Introduction

UserGate Mail Server is a full function mail server with POP3, IMAP4, SMTP, HTTP, HTTPS, and SSL support. UserGate Mail Server major features include local and remote accounts support, distribution lists support, LDAP and Webmail directory services synchronization, integrated antivirus and anti-spam modules as well as a powerful and flexible rules system.

Mail security in UserGate Mail Server is provided by two integrated antivirus modules from Kaspersky Lab and Panda Security. Both antivirus modules are intended for mail traffic scanning and can be used separately or jointly for successive message scanning.

For antispam protection, in addition to the standard filtering features (a white list and a black list), UserGate Mail Server uses two full function modules from Commtouch and SpamAssassin. The Commtouch module is built with a unique filter, based on a proprietary RPD (Recurrent-Pattern Detection) algorithm that identifies spam by its primary feature - frequency of occurrence. Unlike other antispam filter vendors, Commtouch does not provide filter updates based on a typical content definitions database: its product scans mail traffic for spam patterns.

The SpamAssassin antispam module is an extendable mail filter used for spam identification. The module filters messages by successively passing them through a series of tests. Each test has a certain "value." If a message passes a test, the value is added to the total score. The value may be both positive and negative; all positive values are called "spam." The message passes all tests, after which the module calculates the total score. Higher scores mean higher possibility that the message is spam.

System Requirements

We recommend installation of UserGate Mail Server on computers with Windows XP/2003/Vista operating systems. If you are planning to use your mail server with external networks, the computer with a UserGate Mail Server must have an Internet connection.

Installation

To install UserGate Mail Server, run setup file and select the required options in the installation wizard. The installation will include all the selected components and an additional MS Visual C++ Redistributable package. All system services will be installed automatically, and the mail server will be launched after installation. The mail server default installation directory is "%Program files%\Entensys\UserGate Mail Server" (hereinafter, %UserGate Mail%).

If the mail server does not respond to primary services (SMTP, POP3 or IMAP) connection requests, check the administrator console port settings. By default, the mail server uses TCP port 2222 to communicate with the administrator console. .

Update and Uninstallation

We recommend you uninstall the previous version of UserGate Mail Server before installing the new one. If necessary, you can save server settings file "%UserGate Mail%\settings.xml" and statistics database. The backup copies of the statistics database are located in the "%UserGate Mail%\Backup" folder.

To uninstall UserGate, go to Start - Applications and select Uninstall in the application program directory. You may also uninstall the application from Add/Remove Programs menu in Control Panel. UserGate Mail Server will be removed, but server settings file (settings.xml), copies of the statistics database (Backup folder) and some other files will not be deleted from the program folder.

Quick Setup

1. Open the administrator console and connect to the server.

2. Go to Server Settings - domains, right-click on an empty area and select "Add domain."

3. Specify domain settings, full domain name (e.g. esafeline.net), domain alias and signature (e.g. your company signature) if required and save changes.

4. Add several user accounts. Go to domain Settings - local accounts. Specify names that will be used in mail addresses before the @ symbol and their passwords.

5. The quick setup is completed. Default spam protection includes a DNSBL spam blacklist (sorbs.net, spamhause.org). Antivirus modules and spam analysis modules (Commtouch module and free SpamAssassin module) are also running. So most spam messages will be stopped before they reach the destination mailboxes.

6. For remote access to your mailbox via web-interface, type the IP address of the computer with Mail Server and extension for port 5555 in your browser window: for example, http://192.168.0.1:5555.

7. Setting up your mail client is a simple task. To set up POP3 and SMTP servers, specify the IP address of the computer with UserGate Mail Server (e.g. 192.168.0.1 like in the example above), account name and password. If your account name is testuser and the domain name is esafeline.net, the user name may be specified with the @ symbol and the domain name (testuser@esafeline.net) or without them (testuser).

Connection Setup

When you start the administrator console for the first time, it will open on Connections page. This page contains the single connection with the UserGate Mail Server, working through interface 127.0.0.1 for the Administrator. To establish connection between the administrator console and the server, double-click the connection line or click "Connect" in the control panel. You can create more than one connection on the Connections page if the administrator console is to work with multiple mail servers. Specify the following parameters in the connection properties:


Fig. 1. Connection Setup

You can additionally enable options "Prompt for password on connection" and "Connect automatically." If the second option is enabled, connection with the specified mail server will be established automatically when the administrator console is launched. Specify your login and password in the server settings file (%UserGate Mail%\settings.xml) and administrator console settings file (%UserGate Mail%\Console\console.xml).

Assign connection password

To assign UserGate Mail Server connection password, go to the "Server Settings - Remote Admin" page in "Advanced Security Settings" menu. You can also assign TCP port for server connection in this menu. New settings will be enabled immediately after application; you do not need to restart the server.

Assign password for UserGate statistics database access

UserGate Mail Server uses a special service called UserGate Mail Database Service to store server settings and user messages. The service is based on the PostgreSQL database management system. The default service installation folder is "%UserGate Mail%\pgsql.". The connection to the database can be established via localhost interface to TCP port 5432.

Fig. 2. Setting up database parameters

The UserGate Mail Server installer automatically creates three accounts (root, ugmailuser, and ugwmuser) for statistics database administration. Users login and password, as well as UserGate Mail Database Server address and port for the users are specified in files %UserGateMail%\pgsql\etc.

The UGMail database is created to store UserGate Mail Server settings. The database can be accessed under ugmailuser account. A separate database (ugwm) is created for the administration of UserGate Webmail. The database can be accessed under ugwmuser account. A user with root privileges utilizes UserGate Mail Service to create databases if they are not available when the mail server is launched.

Server Setup

Basic settings

In Basic Settings, specify the required parameters for UserGate Mail Server database access. Default settings presuppose that the database server is located on the same computer where UserGate Mail Server is installed, so the database address will be specified as localhost. The mail server works with the database through the ugmailuser account.

Fig. 1. Basic Settings

You can make a heavy loaded server working with several domains work faster by enabling database object caching. The mail server will then cache all mail domain and account data, which helps to minimize database requests. In cache settings, specify the cache record time-to-live (TTL). The default TTL is 60 seconds.

Mail messages are processed in several threads. The administrator may specify the required number of threads processing the mail delivery (Max. Delivery Threads) and the maximum number of threads (Max. TCP threads), as well as assign a priority to different threads (Thread Priority).

Fig. 2. Setting Up Threads and Priorities

Caution: We do not recommend increasing the total number of threads to the maximum value or set the highest priority to them unless necessary, as this may increase the memory usage by UGMail.exe process and the processing time.

Setting message store location

The folder (Message Store) where the mail server will store all incoming messages is specified in General Settings. By default, all incoming mail will be placed in folder %UserGate Mail Server%\Mail. The folder %UserGate Mail Server%\Tmp is used to store temporary files during a virus scan of incoming messages.

Fig. 3. Mail Store Settings

Server settings

If your mail server works with more than one domain, the administrator can specify a Default domain. In this event, if the user specifies only a part of email address (without the domain name) during the authorization, the mail server will automatically add Default domain.

Shadow email

With UserGate Mail Server you can copy all incoming mail to the specified email address (Shadow Mail). Any existing email address can be used for Shadow Mail. Incoming mail will be copied regardless of any further processing of mail by antispam or antivirus modules and regardless of user mail processing rules.

Creating server messages templates

An administrator can create templates for mail server service messages in Server Messages Setup. There are preset scripts for certain types of messages that help make message text more detailed. For example, %_ATTACHMENT_% macro denotes the name of the attachment. When creating a service message, the mail server will replace the macro with the name of attachment.

Fig. 4 and 5. Server Settings. Creating Server Messages Templates

Services

Mail protocols are processed by a number of services. The services are listed on the Services page of the UserGate Mail Server administrator console. You can specify the list of interfaces and ports for each service, set the maximum of simultaneous connections and limit the range of IP addresses to which connection will be allowed. By default, mail servers process all the available server network interfaces. Also, in default settings, connection to mail services is allowed from any IP address (from 0.0.0.0 to 255.255.255.255).

The administrator can also create the so-called Welcome Message for each service in addition to network settings.

Fig. 1. Services

Fig. 2. Service Settings

domains

The domain name is the key setting for the mail server. An administrator can specify the domains to be processed by the mail server in the administrator console's domain page. The following information should be specified for each domain:

Fig. 1. domains

The domain size is calculated as the total size of accounts in the domain. If the total size of accounts in the domain exceeds the maximum domain size, the main server will stop processing incoming mail for that domain.

Fig. 2. domain Settings

In the domain settings, the administrator can also specify domain Signature and signature attachment rules and set one or more alternative domain names (alias).

Fig. 3 and 4. domain Signature. Aliases

The LDAP Sync option in mail domain settings can be used to synchronize accounts with an LDAP directory, such as the MS Active Directory.

LDAP synchronization

In addition to the local database of mail domain accounts, UserGate Mail Server supports LDAP directories accounts import. This allows centralized accounts management, reduces possible errors and simplifies the administration process. The procedure of LDAP synchronization is described below:

You can make additional settings on the Advanced page, such as the name of subdirectory from which the mail server will start browsing through the LDAP directory structure. When synchronizing, the mail server will browse all inferior subdirectories of the LDAP directory.

When addressing the LDAP directory, the mail server will select all accounts that have email addresses in their properties. Directory will be accessed via LDAP protocol. Safe protocol is not currently supported. The timeout for a new request (2 minutes) cannot be changed.

Fig. 5. LDAP Synchronization Parameters

Delivery Routes

You can specify incoming mail delivery routes for each domain on the administrator console's Routes page. The following parameters should be specified in the route settings:

Fig. 1. Server Routes

You can also specify the accounts in the route parameters to which the route will apply. A set route will apply to all domain accounts by default.

If the "Address as local" option is enabled, the domain specified in the route will be considered local and the administrator does not have to set the applicable permissions in Relay Settings.

Fig. 2. Route parameters

Web Mail Properties

On this page, the administrator can set UserGate Webmail properties, including "Company Name," welcome message text, system locale and company logo. IMAP sorting can also be enabled on this page. UserGate Webmail uses port 5555 and can be accessed at http://ugmail:5555/webmail by default, where ugmail is the address of the server on which the UserGate Mail Server is installed.

Fig. 1. Web Mail Settings

Server Access Settings

Mail server can be administered from a special program - administrator console. The administrator console is an independent application that communicates with the server via a special protocol over TCP. The console uses port 2222 to communicate with the server by default. On the Remote Admin page, an administrator can create policies for the administrator console connection only from listed IP addresses. Policies will be processed according to their priorities. Policy priority corresponds to its location in the policy list. The "default" policy denying administrator console connection from all addresses will be processed last. You can also set the login and password for administrator console connection and the port number on the Remote Admin page.

Fig. 1. Access Settings Page

Fig. 2 and 3. Access Range Settings. Login and Password Settings

Backup

You can set backup parameters for messages and server settings on this page. Backup can be enabled or disabled. You can also specify the backup folder location and set the number of copies to store.

In advanced parameters, you can set the backup schedule, the differential backups schedule and the date of initial backup and scheduled backup time. In the beta-release, you may restore data from your backup copy using the batch file (Restore.bat). To restore, launch the batch file on your server from folder (C:\Program Files\Entensys\UserGate Mail Server).

Fig. 1. Backup Settings

SMTP Server

Basic settings

SMTP server basic settings include mail delivery parameters, delivery schedule, restrictions applied to mail protocols under RFC requirements, and some other parameters.

Fig. 1. SMTP Server Settings

Delivery queue parameters are the main parameters of SMTP settings.

These parameters specify how long a message will be queued for processing and how mail will be delivered. Queue parameters include:

Hostname parameter will be used by the mail server for connection to other mail servers to deliver mail messages.

By default, the SMTP server uses the so-called MX delivery mode when each message is delivered to the server that is responsible for the recipient's domain. Still, an administrator may specify a relay server in SMTP Delivery Settings. Login and password can be set in the Relay Server settings if the server requires authorization.

The SMTP server can be set to block incoming mail addressed to more than one recipient. The maximum number of recipients is set by the parameter Maximum Recipients. In addition, a delivery log is available that allows detailed logging of the sending process.

Mail processing may loop as it is a non-linear process due to user policies and the antivirus and antispam modules. This situation is very unlikely, but settings include the parameter "Maximum relay depth" to prevent looping.

Fig. 2. Relay Settings

Relay parameters

The mail server administrator may allow or deny certain types of mail processing for particular a IP addresses or a range of addresses. The relay settings should specify:

In relay options, you can allow mail relay within your mail domain (Local - Local), sending mail to remote domains from your local domain (Local - Remote) and receipt of mail addressed to your domain from remote domains (Remote - Local).

If the Remote - Remote option is enabled, your UserGate Mail Server will be used as a relay server. We strongly recommend you do not enable this option because open relays are invalid configurations for mail servers according to the Internet Society. Never enable this option if the server can be accessed from the Internet.

Caution: Do not enable Remote - Remote option for the entire IP range if your server works with remote mail servers. This will make your server an open relay.

Policies in Relay Settings will be processed according to the set priorities.

Fig. 3. Setting Relay Permissions

domain Settings

Local user accounts

Create user accounts on Local Accounts page for each domain. User account parameters are set as follows:

User authorization via LDAP

Specify password in account settings to enable authorization at the mail server. There is no need to specify password if the mail server is installed on the computer included in the Active Directory domain and LDAP Sync option is enabled in the mail domain properties. The domain password will be used for authorization.

Figures 1, 2 and 3. User Account Settings

Remote Accounts

You can associate each local account in UserGate Mail Server with a remote account. A remote account is used for occasional requests to a remote mailbox. If there are new messages in the remote mailbox, they will be automatically downloaded to a local account and, depending on the settings, may be deleted from the remote mailbox. If the local account or associated domain is inactive, mail will not be downloaded from remote accounts. Remote account settings should be set as follows:


Fig. 1. Setting Remote Accounts

Distribution Lists

You can send the same message to a group of email addresses included in a particular distribution list. A distribution list is an address from which your message is copied to all addresses on the list. Distribution list settings should be set as follows:

UserGate Mail Server supports three distribution modes. General mode is a common distribution mode in which distribution messages can be sent from any address.

In Group mode, only users listed in the distribution properties can send messages to a distribution group. Messages sent from other accounts will be replied by the mail server with the following notification: "550 Not authorized."

Information mode is used when a certain account needs to send messages to all addresses on the distribution list. Messages sent from other accounts will be replied by the mail server with the following notification: "550 Not authorized."

Figures 1 and 2. Distribution lists

Message Rules

All messages in UserGate Mail Server are processed according to message rules. Rules are the combination of conditions with AND/OR operators and one or more actions that should be processed if the condition is true. Rules are implemented in a top-down sequence, which means that each message can be matched to several rules. For non-linear message processing, you can select the "Stop Processing" option to disregard downstream rules or "Jump to Rule" to jump to a certain downstream rule.

Fig. 1. Message Rules

You can select the following options:

- Subject field [Equals, Contains, RegEx, Not Contains, Not Equals]

- From field [Contains, RegEx, Not Contains]

- To field [Contains, RegEx, Not Contains]

- CC field [Contains, RegEx, Not Contains]

- Message Body [Contains, RegEx, Not Contains]

- Message Size [Less than, Greater than]

- Message attachment [Equals, Contains, RegEx, Not Contains, Not Equals]

- SURBL check [Clear, Spam]

- SpamAssassin check [Clear, Spam]

- CommTouch check [Clear, Spam]

- Kaspersky check [Clear, Suspicious, Infected]

- Panda check [Clear, Suspicious, Infected]

The following actions can be selected:

- Delete

- Stop processing

- Forward

- Reply

- Move to IMAP folder

- Jump to rule

- Notify

- Add Custom header

- Remove attachment

Mail filtering by Custom Header is not supported. This function is performed primarily by a mail client. You can apply rules to all or selected domain accounts.

Figures 2 and 3. Rules

Antispam Modules

UserGate Mail Server supports several spam protection technologies that include DNSBL (DNS blacklist), SURBL (Spam URI blacklist), Greylisting and Tarpitting.

Fig. 1. Antispam

Greylisting

Greylisting is a tool to delay mail delivery. An incoming message is not delivered immediately, and the sender receives a message requesting to retry sending the message later. The data triplet (information about the sender, recipient and destination) remains unchanged. If the triplet of the incoming message matches one of the triplets in the list, the message is delivered immediately (this means the sender is trying to send the message again). This helps filter spammers, because they usually do not retry sending messages to the same addresses.

Blacklists (DNSBL)

Dynamic blacklist is a network service offered by blacklist providers. The providers track IP addresses (sometimes domain names) compromised by spammers. Mail filters with a dynamic blacklist support submit a request to a blacklist provider that contains the sender address and addresses of mail servers the message passed in route to the recipient. If the request shows that the address is on the black list, it means the message most likely contains spam. Along with maintaining spammer lists, some blacklist providers track outgoing addresses of viruses, trojans, worms, applications allowing unauthorized remote control and other malicious content. Dynamic blacklist services are requested via a DNS service to check if the spammer lists contain the IP addresses listed in the message heading (in the Sender field or mail relay server addresses in the Received fields: character domain names can be used along with IP addresses).

Tarpitting

This is a method of delaying delivery of mail from a remote server suspected of spam distribution. A server may become suspicious due to a large number of recipients of the same letter. If this number exceeds a set limit, tarpitting will apply to all further messages from that server.

SURBL filtering

SURBL filtering is used to detect spam by URL contained in the message text (verification against blacklists). The module extracts the domain component (level 2 or 3) for each URL found in the message, adds a SURBL name suffix and sends a DNS request to the SURBL server(s) address. For example:

URL (http://some.test.ru/index.html) -> test.ru + (insecure-bl.rambler.ru) -> resolve test.ru.insecure-bl.rambler.ru -> 127.0.0.1 -> add symbol

A separate list (2tld file) is used for domains in which three levels instead of two should be checked. This may be applicable to virtual hosting services or special areas for Level 3 domains, such as org.ru or pp.ru.

SpamAssassin module

SpamAssassin is an expandable spam mail filter. The module filters incoming mail by consecutively passing them through a series of tests. Each test has a certain "value." If a message passes a test successfully, the value is added to the total score. The value may be both positive and negative; all positive values are called "spam" and negative values - "ham." The message passes all tests, after which the module calculates the total score. Higher scores mean higher possibility that the message contains spam.

SpamAssassin has an adjustable limit. If the message exceeds the limit, it is classified as spam. As a rule, the limit should be set to let a spam message match more than one criteria. Matching just one test is not enough to exceed the limit.

Commtouch module

Commtouch Anti-Spam Gateway is a patented spam protection solution for mail servers and SMTP gates. Commtouch module is uses a unique filter based on proprietary RPD (Recurrent-Pattern Detection) algorithm that helps identify spam by its main feature - frequency of occurrence. Unlike other antispam filter vendors, Commtouch does not provide filter updates based on a typical content definitions database: its product scans mail traffic for spam patterns.

When the Anti-Spam Enterprise gate receives an e-mail, it looks for the relevant rule in the local policies that applies either to the company in general or to the particular users. If the message does not match any of the rules, Commtouch module starts looking through local cache with previous responses by the Anti-Spam Detection Center. If it still cannot find a rule for the message, the gate module sends a request to the Anti-Spam Detection Center located at Commtouch. If the Center is unavailable, the message is delivered to the user's inbox.

If a message is classified as spam, the gate module acts according to its configuration settings. A legitimate message is delivered to the user mailbox.

Antivirus Modules

UserGate Mail Server has two integrated antivirus modules from Kaspersky Lab and Panda Security. Both modules scan SMTP traffic. The antivirus modules can be configured on Antivirus page of administration console. An administrator may specify the maximum size of messages scanned by antivirus modules and action on virus detection, as well as enable notification of message sender and recipient.

Before you start the antivirus modules, proceed with update of virus definitions. With default settings, virus definition updates are downloaded from Kaspersky Lab website for Kaspersky Antivirus and from http://www.usergate.ru for Panda Antivirus.

UserGate Mail Server can simultaneously work with two antivirus modules. The sequence of scanning is defined by the Message Rules set by the UserGate Mail Server Administrator.

Message Queue

The Message Queue page indicates the queue of messages on the mail server. The mail server administrator can remove messages from the queue, stop the queue or resume message queue. By default, message queue lists the 20 last messages processed by the mail server.

Fig. 1. Message Queue

Message History

Message history summarizes the work of the mail server. The Message History page contains all the valuable information about the messages processed by the mail server. This page also contains some information about the integrated antivirus and antispam modules' activity. You can check the time when a message was processed, its To and From fields and which modules processed the message.


Information can be sorted by Date, Source, Destination, Subject or a module (antispam or antivirus). It also contains information about the activated message rules: if a message was processed by a rule, it will be indicated on the Message History page.


The Message History page was intended as the principal source of help and the source of information about the messages processed by the mail server. It helps resolve mail delivery problems. There are several actions that can apply to each message: it can be either delivered to its recipient or added to the white address list (in the next version) if one of the antispam modules classified the message as spam by mistake.

Fig. 1. Message History

Server Log

Server Log page contains a processing log for mail server modules and can be browsed with filtering by different parameters. Mail server administrator may browse logs for each individual module of UserGate Mail Server.

Fig. 1. Server Log