Results 1 to 10 of 10
  1. #1
    Newbie
    Join Date
    Feb 2008
    Posts
    4

    Default A bit lost - spam question

    I must be missing some really basic documentation somewhere. I've read the quickstart guides and , as far as I can tell, every page of the wiki.

    Untangle will be receiving email from our WAN and feeding an email server on our LAN. In my test environment the mail server is a linux box but in our production environment it's Exchange.

    How do I tell Untangle where to send incoming email ?

    Do I need to add users and if so, how do I do that ?

    Where are the answers to these basic questions documented ?

  2. #2
    Untangler
    Join Date
    Nov 2007
    Posts
    66

    Default

    Is Untangle in router or bridge mode?

    If it's in router mode, have a look in the router application a set up a redirect rule according to what you need, that could be all that's missing.

  3. #3
    Untangler
    Join Date
    Nov 2007
    Posts
    66

    Default

    http://wiki.untangle.com/index.php/R..._Redirect_Rule

    Have a look at the section titled "creating a basic redirect rule".

  4. #4
    mdh
    mdh is offline
    Untangle Ninja mdh's Avatar
    Join Date
    Aug 2007
    Posts
    4,752

    Default

    Adding to what gray said, if you have Untangle set as a bridge, mail will just flow through it and be filtered in the process. As a router, you must redirect incoming port 25 (SMTP) or 110 (POP3) to the IP of your mail server.

  5. #5
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    You don't need to add users or anything.
    Untangle transparently scans email as they transit directly to your email server.
    Untangle does not store and forward your email like traditional spam solutions.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #6
    Newbie
    Join Date
    Feb 2008
    Posts
    4

    Default

    I vaguely recall the install saying it was setting up in bridge mode. I didn't see any way to change that so I reinstalled, for the fifth time. It's in router mode now and it's routing email to the mail server. The virus filter apparently doesn't catch the eicar test virus which is what I was using to force a quarantine. I guess I'll have to wait for real spam to see the end user mail interface.

    Thanks for the quick responses.

  7. #7
    Untangler
    Join Date
    Jan 2008
    Location
    Auckland, NZ
    Posts
    36

    Default

    RayGammon,

    Untangle does catch the eicar test virus in an email

    The attached message from fred@domain.com (<fred@domain.com>)
    was found to contain the virus "Eicar-Test-Signature".
    The infected portion of the message was removed by Untangle Virus Blocker
    .

    The virus blocker gives you the option to pass, block or remove the infection. There is no option to quarantine virus emails. That is an option under the spam filters.

    Jon

  8. #8
    Newbie
    Join Date
    Feb 2008
    Posts
    4

    Default

    Untangle does not seem to be detecting the eicar test virus embeded in the email body. To be fair, it's not really a threat at that point. But my desktop antivirus solution picks it up and takes appropriate action. To add a bit more challenge, my isp is apparently blocking email with attached viri at their border. I'll have to set up something internally to abuse Untangle's virus filter.

    Quote Originally Posted by JonB View Post
    There is no option to quarantine virus emails.
    That's a shame. I have run into a few situations where Clam generates false positives. Most notably on the "oversize.zip" scan.

    Mechanical 3D designs tend to have a LOT of small files that compress well. When zipped up they often trip this rule on ClamAV.

    It would be handy if Untangle quarantined "virus" infected email just like the spam email. There are many open source packages available to control spam, viruses, and generally manage internet nasties. The differentiating feature of Untangle, in my opinion, is allowing the end users to manage their own spam folder and white list while also letting the IT staff monitor these activities.

    Back to my original post....with all the effort put into making this package pretty, and OH MY is it ever gorgeous, the documentation is supprisingly lacking. Are there manuals I'm missing somewhere or are we fleshing out the wiki until there's enough content to turn it into an administrators manual ?

  9. #9
    mdh
    mdh is offline
    Untangle Ninja mdh's Avatar
    Join Date
    Aug 2007
    Posts
    4,752

    Default

    Just for grins, have you checked to see whether your spam blocker is showing spam being caught as inbound or outbound? I have seen the virus test fail if someone is connected backwards in bridge mode. Backward connections show with ther eicar test and with spam blocking. Check it out!

  10. #10
    Newbie
    Join Date
    Feb 2008
    Posts
    4

    Default

    I believe I have the network connections correct. The support button on the console has a handy feature to verify which interface is which. When I pull the red cable coming from my cable modem the "External" interface goes "Disconnected". When I pull the green cable going to my switch the "Internal" interface goes "Disconnected".

    The spam filter is set to quarantine incoming SMTP spam and pass outgoing. I am getting incoming spam quarantined. And like the admin interface, the user interface to their quarantine box and white list is oh so VERY pretty. I need to figure out how to send a spam to each of our users to get their quarantine boxes initialized. And if I can figure out how to add our custom spamassassin rules this will be an easy sell to management.

    The virus blocker is set to block infected incoming SMTP messages and pass outgoing. The event log is listing the emails in and out. The email with the eicar sig pasted in is listed in the event log as "inbound" and "clean".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2