

A multi-selection is possible.

Search for Events

You can search for specific events in the search bar.

  • Select a category in the search bar and enter a term to search the events listed.

 

You can find a description of all categories in the chapter Description of Categories.

Filter by Action

You can filter the displayed events by actions in the appropriate drop-down menu. After the selection only results of the chosen action are displayed. You can only filter by one action at a time.

 


The following table lists the user actions by which you can filter.

Action Explanation
All Shows all actions that took place in the selected period.
Created Shows all actions that created something.
Updated Shows all actions that updated something.
Deleted Shows all actions that deleted something.
Success Shows all logins that were successful.
Failure Shows all logins that failed.

Filter by Event Type

You can filter the displayed action by the event type in the appropriate drop-down menu. Depending on the filtering you can show or hide certain modules. You can only filter by one event type at a time.

In the following table event types are listed by which you can filter.

Module Explanation
All Shows all types of events.
User settings Filters for all events that modified the user settings.
Black-/Whitelist Filters for all events that modified the black- or whitelist.
Credentials Filters for all events that modified user credentials.
Login Filters for all login events.

Select Period

  1. Click on the data selection.
  2. Select the period for which logged events should be displayed.

Reset Settings

  • Click on Reset to set all filter values on default.

Whitelabeling – Control Panel Customization

You can customize the Control Panel to embed your company’s color, logo and favicon.

Furthermore, you can select a theme for your Control Panel and add support and email information.

The customization is displayed to all users logging in to the domain you provide.

Prerequisites to Customize the Control Panel

  • You have an administrator role or a partner role.
  • You have provided your domain’s certificate to the support. The certificate must at least support SHA256 and use 2048 bit key length.
  • Additionally, you must create a CNAME record for your domain.
    Otherwise, the URL of the original Control Panel domain is shown in the browser.

Following a CNAME record is set for the domain controlpanel.customerdomain.com

 

controlpanel.customerdomain.com IN CNAME cp.hornetsecurity.com

Customize the Control Panel

  1. Login to the Control Panel.

You need administration or partner authorization to customize the Control Panel.

  1. Select the domain or the partner role from the role selection you want to customize the Control Panel for.

You can only change the customization with the selected role.

  1. Select the section Whitelabeling on the left side.
  2. Select Appearance.

Select appearance

  1. Enter the URL of your Control Panel website in the field URL.

If you change the URL subsequently, you must also update the CNAME record for your domain.

  1. Select a primary color for your Control Panel. The primary color is responsible for the font color and other design elements.
    1. Click in the field under Primary color to open a color selection.

      Primary color selection

    2. Pick the desired color. The selected color is represented in the field as HEX or sRGB.
    3. You can insert the color code directly into the field as well.
  1. Select a theme for your Control Panel under Theme.
  • Activate the radio button Dark to select a dark theme.

    Dark theme preview

  • Activate the radio button Bright to select a bright theme.

    Bright theme preview

  1. Click on Browse… under Logo to select your Logo.

For the best result, upload a logo with a minimum resolution of 160 × 80 pixel.

Logo

  1. Click on Browse… under Favicon to select your favicon.

The favicon must be uploaded in ICO file type (filename extension .ico). For the best result upload the favicon with a resolution of 128 × 128 pixel.

Favicon

  1. Click on Save to confirm your customization. The deployment can take up to five minutes.
  2. Refresh the Website to see your customized Control Panel.

You must be logged in to your Control Panel domain to see the customization.

Customized Control Panel

Fallback Design

The fallback design ensures, that the Control Panel is shown without any company specific attributes, in case of misconfiguration.

In the case, that your domain has not been recorded and your configuration cannot be set, an alternative design is selected.
Therefore, the Control Panel gets the dark theme, without any logo or favicon. For the primary color a default green will be used.

Displayed Email Information

The system automatically sends emails in various situations, for example when users reset their passwords. You can define a greeting formula, a contact person, the sender address and a disclaimer for these emails.

Add Email Information

  1. Select Email information.
  2. Enter the name of the contact in the field Contact.
  3. Enter the sender address for outgoing system emails in the field Sender address for email templates.
  4. Enter the required information for a disclaimer in the field Disclaimer.

All data below is just an example. Inform yourself in your company which information is required for outgoing system emails.

  1. Click on Save to apply the settings.

Contact Data in the Control Panel

The contact data phone number and email address is shown in the Control Panel.

Contact data in the Control Panel

If you want to change the contact data, you must provide them under Support information (See: Add Support Information in the Control Panel).

Contact Data Processing

The contact data is processed hierarchically from bottom up.

Underneath a customer are several domains. That customer has provided his contact data on the top level.
Thus, every user of the underlying domains gets the contact data of the customer. If contact data for a underlying domain is provided, it will be shown to the users of that specific domain.

Add Support Information in the Control Panel

  1. Select Support information.
  2. Enter the support phone number of your company in the field Support phone number.
  3. Enter the support email address of your company in the field Support email address.

Add support information

  1. Click on Save.

Email Categories

Your emails are classified into the following categories:

Email Category Description
Clean The category clean indicates that no threat was found.
Infomail Infomails are promotional emails that can either be classified as clean or spam.
Spam Emails classified as spam.
Content Emails with illegal attachments. Defined by the partner or domain administrator.
Virus Emails containing a virus.
ATP Emails containing threats identified by Advanced Threat Protection.
Rejected Rejected emails.

Classification Reasons

The following sections are structured in the different classification types for emails.
The tables list the reasons shown in the email display with their explanations.

Note:
The classification reasons are incomplete and are extended in a later version of this manual.

Classification ATP/Content/Virus

ReasonDefinitionActivity
Virus-scan01Found identical attributes of classified virus emails in metadataVirus
Virus-scan01-XARG-VFound known virus structure in multiple attributes of the emailVirus
Virus-scan02-Header-VFound virus signature in email headerVirus
Virus-scan03-Link-VaLinking of a compromised URLVirus
Virus-scan04-Body-VFound virus signature in email bodyVirus
Virus-scan05-<VirusName>Virus found – known, classified virusVirus
virus-scan07-doubleextensionFound a file with veiled or faked file type in an archiveVirus
Virus-scan07-archive-in.archiveFound nested archives in an archiveVirus
virus-scan07-heur-exploitFound minimum one unknown and potentially dangerous file in an archiveVirus
Virus-scan07-fakeoffice2003Found macro code of office 2007 in an office 2003 fileVirus
virus-scan07-potential-fake-archiveFound an archive with wrong declaration of content type (MIME-Content-Type)Virus
Virus-scan06-<VirusName>Virus scanner 2 found a virusVirus
Virus-scan08-executableFound potentially dangerous file in attachmentVirus
Virus-scan09-ASEzipHeuristicsEvidence of phishing and suspicious attachment foundVirus
Virus-scan09-asehtmlheuristicsEvidence of phishing and suspicious attachment foundVirus
Virus-scan09-ASEurl 0xHeuristicsEvidence of phishing and suspicious link foundVirus
Virus-scan10-<VirusName>Indistinct virus message through Heuristic intend analysisVirus
Virus-scan12-AttachmentVFound virus signature in attachmentVirus
Virus-scan13-ASE-PhishingHeuristicsEvidencce of phishing and suspicious email header foundVirus
Virus-scan14-Short-URL-obfuscationLinks are veiled through nested URL shorteningVirus
Virus-scan15-ASE-PhishingDirect link to malware or phishing websiteVirus
Virus-scan16-ASE-Phishing-heurEvidence of phishing and inconsistent sender address Virus
Virus-scan17-ASE-office-macro-exploitFound evidence of malware and office file with macros, OLE-object or VBS code as attachmentVirus
Virus-scan17-office-webarchive-exploit-heurEvidence of malware and attachment with suspicious content foundVirus
virus-scan17-office-rtf-exploit-heurEvidence of malware and attachment with suspicious content foundVirus
virus-scan17-MacroEvidence of malware and attachment with suspicious content foundVirus
Virus-scan17-office-macroEvidence of malware and attachment with suspicious content foundVirus
Virus-scan18Evidence of malware and the email was sent by different senders or email serversVirus
Virus-scan21-<Virusname>Virus message by optional virus scanner 3Virus
Virus-scan22-<Virusname>Virus message by optional virus scanner 4Virus
ContentfilterCustomer defined forbidden attachmentContent

Classification Quarantined

ReasonDefinitionActivity
admin-blblacklist controlled by adminQuarantined
ase-blindividual blacklist controlled by support dep.Quarantined
ase-recap1diffuse spam fingerprintQuarantined
ase-rep1IP reputation list 1Quarantined
ase-rep2IP reputation list 2
Quarantined
ase-recap4diffuse spam fingerprintQuarantined
asespf7-1SPF filter variant 1Quarantined
asespf7-2SPF filter variant 2Quarantined
bodytagspam signature in mail textQuarantined
bouncetagbounce mail managementQuarantined
dirtyipreputation filter on IP basis Quarantined
fingerprintre - captured spam mail by hashQuarantined
headerspam signature in mail headerQuarantined
linkad linkQuarantined
rbl50pre-stage to 554 5.5.4 but not blocking yetQuarantined
sameipsignature recognition through spam enginesQuarantined
scoredynamic content evaluationQuarantined
Score Tagdynamic content evaluationQuarantined
spamreputation filter based on sender serverQuarantined
spamip-netIP range of servers with poor reputationQuarantined
spam-sumspam fingerprintQuarantined
subjecttagspam signature in subject lineQuarantined
user-blblacklist controlled by the userQuarantined
wcspam pattern recognitionQuarantined
xargbounce attack or individual customer ruleQuarantined
zombiebotnet computerQuarantined

Classification Rejected

GrundDefinitionAktion
450 4.1.1rejection when relay check is enabledBlocked
450 4.1.8sender address rejected : domain not foundBlocked
450 4.5.5early spam detection (temporarily blocked) Blocked
450 4.5.6temporary failure in MTA - please retryBlocked
450 4.5.7temporary failure in MTA - please retryBlocked
504 5.5.2recipient address rejected : fully - qualified adress is neededBlocked
504 5.5.2sender adress rejected: fully - qualified address is neededBlocked
550 5.1.1unknown recipient (SMTP check)Blocked
550 5.2.2explicit blocking of sender or recipient addressBlocked
550 5.5.3recipient address rejected: multi-recipient bounceBlocked
552 5.5.2message size (content filter)Blocked
554 5.5.3email rejected due to Content Filter Size LimitBlocked
554 5.5.4IP sender address with a negative reputationBlocked
554 5.5.5email rejection due to SpamBlocked
554 5.5.6loop detectionBlocked
554 5.5.7email rejected due to content of attachmentBlocked
554 5.6.1signature of spam in mail header resp. subjectBlocked
554 5.6.2spam link signature detectedBlocked
554 5.6.3spam text signature detectedBlocked
554 5.6.4virus email blockedBlocked
554 5.6.5TLS encryption required by customer ruleBlocked
554 5.7.1unknown domain or unknown recipient (LDAP check)Blocked

Classification Valid

ReasonDefinitionActivity
asespf1familiar sender, type 1Valid
asespf2familiar sender, type 2Valid
asespf3familiar sender, type3Valid
ase-wlindividual whitelist controlled by the support dep.Valid
big2email size increased email reputation in multi-criterial scoring functionValid
bigmessageemail size increased email reputation in multi-criterial scoring functionValid
body-wlwhitelist signature in mail text, type 1Valid
body-wl2whitelist signature in mail text, type 2Valid
header-wlWhitelist signature in header, type 1Valid
header-wl2Whitelist signature in header, type 2Valid
knownsendersender address with positive reputation, type 1Valid
noreasonunevaluated emailValid
qsender2sender address with positive reputation, type 2Valid
realbouncesent via bounce managementValid
scoredynamic contents evaluationValid
sender-ipIP sender address with positive reputationValid
subject-wlwhitelist signature in subject line, type 1Valid
subject-wl2whitelist signature in subject line, type 2Valid
user-wlwhitelist controlled by userValid
xarg-wlbounce mail or individual customer ruleValid

Ruleset order

The spam filter rules are processed according to a specific priority. Once a higher level priority has taken effect, processing typically stops.

In some cases, this can lead to messages being blocked despite a whitelist entry for the sender’s address, because the IP address of the sending server is on the RBL blacklist.

 

Rule order (from top to bottom in descending priority) mail inbox

email arrival

  • RBL list (block)
  • Mass spam detection (block)
  • Compliance filter (deliver)
  • Virus check (quarantine)
  • Content filter, if activated (quarantine)
  • User-based whitelist string (deliver)
  • User-based blacklist string (quarantine)
  • Administrative whitelist (deliver)
  • Administrative blacklist (quarantine)
  • General whitelist (deliver)
  • General spam rules (quarantine)

Delivery

The compliance filter cannot be used to create exceptions for the content filter, so in this case the content filter takes precedence over the compliance filter.

Glossary

The Glossary defines all uncommon words used in this manual.

Note:
Since the manual is not completed, the glossary will be updated.

WordDefinition
Control PanelUserinterface to manage the email traffic and services.
Domain administratorIs responsible for a primary email domain, the related alias mail domains, as well as all email addresses defined or definable by them.
Partner Is responsible for several clients. Each client corresponds to a primary email domain, its alias mail domains and all email addresses defined or definable by them.
InfomailAn email classified as advertisement
BlacklistSender emails that should always be classified as spam are entered on the blacklist.
WhitelistSender emails that should always be classified as clean are entered on the whitelist.
Schlagen  Sie  bearbeiten