InterScanTM Messaging Security Virtual Appliance - Online Help ...

More documents

Recommendations

Info

Trend Micro InterScan Messaging Security Virtual Appliance Administrator’s Guide 11-12 Security parameters can be customized in the upstream site-specific TLS settings. TABLE 11-3. Upstream Site-specific TLS Security Parameters SECURITY PARAMETER Table 11-3 lists the upstream site-specific TLS security parameters in order of increasing security and customization. For example: smtpd_tls_policy: DESCRIPTION req_cert In mandatory TLS mode, IMSVA requires a trusted remote SMTP client certificate to allow TLS connections to proceed. This parameter overrides smtpd_tls_req_ccert in main.cf. In opportunistic TLS mode, this parameter does not work. ciphers The minimum TLS cipher grade that IMSVA uses. In opportunistic TLS mode, this parameter overrides smtpd_tls_ciphers in main.cf. In mandatory TLS mode, this parameter overrides smtpd_tls_mandatory_ciphers. The alternative parameters smtp_tls_exclude_ciphers and smtp_tls_mandatory_exclude_ciphers may also be used. protocols SSL/TLS protocols can be accepted by IMSVA. In mandatory TLS mode, this parameter overrides smtpd_tls_mandatory_protocols in main.cf. In opportunistic TLS mode, this parameter overrides smtpd_tls_protocols. exclude Ciphers can be excluded from the IMSVA cipher list. This parameter overrides smtpd_tls_exclude_ciphers in main.cf for all TLS security levels. This parameter also overrides smtpd_tls_mandatory_exclude_ciphers in mandatory TLS mode. encrypt req_cert=yes ciphers=medium protocols=TLSv1
Configuring Transport Layer Security Settings This policy is set to limit communication with IMSVA through a TLS connection to: • a specific IP address () • a trusted certificate • a cypher with at least a medium security level • a connection protocol that is only TLSv1 Configuring Downstream TLS Settings Configure main.cf and smtp_tls_policy to apply TLS settings to specific downstream connections. For example: • Modify main.cf: smtp_tls_security_level=none smtp_tls_policy_maps= hash:/opt/trend/imss/postfix/etc/postfix/smtp_tls_policy • Modify smtp_tls_policy: []:25 may example.com encrypt In the example above, servers not listed in the smtp_tls_policy will communicate with the Postfix client without TLS. The security level can be changed from may to encrypt or verify as required. For more information on security parameters in the downstream site-specific TLS settings, visit the following site: http://www.postfix.org/TLS_README.html#client_tls_policy Creating and Deploying Certificates in IMSVA This section provides you with an introduction on how to create and deploy certificates in IMSVA for Transport Layer Security (TLS) environments. 11-13
Page 1:
TM InterScan Messaging Security Vir
Page 4 and 5:
The user documentation for Trend Mi
Page 6 and 7:
Trend Micro InterScan Messaging Sec
Page 8 and 9:
Page 10 and 11:
Page 12 and 13:
Page 14 and 15:
Page 16 and 17:
Page 18 and 19:
Page 20 and 21:
Page 22 and 23:
Page 24 and 25:
Page 26 and 27:
Page 28 and 29:
Page 31 and 32:
Chapter 1 Introducing InterScan Mes
Page 33 and 34:
TABLE 1-1. Main Features and Benefi
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
TABLE 1-2. Types of spyware/graywar
Page 45 and 46:
Log Upload for Query Introducing In
Page 47 and 48:
Introducing InterScan Messaging Sec
Page 49 and 50:
Getting Started Chapter 2 This chap
Page 51 and 52:
Using the Online Help Getting Start
Page 53 and 54:
Setting Up a Child Device Getting S
Page 55 and 56:
Using Smart Search Getting Started
Page 57 and 58:
Getting Started • EUQ Services: H
Page 59 and 60:
Configuring User Accounts Chapter 3
Page 61 and 62:
To add administrator accounts: Conf
Page 63 and 64:
Configuring User Accounts Editing o
Page 65 and 66:
Chapter 4 Using the Configuration W
Page 67 and 68:
4. Type the following default user
Page 69 and 70:
Step 2: Configuring Deployment Sett
Page 71 and 72:
Step 4: Configuring Notification Se
Page 73 and 74:
Step 6: Configuring LDAP Settings U
Page 75 and 76:
a. For LDAP server type, select one
Page 77 and 78:
Step 7: Configuring Internal Addres
Page 79 and 80:
. Next to Server, type the TMCM IP
Page 81 and 82:
Updating Components This chapter ex
Page 83 and 84:
Specifying an Update Source Updatin
Page 85 and 86:
Rolling Back a Component Update Upd
Page 87 and 88:
5. Click Save. Updating Components
Page 89 and 90:
Chapter 6 Getting Started with Clou
Page 91 and 92:
Getting Started with Cloud Pre-Filt
Page 93 and 94:
TABLE 6-1. Cloud Pre-Filter Termino
Page 95 and 96:
Getting Started with Cloud Pre-Filt
Page 97 and 98:
Chapter 7 Getting Started with Emai
Page 99 and 100:
Using Email Encryption Using Trend
Page 101 and 102:
Getting Started with Email Encrypti
Page 103 and 104:
Getting Started with Email Encrypti
Page 105:
Section 2 Configuring IMSVA and Clo
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123: Trend Micro InterScan Messaging Sec
Page 191 and 192: Managing Policies Chapter 13 This c
Page 193 and 194: Managing Policies • Action: The a
Page 195 and 196: Common Policy Objects Chapter 14 Th
Page 197 and 198: Understanding Address Groups Common
Page 199 and 200: Add an individual address: Common P
Page 201 and 202: 6. Click the Add button. The Add Ad
Page 203 and 204: Common Policy Objects 4. Click the
Page 205 and 206: To export an address group from an
Page 207 and 208: 3. Next to List name, type a descri
Page 209 and 210: About Regular Expressions Common Po
Page 211 and 212: Common Policy Objects Each characte
Page 213 and 214: • 456abc • 56abc • 6abc • a
Page 215 and 216: Literal string and escape character
Page 217 and 218: 5. Specify a digital asset definiti
Page 219 and 220: TABLE 14-1. Predefined Expressions
Page 221 and 222: TABLE 14-1. Predefined Expressions
Page 223 and 224:
Common Policy Objects • Specific
Page 225 and 226:
TABLE 14-2. Overview of the Keyword
Page 227 and 228:
TABLE 14-2. Overview of the Keyword
Page 229 and 230:
To add or modify a policy notificat
Page 231 and 232:
Common Policy Objects • To: Type
Page 233 and 234:
Common Policy Objects 2. Click Add
Page 235 and 236:
To enable the DKIM Approved List: C
Page 237 and 238:
To add domains to the Web Reputatio
Page 239 and 240:
Internal Addresses Chapter 15 This
Page 241 and 242:
Internal Addresses • Enter domain
Page 243 and 244:
3. To add addresses manually, do th
Page 245 and 246:
Internal Addresses 4. Click the Rec
Page 247 and 248:
Configuring Policies Chapter 16 Thi
Page 249 and 250:
Configuring Policies 3. Select Anti
Page 251 and 252:
Configuring Policies 4. Select the
Page 253 and 254:
Configuring the Route Configuring P
Page 255 and 256:
Specifying Scanning Conditions Conf
Page 257 and 258:
Antivirus rule Configuring Policies
Page 259 and 260:
Other rule Configuring Policies a.
Page 261 and 262:
TABLE 16-1. Regulatory Compliance T
Page 263 and 264:
Configuring Policies Note: For inst
Page 265 and 266:
Configuring Policies Note: If you s
Page 267 and 268:
5. To add your own attachment name,
Page 269 and 270:
Selecting Scanning Conditions for M
Page 271 and 272:
To select recipient number scanning
Page 273 and 274:
Specify actions for "Other" rules:
Page 275 and 276:
Configuring Policies • Send polic
Page 277 and 278:
TABLE 16-2. Intercept Settings SETT
Page 279 and 280:
Configuring Policies • Insert saf
Page 281 and 282:
Creating a Tag Subject Configuring
Page 283 and 284:
Configuring Policies 4. In the Orde
Page 285 and 286:
Encryption Settings Chapter 17 This
Page 287 and 288:
Encrypting Message Traffic Encrypti
Page 289 and 290:
Scanning Exceptions Chapter 18 This
Page 291 and 292:
Scanning Exceptions Configuring Exc
Page 293 and 294:
To set scan actions for other scann
Page 295 and 296:
Scanning Exceptions Setting Scan Ac
Page 297 and 298:
Existing Policies Chapter 19 This c
Page 299 and 300:
To add domains to the Domain List i
Page 301 and 302:
Existing Policies 4. Click Name or
Page 303 and 304:
Step 4: Specify the Priority 1. Cli
Page 305 and 306:
Existing Policies 4. Click Subject
Page 307 and 308:
Existing Policies 16. Click Save. T
Page 309:
Section 4 Monitoring the Network
Page 312 and 313:
Page 314 and 315:
Page 316 and 317:
Page 318 and 319:
Page 320 and 321:
Page 322 and 323:
Page 324 and 325:
Page 326 and 327:
Page 328 and 329:
Page 330 and 331:
Page 332 and 333:
Page 334 and 335:
Page 336 and 337:
Page 338 and 339:
Page 340 and 341:
Page 342 and 343:
Page 344 and 345:
Page 346 and 347:
Page 348 and 349:
Page 350 and 351:
Page 352 and 353:
Page 354 and 355:
Page 356 and 357:
Page 358 and 359:
Page 360 and 361:
Page 362 and 363:
Page 364 and 365:
Page 366 and 367:
Page 368 and 369:
Page 370 and 371:
Page 372 and 373:
Page 374 and 375:
Page 376 and 377:
Page 378 and 379:
Page 380 and 381:
Page 382 and 383:
Page 385 and 386:
Backing Up, Restoring, and Replicat
Page 387 and 388:
To export device configuration file
Page 389 and 390:
To export settings: 1. Choose Admin
Page 391 and 392:
Settings That Cannot Be Restored
Page 393 and 394:
Backing Up, Restoring, and Replicat
Page 395 and 396:
Using End-User Quarantine This chap
Page 397 and 398:
To enable and configure LDAP: 1. Yo
Page 399 and 400:
Step 2: Enabling EUQ After configur
Page 401 and 402:
Using End-User Quarantine 3. Choose
Page 403 and 404:
3. Select Enable access. Using End-
Page 405 and 406:
Using End-User Quarantine Note: If
Page 407 and 408:
Disabling EUQ Using End-User Quaran
Page 409 and 410:
Chapter 28 Performing Administrativ
Page 411 and 412:
To add administrator accounts: Perf
Page 413 and 414:
Editing or Deleting Administrator A
Page 415 and 416:
Performing Administrative Tasks If
Page 417 and 418:
TABLE 28-1. LDAP Server Types LDAP
Page 419 and 420:
TABLE 28-2. LDAP Server Types LDAP
Page 421 and 422:
Performing Administrative Tasks 4.
Page 423 and 424:
7. Select Enable proxy under Proxy
Page 425 and 426:
To re-index database tables: Perfor
Page 427 and 428:
Performing Administrative Tasks •
Page 429 and 430:
• Trend Micro Antivirus and Conte
Page 431 and 432:
Chapter 29 Using the Command Line I
Page 433 and 434:
CLI Overview After you open the CLI
Page 435 and 436:
configure module IMSVA adminUI enab
Page 437 and 438:
configure network dns Configures DN
Page 439 and 440:
configure system password enable To
Page 441 and 442:
configure network route default Set
Page 443 and 444:
configure service ssh enable all En
Page 445 and 446:
help Displays the CLI help informat
Page 447 and 448:
start task postfix drop Using the C
Page 449 and 450:
stop service postfix Stops the post
Page 451 and 452:
service IMSVA Starts, stops, or res
Page 453 and 454:
show network Displays various IMSVA
Page 455 and 456:
PARAMETERS EXAMPLES: To display the
Page 457 and 458:
show service Displays the IMSVA ser
Page 459 and 460:
show module IMSVA status adminUI Di
Page 461 and 462:
shutdown Using the Command Line Int
Page 463 and 464:
EXAMPLES: Using the Command Line In
Page 465 and 466:
TABLE 29-1. Time Zone Setting Examp
Page 467 and 468:
TABLE 29-1. Time Zone Setting Examp
Page 469 and 470:
Modifying IMSVA Deployment Chapter
Page 471 and 472:
Adding and Removing Devices This se
Page 473 and 474:
Changing the Device Role from Paren
Page 475 and 476:
Changing IP Addresses Modifying IMS
Page 477 and 478:
Chapter 31 Updating and Rescuing th
Page 479 and 480:
Updating and Rescuing the System an
Page 481 and 482:
Chapter 32 Troubleshooting, FAQ, an
Page 483 and 484:
TABLE 32-1. Troubleshooting issues
Page 485 and 486:
Page 487 and 488:
Page 489 and 490:
Page 491 and 492:
Page 493 and 494:
Page 495 and 496:
TABLE 32-2. IMSVA Ports PORT NUMBER
Page 497 and 498:
TABLE 32-2. IMSVA Ports PORT NUMBER
Page 499 and 500:
Email Reputation Troubleshooting, F
Page 501 and 502:
End-User Quarantine Troubleshooting
Page 503 and 504:
ActiveUpdate How do I roll back a p
Page 505 and 506:
Troubleshooting, FAQ, and Support I
Page 507 and 508:
Troubleshooting Cloud Pre-Filter Un
Page 509 and 510:
• Email access to antivirus engin
Page 511:
Section 6 Appendices
Page 514 and 515:
Page 516 and 517:
Page 518 and 519:
Page 520 and 521:
Page 522 and 523:
Page 524 and 525:
Page 526 and 527:
Page 528 and 529:
Page 530 and 531:
Page 532 and 533:
Page 534 and 535:
Page 536 and 537:
Page 538 and 539:
Page 540 and 541:
Page 542 and 543:
Page 544 and 545:
Page 546 and 547:
Page 548 and 549:
Page 550 and 551:
Page 552 and 553:
Page 554 and 555:
Page 556 and 557:
Page 558 and 559:
Page 560 and 561:
Page 562 and 563:
Page 564 and 565:
Page 566:
show all

InterScanTM Messaging Security Virtual Appliance - Online Help ...

Create successful ePaper yourself

Delete template?

Save as template?