MailWasher Enterprise Server - Windows

INSTALLATION INSTRUCTIONS

Contents


Quick Overview

MailWasher Enterprise Server (MWES) works as a proxy, meaning it sits in front of your mail server collecting and processing all incoming mail. You will notice a significant reduction spam along with reduced load on your mail server when MWES is installed and working.

The following diagram illustrates how MWES operates.



Download

Download MailWasher Enterprise Server (MWES) for Windows Server 2000, 2003 or 2008. MWES may be used with any Windows Mail Server like Microsoft Exchange 2000,2003,2007, SmarterMail, IMail, MailEnable and any others.

Installation

Steps:

Note: MWES for Windows does not currently support TLS/SSL. Clients have to use Plain Authentication.

1. Change the listening SMTP port from 25 to 26 for MS Exchange 2000/2003/2007 (or any other MTA you are using).

Helpful Links:

  1. Exchange 2000 (http://support.microsoft.com/kb/274842)
  2. Exchange 2003 (http://support.microsoft.com/kb/274842) In Exchange 2003 after changing Port 25 from 26 make sure you cross check the following: Go to Exchange System Manager->Servers->Protocols-> SMTP properties. In General Tab you will likely have an IP address specified. Change it to "All Unassigned".
  3. Exchange 2007 (http://www.exchangelog.info/2007/08/how-to-ch...). In Exchange 2007 after changing Port 25 from 26 make sure you cross check the following: Go to Exchange Management Console->Server Configuration->Hub Transport->Default Mail Poroperties at Right pan. In Network Tab Edit Local IP Address and Select "Use all IP addresses available on this server" Press OK & Restart Exchange Transport Service.

2. Run the mwes installer and follow the instructions on the screen. The screenshot below shows options for viewing the web interface.

Note: During install you don't need to change any of the defaults here unless you're using a different port or box.

3. By default a 30 day trial period is setup on installation. This can be changed on the license screen. Please note, you do not need to enter any username and password for the trial account.

On completing the installation, a browser window will launch taking you to your login screen http://[company.site]:4044

The default login is:

UserID: admin
Password: password

4. You will need to add any domains used at settings>>Domains, to prevent your network appearing as an open relay.

5. Make sure ports 25, 4044 and 4051 are not firewalled as MWES uses these ports.

6. Emails will arrive through port 25 and be checked by MWES. If email is not quarantined it will then be passed onto MS Exchange (or other MTA) through port 26.

Note: If you want to install MWES Proxy on a different computer than the Mail Server, you'll need to do the following.

Changing MTA RELAY HOSTNAME (By default it is set to localhost):

  1. Go to the Windows Registry setting (Start>>Run>>regedit) - "HKEY_LOCAL_MACHINE\SOFTWARE\Firetrust Limited\mwes"
  2. In the right pane double click on "mta_relay_hostname" string and enter local LAN IP e.g. 192.168.1.1, IP address of the mail server or if you are running Dual LAN Cards, enter IP address to which all SMTP traffic comes in.
  3. Close Registry & Restart MailWasher Enterprise Server in Administrative Services (go to Start>>Run>> type 'services.msc' and locate MailWasher Enterprise Server).


Upgrading from the old conduit version

Remove old version of MWES including the conduit

  1. Uninstall conduit Start->Program->Mailwasher Enterprise server->Uninstall conduit.
  2. Using Task Manager, kill process inetinfo.exe to make MS Exchange release and remove the existing conduit (inetinfo.exe will restart automatically)
  3. Uninstall MWES from the Control Panel->Add/Remove Programs


Uninstall

Uninstall MWES from the Control Panel->Add/Remove Programs


Upgrading

Download and run the latest mwes.x.x.x.exe. MWES will automatically upgrade itself.


Start and Stop

If needed, you can Start/Stop/Restart MailWasher Enterprise Server in Administrative Services (go to Start>>Run>> type 'services.msc' and locate MailWasher Enterprise Server).


USING MAILWASHER ENTERPRISE SERVER

Contents


Running MailWasher Enterprise Server for the first time.

By default a 30 day trial period is setup on installation. This can be changed on the license screen. Please note, you do not need to enter any username and password for the trial account.

On completing the installation, a browser window will launch taking you to your login screen http://[company.site]:4044



Login

The default login is:

UserID: admin
Password: password

Please login and change this to something more secure. This can be found in the "settings"->"admin details". This account will allow you to control the administration priviliges. Do not give this out to users.


Monitor screen

The monitor screen shows statistics of how mail is processed

  • Processed: Indicates how many emails have been processed.
  • Emails(ok): Emails which have passed through all filters except graylisting.
  • FA: Emails stopped by Firetrust's FirstAlert signature database.
  • RBL: Emails stopped by real-time blackhole lists.
  • Blacklisted: Emails stopped by the blacklist.
  • Custom filter: Emails stopped by custom filters.
  • FA(IP): Emails stopped by FirstAlert which are using the same IP as known spam.
  • SPF(lite): Not yet implemented.
  • Gray listed: Emails which have been gray listed.
  • Gray listed(ok): Emails which have been let through graylisting.
  • Empty Email Body: Emails stopped with an empty body.
  • Uploaded: Emails caught by RBL's and greylisted older than 2 hours are uploaded to FirstAlert..



Action screen

You'll need to decide how you want spam to be dealt with. There are two options.

  1. Quarantine: Sent straight to a quarantine section and managed inside a web browser, or
  2. Pass through: Spam headers are marked with 'X-MWES-status: Spam' and delivered to end-users to be filtered in their email client.

Greylisting is another option and stops a lot of spam. Greylisting works by temporarily failing an email and once the sending MTA re-sends the email, it is let through. Since much spam is forged and sent via compromised computers, it is not re-sent and thus does not get past the grey listing filter. See the greylisting section for more information.

Quarantine and greylisting options are enabled by default.



Adding Users

Adding users allows end-users access to the quarantine and greylisting screens via a web browser so they can view their blocked email and if necessary, rescue the blocked email so it is delivered to their inbox.

You'll need to decide if you want to enable:

  1. Global quarantine access: All users are given the same login to the quarantine area to search for their blocked email. Only the from: and subject: are visible and any rescued email is sent to the original recipient.
  2. Individual quarantine access: Each user has their own unique login to the quarantine area and they can only search for their own blocked email and any aliases which have been setup for them. Any rescued email is sent back to their inbox.

Setup a global user login

If a user account is created with a username and password, but with no email address, that account becomes a global quarantine account and all users will use that same quarantine screen to search for their blocked email.

One global user is setup (no email addresses are entered)


Anyone can search for their email from the same quarantine screen


Setup an individual user login

Individual user logins are created by creating a username and password, along with adding the users email address and any other aliases they use. When a user logs in to the quarantine area they will only be able to search for blocked email addressed to themselves.

User setup with aliases


Individual User Quarantine Account Login - User can view their quarantined email



Quarantine screen

After login, you'll be taken to the Quarantine screen where you can search for emails and if necessary, rescue them. All rescued emails are sent to the original recipient.

This quarantine screen is available to the end-users via login to a web browser so they can search for blocked email using a number of search criteria:

  • The From: field
  • The To: field
  • The Subject
  • The date

By default, when a user logs in they will see the last 50 emails which have been blocked

If a user finds an email which they want to rescue, they click the 'rescue' link and that email is delivered to their inbox. The from: email address is automatically added to the friendlist so it is not blocked in the future. The rescued email is shown in green in the quarantine screen for easy reference.



Greylisting

Greylisting is an effective tool to stop spam by sending a temporary fail back to the sender of the message. If the sender is sent via a valid MTA, the message is re-sent and MWES will let it through. If the message is not sent from a valid MTA it is not delivered and left in the MWES greylisting quarantine area.

Greylisting is enabled by default in Settings>>Action

NOTE: Valid messages can be delayed by up to 15 minutes using this method since the sending MTA has to re-send the message. You can always check the quarantine>>greylisting area to see which messages are due to be resent, and thus rescue them in which case they will be added to the whitelist. See below, the three light grey messages at the top are within the 15 minute time period to be re-sent. One an email sender has been let through, they are let through instantly next time they send something.



Whitelists

You can setup a whitelist which will allow any email address on the whitelist to bypass all the spam filters.

Note: You don't need to add your email address or domain to the whitelist, as MWES will detect that you're working from a local LAN. Spammers frequently use your own email address to bypass filters, so leave them off the whitelist.

Note:You can also use wildcards like '@company.com' in the whitelist.


The IP Whitelist is automatically populated by the greylisting feature when an email is rescued. In this case the domain and IP address is added so those emails are let through automatically next time.



Blacklist, RBL's and custom filters

Blacklist

You can setup a blacklist which will stop any email with that blacklisted email address from passing to end users inboxes.

Note:You can also use wildcards like '@company.com' in the blacklist.


Real-time blacklist services (RBL's)

RBL's are used to block known sources of spam. MWES supports both URL and IP based lists and includes an RBL from www.spamhaus.org by default (zen.spamhaus.org).


Custom filters

You can also add custom filters using text or regular expressions to block unwanted email. You'll find some sample filters in the intallation directory called 'CustomSpamFilter.xml' which you can import. (Importing will not create duplicates).

Regular Expression engine from www.regexlab.com



Product License

After the 30 day free trial is finished, if you want to keep MWES you must purchase a user license appropriate for the number of users you have.

Once you have purchased the license you will be sent a username and password. Enter these details in to the Settings>>Product License screen to continue using MWES.



Admin details

The Admin Details screen is used for the administrator to change their username and password to access the software.



TROUBLESHOOTING

If you installed MailWasher Server to the default location a log file is created "C:\Program Files\MailWasher Enterprise Server\logs\"

See below about changing the level of debug logging.

If you find a problem, please zip this directory up and send it to us at nick.bolton@firetrust.com

There's also the forum for any questions.

Any other problems please email us.

Q. I can't rescue email.

A. There's two options to fix this.

1. Go to Exchange System Manager and locate SMTP properties like below. You will likely have an IP address specified. If you change this to 'All Unassigned' then rescue will work. Stop and start the service (wait a minute for it to work). If you want to keep the IP address specified then go to option 2.

2. Make sure you're using version 2.68 or later and go to the Windows Registry setting (Start>>Run>>regedit) - "HKEY_LOCAL_MACHINE\SOFTWARE\Firetrust Limited\mwes"

Locate the key 'mta_hostname' and enter the IP address you're using above.

Restart MailWasher Enterprise Server in the services (go to Start>>Run>> type 'services.msc' and locate MailWasher Enterprise Server)


MISCELLANEOUS

You can change/add these options in the registry

Windows Registry: "HKEY_LOCAL_MACHINE\SOFTWARE\Firetrust Limited\mwes"

If changed, restart the MailWasher Enterprise Server Service (Go to Start>>Run>>Type 'services.msc' and locate MailWasher Enterprise Server, and restart).

Database location

database_location C:\Program Files\MailWasher Enterprise Server\data

Default page after login

default_page Quarantined.srv

Location of installed files

home C:\Program Files\MailWasher Enterprise Server

Web server details

root_document C:\Program Files\MailWasher Enterprise Server\site
listen_port=4044
hostname=localhost

 

Change the logging level

If you want to change the logging level. Default is 2 (normal)

0 = Full
1 = Partial
2 = Normal
3 = Warnings
4 = Errors

log_level=2

Location of logs

logging C:\Program Files\MailWasher Enterprise Server\logs

Proxy configuration

Details show the port and location of MWES proxy
use_mta_proxy=1
mta_port=25
mta_hostname=

Change the location and port where MWES sees the MTA

MTA Relay is used to show the location and port of your MTA. Defaults are shown below.
mta_relay_hostname=localhost
mta_relay_port=26

FirstAlert cache size information.

This is used to cache already checked spam to reduce the number of external checks.
cfs_max_cache_size=20000

RBL cache size information.

This is used to cache already checked spam to reduce the number of external checks.
rbl_max_cache_size=20000

Use working domains to stop open relay

use_check_domains=1
# If set = 1 this stops your MTA appearing as an open relay by checking the list of your working domains.
# If set = 0 will let all email through without checking your working domains. (ie. it will filter everything instead of distinguishing between internal and external email). You'll just need to make sure your MTA is configured to not appear as an open relay.

Ignore MTA Authentication

use_mta_authentication=1

# If set =1 then all emails authenticated by MTA are safe and will not be filtered.
# If set =0 then MTA Authentication is ignored and all emails pass through filters.

Don't check local email

use_is_routable=1
# If set = 1 to not check your local mail going out.
# If set = 0 to check your local mail going out.

Discard empty email's.

Emails without a body are discarded.
discard_empty_emails=1
# If set = 1, emails with empty bodies are discarded
# If set = 0, emails with empty bodies are passed through for filtering

Search www.firetrust.com



User Comments

...This excellent software makes using the Internet and email productive again. Simple to use and set-up, yet incredibly powerful in its application. I'm happy to recommend this product to anyone that doesn't want to waste time with spam."

 

Bob Partridge, VetHospital.co.uk

Even though I have a very technical background, I couldn't believe how easy this product was to configure. Nice work and thanks again for the speedy response.

DS

...on my test mail server it appears that MWES places an extremely low load on the server. It really is quite impressive what you have achieved with it.

Chris H

We're becoming some of your biggest fans over here - MailWasher Server is a great product.

JS

...I was delighted that Mail Washer "did what it said on the can"!!!

Darren

Hi! I just started using Mailwasher Server and I am very surprised about the quality. Please keep up the good work.

HD

I've tested a decent number of anti-spam gateway products in the past, and honestly I just haven't been satisfied with them. They are either inaccurate, hard to use, hard to set up, or worse. Thanks for making this great product available.

Jim S