The GWIA includes the following features to help you protect your GroupWise system and users from unwanted email:
Organizations such as SpamCop provide lists of IP addresses that are known to be open relay hosts or spam hosts. If you want to use free blacklist services such as these, or if you subscribe to fee-based services, you must define the blacklist addresses for these services. The GWIA then uses the defined services to ensure that no messages are received from blacklisted hosts. The following sections provide information to help you define blacklist addresses and, if necessary, override a host address included in a blacklist.
NOTE:If you want to configure the GWIA to block a specific IP address or DNS hostname, add the address or hostname to a class of service, as described in Section 54.1, Controlling User Access to the Internet. The Blacklist feature configures the GWIA to use blacklist services that provide real-time lists of many sites that are known to be bad.
In ConsoleOne, right-click the GWIA object, then click
.Click
to display the Blacklists page.The
list displays the addresses of all blacklists that the GWIA checks when it receives a message from another SMTP host. The GWIA checks the first blacklist and continues checking lists until the sending SMTP host’s IP address is found or all lists have been checked. If the sending SMTP host’s IP address is included on any of the blacklists, the message is rejected. If you have the GWIA’s logging level set to , the log file includes information about the rejected message and the referring blacklist.This list corresponds with the GWIA’s /rbl switch.
Click
to display the New Blacklist Address dialog box.For example, for SpamCop, you would use the following address:
bl.spamcop.net
Type the blacklist address in the
box, then click to add the address to the list.If you have multiple blacklists in the
list, use the up-arrow and down-arrow to position the blacklists in the order you want them checked. The GWIA checks the blacklists in the order they are listed, from top to bottom.Click
to save your changes.In some cases, a blacklist might contain a host from which you still want to receive messages. For example, goodhost.com has been accidentally added to a blacklist but you still want to receive messages from that host.
You can use the Section 54.1.2, Creating a Class of Service.
list on a class of service to override a blacklist. For information about editing or creating a class of service, seeIf you want to block specific hosts yourself rather than use a blacklist (in other words, create your own blacklist), you can configure a class of service that prevents messages from those hosts. You do this on the GWIA object’s Access Control Settings page by editing the desired class of service to add the hosts to the
exception list on the tab. For example, if you wanted to block all messages from badhost.com, you could edit the default class of service to add badhost.com to the list of prevented hosts.You can also create a list of hosts that you always want to allow messages from, so you can create your own white list.
For information about editing or creating a class of service, see Section 54.1.2, Creating a Class of Service.
ConsoleOne creates a blocked.txt file that includes all the hosts that have been added to the exceptions list for the default class of service (see Section 54.1, Controlling User Access to the Internet).
You can manually edit the blocked.txt file to add or remove hosts. To maintain consistency for your system, you can also copy the list to other GWIA installations.
To manually edit the blocked.txt file:
Open the blocked.txt file in a text editor.
Add the host addresses.
The entry format is:
address1 address2 address3
where address is either a hostname or an IP address. You can block on any octet. For example:
IP Address |
Blocks |
---|---|
*.*.*.34 |
Any IP address ending with 34 |
172.16.*.34 |
Any IP address starting with 172.16 and ending with 34 |
172.16.10-34.* |
Any IP address starting with 172.16 and any octet from 10 to 34 |
You can block on any segment of the hostname. For example:
Hostname |
Blocks |
---|---|
provo*.novell.com |
provo.novell.com provo1.novell.com provo2.novell.com |
*.novell.com |
gw.novell.com (but not novell.com itself) |
There is no limit to the number of IP addresses and hostnames that you can block in the blocked.txt file
Save the file as blocked.txt.
Multiple unsolicited messages (sometimes called a mailbomb or spam) from the Internet can potentially harm your GroupWise messaging environment. You can use the settings on the SMTP Security page to help protect your GroupWise system from malicious or accidental attacks.
To configure the SMTP security settings:
In ConsoleOne, right-click the GWIA object, then click
.Click
.Fill in the fields:
Reject if PTR Record Does Not Exist: This setting lets you prevent messages if the sender’s host is not authentic.
When this setting is turned on, the GWIA refuses messages from a smart host if a DNS reverse lookup shows that a PTR record does not exist for the IP address of the sender’s host.
When this setting is turned off, the GWIA accepts messages from any host, but displays a warning if the initiating host is not authentic.
This setting corresponds with the GWIA’s /rejbs switch.
Reject If PTR Record Does Not Match Sender’s Greeting: Select this option if you want the GWIA to reject messages from sending SMTP hosts where the sending host's PTR record does not match the information that the SMTP host sends out when it is initially contacted by another SMTP host. If the information does not match, the sending host might not be authentic.
Flag Messages with an Invalid PTR Record as Junk Mail: Select this option to allow messages from unidentified sources to be handled by users' Junk Mail Handling settings in the GroupWise client rather than by being rejected by the GWIA. This gives users more control over what they consider to be junk mail.
Enable Mailbomb Protection: Mailbomb protection is turned off by default. You can turn it on by selecting this option.
Mailbomb Threshold: When you enable Mailbomb protection, default values are defined in the threshold settings. The default settings are 30 messages received within 10 seconds. You can change the settings to establish an acceptable security level.
Any group of messages that exceeds the specified threshold settings is entirely discarded. If you want to prevent future mailbombs from the mailbomb sender, identify the sender’s IP address (by looking at the GWIA’s console) and then modify the appropriate class of service to prevent mail being received from that IP address (Section 54.1.2, Creating a Class of Service.
). For more information, seeThe time setting corresponds with the GWIA’s /mbtime switch. The message count setting corresponds with the /mbcount switch.
Click
to save the changes.For additional protective startup switches, see Section 59.6.13, Mailbomb and Spam Security.
In ConsoleOne, right-click the GWIA, then click
.Click
.Select
, then specify the strings in the text box.Anti-spam services use different indicators to mark potential spam. One might use a string of asterisks; the more asterisks, the greater the likelihood that the message is spam. Another might use a numerical value; the higher the number, the greater the likelihood that the message is spam. The following samples are taken from MIME headers of messages:
X-Spam-Results: ***** X-Spam-Status: score=9
Based on these samples, examples are provided below of lines that you could add to the list to handle the X-Spam tags found in the MIME headers of messages coming into your system.
Example: X-Spam-Results: *****
This line marks as spam any message whose MIME header contained an X-Spam-Results tag with five or more asterisks. Messages with X-Spam-Results tags with fewer than five asterisks are not marked as spam.
Example: X-Spam-Status: Yes
This line marks as spam any message whose MIME header contained the X-Spam-Status tag set to Yes, regardless of the score.
Example: X-Spam-Status: score=9 X-Spam-Status: score=10
These lines marks as spam any message whose MIME header has the X-Spam-Status tag set to Yes and had a score of 9 or 10. X-Spam-Status tags with scores less than 9 are not marked as spam.
You can add as many lines as necessary to the list to handle whatever message tagging your anti-spam service uses.
Click
to save your list of strings.The list is saved in the xspam.cfg file in the domain\wpgate\gwia directory. As described above, each line of the xspam.cfg file identifies an “X” header field that your anti-spam service is writing to the MIME header, along with the values that flag the message as spam. The GWIA examines the MIME header for any field listed in the xspam.cfg file. When a match occurs, the message is marked for handling by the GroupWise client Junk Mail Handling feature.
The GWIA supports SMTP host authentication for both outbound and inbound message traffic.
For outbound authentication to other SMTP hosts, the GWIA requires that the remote SMTP hosts support the AUTH LOGIN authentication method. To set up outbound authentication:
Include the remote SMTP host’s domain name an authentication credentials in the gwauth.cfg file, located in the domain\wpgate\gwia directory. The format is:
domain_name authuser authpassword
For example:
smtp.novell.com remotehost novell
If you have multiple SMTP hosts that require authentication before they accept messages from your system, create an entry for each host. Make sure to include a hard return after the last entry.
If you want to allow the GWIA to send messages only to SMTP hosts listed in the gwauth.cfg file, use the following startup switch:
/forceoutboundauth
With the --forceoutboundauth switch enabled, if a message is sent to an SMTP host not listed in the gwauth.cfg file, the sender receives an Undeliverable message.
For inbound authentication from other SMTP hosts, you can use the --forceinboundauth startup switch to ensure that the GWIA accepts messages only from SMTP hosts that use the AUTH LOGIN authentication method to provide a valid GroupWise user ID and password. The remote SMTP hosts can use any valid GroupWise user ID and password. However, for security reasons, we recommend that you create a dedicated GroupWise user account for remote SMTP host authentication.
You can have the GWIA reject messages from unidentified sources. The GWIA refuses messages from a host if a DNS reverse lookup shows that a “PTR” record does not exist for the IP address of the sender’s host.
If you choose not to have the GWIA reject messages from unidentified hosts, it accepts messages from any host, but it displays a warning if the sender’s host is not authentic.
To configure the GWIA to reject messages from unidentified hosts:
In ConsoleOne, right-click the GWIA object, then click
.Click
to display the Security Settings page.Turn on the
option.This setting corresponds with the GWIA’s --rejbs switch.
Click
to save your changes.