A quick tour of the Clearswift SECURE Email Gateway

As I introduced the SECURE Email Gateway in my last blog post, I thought I’d take a few minutes to do a whistlestop tour of the current version (3.5 – actually 3.5.4 once you’ve patched it). In order to stop my RSI developing any further, I will refer to it hereafter as ‘the SEG’.

Management Console

The home screen contains links to the Management Centres, where you can manage policies, messages, reporting, system configuration, health and admin users. Along the top are dropdown menus for each of these Management Centres, with more links to specific configuration items. We’ll briefly look into each of these…

SEG-1

Policy Definitions

SEG-3

Your policy definitions define what your mail policy routes are (from and to) and your content rules are what you check for each route.

So, clearly you’ll need at least two routes – one in, one out – and these are provided out of the box. The set of content rules on each will probably be similar – the default ones for each route are similar by default – check for viruses, encrypted/unrecognised filetypes, large files and images, videos and profanity etc. with subtle differences – e.g. whether messages are dropped or quarantined.

SEG-2-1

Of course, both of these are fully customisable – you can create new routes as you wish based on address lists – either static (including wildcards) or synchronised from an LDAP server (i.e. AD). So if the managers say they can send and receive what they want, then create a policy route for them, then add the appropriate content rules. If Moira from Marketing is allowed to send videos to the PR company, create a rule from her, and set the content rules to allow video. If Dave from Finance wants…oh, you get the idea… Note that the order of routes is important as they are evaluated in order, so put the most restrictive at the top.

SEG-2-3

Anti-SPAM and AV

The Anti-Spam in SEG uses a Spam solution called SpamLogic – this includes features such as IP reputations (both local and from a database managed by Clearswift), realtime blocklist (RBL) servers, sender protection framework (SPF) and SenderID checks – all the standard stuff.

SEG-2-4

Out of the box AV is dependant on your licence, but Kaspersky and Sophos are the third-party options. There’s some good stuff in Clearswift’s ‘Zero Hour Malware’ feature – essentially through a connection to Clearswift, your gateway can get a ‘heads up’ on suspected attacks as they happen. Again, good stuff.

Lexical and Image Analysis

Content rules can include actions based on words or images. With words, the gateway performs a lexical analysis using some pre-defined (and customisable dictionaries) – swear words (in multiple languages), racism and other dodgy stuff. You assign scores for ‘hits’ and thresholds. So swear once, shame on you, but your message might get through. Swear twice, shame on me; your message gets bounced with a configurable alert – probably to your boss.

The image analysis stuff is primarily to detect porn of course. In testing it seemed pretty good at knowing the difference between filth and legitimate pictures. And if you’ve got a company logo that accidentally gets picked up, then a. change your logo, or b. add it to the IMAGElogic database and it’ll be OK’d by the gateway in future. Sweet.

Managing Messages and Reporting

The message centre is where you can see what’s been held – viruses, large messages etc. – and where you can perform operations (single / multiple / batch) such as release, delete, forward etc. You can also track messages through the gateway here as well. Oh, and view the queues on the gateway, and any other gateways you have peered (for redundancy/scaling)

SEG-3

There’s some reasonable reports out of the box as well- top senders, recipients, sender domains, virus senders, processing rates, message sizes. Comparable to the big boys in the main and pretty useful.

SEG-4

Personal Message Management (PMM)

Want your users to control what happens to messages that have been quarantined? This is what you need. Compared to Forefront this is very nice indeed. Might do a blog on this on its own at some point. Seriously Forefront was horrible at this…

Other system stuff

That’s it for the functionality, but just thought I’d end up with a quick lok at the other screens. The System Center is the main one – essentially it contains everything that isn’t to do with applying policies – including mail routing (by domain, with wildcards), address re-writing, peering with other gateways for fault-tolerance, getting updates from Clearswift (patches (3.5.4 currently) as well as AV/spam definitions (15 mins – 1 hour updates) as well as the mundane settings for Ethernet, DNS, TLS etc.

SEG-5

Oh, and there’s a system overview page. Nothing to see here, move on…

SEG-6

That’s it for the moment – whistle-stop and ridiculously high-level, but most people won’t have seen this. As I get time I might do a blog on some of these features in  more depth; personally I think they’re pretty good and worth a decent look.

Cheers,

Tim

Here’s the postamble:

  1. Disclaimers away: I do contract for Clearswift, but this is not a Clearswift communication. It is posted in good faith, but I can’t guarantee the accuracy of everything in this post, and therefore there are no warranties, and this transfers no rights, express or implied, whatever that means.
  2. You can download the ISO of SEG 3.5 from http://www.clearswift.com/products/evaluation. It’s a fully self-standing product – it’s built on Clearswift’s own Linux build – I’m not going to go into the install, but you’ll need to create a VM – the Linux system is 32-bit, so I would create a machine with 2-4GB RAM and a disk of at least 30GB. I’ve tested VMware and Oracle VirtualBox, but I prefer Hyper-V personally, and now it’s in Windows 8, it’s even more useful for testing. The only thing with Hyper-V is you need to remove the standard synthetic adaptor and add a legacy network adaptor as there are no drivers in the CS-Linux kernel for the synthetic NIC. Not a big deal. Put the CD in, follow the instructions, remove the D, reboot etc. and at the end you will have a gateway built.
  3. After the initial install, you’ll have to configure networking. In Hyper-V I normally use an internal virtual switch, and configure the host with an internal IP address(e.g. 10.0.0.1 or 192.168.1.1). Login to the console (console/console) and configure the IP address of the primary NIC so it can talk to your host(e.g. 10.0.0.2/255.0.0.0). Once that’s done, connect to the IP address of the SEG server from a browser on your host machine – e.g. https://10.0.0.2 – and run through the intial config wizard. You’ll need license details (request from that Clearswift eval page), then enter details of your Exchange server, routing domains etc. – all simple stuff, which I won’t go into as I’m assuming a certain level of networking / messaging knowledge. When the wizard completes, browse again to the server and login as admin, with the password you set in the config wizard. Now you’re done and we can crack on with looking at the SEG itself.
  4. I know postamble isn’t technically a word, but I’m a firm believer in that if you use a word enough OED will eventually agree it’s a word. Deal with it. Eats, shoots, and leaves.
Advertisements
This entry was posted in Clearswift, Email, Hygiene. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s