[Top] [Prev] [Next] [Bottom]




SMTP installation


Preparing the MAILsweeper host

Before installation ensure that the MAILsweeper host is configured with:

Pre-installation checklist

Before installation you should determine:

If you are using DLL based anti-virus tools these are installed after the MIMEsweeper installation. For more details see page 2-36.

Installing MAILsweeper

After you have determined the configuration required for your network and prepared your network for MAILsweeper deployment, you can run the setup program to install MAILsweeper on the host machine.

MAILsweeper should be installed by a user with write access to the Windows NT registry (such as a user in the Administrator's group).

Before starting the installation you should ensure that:

There are several evaluation copies of anti-virus tools on the installation CD-ROM. If you wish to use any of the command line anti virus tools you should install them separately, before proceeding with the setup program.

The release notes for MIMEsweeper may provide additional information that is required for the installation to be successful. You should read these before starting the installation.

Stopping the MAILsweeper services

If you are performing an upgrade you must shutdown the MAILsweeper services before starting the installation, to prevent file access conflicts.2

Remember to start the services again, after the upgrade is complete. See page 2-37 for details.

1. Double-click on the Services icon, found in the Control Panel.

2. A Services dialog box is displayed. In turn, select the entries for the MAILsweeper services and click on the Stop button. These are the MAILsweeper, SMTP Delivery Agent and the SMTP Receiver entries respectively.1

3. Click on the Close button to exit the Services dialog box.

Alternatively, you can shutdown the MAILsweeper services by entering the following commands at the command prompt:3

net stop MAILsweeper

net stop SMTPDS

net stop SMTPRS

You should also exit from the MAILsweeper Manager before upgrading.

If the MAILsweeper service is stopped while MAILsweeper Manager is still running, the MAILsweeper Manager dialog box will change colour to red and display a message. This is because MAILsweeper Manager can no longer communicate with the MAILsweeper service. See page 6-24 for details.

Starting the installation

One of the files on the installation CD-ROM is called SETUP.EXE. Run this program to start the installation.

It is strongly recommended that you exit all Windows programs before running the setup program.

To proceed with the installation, follow the dialog boxes in the InstallShield setup program.

The first dialog box you will encounter is the Welcome dialog box, as shown below.

Click on the Next> button to proceed with the installation.

At this point, if an existing MIMEsweeper installation is detected that is of a version prior to version 3.0, you are informed and asked if the setup program should reorganise it before proceeding. If a version 3.0 installation is detected this reorginisation will involve the quarantine areas only.

Click on the Yes button to continue.

If you are performing an upgrade it will happen automatically. You will not be presented with any further options. During the upgrade, all your existing configuration files will be copied into the directory CONFIG\CFGBAK.

If you are not performing an upgrade you are presented with a series of dialog boxes like the one shown below, offering configuration options for MIMEsweeper.

Work your way through each of the dialog boxes, typing in or selecting information from each one as required.

Selecting the product components

The Product Components dialog box, shown on the previous page, allows you to select the MIMEsweeper modules and components you wish to install.

For an SMTP installation, check the MAILsweeper box and SMTP option, as shown.

The default directory for the installation is C:\MSW, as indicated in the Destination Directory area.

If you wish to change the default directory, click on the Browse... button and select a new directory from the Choose Directory dialog box.

Select the directory path by double-clicking on the folder icons that are displayed in the Directories: area. The selected directory path is shown in the Path: field.

If the directory is located on a different drive, change the entry in the Drives: field, by clicking on the down arrow to the right of the field and selecting from the displayed list.

Specifying the SMTP post offices

The next dialog box prompts you to supply details on the post offices MIMEsweeper will protect.

For SMTP this is the name of your mail domain.

In the dialog box above the name of the mail domain is example.com.

Specifying the email addresses

The next two dialog boxes prompt you to supply the address elements that will comprise two email accounts. These are the MAILsweeper account and the MAILsweeper administrator's account.

The address elements are used to specify where Inform messages are sent FROM and TO during disposal:

These addresses form the value of the Server and Administrator directives, found in the [Main] section of the mail configuration file, MIMESWP.CFG. See page 7-11 and page 7-12 for details.

Specifying the SNMP details

MAILsweeper is capable of generating SNMP traps at startup and shutdown. If SNMP traps are required you can enable them using this dialog box.

Check the SNMP Traps box and type in the Community and Target Address information, as follows:

Specifying the anti-virus tool locations

If you intend to use command line anti-virus tools with MIMEsweeper, the next dialog box prompts you to check the box of each one you will be using.

There are several evaluation copies of anti-virus tools provided on the installation CD-ROM. These are not automatically installed by the setup software.

A dialog box is displayed for each anti-virus tool selected, prompting you to provide the location where it has been installed. Some anti-virus tools will also prompt for the version being used (Windows NT or MS DOS). Ensure you have all of this information readily available.

Click on the Browse... button to change the directory shown, using the Choose Directory dialog box. This dialog box is shown on page 2-30.

If you are using DLL based validators these should be installed after the MIMEsweeper installation. For more details see page 2-36.

Starting the file transfer

At this point, setup has enough information to start the file transfer operation. Your chosen options are displayed for a final accuracy check.

Check the information displayed and ensure it is correct. If any of the information is wrong, click on the <Back button to locate and change it, otherwise click on the Next> button to proceed.

The file transfer operation now takes place and the new MIMEsweeper installation is copied from the CD-ROM. A program group is created for all the MIMEsweeper components.

Installation of MIMEsweeper is now complete and a default configuration is in place.

The default MAILsweeper for SMTP installation is configured to automatically append a disclaimer to all outgoing mail, using the automated editing facility (AME). You can disable this facility or modify the contents of the disclaimer, if desired. See page 2-38 for more details.

Setting the licence key

You can enter your licence key at this point, by ensuring that the Set MIMEsweeper licence key box is checked before clicking on the Finish button.

You should have the licence key readily available when you run the set licence application.

Alternatively, you can enter the licence at a later time by running the Licence program. See page 4-1 for details.

Finally, click on the Finish button to exit the InstallShield setup program.

Some files may not be updated if they were being used by other programs at the time of the installation. These files will be updated the next time the system is started.

Installing the DLL based anti-virus tools

Installation of the DLL based anti-virus tools occurs after the MIMEsweeper installation is complete.

These anti-virus tools can be found on the MIMEsweeper CD and come with their own instructions for installation.

Starting the MAILsweeper services

After installing MAILsweeper for SMTP you must either reboot the machine or start the MAILsweeper services manually4 via the Services dialog box, accessed as explained on page 2-26.

1. In turn, select the entries for the MAILsweeper services and click on the Start button. These are the MAILsweeper, SMTP Delivery Agent and the SMTP Receiver entries respectively.1 The Status value tells you that the service is currently Started.

2. Click on the Close button to exit the Services dialog box.

Alternatively, enter the following commands at the command prompt:

net start MAILsweeper

net start SMTPDS

net start SMTPRS

(For WEBsweeper, use net start WEBsweeper).

Modifying the default disclaimer

The default MAILsweeper for SMTP installation is configured to automatically append a disclaimer to all outgoing mail. This disclaimer is appended using the automated editing facility.

For example:

In MIMESWP.CFG:

[Clean]
Edit=AppendIfSpoof
Edit=AppendOutwardDisclaimer
Deliver=

[AppendOutwardDisclaimer]
PerformIf=direction==out
AppendToBody=C:\MSW\Config\DISCLAIM.TXT
See page 7-34 for more details on the automated editing facility.

You can disable this facility or modify the wording of the disclaimer, if desired.

To disable this facility, ensure that the Edit directive is commented out in the [Clean] section, found in the configuration file MIMESWP.CFG.

That is, change:

[Clean]
Edit=AppendIfSpoof
Edit=AppendOutwardDisclaimer
Deliver=

to

[Clean]
Edit=AppendIfSpoof
;Edit=AppendOutwardDisclaimer
Deliver=

To modify the wording of the disclaimer, change the contents of the file C:\MSW\Config\DISCLAIM.TXT.5

The default contents are as follows:

In DISCLAIM.TXT

***********************************************************

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager.

This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com

**********************************************************

A message released from quarantine will still have the disclaimer added. The only exception is if a different <Response> is specified using the ReleaseDisposal directive and this <Response> does not follow the Clean disposal route. See page 6-20 and page 7-28 for more details.

Using the Domain Name System (DNS)

If your company uses a DNS server, configure the MAILsweeper machine to use this server if:

To test this, a nslookup for the MX record to an external organisation should yield an answer and a MX record lookup for your own mail domain should yield the address of the SMTP server or gateway.

If there is no DNS server, or the above check fails, then the MAILsweeper machine should use the ISP's DNS server and the MAILsweeper routing.

See page 2-41 for more details on MAILsweeper routing.

For a short explanation on DNS and MX records, see Appendix C.

MAILsweeper routing

MAILsweeper has a routing facility that can be used to override or complement Mail eXchange records in DNS. This section briefly outlines the MAILsweeper routing facility and describes how it may be configured to for both incoming and outgoing mail.

Incoming mail

To ensure that all mail entering your company is checked by MAILsweeper it will be necessary for you to make some changes to your existing mail configuration.

Depending on the size of your organisation mail will either be delivered to:

If mail is delivered to a host capable of accepting mail, such as a mail relay or proxy firewall, then that host must be configured to forward mail to the SMTP gateway.

Some companies may have a complicated sequence of relays for internal mail. However, all mail should be forwarded to the SMTP gateway eventually.

The sender of the mail message is unaware of the recipients mail topology, all they have is an email address and they rely on the DNS system to resolve the name to an appropriate address to send to.

For example, all mail for example.com may be sent to a machine called gateway.example.com. This translation will be stored within the public DNS system as the companies MX (Mail Exchanger) record.

Therefore, when someone tries to send to fred@example.com, they are actually sending to fred@gateway.example.com.

For a short explanation on DNS and MX records, see Appendix C.

If mail goes through a mail relay or proxy prior to being sent to the SMTP gateway then the delivery mechanism will vary between systems, but typically it will be configured with either:

In cases where neither of these are configured, the mail relay will probably try to use DNS to resolve the name. A problem can arise when the relay uses the same DNS as people outside of the company. This will return the same address as they are on already and cause a mail loop. For this reason and as a security measure, some companies may deploy internal DNS servers to provide resolution for the internal addresses.

To configure MAILsweeper to provide security for incoming messages it is necessary to perform one of the following steps:

Following these steps will ensure that all messages reside on the MAILsweeper host until they can be sent to the proper destination. This can be achieved using the MAILsweeper routing table options, as explained in the rest of this section.

Routing table options are provided by double-clicking on the MAILsweeper Console icon, found in the Control Panel.

A MAILsweeper dialog box is displayed, showing several tabs.

Click on the Routing tab to access the routing table options.

Using the dialog box shown on the previous page, you can configure routing for your mail domain and the associated SMTP gateway.

This is achieved using the following steps:

1. Enter the name of your mail domain into the Domain mask field and select a different routing option, if required.
By default the routing option is set to Additional, but it can be changed to Force or Default by clicking on the appropriate option button. See page 2-46 for more details on the routing options available.
2. Click on the Add button to enter your domain name into the main area of the screen. Initially this area has only one entry, that is, *.*. This entry should always be placed at the bottom of the list.

3. Select the entry for your mail domain and click on the Routes button to display the dialog box shown below.

4. Enter the host name or IP address of the SMTP gateway and click on the Add button.

In this example, the SMTP gateway is called gateway.

If this entry has no associated domain name then MAILsweeper will consult the DNS name servers that have been configured for this machine. If the incorrect name server is used it may return the wrong address and cause mail looping.

5. Click on the OK button of the Routes dialog box to return to the main MAILsweeper dialog box.

Routing options

Each routing table entry can be set with one of:

Force - this option is used to send mail to a particular destination and implies that the system should not perform any DNS MX record checking. However, the system may use DNS to resolve names to addresses.

Default - this option is used to provide a mail route if, after checking the configured DNS system, there are no MX records for this domain.

Additional - this option allows MX records to be returned from the DNS, but also checked with any entries in the routing tables. MX records are sorted on a preference value, which can be any value from 0 to 65535 and are designed to offer a choice of mail route. The lowest preference value is tried first.

For example, a company DNS has two MX records, one for first.host with preference value 10 and one for second.host with preference value 20. It also has an entry in the routing table for third.host , with a preference value of 15. The order of mail routing for this company would be first.host, third.host and lastly second.host.

Advanced entries

It is possible to configure multiple entries for a single domain. This allows an alternative SMTP gateway in the event of failure.

It is also possible to configure MAILsweeper to send mail on a different SMTP socket. This can be useful for:

For example:

Adding multiple domains

As MAILsweeper is a true mail relay it can support multiple domain entries, including domains containing a wildcard.

It is important to remember that the domains are checked for the best match from top to bottom of the list, so care must be taken when ordering the entries in this list. The ordering can be changed by selecting an entry and clicking on the Up and Down buttons. To remove an entry from the list, select the entry and click on the Delete button.

The *.* entry should always be placed at the bottom of the list.

Outgoing mail

To ensure that all mail leaving your company is checked by MAILsweeper you will need to deploy MAILsweeper between the SMTP gateway and the Internet connection.

Usually, this requires that the SMTP gateway or a mail relay is configured to forward all outgoing mail to the MAILsweeper host.

Furthermore, MAILsweeper's delivery service (SMTPDS) should be configured to send mail out to the Internet. Depending on your network configuration, you may not need to make any changes to MAILsweeper, as the DNS server that the MAILsweeper host uses will provide name resolution for outgoing mail and then send it to the Internet.

However, if all outgoing mail must be sent via another mail relay or proxy before it leaves the organisation, you will need to add a routing table entry for the domain *.*. This entry must be added at the bottom of the routing table list, as shown in the dialog box on the previous page.

The *.* wildcard can also be implemented with DNS, however it is easier implemented as a routing table entry.

You can test the DNS and verify that the MAILsweeper host DNS is being used by doing an nslookup.

For example (to check for possible mail looping):

C:\NSLOOKUP6
> SET TYPE=MX
> EXAMPLE.COM
> MSW.EXAMPLE.COM

If the MAILsweeper host is msw.example.com, and a force route was not used for this domain, then mail would be delivered to itself and hence cause a mail loop.

Dial-up support

Dial-up support options are provided by double-clicking on the MAILsweeper Console icon, found in the Control Panel.

A MAILsweeper dialog box is displayed, showing several tabs.

Click on the Dialup tab to access the dial-up options.

Most of the information required for dial-up support can be configured via this dialog box, as shown below, and is discussed in the following section.

Before you can configure any of the features discussed in this section you must first enable dial-up support by checking the Enable dialup box.

Once dial-up support is enabled, the retry schedule in the Retries dialog box will be ignored, unless the domain is specified for exclusion, see page 2-52 for details on how to exclude domains. You must always exclude your own mail domains so that mail destined for these domains will not be delivered to the ISP.

Specifying the connection details

The connection details required for dial-up are specified in the Dialup Server area of the MAILsweeper dialog box, shown on the previous page.

The connection details required are:

The connection details can be tested using:

C:\RASDIAL Phonebook entry User name Password

where Phonebook entry, User name and Password are the entries specified in the DialUp Server area and RASDIAL is in your default system path.

Excluding domains

Mail can be excluded from delivery to the ISP if it is destined for particular mail domains, for example, your own local domains. You can specify these domain names in the Exclude domains field of the MAILsweeper dialog box, shown on page 2-50.

This field can contain a comma separated list of domain names, optionally containing the wildcard character *. Proceed a domain name with an exclamation mark to indicate that matching domains don't belong in the excluded list. The list is checked from left to right, so if you use a domain preceded with an exclamation mark (an exception), it should appear first.

You must always specify your own local mail domains in this field so that mail destined for these domains will not be delivered to the ISP.

For example:

Using this example:

This field does not control routing, which is always performed according to DNS and the routing table. In the above example, you may wish to route mail to the branch office and all domains outside your company via your ISP's mail server but to route mail to your local domains in a different way. You should use MAILsweeper routing to achieve this. See page 2-41 for details.

Incoming delivery trigger command

It may be necessary to prompt your ISP mail server to start sending mail after the dial-up connection has been established.

If this is necessary, check the Incoming delivery trigger command box of the MAILsweeper dialog box, shown on page 2-50, and type in the appropriate command line to execute, as supplied by your ISP.

Please contact your ISP to establish if a command line is necessary and, if so, what the required command line is.

For example, if your ISP stores mail using an SMTP server which supports storing mail for a remote domain, it will understand the ETRN SMTP command.

In this case, you should use the following line:

startmail -h mailserver.isp.com example.com

Alternatively the ISP may store your mail using a POP3 mailbox and expect you to download it using POP.

In this case, the popdown utility can be used to retrieve mail from the POP3 mailbox and redirect it to recipients on your local system. For example:

popdown -h mailserver.isp.com -u username -p password

When calculating the duration of the dial-up connection, MAILsweeper will not start counting until the Incoming delivery trigger command has finished. For this reason, a command which does not terminate could cause the dial-up connection to stay open indefinitely.

Please check with your ISP for further details.

Outgoing delivery retry limit

A delivery attempt is made by MAILsweeper every time a dial-up connection is established.

If the delivery attempt is unsuccessful at the scheduled dial-up time, for example, because the ISP mail server is down or inaccessible, MAILsweeper will retain the message and retry later.

You can specify the maximum number of retry attempts MAILsweeper should make. This value is specified in the Outgoing delivery retry field of the MAILsweeper dialog box, shown on page 2-50. The default value is 20.

If the number of delivery attempts exceeds this limit, delivery is abandoned and a non-delivery notification generated.

Mail can be excluded from delivery to the ISP if it is destined for any mail domain specified in the Exclude Domains field, see page 2-52 for details.

Dial-up status

A dial-up status area is displayed under the Outgoing delivery retry field of the MAILsweeper dialog box, shown on page 2-50.

This area shows the current status of the dial-up connection.

If there is no connection in progress you can request an immediate dial-up by clicking on the Dialup Now! button.

If MAILsweeper is currently Connected you can terminate the connection immediately by clicking on the Hang up! button.

Dial-up connection times

You can specify the maximum and minimum durations for which a dial-up connection will remain open.

These times are specified, in minutes, using the Dialup connection time area of the MAILsweeper dialog box, shown on page 2-50.

Do not reduce the minimum connection time too far, otherwise the ISP's mail server may not have enough time to establish the connection.

Dial-up schedules

You can specify the times of day at which MAILsweeper will make a dial-up connection to the ISP. Furthermore, different dial-up schedules can be specified for weekdays and for the weekend.

Dial-up schedules are configured via the Dialup schedules area of the MAILsweeper dialog box, shown on page 2-50.

An identical dialog box is displayed for both buttons, showing the current dial-up schedule for that time period.

To add a new dial-up time to the schedule list:

1. Select the time using the small scroll bar the right of the time field. Dial-up times are specified using the 24-hour clock, with intervals of five minutes.

2. Click on the Add>>> button.

The new time will be inserted into the appropriate place on the schedule list.

The actual time at which the dial-up occurs may be up to two minutes later than the time specified.

To remove a dial-up time from the schedule list:

1. Select the time from the schedule list.
2. Click on the Remove button.

For each dial-up time on the schedule list, you can specify whether the dial-up should be conditional or unconditional.

To make a dial-up unconditional check the box to the left of the dial-up time shown on the schedule list. In the following example, the 0205 and 0800 dial-ups are unconditional, the 0000 and 0400 dial-ups are conditional.

Securing the MAILsweeper machine

It is important to secure the MAILsweeper machine so that:

Securing the MAILsweeper machine can be achieved via the Network dialog box. Access this dialog box by double-clicking on the Network icon, found in the Control Panel.

First, it is necessary to disable forwarding of IP, to stop the MAILsweeper machine acting as a router. This is achieved using the following steps.

1. Click on the Protocol tab of the Network dialog box and select the TCP/IP entry from the Network Protocols area.

2. Click on the Properties button, to display a Microsoft TCP/IP Properties dialog box. Click on the Routing tab of this dialog box.

3. Ensure that the Enable IP Forwarding check box is disabled. (A tick in this check box indicates that it is enabled.)
4. Click on the Apply button to apply the changes.
5. Click on the OK button to exit the dialog box.

Next, disable the WINS client (TCP/IP) binding to the Server service. This disables remote access to shared resources over TCP/IP. Details how to do this are shown on the next page.

Care must be taken when disabling the WINS binding as this may effect other network operations, such as logging into NT domains when the only network protocol used is TCP/IP.

To disable the WINS client (TCP/IP) binding:

1. Click on the Bindings tab of the Network dialog box.

2. Ensure that all services is displayed in the Show bindings for field. (Change the entry in this field by clicking on the down arrow to the right of the field and selecting from the displayed list).
3. Expand the Server entry, by clicking on the + symbol, then select the WINS Client(TCP/IP) entry.
4. Click on the Disable button. A red warning symbol to the left of the WINS Client(TCP/IP) entry indicates that it is disabled (as shown on the screen above).
5. Click on the OK button.



[Top] [Prev] [Next] [Bottom]



1 Remote Access Service is required for dial-up support only.

2 Also the WEBsweeper service if this is applicable (select the WEBsweeper entry).

3 To shutdown the WEBsweeper service use:

      net stop WEBsweeper

4 Also the WEBsweeper service if this is applicable (select the WEBsweeper entry).

5 This directory path assumes the default MAILsweeper installation at C:\MSW.

6 Where NSLOOKUP is specified in your default system path.

msw.support@mimesweeper.com

Copyright © 1998, Content Technologies Limited. All rights reserved.