• Contacts
  • Contact Details
  • Contact Us
  • Home
• Encryption Solutions
  • Enterprise Encryption
  • Laptop Encryption
  • PC Encryption
  • PDA/SmartPhone Encryption
  • Email Encryption
  • Portable Media Encryption
  • Services
• Solutions for email
  • Email Archiving
  • Webroot E-mail Filtering Service
  • E-mail Firewalls Anti-SPAM
  • Anti-Virus
• Enterprise Mobile Solutions
  • Application Development
  • Mobile Device Management
  • Mobile Device Security
• Security Solutions
  • Remote Access SSL VPN
  • Password & Identity Management
  • Internet Firewall
  • Secure DNS Server
  • Document Collaboration
  • Web Content Management
  • E-commerce
  • Alumni Membership
  • Network File Encryption
  • USB Memory Drives
  • Smart Cards & Single Signon
  • Aladdin eToken
  • URL Web Filter
  • Fault Tolerant IP
  • SSL Acceleration
  • Tape Backup
  • Network Storage
  • Wireless Networking
  • Domain Names
• Resources
  • Library
  • Product Data Sheets
  • Customer Projects
  • Articles & Links
  • Credit Card Systems
  • Nominet T&C's
  • Accessibility
• Site
  • Home
  • News
  • Events
  • Contact Details
  • Contact Us

MXtreme™ Mail Firewall 6.0 Update 2

Release Notes

Message Archiving

This release adds archiving support to MXtreme allowing organizations to define additional mail handling controls for inbound and outbound mail. This feature is especially important for organizations that must archive certain types of mail for regulatory compliance or for corporate security policies.

MXtreme now allows mail to be categorized and selectively archived for different levels of importance. By providing the ability to classify and archive messages at different levels, mail of high importance or compliancy classification can be archived while allowing different actions for mail of lower importance. These features also prevent the waste of unnecessary resources by ignoring spam messages and other types of unwanted mail when archivingmessages.

MXtreme can integrate with third-party archiving servers and archive e-mail messages by creating pattern filters to classify messages and route them to the appropriate archiving server or an archive e-mail address, while still delivering the e-mail to its original recipients. Mail headers added to an archived message by MXtreme allow administrators to customize their archiving services for efficient retrieval of archived messages.

Archiving can be used with Pattern Based Message Filters, the Objectionable Content Filter, and Attachment Content scanning, including the use of these features via Policies.

Archiving is configured via Mail Delivery - Archiving.

URL Block Lists

URL Block Lists contain a list of domains and IP addresses of URL web addresses that have appeared previously in spam, phishing, or other malicious messages. This feature is used to determine if the message is spam by examining any URLs contained in the body of a message to see if they appear on a block list. Similar to DNS Block Lists, the URL Block List will be queried to see if a URL exists on the configured block list server. If the sender is found to be on a Block List, then this information will be used by the Intercept engine to decide whether a message is spam or legitimate mail. If a URL matches on more than one URL block list, this will increase the weight score assigned by Intercept.

URLs can be checked by one of two methods:

• A DNSBL check that queries a DNS Block List server to lookup the full domain using the resolved host IP address for the URLs in a message
• A SURBL (Spam URI Realtime Block Lists) method that performs lookups for a domain using the base domain or IP addresses of the URL

BorderWare provides a default DNSBL server that can be used for the URL Block List. SURBL type-lists can be added by the administrator, but caution must be taken when adding servers as some free SURBL services may cause false positives.

URL Block Lists are configured via Mail Delivery - Anti-Spam - Intercept - URL
Block List.

Token Analysis Enhancements

The Token Analysis engine has been improved with the follow features to increase the spam catch rate, prevent false positives, and provide improvements to performance:

• Improves and refines JavaScript detection in HTML messages. The presence of JavaScript can be an indicator of a spam message.
• Detects non-standard port numbers in URLs (such as http://example.com:1234)
• Detects basic phishing scams by comparing the URL in a message to its actual link.
• Stylesheet parsing has been improved to ensure that tokens are properly extracted from the message contents and not obfuscated by the stylesheet contents.
• Detects invalid IP address octets in the Received headers of a message (such as 123.456.789.012)
• The initial token set has been enlarged and improved to detect the latest variants of spam and prevent false positives.
• In the advanced configuration of Token Analysis, administrators can now select which Intercept features will be trained for spam.

Brightmail Skip Threshold

Brightmail processing can now be skipped depending on how Intercept has already classified the message. This feature can increase performance by skipping processing for a message already classified as spam. For example, Brightmail can be configured to skip processing if messages have already been classified by Intercept as "Probably Spam". This feature is configured via Mail Delivery - Anti-Spam - Brightmail. Note: Intercept Anti-Spam features must be enabled to skip Brightmail processing.

BSN Whitelist For Mail Relays

Administrators can now whitelist friendly local networks or addresses of known mail servers in their environment that relay mail via MXtreme. These specific networks and servers can be added to the "relays" IP Address list in the Threat Prevention feature to ensure that reputation statistics for these addresses will not be uploaded to BSN. The feature is configured via a link on the Mail Delivery - Anti-Spam - Intercept - BorderWare Security Network screen.

Product Notes

The IP Reputation option in Intercept has been renamed to Mail Anomalies.

• BSN (BorderWare Security Network) configuration has been moved from the Intercept IP Reputation menu to Mail Delivery - Anti-Spam - Intercept - BorderWare Security Network.
• The "Discard Mail" option (that rejects a mail message without notification to the sender) and the "Quarantine" option (to send the mail to the administrative quarantine area) has been added as a possible action for all Intercept Anti-Spam selections.
• The null character detection option in the Malformed Mail feature has been modified to allow the administrator to specify how to check for null characters. Options are: " disabled", "in raw email", and "in raw email and attachments". The null character detection feature may cause incompatibility with certain mail servers and decoded attachments, and it is recommended that this feature be disabled if issues occur.
• A "State" column has been added to the Domain, Group, and User Policy screens to show which policies are enabled or disabled.
• Group policy can now be disabled if they are not being used for Policies in your organization. This may help performance for organization's that have a large number of Directory Users and do not need to use Group Policy. Click the Disable Group Policy button in the Group Policy screen to disable this feature.
• DomainKeys signing can now be enabled or disabled globally via Mail Delivery - Domain Keys Signing. If enabled, the use of message signing must be configured via Policies.
• When an outbound message is signed by DomainKeys, the event now appears in the Mail Transport log.
• The administrative quarantine area can now be searched for compliancy violations that have been quarantined. The subject, message text, or file name that has failed the compliancy check will be appended to the "Compliancy" classification, such as " Compliancy:[message subject]"

Issues Fixed In This Release

The following issues are fixed in Update 2:

General

• If a space was inserted in the serial number when licensing Kaspersky Anti-Virus, the system appeared licensed but anti-virus pattern updates failed.
• Strong authentication settings were not being applied for non-admin users after MXtreme was restarted.
• The Health Check service was sending very large log files when reporting on a system.
• MXtreme was rejecting mail returned from an encryption server if "Trusted Subnet" was disabled for that network.
• The Attachment Content scanner was not properly timing out when it could not process a file.
• The Attachment Control scanner was not properly recognizing certain attachment types resulting in these known attachments types being blocked.
• Disabling the Encrypt/Decrypt feature did not disable it when using the Objectionable Content Filter.
• When a message was rejected by the Mail Mapping as Access Control feature, the intended recipient was not logged.
• Virtual mappings were still being applied after they were deleted.
• The "Maximum Recipients Reject Code" setting was actually taking its value from the "Maximum Unknown Recipients Reject Code" setting.

Intercept and Anti-Spam

• Sending an internal mail message (such as those generated by a daily backup) with Token Analysis enabled and the local training threshold set to 0 caused issues with the scanner.
• Token Analysis data was not being purged properly during a database rebuild.
• Token Analysis scanning was still being performed even when it was disabled, or there were no pattern filters configured to check for tokens within messages
• The "Train" action was being applied when a message matched multiple pattern filters.
• If a PBMF was created using a "RCPT TO" field, its action overrode the Reject On Unknown Recipients feature. This type of PBMF will now only override this feature if the priority is set to "high".
• When a server is rejected because of a DNS Block List, the returned reason included details of the rejecting DNS Block List server.
• Certain SPF TXT record responses were not being parsed properly.
• Issues with Domain Keys selector name field validation have been fixed.
• The DomainKeys selector configuration was not replicating properly in a clustered setup.
• The "Strip Incoming DK headers" option for DomainKeys authentication and the " Remove Duplicate Headers" option for DomainKeys signing were not working.
• Queue file write errors were appearing in the logs when sending a message with malformed DomainKeys headers.
• Messages could not be released from the user spam quarantine via the spam summary notification message when the user name contained special characters.

Reporting and Logs

• When reports did not generate correctly, subsequent reports could not be generated until the system was rebooted.
• The "Top Pattern Based Message Filter" field in a report displayed incorrect actions or extraneous data for some patterns.
• Advanced log searches were timing out when there was too much data to display.
• Older log files were not being rolled over properly.
• The MXtreme logging service was using a large amount of resources when working with large amounts of existing log files.
• A filtered System History search only allowed one page of returned data to be accessed.

Policies and LDAP

• MXtreme was not creating a corresponding mirror account for an imported LDAP account if an attribute was base64 encoded.
• MXtreme was treating RCPT TO e-mail addresses as case-sensitive when processing mail for the user spam quarantine and LDAP mirrored accounts.
• Organizations with a very large number of LDAP users and groups encountered long boot times when MXtreme was started.
• The Policy name was missing from the PBMF title when editing pattern filters for a policy.
• Clustering database issues were encountered when importing LDAP user and group information in a cluster.

Threat Prevention and BSN

• Threat Prevention was not properly counting messages classified as spam.
• Adding an IP address to the Threat Prevention internal address list to whitelist server from BSN checks required a stop and start of the mail system.

New Features Added In Update 1

DomainKeys™ Outbound Message Signing

This release builds on the DomainKeys support implemented in MXtreme 6.0 by adding the ability to sign outbound messages for authentication via DomainKeys. MXtreme supports the use of the Policy engine when signing outgoing messages, allowing administrators to configure signing for only specific domains or users that have been configured for use withDomainKeys.

New DomainKeys Inbound Header Options

New options for receiving DomainKeys signed messages have been added to the Mail Delivery - Anti-Spam - Intercept - DomainKeys Authentication menu.

Note: The Intercept name for this component has changed from "DomainKeys" to " DomainKeys Authentication" in Update 1.

• Strip incoming DK headers – Removes Authentication-Results: headers attached to incoming messages. This option protects against spammers who add a forged DomainKeys header to the message.
• Add Authentication Header – Adds an Authentication-Results: header to incoming messages
• Temporary DNS Error – Consider the message as spam in the event a DNS error prevents a DomainKeys lookup for a sender's key.

BSN Relay Checks

Relay checks have been added to the BorderWare Security Network (BSN) configuration (Mail Delivery ? Anti-Spam ? Intercept ? IP Reputation) to allow the administrator to check the received headers of a message for previous relays. These relays are then also checked for their reputation via BSN.

• Check Relays – How many received headers to check with BSN. Use this field to specify how many relay points should be checked. Acceptable values are between 0 and ALL. Recommended values are 0, 1 or 2. The default is 0.
• Exclude Relays – How many received headers to exclude from BSN checks, starting from the earliest. For example, setting this value to 1 means that the first relay point will not be checked. Recommended values are 0 or 1. The default is 0. Note: Some ISPs include the originating dial-up IP as the first relay point which can lead to legitimate mail being classified as spam by BSN.

BSN Reject Message

A new option has been added to the Mail Delivery ? Anti-Spam ? Intercept ? IP Reputation menu to customize the reject message for BSN. Use "%s" to specify the IPaddress of the rejected sender, such as:

go to http://intercept.borderware.com/lookup?ip=%s

 

DNS Name Server Ordering

DNS servers (configured via Basic Config ? Network) can now be queried either in strict order as specified in the configuration, or by the fastest response. If "Strict Ordering" is selected, the DNS servers will be queried in the order they are configured. If the first DNS server is unavailable, the next server in the list will be queried. For "Favor Fastest" mode, MXtreme uses DNS caching to determine which of the configured DNS servers is sending the fastest response. This is the default mode which will provide the best performance in most cases.

Enhanced Language Support

This release adds support for the display of the UTF-8 character set in Reports and the Mail History. The UTF-8 character set supports almost every language, including most Western languages, Chinese, and Japanese. This support also allows PBMF filters in languages utilizing the UTF-8 character set. Support for half-width Katakana Japanese characters (as part of ISO-2022-JP) has also been added.

Malformed Mail Encoded Null Character Detect

A new option has been added to the Mail Delivery ? Content Management ? Malformed Mail menu to detect null characters in an encoded message. When enabled, MXtreme will decode the e-mail and check for null characters (a byte value of 0) in the decoded message, in addition to null character checks in the raw mail body of a message. This feature can only be enabled if null character detection is already enabled.

Note: The encoded null character detection feature may cause incompatibility with certain mail servers and should be disabled if issues occur.

Maximum Recipients Reject Code

A new option to customize the Maximum Recipients Reject Code has been added to the Mail Delivery ? Mail Access menu. This option allows administrators to define other errors to return instead of the default "452 Error: too many recipients" error, such as permanently rejecting the connection (554).

Brightmail™ 6.0.3

The Brightmail engine has been updated to version 6.0.3. This update includes the latest signature rules and performance enhancements utilizing the BrightSig3 signature matching technology and performance enhancements. This update also includes Brightmail patch 163 for 6.0.3 that resolves issues with the MIME parser and BrightSig2 filters.

Issues Fixed In Update 1

The following issues were fixed in Update 1:

Security

This updates resolves the following security issues:

• Internal safety checks used to prevent illegal or malformed account names from being entered at the login screen can trigger a system error when a malformation is detected. This error condition introduces a theoretical security issue.
• Internal safety checks against buffer overflow attacks caused error messages to be displayed directly in the administrative web browser interface. This condition is not considered a security issue, but the error handling engine has been fixed to eliminate any concerns raised during security audits.

General

• Unexpected behaviour was encountered when an anti-virus pattern file update was triggered when an update was already in progress.
• Clicking on a message that has been quarantined because it was malformed revealed no information in the "Summary of Contents" section.
• MXtreme was classifying lost connections as "Pending" in the logs.
• Links to quarantined messages in a spam quarantine e-mail digest were expiring prematurely.
• Message parts that contained no name or data were being classified by Attachment Control as "[invalid name]" and were blocked when the default attachment action was set to "Block".
• 8-bit characters in a message envelope-from field or message attachment could not be quarantined.
• When offloading files, an intermittent socket error occurred causing certain files to not be offloaded.
• Log files were not being offloaded unless the Keep Uncompressed option was configured.
• An issue where certain open relay tests detected an open relay when MXtreme has SPF enabled has been resolved.
• Issues were encountered when the LDAP Dereference Aliases option was set to " Always".
• Issues with large Health Check service log files and entry validation have been fixed.

PBMF (Pattern Based Message Filters)

• When selecting the PBMF link on the Policy screen, the current policy settings were not saved.
• The PBMF "Bypass" action was not bypassing BSN, DNSBL, and the Reject on Unknown Recipient features.
• When modifying a PBMF to use the "Reject", "Accept", or "Relay" action, the " Train" action would also be added, such as "Reject+train".
• The custom PBMF action "redirect" was not working when using certain message parts.
• PBMF filters using certain message parts are not following expected priority rules.
• The PBMF BCC action was not triggered when a "Bypass" action was taken.

BSN and Threat Prevention

• Statistics uploads to the BSN network were not occurring unless the Threat Prevention feature was enabled.
• BSN stopped uploading new data to the BSN network after a certain period of time.
• When a dynamic list was removed from Threat Prevention, the accompanying entries were not removed from the connection rules script.
• Various reports were not correctly interpreting BSN statistics.
• BSN and DNSBL rejects were only being applied for the first recipient in a message and not the other recipients.
• Several issues with the mechanism for counting spam and clean messages for BSN statistics have been resolved.

Intercept and Anti-Spam

• The DomainKeys weighting in the Intercept advanced settings was also being used as the weighting for SPF.
• E-mail messages with a large number of attachments caused scanning engine latency.
• Certain types of addresses in the rcpt to: part of a message (such as rcpt to:"\"User1\" <user1"@example.com>, were not handled properly by the Brightmail engine.
• Anti-spam headers were not being added for messages without a body.
• The BCC function was still triggering for messages with an Intercept final action of " Reject".
• The Activity Screen showed "Pending" instead of "Rejected" for a message that was rejected by the Reject on Unknown Recipients feature.
• The Reject on Unknown Recipients feature was being bypassed if the local part of an e-mail address matched a local account on MXtreme.
• DNSBL relay checks were not working if the hostname included numeric characters.

Policy and LDAP

• The group policy screen became slow and unresponsive when managing a very large number of users with multiple group memberships.
• Organizations with a very large number of LDAP users and groups encountered long boot times when MXtreme was started.
• Global low priority PBMFs were not being triggered when a Policy was triggered for a user.

Known Issues In This Release

The following are known issues in this release:

• Any MXtreme 6.0 systems that were upgraded from pre-5.0 software may contain default PBMF filters that cause mail to be blocked. Administrators should remove all default BorderWare filters, or specifically delete PBMF filter 127 (From,matches, " Resposta automática" webmaster@pib.com.br,accept).
• When choosing a key size other than 512 for DomainKeys key generation, the interface will generate the keys and then revert the key size field to 512 when completed. This does not affect the key size chosen when the keys were originally generated.
• The Attachment Control scanner fails to extract text from an AutoCAD .dwg file inside of a .zip archive. To work around this issue:
  • Send .dwg files unzipped
  • Select the "Common document types" file type in the Content Scanning
    menu
  • Create an exception for the .dwg file type

Dependencies

This update is for the MXtreme Mail Firewall version 6.0 only.

This release includes the previously released Update 1. If you have already installed Update
1, Update 2 can be installed on top of Update 1.

Caution: To uninstall the patches, Update 2 must be uninstalled first before
uninstalling Update 1.

Installation Notes

This update release consists of the following file:

mx60_update_2.pf

It is strongly recommended that all users save a copy of the current configuration and
backup MXtreme before proceeding with the upgrade. See the Backup and Restore section
of the MXtreme User Guide for more detailed information on backing up and restoring
the system.

Installing the Update Software

Update your MXtreme as follows:

1. Create a backup of your system via Management ? Backup & Restore
2. Select Management ? Software Updates.
3. If you use Security Connection, the update will already appear in the Available Updates window, and you can proceed to step 6.
4. If you are updating manually, click the Browse button in the Upload Software Update window and navigate to where you stored the mx60_update_2.pf file on your local system.
5. Click Upload to upload the file.
6. The update will now appear in the Available Updates window. Select the update file, and click Install.
7. Reboot the system.
8. The update will now appear in the Installed Updates window in Management - Software Updates.

Updating MXtreme Systems in a HALO Cluster

If you are applying this update to systems in a HALO cluster, you must update your Cluster
Members first before updating the Cluster Console.

Update the Cluster Member systems as follows:

1. Create a backup of the Cluster Member system via Management ? Backup& Restore.
2. On the Cluster Member, disable clustering via Basic Config ? Network.
3. Perform the software update using the instructions in the Installing the Update section above.
4. Reboot the Cluster Member.
5. Repeat the procedure on any other Cluster Members before updating the Cluster Console.

Update the Cluster Console as follows:

1. Ensure all Cluster Members have Clustering disabled
2. Create a backup of your system via Management ? Backup & Restore.
3. On the Cluster Console, disable Clustering via Basic Config ? Network.
4. Perform the software update using the instructions in the Installing the Update section above.
5. Reboot the Cluster Console.
6. When the Cluster Console has rebooted, enable Clustering via Basic Config - Network
7. Enable Clustering on the Cluster Members via Basic Config ? Network.
8. Recreate the cluster by adding the Cluster Member systems.

Last Document Revision: March 24, 2006