I had the chance to get involved in another GFI security product, this time was the turn for the GFI MAX MailProtection. This product represents a cloud service model for mail protection against spam, viruses and other threats.

Due to a significant spam and malware menaces increase in the last few months, having a network protection layer introduced in your mail platform could translate in saving tons of hours and headache for your IT team.

Some of the features included in GFI MAX MailProtection are:

• Works with any mail platform. It doesn’t matter if you have Exchange, Lotus Notes, GroupWise, Zimbra, or any other SMTP Server; MailProtection fits in.
• Inbound and outbound protection. Not only protect from getting threats into your organization, you can also be aware for possible “zombies” inside.
• Individual Mail Quarantines. Each user handles their own quarantine so they can check constantly the spam filter. Also you can configure a mail digest to be sent periodically.
• Administration delegation. You can set special permissions to users so they can administrate their own mailboxes security (I know, not a good idea in most cases).

Now, let’s take a deeper look about the solution.

Installation

In case you’ve missed it, this is a cloud service offered by GFI, meaning that you don’t need to set up any server in your platform; you just need to register and you’ll receive a mail with all the necessary information:

Setting Up GFI MAX MailProtection

Ok, with the info you received in the mail you pretty much have all what it takes to set up the product. Let’s take a quick look.

After you enter your credentials, and select the “Add a new domain”, the process is quite simple. I’m using an alternative domain “aalvarez.com.ar”.

After you successfully added the domain, to start working with users you can add them manually or synchronize the list using an LDAP query for Active Directory or openLDAP, or simply taking the data from a database.

In my case, I’m going to add them manually. Using the format “<username>@aalvarez.com.ar|<password>”

Inbound Filtering

The third basic step of configuring the service would be the Inbound Filtering options, basically the rules that you need for protecting your incoming mail. And what you’ll see here, there are simple steps and options that any administrator could comprehend.

Delivery Methods. In my case, tagging spam and delivering to the user’s junk mail.

Mails sent to unknown users: Block. Many spammers usually try some random names to get to mailboxes.

Greylisting. This is a common configuration when you are having spam issues. The feature will send a referral every time a mail is sent, making that any valid mail server will always retry sending this message. Most of spammers are programmed to ignore referrals and not try again.

Also in “Additional Blocking Rules” you can get more specific about mails you won’t allow. For instance, containing particular languages in a different language; or the attachment that includes.

In my case, I’m blocking anything that comes with a character from “Eastern Asia”.

Other possibilities in “Advanced Options” are, for example, “Hide Egregious Spam”. This option applies to avoid all the common spam to actually get to the junk mail for the user.

It is basically a “common sense” option, there are some well-known spammer’s behaviors and mails that do not need to actually get verified by the user. With that you’ll also avoid some curious users to not open any obvious spam.

Regarding to this matter, in “Hide Viruses”, you get the chance to automatically block any messages that contain viruses and don’t let them get near any junk mail.

Additionally to all that you will also get, of course, the whitelisting and blacklisting options.

Changing your MX Records

In case you are not familiar with the DNS platform, maybe this step could be the trickiest one. But there’s nothing out of the ordinary.

What you need is to redirect all incoming mail to the GFI MailProtection system, this way the service will evaluate the health of each mail regarding the configurations you’ve set.

You can check the records that applied to your domain in the “Overview” settings for each domain:

Outbound Filtering

The service does not avoid the possibility to check the health of the outgoing mail. It is unlikely that you would have in your organization a person that decides to spam and send viruses using their company mail… ok, maybe it is not so unlikely.

But there’s always a high possibility to have a zombie computer, infected with some worm that automatically sends spams and other malwares. Nearly 20 million of zombie computers are present in the world, something like 15K infected every day without the user even knowing about it.

You can treat the outbound spam the same way you treat the inbound and redirecting it to the junk mail.

Reporting

Ok, you already know about how to configure it, now let’s take a look how we can see the actual work that is done.

Your home page will look like this every time when you login, taking a glance for all the domains configured and the spam involved.

Within the “Reports” section, you can get a complete result for a selected period of time for message volume, virus received/sent, inbound and outbound messages.

Here’s a sample about how a very exposed domain would look like:

To give it a try with my domain, I’ve sent some mails that I’ve copied from other spam mails and see how are they treat by GFI MAX MailProtection. Also, I’ve deselected the character options for “Eastern Asia”, so any mail with that language will be automatically blocked.

To see what is in the “Inbound Quarantine”, you have to check on “Messages” section. Here’s how it looks like in my few tests:

Conclusions

Here’s a quick recap of what I’ve been testing it:

– The cloud model of this product fits perfectly in most environments, where you don’t to set up, deploy, troubleshoot any installation.

– Easy to configure: What you’ve seen in this post is what you get. It only took me around 10 minutes for getting it ready to stop all the spam in my domain. There are no tricky configurations and you don’t need to be an expert to get this service working for you.

– Reporting: Complete reports available to use with basically all the necessary information.

– But the reporting area does have a particular cons, does not have the option to export the information into a CSV or an Excel file, even a database would be fine to get.

That’s pretty much it for now.

Cheers!