New Features in

CS MAILsweeper for SMTP 4.3 with Service Pack 2

(CS MAILsweeper for SMTP 4.3.12 including Technology Update Version 1.4.10)

This document describes the new features and enhancements introduced in this service pack for CS MAILsweeper for SMTP 4.3.

This New Features is one of a set of release documents, which provide information specific to this release of CS MAILsweeper for SMTP 4.3. For example, details of issues that have been addressed in this release are described in the ReadMe release document. Each release document is linked, so you can access any of the documents from the one you are currently using. All of the release documents are listed in Other Release Documents. The release documents are current at the time of releasing CS MAILsweeper for SMTP 4.3 Service Pack 2; subsequent updates will be available on our website, http://www.mimesweeper.com/.

Contents

In this Release Document

• New features at this release
• New features in CS MAILsweeper for SMTP 4.3

Other Release Documents

Details of other aspects of this release of CS MAILsweeper for SMTP are provided in the following release documents:

• Advanced Configuration
• Antivirus Tools for CS MAILsweeper for SMTP 4.3 Service Pack 2:
  • MIMEsweeper Scenario for F-Secure Anti-Virus
  • MIMEsweeper Scenario for Command Interceptor
  • MIMEsweeper Scenario for H+BEDV AntiVir
  • MIMEsweeper Scenario for Sophos Anti-Virus
• Prerequisites
• ReadMe
• Supported Environments and Tools
• Features Introduced in Previous Releases

Each release document is linked, so you can access any of the documents from the one you are currently using.

New features at this release

The following new features have been introduced in this release of CS MAILsweeper for SMTP 4.3:

• SMTP Authentication
• CS MAILsweeper administration tools

These new features are briefly described in this New Features document. The SMTP Authentication feature is more fully documented in Revision 3.2 of the help system in the product software. The CS MAILsweeper administration tools are more fully documented in the Supported Environments and Tools release document.

Back to Contents

SMTP Authentication

The capability to configure the CS MAILsweeper Receiver and Delivery services to perform server-to-server, domain-based SMTP authentication has been added at Service Pack 2. SMTP Authentication is an Extended SMTP (ESMTP) capability to verify the identity of a mail server before accepting mail. Used effectively, CS MAILsweeper SMTP Authentication can reduce the likelihood of receiving and forwarding unwanted mail.

MAILsweeper SMTP Authentication uses the LOGIN Simple Authentication and Security Layer (SASL) mechanism for identifying and authenticating connecting servers. Servers are identified by their IP address (or host name). Servers manually exchange user-configured user name and password information to establish a server-to-server connection and authenticate when sending email or authenticate the client when receiving email. Use of this feature, therefore, requires a degree of trust and cooperation between the administrators or participating mail servers.

You configure SMTP authentication in the following tabs in the SMTP Relay Properties page under the MAILsweeper for SMTP folder in the MAILsweeper for SMTP Policy snap-in:

• Receiver Service Authentication
• Delivery Service Authentication

After configuring SMTP Authentication, you must restart the CS MAILsweeper for SMTP Receiver and Delivery services in order for the changes to take effect.

For details on how to configure SMTP Authentication in the SMTP Relay Properties page, including example settings, see the online help. For details of SMTP Service Extension for Authentication, see RFC2554. For details of SASL, see RFC2222.

Back to New features at this release

CS MAILsweeper administration tools

The Quarantine Repair Utility (Qrepair) is now installed as a standard feature of CS MAILsweeper for SMTP 4.3 at Service Pack 2.

Qrepair is a CS MAILsweeper administration tool that was previously available from our website on an unsupported basis. It is now installed in the CS MAILsweeper program folder (by default, C:\Program Files\MAILsweeper for SMTP\Program).

Qrepair is a command-line utility that reconstructs database index files in CS MAILsweeper for SMTP message areas. For full details on Qrepair, see the Supported Environments and Tools release document.

Back to New features at this release

New features in CS MAILsweeper for SMTP 4.3

New features and enhancements were introduced in the following areas of CS MAILsweeper for SMTP 4.3:

• User Interface Features
• Policy Configuration Features
• SMTP Routing and Relay Features

These new features and enhancements are briefly described in this New Features document. They are more fully documented in Revision 2.2a of the CS MAILsweeper for SMTP Reference and in Revision 3.1 and later of the help system in the product software.

Back to Contents

User Interface Features

The following enhancements were made to the user interface in CS MAILsweeper for SMTP 4.3:

• MAILsweeper for SMTP Console
• MAILsweeper for SMTP Help System

Back to New features in CS MAILsweeper for SMTP 4.3

MAILsweeper for SMTP Console

The MAILsweeper for SMTP Console was completely redesigned for CS MAILsweeper for SMTP 4.3. CS MAILsweeper for SMTP 4.3 still uses the Microsoft Management Console (MMC) for its user interface; however, the two CS MAILsweeper for SMTP snap-ins that make up the MAILsweeper for SMTP Console have been enhanced to make it easier and more intuitive to configure policies and to manage the system.

The MAILsweeper for SMTP Policy snap-in provides the following methods to simplify the way you configure policies:

• Getting Started Task Pad

  The Getting Started Task Pad provides a quick and easy way for novice users to access key CS MAILsweeper for SMTP wizards, the online help system, and system information.

  To view the Getting Started Task Pad, expand the MAILsweeper for SMTP Policy snap-in, then click on the MAILsweeper for SMTP folder. The task pad is displayed in the details pane.

• Policy Wizard

  The policy wizard guides the novice user through the whole process of building and configuring a policy. The policy wizard consists of 3 separate parts that are defined as steps. The specified steps are:

      Step 1: Create the scenario

      Step 2: Assign the scenario to the scenario folders

      Step 3: Define the actions

  Throughout this documentation, the parts of the policy wizard are described as components and items. A component is a group of related items, for example, scenarios. An item is a specific member of the group, for example, the Legal Disclaimer scenario.

  The policy wizard guides you through each of the components required to build a policy, enabling you to select and create specific item types for each component. If you are new to CS MAILsweeper for SMTP 4.3 or use it infrequently, you can use the policy wizard several times to build up a comprehensive policy for your organization.

  You can start the policy wizard either from the Getting Started Task Pad or from the Action or context menu on the Policies folder under the MAILsweeper for SMTP folder of the MAILsweeper for SMTP Policy snap-in.

• Component Wizards

  The component wizards guide novice and intermediate users through the process of creating individual components that can be used to build a policy. Each component wizard identifies the available item types, enabling you to select and create a specific item type. If you know that you need to add a particular component to an existing policy, but you are not sure of the specific type of item you should create, use the component wizard to consider the available choices and create the required item.

  You can start a component wizard either from the Getting Started Task Pad or from the Action or context menu on the relevant folder or item under the MAILsweeper for SMTP folder of the MAILsweeper for SMTP Policy snap-in.

• Item Wizards

  The item wizards guide advanced users through the process of creating a specific item type that can be used as part of a policy. If you know which specific item type you want to add to an existing policy, you can use an item wizard to quickly create the required item.

  You can start an item wizard either from the Getting Started Task Pad or from the Action or context menu on the relevant folder or item under the MAILsweeper for SMTP folder of the MAILsweeper for SMTP Policy snap-in.

All of the wizards provide clear information on how to create the policy, component, or item. Some component or item types can reference other types. If you have not previously created a related type, the wizards enable you to create and reference a related component or item at the appropriate point while you are creating your new policy, component, or item. For instance, you can create and reference a new classification while you are creating a new scenario.

Other key enhancements provided in the revised user interface include:

• Multiple instances of some actions can be configured in a single classification.
• Classifications types can be overridden.
• Scenarios can be dragged and dropped between scenario folders in the same MAILsweeper for SMTP Console.
• Wizards can be turned off, so advanced users can simply create and configure a properties page for a new item type.

Back to User Interface Features

MAILsweeper for SMTP help system

The help system was redesigned at CS MAILsweeper for SMTP 4.3 to enable you to quickly and easily locate the type of help you need.

Enhancements were made in the following key areas of the help system:

• Content

  The content was revised to more clearly separate overview, conceptual, and procedural information within each section of the help. Additionally, the information was split consistently between the help system and the manual. The help system provides information on how to configure CS MAILsweeper for SMTP 4.3 and why and when you perform particular tasks. The Reference manual provides information on how to plan, install, and start CS MAILsweeper for SMTP 4.3 and on what features and functionality CS MAILsweeper for SMTP 4.3 provides.

• Structure

  The structure was revised to clearly map help sections onto key elements of the MAILsweeper for SMTP Console. Each snap-in has its own volume in the help system. Within each of the MAILsweeper for SMTP Management and MAILsweeper for SMTP Policy volumes, there is a consistent arrangement of primary books, secondary books, and help topics which provide information on items in the console tree, details pane, and properties pages.

• Design

  The design caters for novice users who need comprehensive details, advanced users who just want to scan for basic information, and intermediate users who may need more detailed information for some areas and quick reminders on other areas. Because the new GU provides clear instructions on creating new policies, components, and items, the focus of the help has been changed to provide more assistance on viewing and updating existing items.

• Display

  The help system is a compiled Microsoft HTML Help system. It uses the standard HTML Help Viewer, which most users will find intuitive and familiar to use.

• Navigation

  The help system provides a number of navigation features to enable you to explore the contents of the help system in different ways, including a navigation pane (Contents, Index, Search, and Glossary tabs) and hyperlink (related topics, drop-down hotspots, text links, and browse sequences).

• Version information

  The help system is now supplied as a single help file, which makes it easier for the help to be updated between major releases of CS MAILsweeper for SMTP. The help system is now also assigned its own version number, so you can ensure that you have the latest version of the help for your release of CS MAILsweeper for SMTP.

Back to User Interface Features

Policy Configuration Features

These new features and enhancements introduced in CS MAILsweeper for SMTP 4.3 affect the way you implement your content security policy:

• Attachment Stripping
• Auditing
• Data Type Recognition
• LDAP Address List Filter
• Multiple Actions
• References
• Security Service Wait Timeout Value
• SMTP Alerter
• Tokens
• Unsolicited mail database

Back to New features in CS MAILsweeper for SMTP 4.3

Attachment Stripping

In CS MAILsweeper for SMTP 4.3, functionality to strip detected attachments was added as the Attachment Stripper scenario. This attachment stripping functionality also was added as an option to the following scenarios:

• Content Scanner scenario
• File Blocker scenario
• MIMEsweeper scenarios for third-party antivirus tools
• Virus Manager scenario

See the ReadMe release document for a known problem with attachment stripping.

A new token was added to list stripped attachments. For details, see Tokens.

Back to Policy Configuration Features

Auditing

The ODBC Auditor was no longer supported from CS MAILsweeper for SMTP 4.3. The ODBC Auditor provided ODBC auditing in MAILsweeper for SMTP in Version 4.0 and Version 4.1. It was supported in Version 4.2, but the Auditor for Reporting was the recommended audit plug-in.

Use the Auditor for Reporting, to record audit points in a database with an ODBC driver (for example, MSDE or SQL 2000) and generate management reports using a tool such as Crystal Reports. The Text File Auditor is still available for writing a daily system log and an optional message log for each message processed by CS MAILsweeper for SMTP. The Text File Auditor summary view now includes message size and classification.

You configure auditors from the Policies folder under the MAILsweeper for SMTP folder in the MAILsweeper for SMTP Policy snap-in.

Back to Policy Configuration Features

Data Type Recognition

Options for specifying data types were added and enhanced in CS MAILsweeper for SMTP 4.3 to simplify the way you configure CS MAILsweeper to recognize data types in email messages.

You configure the data types CS MAILsweeper for SMTP is to recognize in the Data Types tab of the properties page for a scenario that uses data type recognition:

• Attachment Stripper
• Content Scanner
• Data Type Manager
• Executable
• Virus Manager
• Third-party Anti-Virus Scanners

The following data type options have been added or enhanced:

• Container

  The Possible InstallShield subtype was added.

  Microsoft Windows Installer files can be detected, including installer, patch, merge, and transform files.

• Document

  The GenericCDA and CDA format managers that detect a Compound Document Architecture file were merged into a single CDA format manager.

  This means that you can now select just the Compound Document Architecture file (CDA) subtype to configure CS MAILsweeper for SMTP to detect CDA files whose specific Microsoft document type CS MAILsweeper for SMTP can determine as well as those whose specific type CS MAILsweeper for SMTP cannot determine.

• Multimedia

  The Sound and Video data type options were merged into a single Multimedia data type option.

  This means that you can select just the Multimedia data type to configure CS MAILsweeper for SMTP to detect all supported sound and video subtypes. You can, of course, still select only specific sound or video subtypes if required.

Back to Policy Configuration Features

LDAP Address List Filter

LDAP Address List functionality was improved in CS MAILsweeper for SMTP 4.3 to allow you to select categories of users. The default filter was changed from mail=* to objectclass=*, which obtains the email addresses of all groups and individuals defined in and beneath the specified node of the LDAP directory being queried.

You can specify your own basic or complex filters to define the criteria that the LDAP service is to apply to determine which email addresses to return when CS MAILsweeper for SMTP queries the LDAP directory.

Back to Policy Configuration Features

Multiple Actions

From CS MAILsweeper for SMTP 4.3 you can create multiple instances of the same type of action in one classification using the Policy, component, or item wizard.

The exception to this rule is the Deliver action. The delivery of a message can only be carried out once by any classification.

Back to Policy Configuration Features

References

Items in the References folder under the MAILsweeper for SMTP folder in the MAILsweeper for SMTP Policy snap-in were renamed at CS MAILsweeper for SMTP 4.3:

Back to Policy Configuration Features

Security Service Wait Timeout Value

The default wait timeout value for service operations in the CS MAILsweeper for SMTP 4.3 Manager is 30 seconds. When the wait timeout value is exceeded, the Manager notifies the user that the service request has failed. If CS MAILsweeper for SMTP is managing large configuration files or building large LDAP Address Lists, slow Security Service start-up may cause a false failure report.

You can increase the wait timeout value to avoid this, by increasing the Security Service wait timeout value in the Windows system registry.

To increase the wait timeout value:

1. Stop the CS MAILsweeper for SMTP Receiver, Security, and Delivery services.
2. Close the MAILsweeper for SMTP Console.
3. In Registry Editor, select HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SMTPSS.
4. On the Edit menu select New, then DWORD Value.
5. Rename the DWORD Value to MaxServiceStateWait.
6. On the Edit menu select Modify.
7. Select Decimal base, then Value data. Enter a new value between 15 - 1800 seconds.
8. Click OK.
9. Open the MAILsweeper for SMTP Console and restart the services.

Back to Policy Configuration Features

SMTP Alerter

The Windows Messaging Alerter was replaced by the new SMTP Alerter in CS MAILsweeper for SMTP 4.3. The new SMTP Alerter is not dependent on the mapi32.dll library file.

Back to Policy Configuration Features

Tokens

The new Removed Attachment Names token, %REMOVEDNAMES%, was added at CS MAILsweeper for SMTP 4.3. This token substitutes a list of attachments that CS MAILsweeper for SMTP has removed from an email message.

You can use this new token in the following places:

• the subject or body of a notification message generated by a Forward, Inform, or Reply action
• the text generated by an Alert or Log action
• the text of annotations added by scenarios

You configure CS MAILsweeper for SMTP to remove attachments from email messages in the appropriate tab of the properties page for a scenario that modifies the body of an email message:

• Attachment Stripper—Size tab
• Content Scanner—Scanner tab
• File Detector—File Mask tab
• HTML Manager—HTML tab
• Virus Manager—Antivirus Tools tab
• Third Party Anti-Virus Tools—Application Details tab

Back to Policy Configuration Features

Unsolicited mail database

In CS MAILsweeper for SMTP 4.3, two changes were implemented if you use an unsolicited mail database to check for unsolicited mail. The changes are:

• Location of the Properties page

  The location of the properties page for configuring the Look up SMTP hosts in unsolicited mail database was moved to the MAILsweeper for SMTP Console.

  You configure the unsolicited mail database option in the Security tab on the Policies Properties page, from the Policies folder under the MAILsweeper for SMTP folder in the MAILsweeper for SMTP Policy snap-in.

• Configuration of the unsolicited mail database

  The configuration of the unsolicited mail database was no longer restricted to the Realtime Black List (RBL). From CS MAILsweeper for SMTP 4.3, you can select your preferred unsolicited mail database.

Back to Policy Configuration Features

SMTP Relay and Routing Features

These new features and enhancements introduced in CS MAILsweeper for SMTP 4.3 affect the way you implement your SMTP security and relay policy:

• Dial-up Connection to the Internet
• Handling malformed email addresses
• Inserting IP address into Received Header

Back to New features in CS MAILsweeper for SMTP 4.3

Dial-up Connection to the Internet

Dial-up connection to the Internet is no longer supported from CS MAILsweeper for SMTP 4.3. This means that you can not use a dialup connection to your ISP to deliver messages processed by the Security service. It also means that you cannot use the POP3 protocol to download email messages for processing by CS MAILsweeper for SMTP.

Back to SMTP Relay and Routing Features

Handling malformed email addresses

An option to handle email messages with malformed addresses was added in CS MAILsweeper for SMTP 4.3. The Accept and attempt to fix invalid email addresses containing extra dots option is configured in the Receiver Service tab on the SMTP Relay Properties page.

This option handles malformed email addresses that contain excess dots in the address as shown in Table 1.

You can use this new option to determine how CS MAILsweeper for SMTP handles such malformed addresses:

• If selected, CS MAILsweeper for SMTP accepts email messages with such malformed addresses and attempts to correct the address. It encloses invalid user elements of the address in quotation marks and removes extraneous dots from invalid domain elements as appropriate.
  

  Table 1: Handling malformed email addresses

  Examples of malformed email addresses	Method for managing malformed email addresses
  invalid..sender@valid.domain invalid.sender.@valid.domain	Adds quotes at start of email address then continues to process the message.
  valid.sender@invalid..domain valid.sender@valid.domain..	Removes dots from the domain then continues to process the message.

• If not selected, CS MAILsweeper for SMTP rejects such malformed email addresses.

Back to SMTP Relay and Routing Features

Inserting IP address into Received Header

In CS MAILsweeper for SMTP 4.3, an option was added to insert the IP address of the connecting host that delivers an email message into the header of a received email message. The Insert IP address into Received Header for option is configured in the Receiver Service tab on the SMTP Relay Properties page.

The effect of this new option depends on the setting of related Lookup Connecting SMTP Hosts options in the Security tab of the Policies Properties page.

You can specify one of the following settings for the Insert IP address into Received Header for option:

• No connecting hosts

  CS MAILsweeper for SMTP never inserts the IP address of the connecting host into the header of received email messages. This is the default.

• Only connecting hosts whose DNS host name lookup does not match an entry in Relay Host list

  CS MAILsweeper for SMTP inserts the IP address of the connecting host into the header of received email messages only if the IP address does not match an entry in the list in the Relay Hosts tab of the Policies Properties page. For example, an empty relay host list is interpreted as being a relay host for every host, so by default IP addresses are not inserted.

• All connecting hosts

  CS MAILsweeper for SMTP inserts the IP address of the connecting host into the header of received email messages, even if the IP address matches an entry in the list in the Relay Hosts tab of the Policies Properties page.

Back to SMTP Relay and Routing Features

Revision 1.4
Published by Clearswift Ltd. November 2003
© 2003 Clearswift Ltd
All rights reserved

The materials contained herein are the sole property of Clearswift Ltd. No part of this publication may be reproduced or disseminated or transmitted in any form or by any means electronic, mechanical, photocopying, recording, or otherwise stored in any retrievable system or otherwise used in any manner whatsoever without the express permission of Clearswift Ltd.

Information in this document contains references to fictional persons, companies, products and events for illustrative purposes. Any similarities to real persons, companies, products and events is coincidental and Clearswift shall not be liable for any loss suffered as a result of such similarity.

The Clearswift Logo and Clearswift product names including ES^TM, ENTERPRISEsuite^TM, ES ClearPoint^TM, ES ClearSecure^TM, ES ClearEdge^TM, ES ClearBase^TM, ES ClearSurf^TM, CS DeepSecure^TM, CS Bastion II^TM, CS X.400 Filter^TM, CS FlashPoint^TM, CS ClearDetect^TM, CS ClearSupport^TM, CS ClearLearning^TM, CS MIMEsweeper^TM, CS REMOTEmanager^TM, CS MAILsweeper^TM, CS MIMEsweeper for Web^TM, CS e-Sweeper^TM, CS IMAGEmanager^TM, CS SECRETsweeper^TM are trademarks of Clearswift Ltd.

All other trademarks are the property of their respective owners. Clearswift Ltd. (registered number 3367495) is registered in Britain with registered offices at 1310 Waterside, Arlington Business Park, Theale, Reading, Berkshire RG7 4SA, England. Users should ensure that they comply with all national legislation regarding the export, import, and use of cryptography.