1. About this Manual
  2. Introduction
    1. Prerequisites
    2. Version Information
  3. Login
    1. Reset Password
  4. User Settings
    1. Open the User Settings
      1. Changing Password
      2. Changing Location and Language
    2. Create API Token
    3. Create an Out of Office Note
    4. Configure Spam Report as User
  5. Rights Management in the Control Panel
    1. Roles
    2. Application Scopes
      1. Selection of Scopes
  6. Email Live Tracking
    1. Overview
    2. Customizing Email Display
    3. Filtering Emails
    4. Advanced Search (DAP)
    5. Email Details
      1. Open the Email Details
      2. Initiate an ATP Scan Manually
      3. Extended Email Information
    6. Email Fields
    7. Processing Emails
    8. Processing Actions
    9. Export list as CSV
  7. 365 Total Protection (DAP)
    1. Onboard Office 365 customers (P)
      1. Create Onboarding Link (P)
      2. Onboard 365 Customers in the Control Panel (P)
    2. Set up 365 Total Protection (DAP)
    3. Configuration of Microsoft Services (DAP)
      1. Configure email traffic automatically
      2. Deactivate the Office 365 spam filter
      3. Adjust SPF Records
      4. Adding MX Records to the DNS Zone
      5. Set Autodiscover for 365 Total Protection
      6. Setup Archiving for Internal Emails
        1. Archiving Internal Emails
        2. Option A: Relaying Internal Traffic
        3. Option B: Use Journaling to Archive Internal Emails
          1. Create a New Journal Rule
          2. Create a New Connector for Journal Reports
    4. Email Encryption
      1. Activate Encryption
    5. Activate Contingency Covering
    6. Group Management in the Control Panel (DAP)
      1. Creating Groups in the Control Panel manually
      2. Add Users to a Group
      3. Synchronized Attributes from the Azure Active Directory
    7. Order 365 Total Protection
    8. Offboarding
      1. Delete or Deactivate Connector
      2. Delete Customer in Test Stage
  8. Reporting & Compliance
    1. Statistic
      1. Filter diagrams and statistics
      2. Emails by type
      3. Emails by time
      4. Emails by use
    2. Threat Live Report (DAP)
      1. Displaying Global Data
      2. Selecting the Period
      3. Description of Statistics and Diagrams
        1. Live Attack Overview
        2. Attempted attacks – Attack Type by Date
        3. Threat Statistic – By Attack Type
        4. Threat Statistic - By Attack Vector
        5. Attempted Attacks - Attack Vectors by Date
      4. URL Rewriting Statistic
        1. Clicks by Time of Day
        2. Clicks by Device
        3. Clicks by Operating System
      5. Description of Attack Vectors
      6. Description of Attack Types
    3. Auditing 2.0 (DAP)
      1. Description of Categories
      2. Filtering Events
        1. Select Displayed Categories in the Auditing
        2. Search for Events
        3. Filter by Action
        4. Filter by Event Type
        5. Select Period
      3. Reset Settings
  9. Webfilter (DAP)
    1. Edit Settings in the Webfilter Module (DAP)
      1. Release Requests (DAP)
      2. Blocked sites (DAP)
      3. Valid sites (DAP)
      4. Report Incorrectly Categorized Website (DAP)
      5. Group URLs (DAP)
    2. Black- & Whitelist
      1. Block or release domains via black- or whitelist
      2. Release Website Specifically
      3. Log Websites Specifically
    3. Configuration
      1. Activate Webfilter for an individual Domain (DAP)
      2. Description of Group Settings (DAP)
        1. Define Break Times (DAP)
        2. Control applications (DAP)
      3. Webfilter Categories (DAP)
        1. Define Webfiter Catefories for a Group (DAP)
      4. Webfilter Templates (DAP)
      5. Exceptions (DAP)
        1. Define Exceptions (DAP)
    4. Statistic
      1. Webfilter Statistics (DAP)
  10. Customer Settings (DAP)
    1. Mailboxes
      1. Administration of User Settings
      2. Create Mailboxes automatically
      3. Create Mailboxes manually
      4. Import Postboxes
    2. Groups
      1. Add new group
      2. Manage members
      3. Rename group
      4. Customize description
      5. Delete Group
    3. Domains
      1. Add domain
      2. Delete Domains
    4. Restrictions
      1. Assign Password Restrictions
      2. Add IP restriction
      3. Delete IP restriction
    5. CSV Import
      1. Import List from CSV File
  11. Black-/Whitelist
    1. About the Black- and Whitelist
    2. Create Blacklist and Whitelist Entries
    3. Delete Blacklist or Whitelist Entries
    4. Search Functionality
    5. Hierarchy of Blacklist and Whitelist Entries
  12. Security Settings (DAP)
    1. Advanced Threat Protection (ATP)
      1. ATP Engines
      2. Activating ATP
      3. Adding a Recipient of Alerts
      4. Removing Recipients of Alerts
      5. Initiate an ATP Scan Manually
      6. Real-Time Alert
      7. ATP-Report
      8. Ex Post Alert
      9. Exclude Websites from ATP Scanning
    2. Spam Filter
    3. Spam Report
    4. Content Control
      1. Activate Content Control
      2. Add new Group
      3. Setup Content Control
      4. Forbidden File Types
    5. Compliance Filter
      1. Setup Compliance Filter
      2. Add Filter
      3. Define Filter Rules
      4. Define Actions
      5. Filter Sequence and Classification
      6. Regular Expressions
    6. Advanced Routing
    7. Signature and Disclaimer
      1. Mobile use of Signature and Disclaimer
      2. Activate LDAP for Signature and Disclaimer
      3. Activate Signature and Disclaimer
      4. Create Signatures and Disclaimers
      5. Edit or Delete Signature and Disclaimer Templates
        1. Using the WYSIWYG-Editor
          1. Synchronized Attributes from the Azure Active Directory
          2. Hide Empty Active Directory Elements
          3. Include Subsignatures
          4. Insert HTML Source Code
          5. Preview Signatures and Disclaimers
      6. Embed images in Signature & Disclaimer
        1. Insert and link images via drag & drop
        2. Embed images using a URL
      7. Data synchronization via LDAP
      8. Troubleshooting
        1. Missing HTML Signature in Emails sent from Mail (Apple) or Thunderbird
        2. Variables Are Not Referenced
    8. Signature & Disclaimer - Static Version
      1. Mobile use of Signature & Disclaimer
      2. Activate Signature & Disclaimer
      3. Create Signatures and Disclaimers
      4. Edit or Delete Signature and Disclaimer Templates
      5. WYSIWYG Editor
        1. Insert HTML Source Code
      6. Embed images in Signature & Disclaimer
        1. Embed images using a URL
        2. Insert and link images via drag & drop
      7. Troubleshooting
        1. Missing HTML Signature in Emails sent from Mail (Apple) or Thunderbird
    9. Archive Audit
      1. Archive Audit
      2. Set up and activate audit accesses
    10. Archive
      1. Setup and Activate Archiving
      2. Add exceptions
      3. Deactivate Archiving
    11. Contingency Covering
    12. Enryption
      1. Activate Encryption
      2. Check Encryption Capability
      3. Encryption Methods
      4. Sequence of Encryption Methods
      5. Display Encryption Method in Subject
      6. Certificate Administration
        1. Ordering Certificates
        2. Certificate Settings
      7. Websafe
        1. Setup Websafe
        2. Encrypt Emails with Websafe
        3. Websafe Encryption through Email Subject
        4. Select Websafe Templates
    13. Hornetdrive
      1. Perform Actions
        1. Create Account
        2. Upgrade Account
        3. Assign Accounts to Other Partners or Customers
        4. Delete Accounts
        5. Export Data as CSV
      2. Account Area
        1. Open the Account Details
        2. Account Details
  13. Service Dashboard (DAP)
    1. Role Management
      1. Assign a role
      2. Delete role
    2. Basic Partner Settings
      1. User Data
      2. Contact Data
      3. Add Contact Data
    3. LDAP Connection
      1. Activate the LDAP Connection
      2. Secure the LDAP Connection
      3. Limit the Directory Service to our IP Address Range
      4. Control Panel Login through LDAP
      5. Synchronize users with LDAP
      6. Webfilter Login via LDAP
      7. Activate LDAP for Signature & Disclaimer
    4. Setup Customers / Domains (P)
      1. Create New Partners (P)
      2. Create new Customers/Domains (P)
      3. Create new Office 365 Customer (P)
  14. Whitelabeling – Control Panel Customization (DAP)
    1. Prerequisites to Customize the Control Panel
    2. Customize the Control Panel
    3. Customize the Progressive Web App
    4. Example: Customize the Control Panel
    5. Fallback Design
    6. Displayed Email Information
      1. Add Email Information
    7. Contact Data in the Control Panel
      1. Contact Data Processing
      2. Add Support Information in the Control Panel
  15. Email Categories
  16. Classification Reasons
    1. Classifications ATP, Rejected and Virus
    2. Classification Content
    3. Classification Spam
    4. Classification Valid
    5. Old Classification Reasons
  17. Ruleset Order
  18. Email Authentication Methods (DAP)
    1. SPF Functionality
    2. DKIM Functionality
    3. Combination of SPF and DKIM
    4. DMARC Functionality
    5. Setting up SPF
      1. SPF Variants
      2. SPF logic
      3. Add SPF Record to DNS Zone
      4. Activate SPF
    6. Setting up DKIM
      1. Set the CNAME Record
      2. Activate DKIM
    7. Setting up DMARC
      1. Activate DMARC
      2. Decision Matrix of DMARC Policies
    8. Emails in the Control Panel
      1. Troubleshooting: Increased Outbound False Positive Rate
      2. Troubleshooting: Increased False Positive Rate on Inbound Emails with SPF Variant 2
  19. Glossary

About this Manual

This manual is for both users and administrators of the Control Panel. It describes the usage as well as the administrative tasks.

The administrative roles are divided into two levels:

  • Domain administrator: Is responsible for a primary email domain, the related alias email domains and all email addresses.
  • Partner: Is responsible for several clients. Each client corresponds to a primary email domain, its alias email domains and all email addresses.

The administrative sections in this manual are marked as follows:

  • DA: This section is for domain administrators only.
  • P: This section is for partners only.
  • DAP: This section is for both domain administrators and partners.

All unmarked sections are for users and all administrator levels.

Note:
Depending on the level of rights assigned to you, it is possible that you cannot see all the menus described.

Introduction

The Control Panel is designed for handling incoming emails and evaluating the email traffic. It provides you with an easy-to-use web interface with a responsive design. Thus you can use it on your desktop and on your mobile device from everywhere you are. You can install the progressive web app to use the Control Panel on your mobile device. Read the documentation of the progressive web app for further information.   The main functionality of the Control Panel is to monitor and control the flow of your emails. For example, you can mark emails as spam or release emails that have been marked as spam. You can also blacklist or whitelist senders.
Note: The email search has been completely revised and new functions have been added. The modules from the old version are included, so that you can use them as usual until the development is completed.
Note: The new Control Panel contains an option to add and maintain black- and whitelists. The current Control Panel version contains the option to set these lists, but entries set there are without any function for the time being. Once the black-/whitelist function has been implemented for the new Control Panel, any lists already setup in the old Control Panel will be automatically implemented. Any black-/whitelist existing in the new Control Panel will be overwritten once the data will be migrated from the old Control Panel. Therefore it is recommended to maintain the black-/whiteist from the old Control Panel exclusively.

Prerequisites

The new Control Panel is designed to run on all relevant web browsers in the latest versions. The support of the browsers starts with the following versions:
  • Chrome version 55
  • Firefox version 50
  • IE Version 11
  • Safari version 9
  • Edge version 38

Important:   The private mode of the listed browsers is not supported.

Version Information

  1. Check the current version of the Control Panel by clicking on next to the user settings in the upper right corner of the window.
  2. To view the version information, click on the version number.

Login

  1. Go to the Control Panel website provided by your partner or the support department.

    The login screen appears:

    Control Panel Manual (Whitelabel)
  2. Enter your username.
    Note: Enter your personal email address as username. You can change the role after logging in. After a new registration, you will receive your access data from your partner or support.
  3. Click on Continue.
  4. Perform the following steps if your account is synchronized with LDAP or was created in the Control Panel directly. Go to step 5 if your account is synchronized with Office 365.
    • Enter your password in the field Password. Control Panel Manual (Whitelabel)
    • Click on Login.
You are logged in at the Control Panel.

Note: At your first login you can choose the time zone which defines the time, the date and the language. You can change the language in your user settings every time.

  1. Perform the following steps if your account is synchronized with Office 365.
    • Enter your email address in the application form of Microsoft again. Control Panel Manual (Whitelabel)
    • Click on Next.
    • Enter your password. Control Panel Manual (Whitelabel)
    • Click on Sign in.
    • Select if you would like to stay signed in or not. Control Panel Manual (Whitelabel)
You are logged in at the Control Panel.

Note: At your first login you can choose the time zone which defines the time, the date and the language. You can change the language in your user settings every time.

Reset Password

Prerequisite: Your account is not synchronized via LDAP or Office 365. You cannot reset your password if your account is synchronized via LDAP or Office 365. If you want to reset your password, contact your administrator.
  1. Click on Reset password?. Control Panel Manual (Whitelabel)
You get an email with a new password and an activation link.  
  1. Click on the activation link in the email.
A window with the application form for the Control Panel opens.  
  1. Enter the password which you got in the email.
You are logged in.

User Settings

You can change your password and your location in the user settings. The location is responsible for the language and timezone used in the Control Panel. Under API Token you can generate a token for the usage of the API.
Note: It is possible to change the settings individually or all at once.

Open the User Settings

  • Click on in the upper right corner of the window.
Control Panel Manual (Whitelabel) User Settings have been opened.

Changing Password

Change your current password
  1. Enter your current password in the text field Old Password.
  2. Enter your new password in the text fields New Password and Repeat.
  3. Click on Save, to save your new password.
Control Panel Manual (Whitelabel)

Changing Location and Language

The location and language are selected independently and do not influence each other.
Note: You select a location and a language at your first login but you can change these in the user settings at any time.
  1. Note: The selected location determines the time zone to which the time entries in the Control Panel are adapted.
    Select the location from the dropdown menu.
  2. Select the language in the lower dropdown menu.
  3. Click on Save to save the selected location.
The location and the language have been changed. Control Panel Manual (Whitelabel)

Create API Token

You can use an API token to grant applications access to the Control Panel API. Each application has its own personal access token.
  1. Click on Control Panel Manual (Whitelabel) to open the user settings.
  2. Select the tab API Token.
  3. Click on Create Token. Control Panel Manual (Whitelabel)
  4. In the field App Name, enter a name for the application that uses the token.

    Note: The actions performed are recorded under the app name entered in the audit log.

    Control Panel Manual (Whitelabel)
  5. Optional: Under Expires you can select an expiration date for the token.

    Note: After the token has expired, it is no longer possible to use it for API calls. Never is selected as the default value.

  6. Click on Create Token.
The token has been created.

Important: Be sure to save the token directly. It will not be displayed again for security reasons.

Control Panel Manual (Whitelabel)

Create an Out of Office Note

You have the option to add a personal out of office note to your existing email account.

When you activate the personal out of office note, all incoming email senders automatically receive feedback on your absence. The out of office note can be written individually and activated or deactivated at any time.

  1. Click on in the upper right corner of the window to open the user settings.
  2. Select the tab Out of Office Note.
  3. Write an individual text about your absence.
  4. Click on Save to save the out of office note.Your Out of Office Note is saved.
  5. Click the Activate check box to activate or deactivate the out of office note.
    Control Panel Manual (Whitelabel)

Your out of office note has been created.

Configure Spam Report as User

You can specify whether you want to receive a spam report and, depending on the setting, configure the delivery times. You can also activate the infomail filter.
Note: The spam report can only be activated when your administrator has activated the spam report for you.
  1. Open the user settings .
  2. Select Filter & Reports aus.
  3. Activate the switch Activate infomail filter to classify advertising email as infomails.
  4. Activate the switch Spam Report if you would like to receive the spam report.
  5. Note: The delivery times can only be adjusted if your administrator allowed that.
    Under Delivery time configure the times at which you want to receive the spam report. Control Panel Manual (Whitelabel)
  6. Click on Save.

Rights Management in the Control Panel

In the Control Panel, there are various authorization profiles referred to as roles. The corresponding rights are assigned to different scopes, which the authorized users can then select in the scope selection.

Roles

In the Control Panel, the following standard roles are defined:
  • Administrator: The administrator has comprehensive administration rights. In this role, the user has access to all navigation points of the Control Panel.
  • Service Desk: This is the role for Service Desk employees. In this role, the user has access to statistics modules, Black & Whitelist and Threat Live Report as well as to all modules related to email security.
  • Reporting: This role gives the user access to the statistics for the respective scope. A user with this role only has access to the statistics modules.
  • Default user: This role does not have access to administrative modules. It is assigned automatically if no other role has been assigned, and it cannot be assigned manually
Important: No new individual roles can be created in the Control Panel.

Application Scopes

In the Control Panel, there are three types of scopes which can be selected by users with sufficient rights. These scopes are organized hierarchically:

  1. Partner: Is the top-level scope. It can contain customers and additional partners.
  2. Customer: This scope corresponds to a domain and is below a partner. It contains all mailboxes that belong to a domain.
  3. User: This scope corresponds to a mailbox and is below a customer.

Selection of Scopes

If you have been assigned a role other than the user role, the Control Panel provides an easy way to change the scope of your role. You can find the Scope selection in the upper right corner: Control Panel Manual (Whitelabel) The scope selection contains all scopes of the roles assigned to you. You have two options for selecting the scope. The first option is to select the partner, customer, or user directly from the drop-down menu: Control Panel Manual (Whitelabel) The second option is to enter the name of the partner, customer or user in the search bar. Control Panel Manual (Whitelabel) You do not need to spell out the name of the scope you are looking for: It is also enough if you enter a part of the name to limit the selection list to the elements that contain this string. By default, the search is limited to partners and customers. To search for users as well, enable the user search.
Notice: As soon as you insert the @ character in the scope search, the search for users is automatically enabled.
To limit the search for partners and customers, deactivate the search for users.

Email Live Tracking

In the Email Live Tracking you can examine your email traffic. You can search your current emails as well as the Email Archive.
Note: You can only see the emails which correspond to your level of authorization.
  • Users will only see their own emails including the emails of their alias addresses.
  • Domain administrators can see all emails of the domain they administrate, including the alias domains.
  • Partners can see all emails of their clients’ domains.
All users including the administrators will view their own personal emails after logging in.
The following sections start with an overview of the Email Live Tracking module. The functionalities are explained individually afterwards.

Overview

The Email Live Tracking module is divided into three sections:

Filter Section

You can filter the emails shown in the email display. The different functions are described in Filtering Emails. The filter section inherits the selection and processing actions for emails.
Control Panel Manual (Whitelabel)

Filter options

Email Display

The email display is the main component of the window and shows all the emails following your search and filter criteria.
Control Panel Manual (Whitelabel)

Email display

You can customize the email display individually by changing the email fields. All emails that match your filter definition can be exported using the Control Panel Manual (Whitelabel) function. You can select the fields to be exported. Extensive e-mail lists can be searched with the scroll function Control Panel Manual (Whitelabel) . The scroll function is located in the center of the lower display area. By selecting the arrow Control Panel Manual (Whitelabel) at the bottom right, the statistics can be hidden and displayed.

Email Category Statistics

The statistics evaluate the categories of your emails shown in the email display. The statistics can be hidden and displayed using the arrow  Control Panel Manual (Whitelabel) in the lower right area of the email display.
Control Panel Manual (Whitelabel)

Amount of emails per category

Customizing Email Display

You can customize the email display individually by
  • Selecting and deselecting email fields.
  • Changing the positions of email fields.
  • Resizing the fields.
  Customize the email fields
  1. Click on the button on the right. Control Panel Manual (Whitelabel)
  2. Select the desired field from the drop-down menu. Control Panel Manual (Whitelabel)
  3. Click on Default to retrieve the original settings.
Note: You can select or deselect multiple fields at once.
Change the position of email fields
  1. Drag the field you want to reposition. Control Panel Manual (Whitelabel)
  2. Drop it in the position you desire. Control Panel Manual (Whitelabel)
Resizing the fields
  1. Place the mouse between two fields. Control Panel Manual (Whitelabel) A green line appears.
  2. Drag the line and resize the field as desired. Control Panel Manual (Whitelabel)
 

Filtering Emails

The Email Live Tracking module provides various filter functions. You can use them individual or in combination on your emails.

Category Filter

You can filter your emails by categories.
Note: Rejected emails are not shown per default. To view them, activate the category Rejected.
Filter your emails by category
  • Select or deselect the category in the filter section.
Control Panel Manual (Whitelabel)

Note: To only display emails of a specific category, double-click on the desired category and all other categories will be disabled.

Search Bar

You can filter your results entering terms in the search bar. All email fields are searched unless you select a field suggested to search for.

Note: You must enter at least three characters to use the search.

Search your emails
  • Enter a term in the search bar.
The results in the email display are filtered while typing. Control Panel Manual (Whitelabel) Search only in certain fields
  1. Select a field from the suggestions.
  2. Enter a term in the field to be searched for.
Control Panel Manual (Whitelabel)

Email Field Filters

Filter your results with the following email field filters:
Field Filter Description
Date You can select a time interval from the drop-down menu or define a custom range. The current day (“Today”) is the default setting.
Direction Filters for incoming or outgoing emails. The default is both.
Encryption Selects the encryption type you want to filter for, multi-selection is possible. The default includes all encryption types and no encryption.
Status Filters for delivered, deferred, rejected  and detained emails.
Size Filters for emails with a specific size, selected from the drop-down menu.

Filter results from Email Display

You can directly select a value of an email from the email display to filter for.
  • Double-click on the desired field value (e.g. Communication-Partner) of an email.
Control Panel Manual (Whitelabel)

Reset all Filters

  • You have the option of resetting your filter settings or updating your search with the filters used:
    • to reset your filter/search, right click on the button Reset.
    • to update your search with the current filters, click on the button Refresh.
    Control Panel Manual (Whitelabel)
Your filter settings have been reset or the search has been updated with the current filters.

Advanced Search (DAP)

In the Email Live Tracking module, you can search the individual email fields combined or use the full-text search to search in all fields at once. Defining queries, the search is completing and you can search for word beginnings. It is not intended to search within words. For each individual field, there are delimiters to separate words. The following table shows examples for valid and invalid queries as well as the delimiters for the individual fields.
Type Delimiter Example valid search query invalid search query
Email address “@” and last “.” info@test.com info; test; com o@test; nfo@
Hostname “-” and “.” gateway07-rz01.test.com gate; rz01; test; com eway; 07; 01;
Attachments “;” and last “.” text.txt; image.jpg text; txt; image.jpg xt; mage; pg
Text special characters
Reason “:” linktag:lt_exprx_15_10_442:auto linktag; lt_exprx; auto tag; exprx; 10_442

Email Details

You can view the details of a single email and perform the following actions:
  • Report the email as spam.
  • Report the email as infomail.
  • Deliver the email.
The email details contain meta information, that are described in Email Fields, as well as the email header and the SMPT dialog for the email.

Open the Email Details

  1. Click on the arrow symbol.
    Note: The colour indicates the category of the email.
  2. Click on the action that you would like to perform on the email.
Control Panel Manual (Whitelabel)
Note: To blacklist or whitelist the email sender, use the Selection.

Initiate an ATP Scan Manually

You can scan incoming emails with potentially dangerous attachments in the Control Panel using ATP. You can perform two ATP scans for email attachments each month for free. For additional analyzes you have to activate Advanced Threat Protection.

Note: The ATP scan is only available for emails with executable attachments (e.g. .exe file). Furthermore, clean emails that have already been delivered can only be scanned when the products Aeternum (email archive) or the Continuity Service are active.

 
  1. Open the module Email Live Tracking in the Control Panel.
  2. Open the details for the email you want to scan by ATP.
  3. Click on the magnifying glass ATP to start the scan.Control Panel Manual (Whitelabel)
  You will get a notification that the scan has been started. The scan process can take up to 15 minutes until it is finished.   After the scan is done, you can open the ATP report for the analyzed file under ATP in the extended information for the scanned email. Control Panel Manual (Whitelabel)  

Extended Email Information

You can find detailed information about the selected email under Infos. The detailed information of a specific email is separated in three sections.
Details Header SMTP ATP
Here, you can find further information concerning the selected email.The following email fields are shown:
  • Owner
  • Communication partner
  • Subject
  • Message-ID
  • Category filter
  • Reason
  • Connect
  • SMTP-Code
  • Encryption
  • Date
The header tab provides the header information of the selected email. The header is not shown for rejected emails. In the SMTP tab, the whole SMTP-Dialog is shown. The last row is also shown in the details under SMTP-Code After an ATP analysis has been performed, the ATP reports for the attached files are displayed here.
You can find a description of the shown email fields under Email fields.

Email Fields

The following table describes the email fields shown in the email display and the email details.  
Field Description
Date The date and time when the email was sent. Depending on the selected time zone.
Communication partner The owner’s communication partner. Sender or receiver of emails to/from the owner.
Direction Incoming or outgoing message from the owner’s point of view.
Owner The email was sent or received by the owner.
Subject The subject of the email.
Encryption The lock only shows, whether the email is encrypted or not. You can see the encryption type in the email details.
Status Indicates, whether the email is delivered, deferred or rejected.
Size Size of the email.
Reason The reason, why the email has been classified as spam, virus etc.
msg id Internal id of the email.
source hostname Outgoing server hostname.
destination hostname Incoming server hostname.
gateway The gateway.
source IP Sender’s IP address.
destination IP Receiver’s IP address.
message id The id of the email.
Connect Depending on the direction of the email, the hostname of the incoming or outgoing mail server is shown.
SMTP-Code Shows the last row of the SMTP dialog.

Processing Emails

To select and process emails:
  1. Click on the button in the filter section. A tool bar opens. Control Panel Manual (Whitelabel)
  2. Click on the emails in the result display to select them. Control Panel Manual (Whitelabel)

    Note: You can select and process multiple emails at once.

    Furthermore, it is possible to select all displayed emails at once: Control Panel Manual (Whitelabel) Control Panel Manual (Whitelabel)
  3. Click on the action you want to perform for the selected emails.
 
Note: All actions are described in Processing Actions.

Processing Actions

The actions you can perform on emails in the Email Live Tracking module are described in the following table.
ActionDescription
Deliver EmailDelivers the selected email.
Report as SpamThe email is classified as spam and the support and quality management system is informed in order to conduct any further investigation. This is the preferred method of dealing with spam emails since the sender address is usually forged anyway.
Report as InfomailThe email is classified as infomail. The options for infomails are individually adjustable.
Blacklist SenderThe email from this sender is added to the user's blacklist. Any future emails from this sender will be classified as spam.
Whitelist + DeliverDeliver this email and additionally deliver all emails from this sender in the future automatically. The sender’s address is added to the user's whitelist.
Mark as privateThe selected emails are treated as private emails. Thus the access to them is blocked and can only be restored by our support. With an audit access, emails marked as private cannot be read. However, emails marked as private are exported with the Aeternum Export Manager.
Note:
Once you have marked an email as private, you cannot undo it.
Blacklist for All Users (DAP)The email from this sender is added to the public blacklist. Any future emails from this sender will be classified as spam.
Whitelist for all users (DAP)The sender’s address is added to the public whitelist.
Send email to adminThe email is sent to the provided email address of your administrator.
Note: The blacklisting and whitelisting rules are processed in the following order:
  • Administrator Blacklist
  • Administrator Whitelist
  • User Blacklist
  • User Whitelist
For Example: A user adds the account example@example.com to their whitelist and the administrator adds this account to the global blacklist. The emails from that account will be delivered to the user, but not to any other user who has not whitelisted that account.

Export list as CSV

  1. Click on the button Control Panel Manual (Whitelabel). A submenu with advanced settings opens. Control Panel Manual (Whitelabel)
  2. Select the table columns that you want to export to your list.
  3. Select the desired export type: Download or By Email.
  4. Click on Export, to export the email data of the selected table columns as CSV.
You have exported the email data as CSV.

365 Total Protection (DAP)

365 Total Protection offers comprehensive protection for Microsoft cloud services – specially developed for Office 365 and seamlessly integrated. Benefit from the fact that it is easy to set up and extremely intuitive to use, simplifying your IT Security management from the very start. Here you get all the information you need to set up 365 Total Protection.  
Note: The 365 Total Protection onboarding addresses new customers. Existing customers and domains cannot be created again.

Onboard Office 365 customers (P)

If your customer has an account at Microsoft Office 365, you have the option to set it up automatically using the Control Panel. All domains and users of the customer created in Office 365 are automatically transferred and displayed in the Control Panel.

Note: Groups are synchronized from Office 365 as well but cannot be used at the moment. View Create groups in the Control Panel to get information on how to add groups manually.

There are two ways to set up the customer: You can either login to Microsoft with the customer’s administrative credentials and perform the onboarding process yourself, or you can send the customer an onboarding link to do the setup themselves. Afterwards some DNS settings for the domains have to be done to redirect the email traffic.

Onboard 365 Customers in the Control Panel (P)

If you have the administrative credentials for the Office 365 environment of the customer you are setting up, you can onboard the customer directly via the Control Panel.
  1. Open the Control Panel.
  2. In the scope selection, select the partner under which the new customer is to be created. Control Panel Manual (Whitelabel)
  1. Select 365 Total Protection. Control Panel Manual (Whitelabel)
  1. Click on the desired product. Control Panel Manual (Whitelabel)
You will then be redirected to the Onboarding form.

Set up 365 Total Protection (DAP)

  1. Please enter your contact details in the onboarding form so that we can contact you in case of problems or questions.

Note: Enter your primary domain in the field Display name (domain) in the Control Panel. This domain will be displayed in the Control Panel. Do not enter your .onmicrosoft domain!

Control Panel Manual (Whitelabel)
  1. Then click on Start Now to start the process.
  2. Log in to Microsoft Office 365 with administrative rights.
Control Panel Manual (Whitelabel)  

Note: During the subsequent synchronization, only the domains and mailboxes are transferred. No changes are made to Microsoft’s configuration settings. Groups are synchronized from Office 365 as well but cannot be used at the moment. View Create groups in the Control Panel for information on how to add groups manually.

  1. Accept the requested permissions to connect our services with Microsoft.
Control Panel Manual (Whitelabel) Control Panel Manual (Whitelabel)Your domains and mailboxes are created in the Control Panel.   Example: 365 Total Protection customer in the Control Panel The new 365 Total Protection customer is always created with his .onmicrosoft domain.
Control Panel Manual (Whitelabel)

365 Total Protection customer with .onmicrosoft domain

Control Panel Manual (Whitelabel)365 Total Protection has been set up successfully. From now on, you can use your Microsoft Office 365 credentials to log in to the Control Panel and configure the services.   After the synchronization, you must adjust the DNS settings of the synchronized domains so that you can make full use of our services.

Configuration of Microsoft Services (DAP)

To take advantage of all 365 Total Protection services, you must customize the configuration of Office 365.

Configure email traffic automatically

Configure the in- and outbound email traffic automatically.

Note: The automatic configuration of the outbound email traffic also configures the inbound email traffic automatically.

  1. On the status page click on CONFIGURE AUTOMATICALLY to start the automatic configuration of the outbound email traffic. Control Panel Manual (Whitelabel) The outbound email traffic is configured. Control Panel Manual (Whitelabel)
The outbound email traffic was successfully configured. Control Panel Manual (Whitelabel)

Important: Already installed connectors can cause errors in the automatic configuration of the outbound email traffic.

Problem solving
  • Delete already configured connectors and click on CONFIGURE AGAIN to start the configuration OR
  • click on SUPPORT ASSISTANCE to contact the support. Control Panel Manual (Whitelabel)

Deactivate the Office 365 spam filter

This chapter explains how to deactivate the spam filter of Office 365 to set up filtering through our services. The spam filter of Office 365 must be deactivated to prevent incoming emails from being classified as spam. The spam filtering is done by us.

Note: The email authentication with SPF is not activated automatically. Go to Email Authentication Methods to get more information about the configuration of the email authentication. Setting up email authentication is not mandatory, but recommended.

  1. Under office.com log in with your administrative credentials.
  2. Click on Admin. Control Panel Manual (Whitelabel)
  3. Select Admin centersExchangeprotectionconnection filter.
  4. Select Default.
  5. Click on Edit. Control Panel Manual (Whitelabel)
  6. Select Connection filtering.
  7. Under IP Allow list click on +.
  8. Enter the following IP addresses in the field Allowed IP Address: 83.246.65.0/24, 94.100.128.0/24, 94.100.129.0/24, 94.100.130.0/24, 94.100.131.0/24, 94.100.132.0/24, 94.100.133.0/24, 94.100.134.0/24, 94.100.135.0/24, 94.100.136.0/24, 94.100.137.0/24, 94.100.138.0/24, 94.100.139.0/24, 94.100.140.0/24, 94.100.141.0/24, 94.100.142.0/24, 94.100.143.0/24, 185.140.207.0/24, 185.140.206.0/24, 185.140.205.0/24, 185.140.204.0/24, 173.45.18.0/24
  9. Activate the checkbox Enable safe list. Control Panel Manual (Whitelabel)
  10. Save your settings.
The Office 365 spam filter is deactivated.

Adjust SPF Records

To make sure that emails routed through our Services are not filtered as spam, add us as valid sender for your domain.
  • Contact Support to adjust the SPF record.

Adding MX Records to the DNS Zone

To route and filter email traffic through our infrastructure, you need to adjust the MX records of all synchronized domains.
  • Contact the support to add the MX records to the DNS zone.

Set Autodiscover for 365 Total Protection

Setting the Autodiscover service facilitates the process of setting up user accounts in email clients. Users do not need to enter a server name or port number, this information is automatically shared by the Autodiscover service. Additionally, the Autodiscover service passes information to the clients.  
  • Contact the support to set Autodiscover for 365 Total Protection.

Setup Archiving for Internal Emails

This section explains in two options how to add internal emails to the archive. This configuration is necessary for 365 Total Protection Enterprise only.

Archiving Internal Emails

If you want to archive internal emails with Aeternum, the archive service, you can forward internal emails or create a journaling mailbox.
Note: You cannot use both options at the same time. Also make sure to have the archiving service enabled within the Control Panel for all domains before you continue. (The archive is only available for 365 Total Protection Enterprise.)
Control Panel Manual (Whitelabel)

Option A: Relaying Internal Traffic

If you choose this option, all internal emails leave your Office 365 environment and are routed to the archive. These emails are redirected to Office 365 after archiving.  
  1. In the Exchange Admin Center, select mail flowrulesCreate a new rule…. Control Panel Manual (Whitelabel)
  2. Select More options…. Control Panel Manual (Whitelabel)
  3. Define a name for the new rule.
  4. Select The recipient is located…Inside the organization… in the drop-down menu Apply this rule if…. Control Panel Manual (Whitelabel)
  5. Select Redirect the message to…the following connector in the drop-down menu Do the following….
  6. Select the connector created in Setup new connector.
  7. Click on add exception and select The sender  is external/internal Outside the organization in the drop-down menu Except if…. Control Panel Manual (Whitelabel)
  8. Save your settings.

Option B: Use Journaling to Archive Internal Emails

Another option for archiving internal emails is the journaling feature. That means that Office 365 generates a journal report for each internal email and sends it to the archive, while keeping your internal emails routing within your organization.

Create a New Journal Rule

Create a journal rule to send journal reports to our domain.
  1. Contact the support to create a journal rule.

Create a New Connector for Journal Reports

  • Contact the support to set up a new connector for journal reports.

Email Encryption

The email encryption is part of the products 365 Total Protection Business and Enterprise. Encryption must be activated manually because some settings must be configured here. Open the file User guide Encryption Service in the PartnerDrive to get more information about setting up the Encryption Service.

Activate Encryption

Attention: The activation and use of the Encryption Service incur costs according to the price list.

  1. Navigate to Security Settings > Secure Transport in the Control Panel.
  2. Click on the tab Encryption under Email.
  3. Activate the checkbox Activate policy.
Control Panel Manual (Whitelabel) Encryption has been activated.

Activate Contingency Covering (Only 365 Total Protection Enterprise)

Should the Microsoft services fail or the services be temporarily unavailable, this also affects your access to your mailbox. Emails can then be neither sent nor received, which can harm your entire business processes. In such an event, Contingency Covering is your stand-by system, which – activated in mere seconds – keeps your email correspondence up and running.

Note: Contingency Covering is only included in 365 Total Protection Enterprise and you must activate it manually to configure the settings.

  Proceed as described in the following:
  1. Navigate to Security SettingsContingency Covering.
  2. Activate the checkbox Continuity Service, stores clean Emails for 3 months. With 365 Total Protection Enterprise you do not have to pay any additional fees for this service.
  3. Select whether all mailboxes of the domain or only certain mailboxes should be covered by the service:
    1. If you select All users, all mailboxes of the domain will be covered.
    2. If you select Selected users only, then click Select and select the mailboxes you want.
Control Panel Manual (Whitelabel)

Activate Contingency Covering

Group Management in the Control Panel (DAP)

The groups you want to use in the Control Panel have to be created again because Office 365 allows a different group management than our services.  

Creating Groups in the Control Panel manually

You can create new groups to group users together for specific actions.
  1. Go to Customer Settings > Groups.
  2. Enter a group name.
  3. Click Add.
  4. Confirm the changes with Save. Control Panel Manual (Whitelabel)
You have created a new group. In the next step, you can add users to the created group.

Add Users to a Group

You can add users to a group.

Note: A user can only belong to one group at a time. All users that are not assigned to a group are grouped in the group Default. That group is not displayed in the group definition.

  1. Under Customer Settings > Groups, select the Group Settings tab.
  2. Click on the preselected group to change it.
  3. Select the desired group. Control Panel Manual (Whitelabel)
  4. Click on Apply.
  5. Select the tab Member. The left part of the window shows users without a group assignment and the right part shows users in the selected group.
  6. Click on + behind a user to add it to the group. Control Panel Manual (Whitelabel)
  7. After you have added all desired users to the group, click on Save.

Synchronized Attributes from the Azure Active Directory

With the Azure Active Directory of Microsoft only certain attributes are synchronized for Signature and Disclaimer.   The following attributes are synchronized and can be used to create signatures and disclaimers:
AD-Variable Description
countryCode Country Code
department Department
displayName Complete name
company Company
physicalDeliveryOfficeName Office
givenName First name
info Jobtitle/Position

Note: The field Title is often used for other purposes. Therefore, the term Info is used here for the LDAP-attribute Title (Jobtitle/Position).

l (lowercase L) City
mail Email adress
mobile Mobile phone number
postalCode Postal code
sn Surname
st State
streetAddress Street
telephoneNumber Phone number

Order 365 Total Protection

If you would like to order the product after 14-day test, you have the possibility to order 365 Total Protection in the Control Panel directly.
  1. Select 365 Total Protection.
  2. Click on BUY NOW.
An overview appears showing the amount of postboxes and the prize. Control Panel Manual (Whitelabel)
  1. Click on ORDER NOW CHARGEABLE to buy 365 Total Protection.
You get a confirmation email with an overview of the product.

Offboarding

At the end of the 365 Total Protection trial period, if you no longer wish to use the product, or if you canceled 365 Total Protection at any time, you will need to make some settings in your Office 365 configuration to ensure that your emails are delivered.
  1. Delete or deactivate the connector for the inbound email traffic. (firewall setting)
  2. If you have changed the outbound email traffic, delete or deactivate this connector as well. (Relaying)

Note: Information on how to delete or disable the connectors in your Office 365 environment can be found here.

  1. Remove the MX records in the DNS zone of your domains.
Your emails will then no longer be routed through our services.

Delete or Deactivate Connector

  1. Open Office.com and log in with your administrative credentials.
  2. Navigate to AdminAdmin centersExchange.
  3. Select mail flow and click on the tab connectors.
  4. Select the corresponding connector.
  5. You can either delete or deactivate the connector:
  • To delete the connector, click on Delete.
  • To deactivate the connector, click on Deactivate in the connector overview.
Control Panel Manual (Whitelabel)
  1. Confirm the notification with Yes.
You have deleted or deactivated the selected connector.

Delete Customer in Test Stage

Delete a customer in the test stage from the 365 Total Protection environment. Depending on your rights, you can delete an existing customer in the test stage of 365 Total Protection from the 365 Total Protection environment.

The selected customer will be deleted permanently! There is no possibility to restore the customer’s data!

  1. In the scope selection in the top right corner of the Control Panel select the desired .onmicrosoft customer to be deleted under your partner role. The product 365 Total Protection appears in the main navigation on the left.
  2. Click on 365 Total Protection in the main navigation on the left. The page with the setup status of 365 Total Protection is displayed.
  3. Scroll with the mouse to the lower position of the status page. You will see the contract status and the buttons BUY NOW and DELETE CUSTOMER. Control Panel Manual (Whitelabel)
  4. Click on the button DELETE CUSTOMER. A warning about the deletion of the existing customer is displayed. Control Panel Manual (Whitelabel)
  5. Click on Delete to permanently delete the selected customer.
You have successfully deleted the selected 365 Total Protection customer.

Reporting & Compliance

The menu item Reports & Compliance bundles all statistics, as well as the overview of the audit logs.

Statistic

The email statistics show the entire volume of the email traffic for a selected domain.   Depending on the selection of the period and the direction, the statistics under Reporting & Compliance show all incoming and/or outgoing emails and groups them into the email categories. You can find a detailed explanation of the email categories under Email Categories.   The statistical analysis has three different representation types:
  • Emails by type
  • Emails by time
  • Emails by user (Top 100)
It is possible to save the data from the diagram Emails by time in the .csv format with an export function. Click on the button Control Panel Manual (Whitelabel).

Filter diagrams and statistics

The statistics and diagrams can be filtered by period and the direction of the email traffic.

 

  1. To filter the emails for a certain period, click on the date button Control Panel Manual (Whitelabel).

    Note:
    You can display emails from the last three months maximally.

    Control Panel Manual (Whitelabel)

  2. Optional: In the drop-down menu Direction select the direction of the displayed email traffic:
  • Both (incoming and outgoing)
  • Incoming
  • Outgoing

Control Panel Manual (Whitelabel)

Emails by type

The diagram Emails by type shows an overview of emails per category.

 

The diagram shows how many emails of the domain were sent and/or received in the selected period displayed in absolute and relative numbers.

Control Panel Manual (Whitelabel)

Emails by time

The statistic shows emails according to the receiving or sending time.

 

The statistic Emails by time shows an overview of incoming and/or outgoing emails in the selected period. The number of emails per category are shown in absolute numbers.

Control Panel Manual (Whitelabel)

Emails by use

The statistic shows the amount of emails per user. In the statistic users of the domain are sequentially listed according to their total amount of emails in one week. Furthermore, the statistic shows how many emails are sent and/or received per category in the selected period. Control Panel Manual (Whitelabel)

Threat Live Report (DAP)

Note: The Threat Live Report is only available for Advanced Threat Protection (ATP) customers.

In this documentation the module Threat Live Report is explained. You can find the texts used here in the module in the Control Panel. Move over the Control Panel Manual (Whitelabel) behind the respective statistic or diagram.

Displaying Global Data

With the global button you can switch the LIVE ATTACK OVERVIEW and diagrams and statistics under ATTEMPTED ATTACKS and THREAT STATISTIC to the available data of all customers. If global is activated, you can see attacks and threats which have been occurred to all customers in the chosen period. If global is deactivated, you can only see those attacks and threats for the customer chosen in the scope selection. Control Panel Manual (Whitelabel)

Selecting the Period

Here you can select the period for the displayed statistics. The selection of the period affects the diagrams and statistics under ATTEMPTED ATTACKS, THREAT STATISTIC and URL REWRITING STATISTIC. Control Panel Manual (Whitelabel)

Description of Statistics and Diagrams

In this chapter the categories and diagrams are explained which are displayed by the Threat Live Report.

Live Attack Overview

The LIVE ATTACK OVERVIEW shows all attacks with their source and destination caught at this moment. Furthermore, the attack type is shown. Here you can find a description of all attacks types. Control Panel Manual (Whitelabel)

Attempted attacks – Attack Type by Date

The statistic shows how many attacks per attack type took place at a certain time in the chosen period. Move the mouse over the vertical lines to display the absolute numbers of the attacks per attack type for a certain time. Move over the points of each attack type to display the respective diagram and information about the number of attacks. Control Panel Manual (Whitelabel)

Threat Statistic – By Attack Type

The diagram shows the proportions of attack types in relation to the total number of attacks in the selected period. The total number of attacks that took place is shown in the middle. It refers to the selected period. Here you can find a description of all attack types. Control Panel Manual (Whitelabel)

Threat Statistic - By Attack Vector

The diagram shows the proportions of attack vectors in relation to the total number of attacks in this period. The total number of attacks that took place is shown in the middle. It refers to the selected period. Here you can find a description of all attack vectors. Control Panel Manual (Whitelabel)

Attempted Attacks - Attack Vectors by Date

The statistic shows how many attacks per attack vector took place at a certain time in the chosen period. Move the mouse over the vertical lines to display the absolute numbers of the attacks per attack vector for a certain time. Move over the points of each attack vector to display the respective diagram and information about the number of attacks.
Control Panel Manual (Whitelabel)

URL Rewriting Statistic

The statistics and charts under URL REWRITING STATISTIC each represent the number of clicked links in emails rewritten by the URL rewriting engine in the selected time period.

Clicks by Time of Day

The statistic shows the percentage of clicks on a link at a certain time.
Control Panel Manual (Whitelabel)

Clicks by Device

The statistic shows the distribution of clicks per device in percent.
Control Panel Manual (Whitelabel)

Clicks by Operating System

The diagram shows the distribution of clicks per operating system in percent. Control Panel Manual (Whitelabel)

Description of Attack Vectors

Name of the Attack Vector Description
Attachment An attachment of an email is a file which can contain malware.
Link A link in an email is a connection to another website. Malware can hide behind this link.
Link Dropper Link Droppers are links that serve as carriers for malware. The link itself is not harmful but allows the malware behind it to execute itself.
Link Downloader Link Downloaders are links in emails that contain malware. If the victim clicks on this link, the malware is downloaded.
Malware Downloader Malware Downloaders are considered Trojans because they secretly download malicious files from a remote server.
Malware Dropper Malware Droppers are not malware, but transport malware into the system. From the outside, the Malware Dropper appears harmless and can camouflage itself as a file. However, the files it contains can run themselves and infect the system with malware.
Malware Packer Malware Packers are a malware type in which criminals compress their malicious programs using a variety of methods. This is an attempt to bypass malware analysis.
Fraud Fraud in relation to the Internet means obtaining sensitive data, money or bank details of users through Internet services. For example, websites or transactions can pretend to be real, but are programmed by cybercriminals. A well-known variant is the CEO fraud, in which criminals pose as managing directors and contact the accounting department of a company by phone or email to instruct the transfer of large sums of money.
Phishing Phishing is a combination of the words “password” and “fishing” and thus refers to “fishing for passwords”. Cyber criminals claim that emails or websites are genuine and thus cause users to enter sensitive data there. Users thus voluntarily disclose their data without knowing that the data will fall into the hands of the criminals.

Description of Attack Types

Name des Angriffsvektors Erklärung
Backdoor A Backdoor malware has a similar goal as a remote access Trojan but uses a different approach. The attackers use so-called backdoors, which are sometimes deliberately placed in programs or operating systems. However, they may also have been installed secretly. The peculiarity of backdoors is the fact that they bypass the usual defense mechanisms and are therefore very attractive for cyber criminals. For example, they are very popular for creating botnets.
Banking Trojans Banking Trojans are a malware type that attempts to steal sensitive data such as bank details or email data. Attackers often succeed by combining this with phishing attacks, where a website pretends to be an official bank website.
Bot A Bot does not always have to be a malware, initially a bot is a computer program that executes tasks independently and automatically. If several bots communicate with each other, this is called a botnet. Botnets are large collections of infected computers that an attacker builds up. An attacker can send commands to all computers simultaneously to trigger activities. The perfidious thing is that the owners of the computers do not notice the “membership” in a botnet until it already executes the externally controlled activities.
Crypto Miner A Crypto Miner is a malware used to mine digital currencies. Criminals infect computers with Crypto Miners to take advantage of their computing power or cloud CPU load. This reduces the performance of the computer as well as the lifespan. Furthermore, entire company networks can be shut down by Crypto Miners.
Keylogger Keyloggers are malware types that can be implemented by hardware or software. Keyloggers record a user’s keystrokes and speech and are able to access sensitive data or passwords.
Point-of-Sale Trojans Point-of-Sale Trojans are a type of malware that attacks sales systems in which transactions with sensitive payment data take place. Cyber criminals use point-of-sale Trojans to gain access to  unencrypted customer data from bank and credit cards.
Ransomware Ransomware is an attack that encrypts files on the target system. The files cannot be opened without a key. The attackers demand a large sum of ransom money to hand over the key. Even if only one computer is infected initially, Ransomware can spread across the entire network.
Remote Access Trojans (RAT) A Remote Access Trojan (RAT) allows attackers to take over computers and control them remotely. This allows them to execute commands on the victim’s systems and distribute RATs to other computers with the goal of building a botnet.
Root Kit A Root Kit can be used to hide malicious code from detection. This form of attack involves the attacker intruding deeply into the computer system, gaining root privileges and general access rights. Cyber criminals then change the system so that the user no longer recognizes when processes and activities are started. Attacks based on rootkit obfuscations are therefore very difficult to detect.
Spyware Spyware is malware that collects information on the victim’s computer. This information can be, for example, access data for user accounts, sensitive banking data or surfing behavior. Users usually do not know that they have become victims of spyware.
Trojan Horses Trojan Horses are programs that disguise themselves as benign but contain harmful code. The user only detects the clean application, while the background execution of malicious code infects the system. The user can no longer influence the effects from this point on.

Auditing 2.0 (DAP)

This documentation explains the function of the Auditing in the Control Panel. The options for filtering events and executable actions are explained.   With the Auditing you can track the activities of users in the Control Panel. As an administrator, you can find out who is responsible for creating, editing or deleting data sets and when the event occurred. This enables you to undo the actions if required.

Description of Categories

Control Panel Manual (Whitelabel)

Example: Data in categories of audit protocol

Every event is divided into different categories and is displayed in the Auditing. These categories are explained in the list below.  
Property Explanation
Timestamp Shows at which time the action was performed.
User Shows which user has performed the action.
Target Shows the user for whom the action was performed.
Action Explains if an event has created, updated or deleted something. Success or failure indicate if a login was successful or not.
Event Shows if the action is a modification of the user setting, the black- or whitelist, the credentials or the login.
Target path Shows under which domain the user is created for whom the action is executed.
App ID Shows the identification numbers of the applications which use the API. Applications can communicate with the services via the API.
App version Shows the version of the application which communicates with the API.
IP Shows the IP address of the user who performed the action.
URL Shows the path to the API endpoint which is used.
  The categories Timestamp, User, Target, Action and Event type are displayed per default. Furthermore, you can activate Target path, App ID, App version, IP and URL. To that go to the chapter Select Displayed Categories.

Filtering Events

This section explains how you can filter for events in the Auditing.

Select Displayed Categories in the Auditing

  1. Click on the button on the right side. Control Panel Manual (Whitelabel)
  2. Select the category which you would like to display. Control Panel Manual (Whitelabel)
A multi-selection is possible.

Search for Events

You can search for specific events in the search bar.
  • Select a category in the search bar and enter a term to search the events listed. Control Panel Manual (Whitelabel)
  You can find a description of all categories in the chapter Description of Categories.

Filter by Action

You can filter the displayed events by actions in the appropriate drop-down menu. After the selection only results of the chosen action are displayed. You can only filter by one action at a time.  
Control Panel Manual (Whitelabel)

Filterable actions

The following table lists the user actions by which you can filter. The actions Success and Failure are only relevant for the event type Login.
Action Explanation
All Shows all actions that took place in the selected period.
Created Shows all actions that created something.
Updated Shows all actions that updated something.
Deleted Shows all actions that deleted something.
Success Shows all logins that were successful.
Failure Shows all logins that failed.

Filter by Event Type

You can filter the displayed action by the event type in the appropriate drop-down menu. Depending on the filtering you can show or hide certain modules. You can only filter by one event type at a time. Control Panel Manual (Whitelabel) In the following table event types are listed by which you can filter.
Module Explanation
All Shows all types of events.
User settings Filters for all events that modified the user settings.
Black-/Whitelist Filters for all events that modified the black- or whitelist.
Credentials Filters for all events that modified user credentials.
Login Filters for all login events.
Appearance Filters for all events that modified the appearance in the Whitelabeling module.
Support information Filters for all events that modified the support information in the Whitelabeling module.
Email informationen Filters for all events that modified the email information in the Whitelabeling module.
Customer Filters for customers that were created, updated or deleted.
365TP Onboarding Filters for Office 365 customers that were either created or updated.
Role Assignment Filters by events that led to the creation, update, or deletion of role assignments.
Restrictions Filters for events that have led to changes in password and IP restrictions..
Spam report Filters for events that have led to changes in the spam report settings.

Additional events

The following table lists event types by which you cannot filter, but which are still displayed in the audit log.
Module Explanation
ATP configuration Contains information on changes to ATP settings.
API token Contains information about changes on API tokens.
Domain Contains information about changes on domain settings.
Group Contains information about changes on group settings.

Select Period

  1. Click on the data selection.
    Control Panel Manual (Whitelabel)
  2. Select the period for which logged events should be displayed.

Reset Settings

  • Click on Reset to set all filter values on default. Control Panel Manual (Whitelabel)

Webfilter (DAP)

Edit Settings in the Webfilter Module (DAP)

Basically websites can be filtered by different categories whereby you can only change the displayed period of time for Blocked websites and Valid websites. If desired, you can add the categories User, Group and IP address to the Webfilter display range. Only the domain administrator can add these categories for all users of the domain. There are different editing functions for the websites marked on the left column:
  • Release Requests can be rejected or added to the whitelist on a user, group or global level.
  • Blocked websites can be added to the whitelist on a user, group or global level.
  • Valid websites can be added to the blacklist on a user, group or global level.

Release Requests (DAP)

In this area all release requests are displayed.
Control Panel Manual (Whitelabel)

Example: release requests

The automatic sorting of the release requests is done according to the the actuality. The latest release request is ranked first. If you want to see the oldest release request at the top of the table, click on Date. Additionally, you can sort the requests by Status and Reason. You can reject release requests or put them on the appropriate whitelist and thus release the requests. The administrator also receives every release request with related information via email. These release requests can be rejected or released directly in the email. The user asking for a release subsequently receives an appropriate message automatically.

Blocked sites (DAP)

Control Panel Manual (Whitelabel)

Blocked websites

In this area all blocked websites are displayed. The automatic sorting of the blocked websites is done according to the actuality. The latest blocked website thus is ranked first. If you would like to see the oldest blocked website at the top of the table, click on Date. Click on the drop-down menu in the first column Date to select the period for which you would like to display blocked websites. Additionally, you can sort by Reason.

Valid sites (DAP)

In this area all valid sites are displayed.
Control Panel Manual (Whitelabel)

Allowed websites

The automatic sorting of the released websites is done according to the the actuality. The latest valid website is ranked first. If you would like to see the oldest allowed website at the top of the table, click on Date. Click on the drop-down menu in the first column Date to select a period. Additionally, you can sort the websites by Reason.

Report Incorrectly Categorized Website (DAP)

You can report websites that are assigned to an incorrect category. The category of the website is then checked and if necessary reclassified.  
  1. Under WebfilterWorkspaceRelease requests, Blocked sites or Valid sites in the Control Panel select the websites with the wrong category. Control Panel Manual (Whitelabel)
  2. Click on Wrong category to have the category of the website checked. Control Panel Manual (Whitelabel)

Group URLs (DAP)

Control Panel Manual (Whitelabel)

Activate group URLs

With the function Group URL websites, which are opened several times, are summarized and only displayed once. If you activate the function, the Control Panel summarizes all URLs that are opened multiple times. The appropriate URL is only displayed once. You can find the appropriate function under Webfilter WorkspaceRelease request, Blocked sites and Valid sites. Example: Group URLs If a user visits the website www.searchengine.com several times per day, the Webfilter module shows the URL only once. The date shows the time when the website was visited for the first time.

Black- & Whitelist

Block or release domains via black- or whitelist

  1. Open the Control Panel.
  2. Select the desired customer from the scope selection.
  3. Go to Webfilter > Black- & Whitelist. Control Panel Manual (Whitelabel)
  4. Select the desired list:
    • User Whitelist
    • User Blacklist
    • Groups Whitelist
    • Groups Blacklist
    • Global Whitelist
    • Global Blacklist
  5. Enter the domain to be released or blocked in the field Domain. Control Panel Manual (Whitelabel)
  6. Select the appropriate user or group. Control Panel Manual (Whitelabel)
  7. Click on Add, to add the domain. Control Panel Manual (Whitelabel)
  8. Confirm with Save. Control Panel Manual (Whitelabel)
  9. The domains have been blocked or released via black- or whitelist.

Release Website Specifically

Do the following if you would like to block the whole category but release certain websites of the same category for your users:

  1. Block the relevant category (e.g. Social media) as shown in Define Webfilter Categories for a Group (DAP).
  2. Put the desired website (e.g. XING) on the whitelist of the Webfilter.

The website has been released specifically.

Log Websites Specifically

Do the following if you would to release the whole category but block certain websites of the same category for your users:

  1. Unlock the appropriate category (e.g. Social media) as shown in Define Webfilter Categories for a Group (DAP).
  2. Put the prohibited websites on the blacklist of the Webfilter as shown in Black- and Whitelist for the Webfilter (DAP).

The websites have been locked specifically.

Configuration

Activate Webfilter for an individual Domain (DAP)

  1. Navigate to your primary domain in the Control Panel. Control Panel Manual (Whitelabel)
  2. Select Webfilter > Configuration.
  3. Check the box Activate Web filter. Control Panel Manual (Whitelabel)
  4. Enter the email address, which gets Webfilter requests (e.g. requests for releases), in the field Administrator Email.
    If you check the box Email on release requests, requests for releases and corrections from users are sent to the entered administrator’s email address.
  5. Select the desired method for authentication: A multiple selection is possible.
    • If you activate the checkbox user-based access, you activate the authentication by the Webfilter Connector or by entering the user address and the password manually.
    • If you activate the checkbox IP address-based access, you allow access to the Webfilter Service for a certain IP address. If an access is made by an authorized IP address, no user authentication is necessary. However, the Webfilter rules of the group “Default” are applied. Further adjustment of the rights management is not possible in this case.
      You can enter IP addresses with slash notation (0.0.0.0/24) or you can separate IPs with a semicolon.
    • If you activate the checkbox LDAP authentication, users are authenticated by a directory service (e.g. Active Directory).
      Note that this configuration needs to be adjusted to the installation of a LDAP comparison by the support.
  6. Optional: Activate the checkbox Check HTTPS data to be able to check and filter encrypted website calls by the Webfilter.
    In addition to the activation in the Control Panel, you have to install the SSL certificate on all client computers. This is described in Install HTTPS certificate.
    The field Download HTTPS – Certificate appears in the menu. Download link for HTTPs certificate Control Panel Manual (Whitelabel)
  7. Optional: Activate the checkbox Select individual email recipient for release request to add a person who can also get release requests besides an administrator. Enter this person in the area Group. Confirm the booking of the Webfilter with Save.
  8. The Webfilter has been activated for an individual domain.
Example: Activate Webfilter Services for the domain talltara.com In this screenshot the previous steps are marked. Control Panel Manual (Whitelabel)

Description of Group Settings (DAP)

In the Control Panel you can configure group specific rules for the internet usage under Webfilter > Configuration > Groups > Settings. You can set different rules for the Webfilter for each group. It is possible to define a group leader for each group who can reject or confirm release requests for websites.
  • Activate group: Check this box to activate or block the internet usage for the appropriate group generally.
  • Allow user to request a release: Check this box to allow users to request releases for blocked websites.
  • E-mail group leader: Enter the email address of a person who belongs to the group. This person decides upon release requests within a group.
  • Enable advertising filter: Check this box to specify that advertising banners are to be blocked.
  • Block uncategorized URLs: Check this box to define how the Webfilter should behave in case of unknown websites.
  • Enable virus protection: The virus protection is always active and cannot be deactivated.
  • Block hacked server: Check this box to specify if the access to manipulated websites should be blocked.
  • Enable ftp connections: Activate this option to allow FTP connections. This option is obsolete because FTP is supported in general.
  • Allow temporary release: Check this box to allow users to unlock blocked websites for a certain period of time (15 minutes). There are three differences:
    • If you check the box Off, it is not possible to unlock blocked websites temporary.
    • If you check the box All, all users are able to unlock all blocked websites.
    • If you select a Group leader, all categories that have a red lock in the categories are excluded from the release option. See Categories for more information.
It is important for this function that the administrator can view all temporary releases in the Webfilter display. Forbidden file extensions: To block the download of certain file extensions, enter the file extensions here and click on Add to create a list of file extensions that should be blocked.
Always enter file extensions with a dot before the letters (.exe).
If you would like to reset the settings to default, click on Default in the upper right corner.

Define Break Times (DAP)

You can define break times, which deactivate the Webfilter for certain groups in this time, under Webfilter > Configuration > Groups > Break times.
    1. Select the tab Break times under the tab Groups.
    2. Select the appropriate group.
      1. Click on Select. Control Panel Manual (Whitelabel)
      2. Select a group from the list. Control Panel Manual (Whitelabel)
      3. Click on Apply.
      4. Click on + to add the group. Control Panel Manual (Whitelabel) You have added the group. Control Panel Manual (Whitelabel)
  1. Click on Add break times.
  2. Adjust the regulators on the timeline so that the desired break time appears in the window underneath.
  3. Select the days for which this break time should apply.
    Repeat steps 3 to 5 to add further break times.
  4. Click on Save to apply the defined break times.
The break times have been defined. Example: Define break times for a certain group Control Panel Manual (Whitelabel)

Control applications (DAP)

You can block, release or temporarily release the access to the internet for certain applications (e. g., Skype, MSN, ICQ) with the Application control under Webfilter > Configuration > Groups > Application Control. You can only use this function when the Webfilter Connector is installed.
  1. Select the tab Application control under Groups.
  2. Select the appropriate group.
    1. Click on Select. Control Panel Manual (Whitelabel)
    2. Select a group from the list. Control Panel Manual (Whitelabel)
    3. Click on Apply.
    4. Click on + to add the group. Control Panel Manual (Whitelabel) You have added the group. Control Panel Manual (Whitelabel)
  3. In the right area of the window you can select if the predefined programs should be Allowed, Blocked or just be Break times for the selected group.
  4. Click on Save to confirm.
The applications for a certain group have been controlled. Example: Control applications for a certain group In this screenshot, the application Skype is changed for the group marketing from the setting Like default to Allowed. Control Panel Manual (Whitelabel)

Webfilter Categories (DAP)

The setting for allowed and blocked website categories is made group-specific. The categories are separated in root and subcategories. For example, under the category Internet is the subcategory Chat. For each category you can select if it is Allowed, Disabled or Break times.

After the activation of the Webfilter all categories are disabled. To have a basis for your group settings, you can set rules for the group Default. This group applies to all users if you have not set further rules yet.

Click on Default to select a group setting.

Basic configuration for the group Default

Control Panel Manual (Whitelabel)

Furthermore, you can define which categories can be temporarily unlocked by a group leader after a release request.

If a category is blocked, the lock turns green. If you click on the green lock, it turns red and is blocked for temporary releases by the group leader.

Lock temporary release

Control Panel Manual (Whitelabel)

Define Webfiter Catefories for a Group (DAP)

Starting from the basic settings for the Default group, you define group-specific settings for the Webfilter.
  1. Select the tab Categories in the Webfilter settings.
  2. Select the appropriate group.
    1. Click on Select. Control Panel Manual (Whitelabel)
    2. Select a group from the list. Control Panel Manual (Whitelabel)
    3. Click on Apply.
    4. Click on + to add the group. Control Panel Manual (Whitelabel) You have added the group. Control Panel Manual (Whitelabel)
  3. Select a category for which you would like to specify a setting differing from the default setting.
  4. To open a subcategory, click on the arrow to the left of the category.
  5. Select an action from the drop-down menu on the right side of the selected category.
  6. Click on Save to confirm your changes.
The Webfilter categories for a group have been defined.

Webfilter Templates (DAP)

In the tab Templates you can choose between different templates, which appear, e.g., when surfing on a blocked website. You also have the option of setting the languages of the various web filter templates. No new templates can be created in the HTML-CP! Templates Control Panel Manual (Whitelabel)

Exceptions (DAP)

You can define website requests that are not be regulated by the Webfilter, in the area Exceptions.
The divergent settings are only active in connection with the Proxy Pac.
If you do not want to regulate the traffic for certain web servers (e.g. internal web servers which are directly addressed by the IP address) by the Webfilter, you can add web server addresses to the exception list. The IP address access to websites is also possible by dynamical IP addresses.
You can enter keywords with regular expressions. If these can be found in an URL, these pages will not be filtered either.

Define Exceptions (DAP)

  1. Select the tab Exceptions in the Webfilter settings.
  2. Enter the exceptions. Use a ; (semicolon) as a separator between the exceptions. Control Panel Manual (Whitelabel)
  3. Click on Save to confirm your settings.
Exceptions have been defined.

Statistic

Webfilter Statistics (DAP)

The Webfilter statistics enable a comprehensive evaluation of the email traffic. In the Control Panel you can display comprehensive statistics of the email traffic under WebfilterStatistic. The period can be the current day, the preceding three days or the preceding months. When a day is selected, all blocked and allowed domains as well as the most frequently blocked and allowed domains per hour are displayed. When a month is selected, the distribution per day is shown. Additionally, you have the possibility to show the hourly distribution of the respective day if you click on a day of the month. If you select a month, the distribution per day is displayed. The information of the percentage distribution are independent from the period. They show the current distribution of blocked and allowed domains of the current hour, the current day or the month. In addition to the total value, the distribution per topic is displayed.

Customer Settings (DAP)

Customer Settings Under Customer Settings, you can view and manage the basic settings for mailboxes, groups, domains, and password restrictions. To make settings for a customer, switch to the corresponding customer level (domain) in the scope selection. As an administrator, you can view settings for deposited mailboxes, groups, domains, and password restrictions and change them as follows:
  • Managing basic user data
  • Adding/removing active or disable mailboxes
  • Defining a deputy
  • Setting delivery times for filters & reports
  • Managing group members
  • Changing group names
  • Adjusting group descriptions
  • Deleting groups
  • Deleting domains
  • Adding new mailboxes / forwarding mailboxes / groups / domains
  • Exporting existing mailboxes / forwarding mailboxes / groups / domains as a CSV file
  • Importing existing CSV files with mailboxes / forward mailboxes / groups / domains
  • Defining password restrictions
  • Defining IP restrictions

Mailboxes

Postboxes are the license basis for all services. In addition to a main mailbox, several associated alias mailboxes can be created for which no fees are incurred. There are three options for creating mailboxes:
  • Automatic creation of postboxes in the Control Panel
  • Manual creation of main postboxes
  • Importing of postboxes
Addresses listed under Postboxes have no influence on the acceptance, filtering or delivery of emails (exception: LDAP address matching). The addresses are used primarily for the generating and delivery of daily spam reports.   Alias addresses as main addresses If alias addresses are assigned to a main address, the end user additionally sees all emails in the email search. The addresses are used to authenticate the user when the web filter system is activated. New users can be added either manually or via the Import interface.   Function Relay The function Relay is only available for customers who have configured and retrieved their email messages via POP3 accounts using the setting Security Settings Spamfilter. Customers can only use this functionality for the domain whose postboxes are assigned to the manufacturer’s servers.   If POP3/IMAP is not configured as a destination server, the management element is not displayed in the Control Panel. If the user sets up a redirection, all emails are delivered to the destination address(es) specified by the customer, regardless of which domain it is assigned to.   Blacklists and whitelists can also be created for the redirection addresses. A list of all users can be read out via the Export (csv.) button.

Administration of User Settings

The tab User Settings allows you to manage the settings for registered users. The following settings can be made:
  • Entry of user data such as user name, password, email, status
  • Setting the time zone
  • Setting up redirects
  • Activate/deactivate the Infomail filter
  • Delivery times of spam reports
  • Creating alias addresses
  • Setting a proxy for the user’s email traffic
Control Panel Manual (Whitelabel)

Administration of user settings

Create Mailboxes automatically

Control Panel offers various options for automatically creating mailboxes. These settings can be found in the Control Panel under Security Settings Spam FilterFiltering →  Relay check (check recipient adress).
Control Panel Manual (Whitelabel)

Automatic creation of mailboxes

  SMTP All emails marked as spam-free (Clean) will be delivered to the customer environment. If three emails are accepted for the same email address within eight hours, a main mailbox is automatically created. This is the default configuration. The disadvantage of this configuration is that alias addresses cannot be identified. There is consequently a risk of a high number of incorrectly created mailboxes.   LDAP You can synchronize the mailboxes with a directory service, such as Active Directory (AD). This ensures that the correct mailboxes and their alias mailboxes are always created in the system. A disadvantage can be the increased configuration effort, where the customer has to transmit the directory service information.   Control Panel Control Panel is the easiest way to control a large number of mailboxes. You can create postboxes manually or using the function Import. If this method is selected, mailboxes are not created automatically.

Create Mailboxes manually

  1. Click Customer Settings in the Control Panel.
  2. Select the tab Mailboxes → Postboxes.
  3. Enter a name for the postbox in the field User name.
  4. Select the domain for which you want to enter the mailbox.

    Info: You can also enter postboxes for created alias domains. These mailboxes are main mailboxes and will be charged separately.

  5. Enter a password for the mailbox in the field provided.
  6. Select one of the following options: User: Creates a main mailbox Forward: Creates a mailbox for redirection

    Note: A Forward feature is only available to customers who use email filtering to retrieve their email messages from POP3 accounts.

  7. Click Add to create the mailbox.
  8. Click Save to create the mailbox for a fee.
Mailbox is created.
Control Panel Manual (Whitelabel)

Steps for creating a mailbox

Import Postboxes

In addition to manually creating mailboxes, you can import mailboxes using a .csv file. This can be done both initially, if no addresses have yet been entered, and additionally during operation.  
  1. Click Customer Settings in the Control Panel.
  2. Select Mailboxes → Import.
  3. Click Select file. Control Panel Manual (Whitelabel) A window opens in which the corresponding .csv file can be selected. After selection, the mailboxes are displayed in the User Import field.
  4. Click Import.

    Note: The import process checks all addresses for the validity of the customer domain and for syntactical correctness.

  5. Click Import to transfer mailboxes.

    Attention: If you want to replace all existing mailboxes, select the option Add + delete old. This option deletes all existing mailboxes!

Mailboxes have been imported.

Note: The imported mailboxes are then displayed as main mailboxes under the tab Postboxes. Alias mailboxes are assigned to the respective main mailbox and displayed in User Settings under the tab Aliases.

Groups

Under Groups you can create new groups, combine several mailboxes into one group and manage the existing groups. Existing group lists can be exported as CSV files and be re-imported at the appropriate locations (see CSV import). Control Panel Manual (Whitelabel) The following options are available for managing groups: Control Panel Manual (Whitelabel)

Add new group

Create a new group from existing mailboxes.
  1. Navigate to Customer Settings –> Groups.
  2. Click on + Add group.
A drop-down menu opens . Control Panel Manual (Whitelabel)
  1. Assign a group name under Name (1) and optionally describe the group in the field Description (1a).
  2. Under Mailboxes (2), select at least one mailbox to add to the group.
    Existing group lists can be imported here as a CSV file (2a).
    The selected mailbox is displayed in the window Assigned to group (3).
  3. Click Add Group to combine the selected mailboxes into one group (4).
You have added selected mailboxes to a group.

Manage members

Manage the members of an existing group.
  1. Navigate to Customer Settings –> Groups and click on the arrow for the desired group. Control Panel Manual (Whitelabel)
  2. Click on Manage members. A drop-down menu with two windows will open, showing all registered mailboxes (left) and all mailboxes assigned to the group (right). Control Panel Manual (Whitelabel)
    Manage the members of a group:
  • If you want to add more members to the group, click on the members to be added in the Mailboxes (left) window.
    You can also import existing group lists as a CSV file (see import CSV).
  • If you want to remove already existing members from the group, click within the window Assigned to Group (right) on the group members to be removed.You have assigned or removed members from the selected group.
  1. Click Save Changes to save the updated group. 
You have successfully managed the group.

Rename group

  1. Navigate to Customer Settings –> Groups and click on the arrow for the desired group. Control Panel Manual (Whitelabel)
  2. Click on Rename. A drop-down menu opens.Control Panel Manual (Whitelabel)
  3. Enter the desired name for the group and click Save changes.
You have successfully renamed a group.

Customize description

  1. Navigate to Customer Settings –> Groups and click on the arrow for the desired group. Control Panel Manual (Whitelabel)
  2. Click on Customize description. A drop-down menu opens.Control Panel Manual (Whitelabel)
  3. Enter the desired description for the group and click on Save changes.
You have successfully added the group description.

Delete Group

  1. Navigate to Customer Settings –> Groups and click on the arrow for the desired group. Control Panel Manual (Whitelabel)
  2. Click Delete group.
When the group is deleted, all settings and group members are irrevocably deleted.
A warning message is displayed. Control Panel Manual (Whitelabel)
  1. Confirm the warning message by clicking Delete.
You have deleted the group.

Domains

Under Domains you will find an overview of all existing domains and alias domains. You have the possibility to create new domains and delete existing ones. You can also export displayed domains in CSV format and re-import them at the designated locations .

Add domain

  1. Navigate to Customer Settings –> Domains.
  2. Click on +Add Domain.
A drop-down menu opens. Control Panel Manual (Whitelabel)
  1. Enter a valid domain under Domain.
    Already existing domain lists can be imported here as CSV files.
  2. Click Add to add the registered domain.
You have successfully added new domains.

Delete Domains

  1. Navigate to Customer Settings –> Domains and click on the menu arrow of the desired domain.
    Deleting the domain irrevocably deletes all settings!
  2. Click Delete.
A warning message appears.
  1. Confirm warning message by clicking Delete.
You have successfully deleted the domain.

Restrictions

Under Restrictions, you can define individual password and IP restrictions for the Control Panel login. Control Panel Manual (Whitelabel)

Assign Password Restrictions

Set your own password restrictions.
  1. Navigate to Customer Settings –> Restrictions.
  2. The password restrictions will be inherited to all subordinate domains!
  3. Activate the desired password restrictions.
  4. Click Save to apply the settings.
    You have successfully assigned the password restrictions.

Add IP restriction

Assign your own IP restriction for the Control Panel login. The IP resrictions allow you to specify whether only selected IP addresses or IP address ranges are allowed when logging in to the Control Panel. If no IP restrictions are assigned, all IP addresses are allowed for the Control Panel login.
  1. Navigate to Customer Settings > Restrictions.
  2. Click on Add restriction.
  3. Enter a valid IP address or range of IP addresses and click Add.
You have set a password restriction.

Delete IP restriction

Delete a specified IP restriction. If no IP restrictions are assigned, all IP addresses are permitted for the Control Panel login.
  1. Navigate to Customer Settings > Restrictions.
  2. Click on the menu arrow on the right in the line of the inserted IP restriction.
  3. Click on Delete to delete the IP address or IP address range.
You have deleted an IP restriction.

CSV Import

The CSV import allows in special cases to import existing mailboxes, forwarding mailboxes, groups or domains via a CSV file. The Control Panel allows to import external data. Existing mailboxes, domains or groups that were previously exported or saved in the form of a CSV file can, for example, be re-imported at suitable locations. To ensure that an external CSV file can be imported into the Control Panel without errors, special rules must be observed regarding the format of the file, its content structure and a valid syntax.   Rules for the structure of a CSV file to be imported
  • The extension of the import file is always .csv. Other file extensions like .txt or .docx are not allowed and will not be accepted.
  • The CSV file contains only one column in which individual entries are registered with each other.
  • The first row is always the column name and can be named individually.
  • If alias addresses are assigned to a main address, they must be entered after the main address in the same line, separated by a comma (without spaces).
  • Double entries will not be considered.
  • When you try to upload the same file again, no data will be imported and an error message will appear.
  • Mailboxes, forwarding mailboxes and domains are only allowed to use valid addresses contain.
    Example: Structure of a CSV file with mailboxes/forwarding mailboxes Control Panel Manual (Whitelabel)
  • All entries are in one column and contain only valid email addresses.
  • The first row corresponds to an individually selected column caption.
  • Individual entries are located in individual lines below each other.
  • Alias addresses are entered after the main address in the same line and separated by a comma.
  Example: Structure of a CSV file with domains/alias domains
  • All entries are in one column and contain only valid domain names or alias addresses.
  • The first row corresponds to an individually selected column caption.
  • Individual entries are located in individual lines below each other.

Import List from CSV File

In some cases, you can import data such as mailboxes, groups, or domains via a CSV file. In addition to manually creating mailboxes, forwarding mailboxes, groups or domains, you have the option of importing them via a CSV list. This can be done both initially, if no data has been entered yet, and additionally during operation.  
  1. In the top right corner of the Control Panel, select the scope for which you want to make the changes.
The navigation menu Customer settings on the left side is displayed.    
  1. Select under Customer Settings whether you want to import the CSV list for groups or for domains:
 
To ensure that an external CSV file can be imported correctly into the Control Panel at a suitable location, special rules must be observed regarding the format of the file, its content structure and a valid syntax (see ).
 
  • If you want to import a list of groups, click Groups –> + Add group –> Import list from CSV file.
  • If you want to import a list of domains/alias domains, click on Domains –> Import list from CSV file.
 
  1. Select the file you want to import, and then click Open to import the selected list.
  The groups or domains are imported from the CSV file.   You have imported the list from the CSV file.

Black-/Whitelist

About the Black- and Whitelist

In the blacklist and whitelist module you can define that emails from specific senders or domains are always quarantined (blacklist) or delivered (whitelist).   Additionally, you can limit the delivery of emails for specific senders or domains to the email classifications (Infomail, Spam, Virus, Rejected).

Create Blacklist and Whitelist Entries

  1. Select the role, for which you want to create an entry from the scope selection. If you select a partner role, you can only create global entries for all underlying domains. If you select a domain, you can create entries for the whole domain or for specific groups of that domain.
    Note: If you have not selected a role from the selection, the user you logged in with is selected.
    Control Panel Manual (Whitelabel) Depending on the selected role, you can create entries that are valid globally for the domain, for specific groups or specific users.
  2. Select the module Black- & Whitelist. Control Panel Manual (Whitelabel)
  3. Select the tab with the corresponding list: Choose from: a. Blacklist b. Whitelist
  4. Click on Insert. An input field opens.
  5. Enter an email address or domain name into the field Value.
    If entering a domain name use the following syntax: domainname.tld
    Global blacklist entry partner Control Panel Manual (Whitelabel) Domain blacklist entry Control Panel Manual (Whitelabel) User blacklist entry Control Panel Manual (Whitelabel)
  6. Optional: If entering an entry as domain administrator, you can select a group. a. Activate the checkbox under Group. b. Click on the group selection and select a group from the drop down menu. Control Panel Manual (Whitelabel)
  7. Click on Submit.

Delete Blacklist or Whitelist Entries

  1. Open the Black- & whitelist module.
  2. Select the tab with the desired list.
  3. Click on the arrow symbol on the right side of the entry you would like to delete.
  4. Click on Delete.
You will receive a notification after successfully deleting the entry.Example: Deleting entries from black- or whitelists Following, the blacklist entry test@testdomain is deleted. Control Panel Manual (Whitelabel)

Search Functionality

The search functionality is similar to the search in the Email Live Tracking. Just enter the search phrase into the search field and the results are filtered dynamically. Example: Search entries in the blacklist and whitelist module The blacklist of the user admin@talltara.com is searched for the term test. Only results starting with test are shown. Search the blacklist Control Panel Manual (Whitelabel)

Hierarchy of Blacklist and Whitelist Entries

The blacklist and whitelist entries are processed in the following order from the highest to the lowest priority:
  • User whitelist
  • User blacklist
  • Domain and group whitelist
  • Domain and group blacklist
  • Partner whitelist
  • Partner blacklist
If the system finds a fitting entry on either list, the execution is stopped and the remaining entries are not checked. Example: Processing hierarchy of blacklist and whitelist entries A user adds the sender address example@example.com to the user whitelist. The domain administrator adds this account to the domain blacklist. The emails from that account will be delivered to the user, but not to any other user who has not whitelisted that account.

Security Settings (DAP)

In the security settings you will find configuration options for the following services:

  • Signature & Disclaimer
  • Hornetdrive

Advanced Threat Protection (ATP)

Advanced Threat Protection (ATP) protects your business from targeted and individual attacks from the first malicious email. Highly innovative forensic analysis engines ensure that attacks are stopped immediately. At the same time, the solution provides detailed information about the attacks on your company. Control Panel Manual (Whitelabel)

ATP Engines

ATP uses engines to detect and stop attacks:
  • Sandbox Engine: Attachments are executed in a variety of system environments and their behavior is analyzed. If it turns out to be malware, you are notified. Protects against ransomware and blended attacks.
 
  • URL Rewriting: The URL rewriting engine secures all Internet calls from emails via the web filter. In the process, the sandbox engine also analyzes downloads.
 
  • URL Scanning: A document (such as PDF, Microsoft Office) attached to an email may contain links. However, these cannot be replaced, as this would violate the integrity of the document. The URL scanning engine leaves the document in its original form and only checks the target of such links.
 
  • Freezing: Emails that cannot be instantly classified but look suspicious are retained for a short period by freezing. An additional scan is performed later with updated signatures. Protects against ransomware, blended attacks and phishing attacks.
 
  • Ex post alerts: If it turns out that an already delivered email must be considered as potentially harmful, the respective company’s IT security team is notified about the extent and possible countermeasures as soon as this is known. This permits rapid containment of a dangerous situation.
 
  • Targeted Fraud Forensics: Targeted fraud forensics detects targeted personalized attacks without malware or links. The following detection mechanisms are used for this:
    • Intention recognition system: alerts about content patterns that indicate malicious intent.
    • Fraud attempt analysis: checks the authenticity and integrity of metadata and email content.
    • Identity Spoofing Recognition: detection and blocking of forged sender identities.
    • Spy-out detection: Protects against attacks trying to obtain sensitive information.
    • Feign facts identification: content analysis of messages based on provision of feigned facts.
    • Targeted attack detection: detection of targeted attacks on individuals.
 

Activating ATP

Attention: Activating the ATP may cause additional costs!
  1. Navigate to Security Settings Advanced Threat Protection within the Control Panel.
  2. Click on the Advanced Threat Protection slider. Control Panel Manual (Whitelabel)A confirmation window with information on fees pops up.
  3. Confirm the activation with OK. Control Panel Manual (Whitelabel)

Info: From now on there is the possibility to start the ATP scan for incoming emails with potentially dangerous attachments in the email display (see: Email Live Tracking) also on administrator level, who do not yet use ATP.

You have activated ATP.

Important: The URL Rewriting and the Targeted Fraud Forensics are not activated via the Control Panel. In order to activate the URL Rewriting and the Targeted Fraud Forensics, contact the support.

Adding a Recipient of Alerts

Enter the email addresses of the users who should receive real-time alerts and Ex Post alerts.

Before you start: Enable Advanced Threat Protection.

  1. Navigate to Security Settings –> Advanced Threat Protection.
  2. Click on Add recipient.
    It is strongly recommended that you register your company’s security officers as recipients.
    Control Panel Manual (Whitelabel)
    A new input field appears below the button.
  3. Enter the desired email address in the input field.
    Control Panel Manual (Whitelabel)
  4. Enter an email address.
  5. Click on Add.
    The email address you entered appears in the Email section at the bottom of the page.

    You have entered an email address for the reception of alerts.

Removing Recipients of Alerts

Remove one or all email addresses from the list of recipients of alerts. Advanced Threat Protection is enabled and recipients of alerts are registered.
  1. Navigate to Security SettingsAdvanced Threat Protection.
  2. To delete a single email address, follow these steps:
    1. Navigate to the bottom of the page. You will find the registered email addresses under Email. Control Panel Manual (Whitelabel)
    2. Click on the icon Delete on the right side of the row of the desired e-mail address. The desired e-mail address is removed from the recipient list.
 
    To delete all recipients at once, follow these steps:
  1. Click Delete all recipients. Control Panel Manual (Whitelabel) A confirmation window opens.
  2. Acknowledge by clicking the button Confirm. All email addresses have been deleted from the recipient list.
You have removed some or all email addresses from the recipient list for alerts.

Initiate an ATP Scan Manually

You can scan incoming emails with potentially dangerous attachments in the Control Panel using ATP.

Note: The ATP scan is only available for emails with executable attachments (e.g. .exe file). Furthermore, clean emails that have already been delivered can only be scanned when the products Email Archive or the Contingency Covering are active.

Info: You can perform two ATP scans for email attachments each month for free. For additional analyzes you have to activate Advanced Threat Protection.

  1. Open the workspace Email Live Tracking in the Control Panel.
  2. Open the details for the email you want to scan by ATP. Control Panel Manual (Whitelabel)
  3. Click on the magnifying glass to start the scan. Control Panel Manual (Whitelabel)
After you have started the ATP Scan, you will get a notification.

Note: The scan process can take up to 15 minutes until it is finished.

After the scan is done, you can open the ATP report for the analyzed file under ATP in the extended information for the scanned email. Control Panel Manual (Whitelabel) Control Panel Manual (Whitelabel)

Real-Time Alert

As soon as ATP detects an attack, a notification is sent to your company to inform you immediately about a possible threat. The person in charge receives various details about the type and target of the attack, the sender and the reason why an email was intercepted.
Info: Alerts are sent when:
  • Malware code was found in the sandbox.
  • URL scanning has found a suspect URL.
  • URL rewriting has blocked a website or download.
Control Panel Manual (Whitelabel)

Real-time alert

Incoming emails that are classified as potentially dangerous by ATP are grouped together in the Control Panel under the ATP category and displayed in dark blue.
Control Panel Manual (Whitelabel)

ATP category

ATP-Report

The ATP report gives you detailed information about the analyzed file. To view an ATP report, select ATP ReportView ATP Report from the details window to the right of the selected email.
Control Panel Manual (Whitelabel)

View ATP-Report

  The ATP report is divided into four main sections:
  • Summary
  • Static Analysis
  • Network Analysis
  • Behavioral Analysis
    Summary Here you will find an overview of the analyzed file. In addition, the file is rated with a score from 0 to 10, where 0 is no danger and 10 is the most dangerous rating. The Signatures section classifies the behavior of the file into three categories:
  • Information
  • Attention
  • Warning
If you click on a signature, the advanced process information is displayed.
Control Panel Manual (Whitelabel)

ATP-Summary

  Static Analysis The static analysis is divided into three subcategories:
  • Static Analysis – Static analysis of the file (depending on the file format).
  • Strings – Output of the occurring strings of the file.
  • Antivirus – analysis of the file by different antivirus programs.
Control Panel Manual (Whitelabel)

ATP-Static Analysis

  Network Analysis In the network analysis, all network traffic is analyzed and listed according to protocols (e.g. HTTP, TCP, UDP).
Control Panel Manual (Whitelabel)

ATP-Network Analysis

  Behavioral Analysis The behavior analysis analyzes the behavior of the file at runtime. Displays all system API calls and processes logged during dynamic sandbox analysis. The results are divided into two sections:
  • Process Tree: Here the processes are displayed in hierarchical order.
  • Process Contents: If you select a process from the Process Tree, the executed API queries are displayed here in chronological order.
Control Panel Manual (Whitelabel)

ATP-Behavioral Analysis

Ex Post Alert

If it turns out that an already delivered email must after all be considered as potentially harmful, the respective company’s IT security team is notified about the extent and possible countermeasures as soon as this is known. This permits rapid containment of a dangerous situation.   With Ex Post Alerts, your IT security team receives an automatic notification if an email that has already been delivered is subsequently classified as malicious. You will receive a detailed evaluation of the attack so that you can immediately initiate actions such as checking the systems or sensitizing your own employees.

Note: Ex Post Alerts is automatically activated for all ATP customers.

Exclude Websites from ATP Scanning

Exclude websites from the automatic ATP scan by putting them on the whitelist.
  1. Open the Control Panel.
  2. Select the domain for which you want to create the desired whitelist entry. Control Panel Manual (Whitelabel)
  3. Under Webfilter, click on Black- & Whitelist. Control Panel Manual (Whitelabel)
  4. Select the whitelist, you want to create an entry for:
    1. User Whitelist
    2. Groups Whitelist
    3. Global Whitelist Control Panel Manual (Whitelabel)
  5. Enter the domain name of the website, you want to exclude form ATP scanning into the field Domain. Control Panel Manual (Whitelabel)
  6. If you want to enter an whitelist entry for a specific user or group:
    1. Click on Select.
    2. Select the user or group from the window.
      You can search for the user/group in the field search.
    3. Click on apply, to select the user/group. Control Panel Manual (Whitelabel)
  7. Click on Add. The whitelist entry shows up in the list.
  8. Click on Save, to confirm the creation of the whitelist entry. Control Panel Manual (Whitelabel)
  You have created a whitelist entry. ATP will neither scan the website nor rewrite links in emails for this website.

Spam Filter

Filtering options:
Option Funktion
Domain Selection of the domain (or alias domain).
Filter type Select whether premium filtering (spam and viruses, high filtering rate) or only blocking based on blacklists and some mass spam rules (lower filtering rate) should be carried out.
Destination Server to which filtered emails are sent.
Note: If you specify a host name, an MX record resolution is always performed first, followed by an A record resolution. Several addresses can be entered. Addresses must be separated from each other by a comma. It is possible to enter CIDR ranges.
Outgoing relay / Email traffic Specifies mail servers whose outgoing email is to be sent via the spam filter service. Several addresses can be entered here.
Info: Bounce Management checks incoming undeliverability notifications to determine whether outgoing emails were actually sent via the domain’s relay server or via a fake sender address as a return of a spam attack.
Relay check Rejects non-existent email addresses.
Relay check per SMTP Checks the validity of the email address using the address of the target server.
Note: For Relaycheck via SMTP, you can select an alternative IP address for Relay Check. It is useful, for example, if the valid emails are first sent to a relay gateway after the check.
Relay check per LDAP Checks the validity of the email address.
Important: LDAP synchronization must first be set up for this function. Please contact our support team.
Relay check per Control Panel For incoming emails, the system checks whether the recipient is already configured as a user in the Control Panel.
Email Spam handling Configuration for handling with spam mails:
  • Store in quarantine (default, recommended): Lists of detected spam mails are sent to recipients at intervals (digest).
  • Tag: All spam mails with a prefix in the subject will be delivered. You can enter the prefix in the field Phrase.
Control Panel Manual (Whitelabel)

Spam Report

Spam report allows to configure individual settings for spam corrections of a domain. Following settings can be activated or deactivated via the spam report:

  • Delivery of certain types of email such as Infomail, Spam, Virus, Content
  • Setting for user-defined delivery times
  • Delivery of a report for all detected and quarantined spam emails to an email address
  • Selection of an individual template for a spam report
Control Panel Manual (Whitelabel)

Setting the spam report

Content Control

Content Filter provides domain administrators and partners with the ability to manage attachments from incoming and outgoing emails. The administrator can remove suspicious email attachments from emails or block affected emails after exceeding a maximum allowed size. Unwanted attachments can be explicitly forbidden by specifying file types. File types can be assigned in collective terms and excluded (see Forbidden File Types).

Activate Content Control

Prerequisite: A group is entered under the level customer domain (see Create new Group).
  1. Select the tab Security Settings → Content control.
  2. Activate the checkbox Content Filter. Control Panel Manual (Whitelabel)
Content Control is activated.

Add new Group

  1. Click Select under Group to select the stored groups. A new window opens.
  2. Select the desired group and click Apply. Control Panel Manual (Whitelabel) The selected group is displayed.
  3. Click Control Panel Manual (Whitelabel)  to add a group.
Group is added. Content Filter can be set for this group.

Setup Content Control

Incoming and outgoing emails can be managed in the Content Control.
  1. Go to Security Settings > Content Control and select the policy for which you want to make filter settings: a) For incoming emails, click on Incoming Email Policy. b) For outgoing emails, click on Outgoing Email Policy. Control Panel Manual (Whitelabel)
  2. Specify the maximum email size in kilobytes.
    Note: The maximum email size must not exceed the size limit of the email server used.
  3. Select the action to be performed for emails with forbidden attachments: a) Cut the attachment and inform the receiver b) Block Email Control Panel Manual (Whitelabel)
  4. Optionally, activate Forbid encrypted attachments to detect encrypted attachments and define the file types that the content filter should prohibit. Click Add to save the file types.
    Note: Content Control not only checks the file extension but also the MIME type of the file. MIME type may differ from the file extension.
  5. Optionally, activate Settings like above to prohibit contained file types in archives. Click Add to save the file types.
  6. Confirm the changes with Save. Control Panel Manual (Whitelabel)
Content Control is set up.

Forbidden File Types

Unwanted file types can be prohibited by specifying collective terms.
Colective term Forbidden file type
 .executable .action .apk .app .bas .bat .bin .cab .chm .cmd .com .command .cpl .csh .dll .exe .gadget .hta .inf .ins .inx .ipa .isu .job .jar .js .jse .ksh .lnk .msc .msi .msp .mst .osx .paf .pcd .pif .prg .ps1 .reg .rgs .run .scr .sct .sh .shb .shs .u3p .vb .vba .vbe .vbs .vbscript .vbx .workflow .ws .wsc .wsf .wsh
.mediafile .aif .flv .mp1 .mid .mp5 .mpa .wma .mp2 .mpe .swf .wmf .wav .mp4 .wmv .mpg .avi .mov .mp3 .mpv2 .mp2v .aiff .mpeg
.docmacro Heuristic detection of macro patterns in .doc attachments. Not all types of macros are captured by this filter.
.xlsmacro Heuristic detection of macro patterns in .xls attachments. Not all types of macros are captured by this filter.

Compliance Filter

Compliance Filter lets you create custom filter rules to categorize incoming email as Clean, Spam, or Virus, for example. In addition, you can reject emails, send them to another email server or change the recipients.
Attention: The use of incorrect filter rules has a considerable negative effect on email traffic. Filter rules can also be used to override email services. Compliance Filter is also not suitable for address rewriting.
Compliance Filter checks both incoming and outgoing email traffic. You can set up three different filter types:
  • Advanced filter type where the sender, recipient, IP , hostname and subject are checked for search terms
  • Filter for content in the email header
  • Filter for content in the email body
In the email and body header, only the search term must be entered in the input field. With the extended filter type, several criteria can be evaluated in parallel. Actions can be defined for the individual filters, which are automatically executed by the filter if an email matches the set filter criteria. Different actions are possible for incoming and outgoing emails.

Setup Compliance Filter

Note: Compliance Filter settings can only be made via a partner account or as a domain administrator.

  1. Open the Control Panel and log in.
  2. Select the domain for which you want to activate the Compliance Filter.Control Panel Manual (Whitelabel)
  3. Click on Security Settings Compliance Filter.
  4. Activate the checkbox Activate Compliance Filter. Control Panel Manual (Whitelabel)
  5. Confirm activation with Save.
The Compliance Filter is activated.

Add Filter

To define a filter, you must add a new filter.
  1. Open Compliance Filter in the Control Panel and click Add. Control Panel Manual (Whitelabel)
    Note: Compliance Filter distinguishes between rules for incoming and outgoing emails.
  2. Select the email direction for your filter from the field Direction. 
  3. Select the type of filter with Type. Compliance Filter distinguishes between three filter types:
  • Email-Body: Expression searched in the email body.
  • Email-Header: Expression that is searched for in the email header.
  • Advanced: You can define expressions for each of the seven occurring fields and use them individually or in combination.
  1. Define your individual filter rules. Examples of this can be found in the chapters Filter Sequence and Classification.
  2. Optionally, add a description in the field Info.Control Panel Manual (Whitelabel)
    Info: The text entered into the field Info has no effect on the filter rule.
  3. Click OK to create the rule.
  4. Confirm your entries with Save.
Filter was added.
 

Define Filter Rules

Compliance Filter searches emails for terms that you define in the fields provided. The following are simple examples of how to create filter rules in the different filter types.
Note: In order to define filters more precisely and versatilely, it is also possible to use regular expressions. For a description of the structure and functionality of regular expressions, see Regular Expressions.
Examples:
FeldKurzbeschreibungBeispiel
E-Mail-HeaderDurchsucht den E-Mail-Header auf den eingegebenen Begriff.Rechnung
FromFilterung auf Envelope-SenderAdresseuser@gevonne.com
ToFilterung auf EnvelopeRecipient-Adresse.user.extern@yahoo.com
IPÖffentliche IP-Adresse des absendenden E-Mail-Servers.
Anmerkung: Die Angabe der IP-Adresse erfolgt immer ohne Subnetzmaske.
Richtig: 0.0.0.0 Falsch: 0.0.0.0/24
HostnamePTR-Record (Hostname der Rückwärtsauflösung der IP).mailserver.gevonne.com
SubjectFilterung nach dem Betreff der E-Mail.Spammanagement
AttachmentsFilterung nach E-Mail-Anhängen..jpg
Greater than (KB/MB)Gewünschte Maximalgröße der E-Mails.500

Attachments

You can filter for email attachments within the field Types → Advanced. Enter the file type (e.g. .exe or .jpg) in the field Attachments .
Note: The Compliance Filter cannot apply the collective terms for file attachments.

Define Actions

You can define an action for each filter rule, that is executed if the rule matches.
Note: Compliance Filter differs between actions for incoming and outgoing emails. The actions Tag as Clean, Spam or Virus can only be used on incoming emails. The action Notify Sender can only be used on outgoing emails.
Action Description
Reject The email server is informed about the disconnection error with an error code and a text. (554 5.6.9 customer rule based reject by compliance filter). The notification of the sender lies in responsibility of the email server.
Redirect The email is redirected to one or more email addresses.
Note: You can enter as many email addresses as you want. Separate the different addresses with spaces.
Reroute The email is sent to another IP address or hostname.
Note: You can only enter one IP address or hostname into the field.
Add BCC This action automatically adds one or more BCC Recipients. You can add as many email addresses as you want. Separate the email addresses with spaces.
Notify Sender The Sender automatically receives an infomail, as soon as their email is accepted by the destination server.
Tag as Clean Classifies the incoming email as clean.
Tag as Spam Classifies the incoming email as spam..
Tag as Virus Classifies the incoming email as Virus.

Filter Sequence and Classification

You can change the sequence of the filter rules in the overview of the compliance filter.
Important: You must observe the predefined sequence of filter rules (see figure below). If a rule applies and a filter rule therefore takes precedence, processing is stopped and defined filter rules are not applied if necessary.
Control Panel Manual (Whitelabel)

Note: The compliance filter cannot be used to create exceptions for the content filter. In this case the content filter takes precedence over the compliance filter and thus deviates from the regular ruleset order.

The following examples illustrate the sequence in which rules are processed.

Example: Simple filter application sequence

Initial situation:: The filter rule above is defined as the only rule. There are no other rules applied to the case study. Procedure:
  1. An email from “rechnungen@kreditor.de” is sent to any user of the domain “debitor.de”.
  2. Compliance Filter first searches the Body rules, then the header rules and matches the rule in the advanced rules
  3. The rule is applied and the Compliance Filter does not search for further rules.
Control Panel Manual (Whitelabel)

Example: Simple sequence

Example: Conflict between two rules of one type

Initial situation: Two different rules are defined for outgoing emails to “order@anycompany.com”. In the overview the rule (ID 281503) stands before the rule (ID 281523). No other rules apply to that case. Procedure:
  1. An email from any user will be sent to “bestellungen@kreditor.de”.
  2. The Compliance Filter first searches the body rules, then the header rules and finds a match in the advanced rules.
  3. The rule to add the CEO to the BCC (ID 281503) is processed and the execution is stopped. The rule to add the purchase department to the BCC (ID 281523) is not being processed.
Control Panel Manual (Whitelabel)

Filter rile: Add BCC to ceo@

Control Panel Manual (Whitelabel)

Filter rule:  Add BCC to einkauf@

Control Panel Manual (Whitelabel)

Status of defined filters

Example: Conflict between multiple rules in different types

Initial situation: Incoming emails that contain a link to Facebook are marked as spam. The marketing department is partly excluded from that rule, when receiving emails from Facebook directly, they are marked as clean. In the overview the rule (ID 259163) stands before the rule (ID 259143). No other rules apply to that case. Procedure:
  1. A marketing recipient receives an email from Facebook containing a link.
  2. The Compliance Filter searches the body rules and hits the rule (ID 259143).
  3. The email is marked as spam, no other rule is applied.
  4. Rule (ID 259163) is being ignored, although it is above the other rule in the overview as the body rules are applied first.
Control Panel Manual (Whitelabel)

Filter rule: mark emails as “valid”

Control Panel Manual (Whitelabel)

Filter rule: mark emails as “spam”

Control Panel Manual (Whitelabel)

Filter rules

Example: conflict between Compliance Filter rule and an existing filter

Initial Situation: Due to an increased amount of spam from a certain IP address, a rule is defined that always marks emails from this IP address as spam. No further compliance filter rules are defined to that case. Procedure:
  1. A sender of the domain behind the IP address sends an email to any recipient.
  2. Compliance Filter first searches the body rules, then the header rules and matches a rule in the advanced rules.
  3. The email is marked as spam and the execution is stopped.
  4. We have defined a filter rule for that specific domain and the increased spam occurrence could be localized to the sender “info@”. No other email address sent spam from that domain. Our rule is not being searched and therefore the defined filter rule has a to large scope. Clean emails could now be tagged as spam.
Control Panel Manual (Whitelabel)

Filter rule: mark emails as “spam”

Regular Expressions

You can use regular expressions (RegEx) within the Compliance Filter to extract information from a string. This makes it possible to recognize patterns in subject lines or other email components and filter emails accordingly. Note that the system automatically places a “.*” in front of the beginning and end of the subject line and in the email body and header.
Note: Within the Compliance Filter you can create regular expressions according to Perl Compatible Regular Expressions. Other libraries are not supported. (Further information can be found at: http://www.pcre.org/). In addition, there are special restrictions, which are explained below.

Example: Using Regular Expressions in the Compliance Filter

Initial situation: Users often received emails with the subject containing the word “porn”. A filter rule has been defined to mark it as spam. Recently, however, there has been an increase in the number of emails using Leetspeak to bypass this filter. For example, emails with the subject “p0rn” are received that are not marked by the compliance filter. In this case, the use of a regular expression is more effective:
Control Panel Manual (Whitelabel)

Using a Regular Expression in the Compliance Filter

Instead of the dot any character is interpreted as valid. Therefore, the filter is not determined to an “o”, it reacts to any letter, digit and special character

Advanced Routing

You can use the Advanced Routing function to assign different mail servers to individual users or groups. Email traffic is then routed through these servers.
  1. Navigate to Security SettingsAdvanced Routing.
  2. Activate the checkbox Activate Advanced Routing. Further selection windows are activated.
  3. Select whether routing is to be performed for specific users or a user group.
  4. Click Select to select a user or user group.
  5. Enter the IP or host address that you want to use to route email traffic.
  6. Click Add. The selected group is displayed in the list below.
  7. Confirm the changes with Save.
Control Panel Manual (Whitelabel) Advanced Routing is set up.

Signature and Disclaimer

Signature & Disclaimer controls the automated provision of email signatures and disclaimers on all gates. The tool dynamically generates user specific signatures, matching the Active Directory. The signatures are based on predefined templates and are included automatically after the current text of the email.

Mobile use of Signature and Disclaimer

With the activation of Signature and Disclaimer, the created signatures and disclaimers are also attached to emails sent from mobile devices.

Note: When using a mobile device with the Android, the installed Android version must still be supported so that the signature and the disclaimer are properly attached. Make sure that you are using a supported version so that your emails are displayed correctly.

Activate LDAP for Signature and Disclaimer

To use Signature and Disclaimer, you must first activate it in the Control Panel. After the activation, you can optionally configure a different LDAP server for the synchronization and enter filters for the user synchronization.  
  1. Select Service DashboardLDAP connectionAdvanced Signature and Disclaimer in the Control Panel.
  2. Activate the checkbox Activate Advanced Email Signature and Disclaimer.

    Note: Activating Advanced Email Signature and Disclaimer could be additionally charged depending on your license.

  3. Confirm the notification with OK.
  4. Note: Follow this step if you want to use a different directory service for the user synchronization with Signature and Disclaimer.

    Deactivate the checkbox Use LDAP information for Advanced Signature and Disclaimer.
    • Define the logon information in the appearing fields. Control Panel Manual (Whitelabel)
  5. Enter the desired filter in the field LDAP Filter.

    Note: The value proxyaddresses=* selects all users in an Active Directory.

    Note: If your template does not comply with your directory structure, you can customize it here individually.

  6. Click on Save in the lower left corner of the window. Control Panel Manual (Whitelabel)
  LDAP for Signature and Disclaimer has been activated in the Control Panel. Now you can configure Signature and Disclaimer for users and groups of your directory service.

Activate Signature and Disclaimer

To use Signature and Disclaimer, you must organize the users in an Active Directory and have the LDAP synchronization for the domain activated in the Control Panel.

Note: Signature and Disclaimer can be used for plain text messages as well.

You can access the Signature and Disclaimer web interface in the Control Panel under Security SettingsSignature & Disclaimer.
  1. Select the customer from the scope selection for which you want to activate the product for.

    Note: Activate the checkbox Activate Advanced Email Signature and Disclaimer.

    Control Panel Manual (Whitelabel)

    Activate Signature and Disclaimer

  2. Click on OK to confirm the activation.

Create Signatures and Disclaimers

The main functionality of the web interface is to create templates for signatures or disclaimers. The different templates for signatures and disclaimers are applied on groups. The groups are visible on the left side of the main window. If you have not created any groups in the Control Panel, you can select the group default to assign the same signature or disclaimer to all users.

Note: In the Control Panel you can create groups under the area Customer SettingsGroups. Further information about groups are available in the Control Panel manual at: Groups administrative component

  1. Select a group on the left side of the main window under Groups.

    Note: You can click on the Search field to search for and select a group from the drop-down menu.

    Control Panel Manual (Whitelabel)
  2. Select the group in the list of added groups to create signatures and disclaimers for. Control Panel Manual (Whitelabel) On the right side of the main window appears the selection of signatures and disclaimers.
  3. Click on the + under Disclaimer or Signature to create a new template. Control Panel Manual (Whitelabel)
  4. Enter a name for the new template. You can create the templates for signatures or disclaimers for both HTML and plain emails at the same time. The templates are created separately.
  5. Select the format for which you want to create the template:
    • HTML
    • Plain

    Note: You can switch between the formats during editing.

  6. Define the template in the What You See Is What You Get Editor (WYSIWYG). Control Panel Manual (Whitelabel)
  7. Click on Save and select the created template in the main window. Control Panel Manual (Whitelabel)
You have created a signature or a disclaimer.

Edit or Delete Signature and Disclaimer Templates

Edit or delete the defined templates for signatures and disclaimers.
  1. Click on the field Search in the main window under Signature or Disclaimer and select the desired template. Control Panel Manual (Whitelabel)
  2. Select one of the following actions:
    • To edit the selected template, click on the pen next to the template’s name. The editor appears and you can edit the template. Control Panel Manual (Whitelabel)
    • To delete the selected template, click on the red and confirm the deletion with OK. Control Panel Manual (Whitelabel)
You have edited or deleted a signature or a disclaimer.

Using the WYSIWYG-Editor

You can enter user attributes from the Active Directory into the WYSIWYG editor by selecting them from the drop-down menu AD-Variables. You can easily create templates for signatures and disclaimers in the WYSIWYG editor. The editor provides simple formatting options for example, paragraph alignment, font style and bulleting. Furthermore, you can use variables from the Active Directory to, for example, insert the first and last name of a user. The following table provides all Active Directory attributes that you can select under AD-Variables in the editor.

Note: You must have defined the variables in your Active Directory to use them in the editor.

Important: When using the Azure Active Directory, not all attributes from the following table are synchronized. You can find a table with usable attributes under Synchronized Attributes from the Azure Active Directory.

AD-Variable Description
cn Common name
company Company
countryCode Country Code
department Department
description Description
directReports Employee
displayName Complete name
facsimile TelephoneNumber Fax
givenName First name
homePhone Private phone number
info Jobtitle/Position

Note: The field Title is often used for other purposes. Therefore, the term Info is used here for the LDAP-attribute Title (Jobtitle/Position).

ipPhone IP Phone
I (lowercase L) City
mail Email address
manager Manager
mobile Mobile phone number
msExchlMAddress IM address
pager Pager number
physicalDeliveryOfficeName Office
postalCode Postal code
postOfficeBox Post office box
samAccountName User account name
sn Surname
st State
streetAddress Street
telephoneNumber Phone number
wwwHomepage Website
Control Panel Manual (Whitelabel)

Synchronized Attributes from the Azure Active Directory

With the Azure Active Directory of Microsoft only certain attributes are synchronized for Signature and Disclaimer.   The following attributes are synchronized and can be used to create signatures and disclaimers:
AD-Variable Description
countryCode Country Code
department Department
displayName Complete name
company Company
physicalDeliveryOfficeName Office
givenName First name
info Jobtitle/Position

Note: The field Title is often used for other purposes. Therefore, the term Info is used here for the LDAP-attribute Title (Jobtitle/Position).

l (lowercase L) City
mail Email adress
mobile Mobile phone number
postalCode Postal code
sn Surname
st State
streetAddress Street
telephoneNumber Phone number

Hide Empty Active Directory Elements

You can use the If Not Empty function to hide content in signatures and disclaimers if certain AD variables are not filled for users.
  1. Create a new signature or disclaimer or edit an existing one.
  2. Select the line in the editor in which you want to insert the AD variable.
  3. Click on If Not Empty. Control Panel Manual (Whitelabel)
  4. Select the desired AD variable from the field Variable. Control Panel Manual (Whitelabel)
  5. Enter the text that you want to hide if the element is not filled for the user.
  6. Confirm with OK.
  7. It is also possible to enter an AD variable in the text to be hidden:
    • Click on the position in the editor between the If Not Empty tag at which you want to insert the AD variable to be hidden.
    • Select the AD variable from the drop-down menu. Control Panel Manual (Whitelabel)
  8. Click on Save to save the signature or disclaimer.
Example: Hiding non-existent AD variables The following signature is created for all users:
Control Panel Manual (Whitelabel)

Signature in the Editor

The following signature is displayed for users with a mobile phone number: Control Panel Manual (Whitelabel) The following signature is displayed for users without a mobile phone number: Control Panel Manual (Whitelabel)

Include Subsignatures

You can use subsignatures to include previously created signatures in a signature.

Important: Subsignatures can only be used in signatures. At least one signature must exist that you can include as a subsignature.

  1. Create a new signature or edit an existing one.
  2. Select the line in the editor, in which you want to insert the subsignature.
  3. Click on Sub-Signatures and select the subsignature from the existing signatures. Control Panel Manual (Whitelabel) A placeholder is inserted or the subsignature. Control Panel Manual (Whitelabel)
  4. Click on Save.
  5. Note: In order to use a signature as a subsignature, it must be activated first.

    To activate a signature to use as a subsignature:
      1. Open the edit mode of the signature you want to use as a subsignature.
      2. Set the toggle to Active. Control Panel Manual (Whitelabel)
    Activated and deactivated signatures are marked in the selection. Control Panel Manual (Whitelabel) Control Panel Manual (Whitelabel)

Insert HTML Source Code

You can use the editor to insert HTML source code.
  1. In the WYSIWYG editor select the tab Tools and click on Source Code.

    Note: You can also edit the text that you have created previously in the WYSIWYG editor.

    Control Panel Manual (Whitelabel) A window appears.
  2. Enter the desired HTML source code and confirm with OK. Control Panel Manual (Whitelabel)
  3. In the editor click on Save to save your changes.

Preview Signatures and Disclaimers

Control Panel Manual (Whitelabel)

Example: Preview of a signature

With the preview you can apply a templates to specific users of your Active Directory. You can get a preview of the template you are creating or editing. Therefore, you can select any user in your Active Directory.

Embed images in Signature & Disclaimer

The WYSIWYG editor allows you to add images to your signature or disclaimer. After you have created your signature or disclaimer using the Web Interface and/or via LDAP, you can redesign them or edit already saved templates. Images can either be dragged and dropped directly into the WYSIWYG editor or embedded via URL.

Embed images using a URL

  1. When creating or editing a disclaimer or signature in the WYSIWYG editor, click the position where you intend to insert the image.
  2. Within the editor navigate to InsertImage. An input window with further parameters opens. Control Panel Manual (Whitelabel)
  3. Under Source (1), enter the address of the image that is to be representative for your link. Search the internet for the desired image and copy the stored image location. Control Panel Manual (Whitelabel) The location of the desired image is stored.
  4. Alternatively, enter a description under Image Description (2).
  5. If necessary, adjust the size of the image individually under Dimensions and save your input with Ok. Control Panel Manual (Whitelabel) The parameters have been stored and the image is displayed in the editor.
  6. Right-click on the image and select Link to enter a specific URL. Control Panel Manual (Whitelabel) An input window with further parameters opens. Control Panel Manual (Whitelabel)
  7. Enter the destination address of the desired website under URL (4).
  8. Alternatively, enter a text under Title (5) which should be displayed over the image when the mouse hovers over it.
  9. Under Target (6) select New window to open the linked website in a new tab to leave.
  10. Click on Ok and then on Save to save all data.

    Note: If necessary, repeat steps 1-10 if you want to insert several images.

The image was embedded to your signature or disclaimer via an URL. Control Panel Manual (Whitelabel) Control Panel Manual (Whitelabel)

Data synchronization via LDAP

Changes to the Active Directory cause a new synchronization.
If you change the Active Directory, these changes will be synchronized.

The changes in the Active_Directory are tracked using the USNChangedNr attribute. If the value changes, the dataset is synchronized.

Note:
If you perform a backup, the USNChangedNr is not increased but reset to an earlier value. The dataset is then also synchronized again.

Troubleshooting

When using Signature & Disclaimer errors may occur. In the following chapters the cause and the solution of frequent errors is explained.

Missing HTML Signature in Emails sent from Mail (Apple) or Thunderbird

Condition Emails sent from Thunderbird or Mail (Apple) do not attach the HTML signature, but the plain signature. If you have not specified a signature for plain text, the email will be sent without a signature.   Cause Some email clients such as Mail (Apple) and Thunderbird send emails by default as plain text and not in HTML format. Thus, the plain template is loaded in the Signature & Disclaimer.   Remedy for Mail (Apple) on MacOS   Workaround for Mail (Apple) on iOS
  • Format one or more characters bold, italic or underlined in your email text. The client sends the email in HTML format and Signature & Disclaimer attaches the HTML signature.
  Remedy for Thunderbird
  • For single emails: Select Write → Options → Delivery Format → Rich Text (HTML) Only aus. Control Panel Manual (Whitelabel)
  • For all emails: Select Write → Tools → Account Settings → Composition & Addressing and check the box Compose messages in HTML format. Control Panel Manual (Whitelabel)

Variables Are Not Referenced

Condition: You have inserted an AD variable or a subsignature and they are displayed incorrectly in the signature created. Cause: AD Variable does not exist The variable is not defined in the Active Directory. Control Panel Manual (Whitelabel) Remedy: Select the AD variables in the editor from the drop-down menu.   Cause: Subsignature does not exist The referenced signature does not exist or the name of the signature has been changed. Therefore, it cannot be included. Control Panel Manual (Whitelabel) Remedy: Select the signature to be included again from the Sub-Signatures drop-down menu.

Signature & Disclaimer - Static Version

You can create group-based signatures and disclaimers with the static version of Signature & Disclaimer manually if you did not configure an LDAP connection or if you do not use 365 Total Protection or Enterprise. The signature and the disclaimer are automatically attached to all emails of the user in the respective group.

Mobile use of Signature & Disclaimer

With the activation of Signature & Disclaimer, the created signatures and disclaimers are also attached to emails sent from mobile devices.

Note: When using a mobile device with the Android, the installed Android version must still be supported so that the signature and the disclaimer are properly attached. Make sure that you are using a supported version so that your emails are displayed correctly.

Activate Signature & Disclaimer

Contact the support in order to activate the static version of the Signature and Disclaimer.

Create Signatures and Disclaimers

The main functionality of the web interface is to create templates for signatures or disclaimers. The different templates for signatures and disclaimers are applied on groups. The groups are visible on the left side of the main window. If you have not created any groups in the Control Panel, you can select the group default to assign the same signature or disclaimer to all users.

Note: In the Control Panel you can create groups under the area Customer Settings > Groups. Further information about groups are available in the Control Panel manual at: Groups administrative component

  1. Select Signature & Disclaimer under Security Settings.
  2. Select a group on the left side of the main window under Group.

    Note: You can click on the Search field to search for and select a group from the drop-down menu.

    Control Panel Manual (Whitelabel)
  3. Select the group in the list of added groups to create signatures and disclaimers for. Control Panel Manual (Whitelabel) On the right hand side of the main window appears the selection of signatures and disclaimers.
  4. Click on the + under Disclaimer or Signature to create a new template. Control Panel Manual (Whitelabel)
  5. Enter a name for the new template.
You can create templates for signatures or disclaimers for both HTML and plain emails at the same time. The templates are created separately.
  1. Select the format for which you want to create the template:
    • HTML
    • Plain

      Note: You can switch between the formats while editing.

  2. Define the template in the What You See Is What You Get Editor (WYSIWYG editor): Control Panel Manual (Whitelabel)
  3. If you would like to use the created signature/disclaimer, activate the signature/disclaimer. Control Panel Manual (Whitelabel)

    Note: If you do not want to use the signature/disclaimer, but do not want to delete it, you can deactivate the signature/disclaimer. Set the controller on Inactive. A deactivated signature/disclaimer is marked with a red cross in the overview.

    The activated signature/disclaimer is displayed as active in the overview with a green hook. Control Panel Manual (Whitelabel)
  4. Save your template.
  5. Select the template in the overview. Control Panel Manual (Whitelabel)
  6. In the overview, click on Save to assign the previously selected template to the selected group.
You have created a signature and/or a disclaimer and assigned them to a group.

Edit or Delete Signature and Disclaimer Templates

Edit or delete the defined templates for signatures and disclaimers.
  1. Click on the field Search in the main window under Signature or Disclaimer and select the desired template. Control Panel Manual (Whitelabel)
  2. Select one of the following actions:
    • To edit the selected template, click on the pen next to the template’s name. The editor appears and you can edit the template. Control Panel Manual (Whitelabel)
    • To delete the selected template, click on the red and confirm the deletion with OK. Control Panel Manual (Whitelabel)
You have edited or deleted a signature or a disclaimer.

WYSIWYG Editor

You can easily create templates for signatures and disclaimers in the WYSIWYG editor. The editor provides simple formatting options for example, paragraph alignment, font style and bulleting. Enter your data manually.

Insert HTML Source Code

You can use the editor to insert HTML source code.
  1. In the WYSIWYG editor select the tab Tools and click on Source Code. Control Panel Manual (Whitelabel) A new window appears.
  2. Enter the desired HTML source code and confirm with Ok. Control Panel Manual (Whitelabel)
  3. In the editor click on Save to save your changes.
You have inserted HTML Source Code to be used as a signature or a disclaimer.

Embed images in Signature & Disclaimer

The WYSIWYG editor allows you to add images to your signature or disclaimer.

After you have activated the static version of the Signature & Disclaimer, you can create new signatures and disclaimers or edit already saved templates. The graphics can either be copied directly into the WYSIWYG editor using the Drag & Drop function or embedded in the form of a graphic address via an input window.

Embed images using a URL

  1. When creating or editing a disclaimer or signature in the WYSIWYG editor, click the position where you intend to insert the image.
  2. Within the editor navigate to InsertImage. An input window with further parameters opens. Control Panel Manual (Whitelabel)
  3. Under Source (1), enter the address of the image that is to be representative for your link. Search the internet for the desired image and copy the stored image location. Control Panel Manual (Whitelabel) The location of the desired image is stored.
  4. Alternatively, enter a description under Image Description (2).
  5. If necessary, adjust the size of the image individually under Dimensions and save your input with Ok. Control Panel Manual (Whitelabel) The parameters have been stored and the image is displayed in the editor.
  6. Right-click on the image and select Link to enter a specific URL. Control Panel Manual (Whitelabel) An input window with further parameters opens. Control Panel Manual (Whitelabel)
  7. Enter the destination address of the desired website under URL (4).
  8. Alternatively, enter a text under Title (5) which should be displayed over the image when the mouse hovers over it.
  9. Under Target (6) select New window to open the linked website in a new tab to leave.
  10. Click on Ok and then on Save to save all data.

    Note: If necessary, repeat steps 1-10 if you want to insert several images.

The image was embedded to your signature or disclaimer via an URL. Control Panel Manual (Whitelabel) Control Panel Manual (Whitelabel)

Troubleshooting

When using Signature & Disclaimer errors may occur. In the following chapters the cause and the solution of frequent errors is explained.

Missing HTML Signature in Emails sent from Mail (Apple) or Thunderbird

Condition Emails sent from Thunderbird or Mail (Apple) do not attach the HTML signature, but the plain signature. If you have not specified a signature for plain text, the email will be sent without a signature.   Cause Some email clients such as Mail (Apple) and Thunderbird send emails by default as plain text and not in HTML format. Thus, the plain template is loaded in the Signature & Disclaimer.   Remedy for Mail (Apple) on MacOS   Workaround for Mail (Apple) on iOS
  • Format one or more characters bold, italic or underlined in your email text. The client sends the email in HTML format and Signature & Disclaimer attaches the HTML signature.
  Remedy for Thunderbird
  • For single emails: Select Write → Options → Delivery Format → Rich Text (HTML) Only aus. Control Panel Manual (Whitelabel)
  • For all emails: Select Write → Tools → Account Settings → Composition & Addressing and check the box Compose messages in HTML format. Control Panel Manual (Whitelabel)

Archive Audit

Archive Audit

An audit access for authorized persons can be set up via the Archive Audit. With an audit access, authorized persons receive access to archived emails in certain mailboxes. The audit access is activated for a limited period of time. According to the two-man rule, two authorized auditors must be specified. The period of access granted and the audit-relevant archiving period can be defined individually. As an administrator, you can track audit activities with an audit log. Setup of an audit access Control Panel Manual (Whitelabel)

Set up and activate audit accesses

Set up and activate audit accesses Before you can use the Archive Audit, the audit access must be set up for the authorized persons.
  1. Navigate to Security Settings > Archive Audit.
  2. Enter the email address of the external auditor in the field Select an auditor.
  3. Enter the email address of the internal auditor in the field Select second auditor. Together with the second auditor, a control function is performed according to the two-man rule.
  4. Under Access to emails (from – to), select the period for which achived emails are to be retrieved.
  5. Under Access active (from – to), select the period for which the access is to be activated. Click Activate audit access. The audit access has been set up and activated.
After setup, both auditors receive an email with personalized login data as well as a login address for audit access. Example: Control Panel Manual (Whitelabel) Control Panel Manual (Whitelabel)

Archive

Note: To use the email archiving service, the use of the Spam Filter Service (Premium Filter) is required. Note that initially only external mails are archived. To also archive internal emails, you must configure redirection to the archive.
In order to archive outgoing emails, they must be sent via the spam filter service. You can archive internal emails in your email archive by setting up a journaling postbox. Instructions for this can be obtained from your provider, your mail server provider or from our support.

Setup and Activate Archiving

  1. Navigate to Security SettingsArchive. Control Panel Manual (Whitelabel)
  2. Select the domain to be archived under Select.
  3. Insert the domain to be archived under Add. Control Panel Manual (Whitelabel)
  4. Confirm with Apply and then with Save. Email archiving is activated.
Email archiving is set up.
Info: The archived emails are available for the set archiving period from the end of the year in which the respective archived email was sent or received. The archiving period for emails is the number of years that was set as the “archive duration” in the Control Panel for the domain or, alternatively, for the user. After the deadline, all emails are deleted from the archive.

Add exceptions

Groups / users that should be excluded for data protection reasons can be added to an exception list.
  1. Navigate to Security Settings → Archive.
  2. Select the domain concerned in the field Exceptions → Select and confirm with Apply. Control Panel Manual (Whitelabel)
  3. Select the desired archiving duration from the  drop-down menu Archive duration.
  4. Click Add and confirm the change with OK.
  5. Save your changes with Save.
Exceptions are added.

Deactivate archiving

  1. Navigate to Security Settings → Archive.
  2. Select the domain concerned in the field Exceptions → Select.
  3. Select the entry Deactivated from the Archive duration drop-down menu.
  4. Select the type of deactivation: a) User/Group: Emails for the user/group are not archived in the user’s/group’s own archive. b) All: All email traffic with the group/user is not archived.Control Panel Manual (Whitelabel)
  5. Confirm the changes with Save.
Email Archiving is deactivated.

Contingency Covering

Contingency Covering is an additional email service that guarantees continuous email functionality in the event of an email service failure. With Contingency Covering enabled, users can continue to receive and send email if their email server fails.
Attention: This service is subject to a charge!
If the Contingency Covering is set up for a domain or an individual user, automatic activation is set by default in the event of a mail server failure. In addition, the user can recognize in the email search which emails were delivered by the individual user via the Contingency Covering. Domains with Contingency Covering enabled can see their emails from the last three months in the email archive.

Note: The function “Send outgoing emails to own mail server during server failure” is deprecated, will be removed with future releases and should not be used.

Control Panel Manual (Whitelabel)

Enryption

This guide explains how to configure and use Encryption. Starting from the basic configuration, the encryption methods that can be used are explained and different rules are created using examples. In addition, the options for ordering and managing certificates are presented to you. The use of the Websafe for encrypted communication as well as the use of keywords within the email subject are also part of this manual.

Activate Encryption

Attention: The activation and use of Encryption incur costs according to the price list.

  1. Navigate to Security Settings →  Secure Transport.
  2. Activate the checkbox Activate Policy under Email > Encryption.
    Note: Activating the encryption service will incur a fee.
    Control Panel Manual (Whitelabel)
Secure Transport is activated.

Check Encryption Capability

You can check the encryption capability before you configure the encryption policies further.
  1. In the tab Policy, click on Encryption capability of the communication partner.
  2. Enter the email addresses you want to check.Control Panel Manual (Whitelabel)
  3. Click Check to check the encryption capability of the entered email addresses.Control Panel Manual (Whitelabel)Encryption types are displayed.

Encryption Methods

Under Encryption Methods, you can select the encryption methods to be used.
Control Panel Manual (Whitelabel)

Activate encryption methods

 
Encryption method Description
TLS  Encrypts the email between the outgoing and incoming servers. The check mark is set permanently, as this type of encryption is performed globally.
EmiG Email transmission according to the EmiG (Email made in Germany) standard is a special form of TLS encryption with special requirements for the TÜV-certified communication partners, their server security and the certificates used for encryption. The procedure corresponds to a particularly secure TLS encryption in a closed network of certified email providers with increased security guidelines. A separate configuration in the CP is not necessary.
DANE  Is currently in preparation for rollout. If you are interested contact the support for a quick implementation.
PGP Is a hybrid process for signing and encrypting emails. This procedure is based on the so-called Web of Trust: Instead of a hierarchical arrangement of the certification authorities, users are validating their keys among each other.
S/MIME  Is a standard for the encryption and signature of MIME-encapsulated emails using a hybrid encryption process. The certification authority (CA) assures the authenticity of the email address and the name of the sender.
WEBSAFE Is a fallback encryption method.
Note: After activation of the encryption service you can use PGP, S/MIME and Websafe in order to define encryption policies. However, you must explicitly specify who is to communicate with whom end-to-end encrypted. TLS and EmiG are automatically applied if the communication partner supports the encryption methods.

Sequence of Encryption Methods

You can use several encryption methods at once. They are processed in the following sequence: S/MIMEPGPEmiG(DANE)TLSWebsafe Additionally, you can combine the different encryption methods.

Display Encryption Method in Subject

For a simple handling of encrypted emails, you can tag them in the email subject. The tag content can be chosen freely.
Control Panel Manual (Whitelabel)

Subject tagging

Certificate Administration

You will find the administration of certificates under Certificate. Here you can order and manage S/MIME certificates for users of the selected domain.

Ordering Certificates

  1. Select the tab Certificate.
  2. Select one of the predefined users. Control Panel Manual (Whitelabel)
  3. Enter the first and last name of the user.
    Note: Be sure to enter the correct information before ordering the certificate. It is only valid as a signature if the entered name is valid.
  4.  Click on Order to complete the order bindingly. Control Panel Manual (Whitelabel)
Certificate is ordered.

Certificate Settings

In the certificate overview, you can specify for each certificate whether it is to be used for the digital signature and/or for encryption. By default, signing and encrypting is enabled.   In addition, the overview offers to activate or deactivate a subscription for this certificate. Certificates with an active subscription will automatically be renewed 29 days before expiration. The subscription is activated by default.
Info: If you do not want a subscription, you should remove the checkmark at the latest 30 days before the expiration date of the old certificate at Overview on certificates in the overview for the user.
Control Panel Manual (Whitelabel)

Certificate overview and options

Websafe

Websafe is a method to encrypt the email communication with partners using no encryption technologies. The outgoing emails are sent to the Websafe and saved. After that, the communication partner receives an email with login credentials, but will need an additional PIN to unlock the personal Websafe. The email sender must provide the PIN on a separate communication channel (phone, text message, fax). With the PIN and the login credentials, the user can access his personal Websafe.  
Note: A Websafe account is automatically created and can be used for additional Websafe communication. As soon as the communication partner opens a new email in the Websafe, the sender receives a confirmation message that the email has been read.
Note: Messages remain stored in the Websafe for 12 months and are then automatically deleted
Important: Before configuring the Websafe, you must activate it in the encryption methods (see: Select Encryption Methods).

Setup Websafe

  1. Navigate to Security Settings → Secure Transport.
  2. Under Policy, click on Add.
  3. Select Outgoing as the direction.
  4. Activate the checkbox at To.
  5. Enter the recipient in the text field.
  6. Select Encrypt always under Action.
  7. Activate the checkbox at Websafe.
Control Panel Manual (Whitelabel) Websafe is set up and now used.

Encrypt Emails with Websafe

You can also use the Websafe to send encrypted emails whenever no other encryption method is available.
  1. Click on Add under Policy.
  2. Select Outgoing as the direction.
  3. Select the From and To checkboxes.
  4. Enter .* in both fields.
  5. Select Encrypt always as action and activate the checkbox Websafe.
  6. Save the entries with Save. Control Panel Manual (Whitelabel)
Websafe is set up. If no other encryption method can be used for the email communication, Websafe will be used.

Websafe Encryption through Email Subject

You can create a rule to encrypt emails with the Websafe by marking them in the subject line.
  1. Click Add under Policy .
  2. Select Outgoing as the direction.
  3. Activate the checkbox Subject.
  4. Enter the keyword WEBSAFE in the field.
    Info: If you enter WEBSAFE in the subject of an email, this email will be encrypted via the Websafe.
  5. Select Encrypt always as action and activate the Websafe checkbox.
  6. Save the entries with Save. Control Panel Manual (Whitelabel)
Websafe activated via subject keyword.

Select Websafe Templates

You can select different templates for the Websafe emails for sender and recipient as well as for the Websafe activation web page.
Note: As a partner, you can create new templates and modify existing ones.
  1. Navigate to Websafe Templates under the tab Secure Transport.
  2. Select the desired templates. Control Panel Manual (Whitelabel)
Websafe templates are selected. see also: Create new Templates

Hornetdrive

The main component of the window is the Hornetdrive administration, which sorts and displays the existing accounts according to the current search criteria.
Control Panel Manual (Whitelabel)

View of Hornetdrive management

In the Actions area in the upper left corner, you can trigger certain actions for the selected accounts. To the right is the area Number of licenses. The number of licenses assigned to customers and partners is displayed here. The Help and View areas are located on the right-hand side. The existing Hornetdrive accounts are displayed in the account area in the middle part of the window.

Perform Actions

In the Actions area in the upper left corner, you can trigger certain actions for the selected accounts.
  1. Click on the drop-down menu.
  2. Select the desired action.
A window appears with the respective setting options in the foreground. Control Panel Manual (Whitelabel)

Create Account

  1. In the Actions area, select the action Create Account from the drop-down menu.
  2. Enter the email address of the new account in the field Email.
  3. Enter a password in the field Password.
  4. Select the desired license from the drop-down menu License.
  5. Select the language from the drop-down menu Language, in which emails to the user can be sent.
  6. Select Status from the drop-down menu which status the license should get.
  • active contract: An active contract license
  • NFR: A not for resale license
  • test customer: A test license

Note: If you have selected test customer, you can then enter the expiration date of the test license.

  1. Under Parent/Customer you can select the partner or the domain under which the new account is to be created.
  2. Read and confirm the license agreement with a single click to the checkbox Accept license agreements.
  3. Click on Save to create the account and close the window.

Note: To create another account directly, click Save & Continue.

A new Hornetdrive account has been created. Control Panel Manual (Whitelabel)

Upgrade Account

This function allows various upgrades or extensions of an existing account:
  • Upgrade a test account into a contract account
  • Upgrade a guest account into a business or enterprise account
  • Upgrade business accounts in an enterprise account
  • Increasing the volume of storage space and traffic contained in an enterprise account
  1. Select one or more accounts in the account area of the Hornetdrive module.
  2. In the Actions area, select the Order/Upgrade action from the drop-down menu.
A new window opens.
  1. Select the desired licenses for the previously selected accounts.
  2. Read and confirm the license agreements with a click on the checkbox Accept license agreements.
  3. Click on OK to complete the order.
Account has been upgraded/extended. Control Panel Manual (Whitelabel)

Assign Accounts to Other Partners or Customers

This action allows you to assign accounts to another partner or customer.

  1. Select one or more accounts in the account area of the Hornetdrive module.
  2. In the Actions area, select the Assign Account action from the drop-down menu.

A new window opens.

  1. Select the desired partner or customer from the drop-down menu.
  2. Click on OK to make the assignment.

Account has been assigned to a Partner/Customer.
Control Panel Manual (Whitelabel)

Delete Accounts

  1. Select one or more accounts in the account area of the Hornetdrive module.
  2. In the Actions area, select the Delete Account action from the drop-down menu.
A new window opens in which all accounts to be deleted are listed. Control Panel Manual (Whitelabel)
  1. Click on OK to delete the previously selected accounts.
Accounts have been deleted.

Export Data as CSV

You can export a list of accounts as a CSV file. A window with the corresponding settings opens.
  1. Select the columns you want to export in the upper area.

Note: The checkbox All activate/deactivate selects or deselects all columns in the upper area.

  1. Click on Export (.csv). The following window opens: Control Panel Manual (Whitelabel)
  2. Activate the checkbox Show column name in 1. row, to export the column headers as well.
  3. Activate the checkbox Export only selected rows to only export the previously selected rows.
  4. Select the format of the export under Export type.
  • Display: Displays the data to be exported in a new window..
  • Download: Downloads the data as a CSV file.
  • Email to: Sends the data to the entered email address.
  1. Click on Export to export the data.
Data has been exported as a CSV file.

Account Area

In this area you can view the data of all assigned users. Search fields are located below the Partner/Customer, Email and License Number columns. These filter the data sets according to the value in the corresponding column. Selection menus are located under the licence and status column headings. These filter the data sets according to the value in the associated column. The following columns are available:
  • A selection box to select the data sets is located on the far left for each data set.
  • The column Partner/Customer displays the superordinate customer or partner for the user.
  • The column Created on displays the date on which the Hornetdrive account was created.
  • The column Email displays the email address provided by the user. This is also the username.
  • The column License number displays the user’s licence number.
  • The column License displays the type of user licence. A distinction is made between Guest, Business and Enterprise.
  • The column Last use displays when the user last signed in to a client.
  • The column Status displays whether the user is a contract customer, webshop customer or test customer. Test customers that have not purchased a full version within the test period are also listed as Expired for the period prior to the final cancellation of their account. Customers whose follow-up time has expired are no longer listed.
  • The column Valid until displays the date on which the current licence expires. For test customers this refers to the end of the test period, while for contract customers this refers to the end of the paid-up licensing period.

Open the Account Details

  1. Double-click on an account row in the account area to open the detailed view for this account.
    Control Panel Manual (Whitelabel)

Account Details

Username
  • Username: Displays the user’s email address, which is also the username.
  • Password: A new password is accepted on re-entering the password and saving the change.
  • License: This displays the user’s license. The license cannot be changed here.
  • Language: Either German or English can be selected. This setting determines the language in which emails are sent to the user.
  • Status: This allows a distinction to be made between contract customers and test customers. Another field appears for test customers for the end date of the test phase.
  • Partner/Customer: This function allows the new user to be created / to be allocated to a partner or customer.
  • License number: Displays the user’s license number.
  • Usage: Displays how much memory the user has used and how much is available in total.
  • Traffic: This display provides information on how much traffic volume the user has used this month and how much is available for this month in total.
Control Panel Manual (Whitelabel)

Account details under User name

Drive
  • Name of the drive
  • Date of creation
  • Memory
  • Currently used traffic
  • Volume used this month.
Control Panel Manual (Whitelabel)

Account details under Drive

The drive is deleted by clicking on the “Remove” cross in the corresponding row. Devices
  • Name of the device
  • Date of creation
  • Time of last use
  • Last IP address used
  • Version of the client installed on the device
  • Operating system version
You can delete the device by clicking on the x under Delete.

Note: This device can then no longer be used to access the drives.

Control Panel Manual (Whitelabel)

Account details under Devices

Service Dashboard (DAP)

Service Dashboard forms the central part of the administrative work. Here you can configure settings for users and domains or book additional services. A registered partner can create new customers, manage existing customers and book new services for his customers. A registered domain administrator can manage his domain and book new services.

Role Management

You can create new roles and manage existing roles using role management. Under Role management the following actions can be performed:

Assign a role

  1. Log in to the Control Panel with your administrative credentials.
  2. Open the Service Dashboard.
  3. Click on Role management Control Panel Manual (Whitelabel)
  4. Under Select User, enter a user to whom you want to assign a new role.
  5. In the drop-down menu, select the role authorization you want to assign to the user.
  6. Click on Add.
The role was added to the user. The user appears in the table with the added role.

Delete role

  1. To delete a role assignment, click on the icon to the right of the row of the role assignment to be deleted. Control Panel Manual (Whitelabel) A warning message appears. Control Panel Manual (Whitelabel)
  2. Confirm the deletion of the role assignment with Delete.
The user role assignment has been deleted.

Basic Partner Settings

If a partner is selected on the left of the window, a window with two tab levels appears on the right. Under Settings you can make basic settings for the respective partner. Control Panel Manual (Whitelabel)

User Data

The following basic settings can be assigned to the user in the Data area:
  • Username (corresponds to the login name)
  • Passwort
  • Email address for sending forgotten passwords
  • Account status (activated/deactivated)
  • Time zone
Basic setting of user data: Control Panel Manual (Whitelabel)

Contact Data

The master data for companies and contact partners can be added in the tab Contact Data. Management of Contact data: Control Panel Manual (Whitelabel)

Add Contact Data

Contact details for support information should be set under Control Panel→ Whitelabeling.
Setting Support Information in Whitelabeling: Control Panel Manual (Whitelabel)
  1. Select the tab Contact Data.
  2. Choose Add.
  3. Enter the required contact data and confirm with Add: a. Select the tab Company to add contact information for a company. Example: Control Panel Manual (Whitelabel) b. Select the tab Person to add contact information for a person. Example: Control Panel Manual (Whitelabel)
  4. Confirm your changes with Save.
Contact data is added.

LDAP Connection

Your directory service, e. g. the Microsoft Active Directory, is directly connected with our service via LDAP. With LDAP you can authenticate your login to the Control Panel and the web filter through your directory service and configure an additional user and group synchronization for the managed service. Furthermore, you can activate the service Advanced Email Signature and Disclaimer.

Activate the LDAP Connection

Activate LDAP to connect to your directory service. First create a new user on you directory service.
The user must have the rights to query email addresses and compare passwords. In order to achieve this, you can add the user to the group RAS and IAS Servers in the Microsoft Active Directory.
To configure your LDAP server in the Control Panel, the following information is needed:
  • The password of the created user.
  • The LDAP path, where the user is found.
  • The hostname or the IP address of your LDAP server.
  • The port and which protocol (LDAP or LDAPS) the server uses.
Navigate in the Control Panel to Service Dashboard and select the primary domain you would like to activate the service for.
    1. Select the tab LDAP connection.
    2. Activate the checkbox LDAP connection activated.
    3. Enter the username of the previous defined user in the field User.
      Note: If you have created the user, enter that username.
    4. Enter the password of the user in the field Password.
    5. Enter the hostname or the IP address of your LDAP server in the field Server. e.g. myhost.mydomain.tld
    6. Enter the port of your LDAP server in the field Port. The default ports for the protocols are:
      • LDAP: Port 389
      • LDAPS: Port 636
      • GC LDAP: Port 3268
      • GC LDAPS: Port 3269
  1. Activate the checkbox LDAPs, if your connection is established via LDAPS.
  2. Enter the desired LDAP path in the field Base-DN. DC=myDomain,DC=tld
  3. Click on Save in the lower left corner of the window.
You have configured the LDAP connection to your directory service. In the following example an LDAP connection is established for the user on the LDAP server myhost.mydomain.tld via the LDAP default port 389 with the LDAP path mydomain.tld. Control Panel Manual (Whitelabel) After that, you can:
      • Configure the user authentication for the Control Panel via LDAP.
      • Configure the user and group synchronization via LDAP.
      • Configure the webfilter login via LDAP.
      • Activate and configure Advanced Email Signature and Disclaimer.

Secure the LDAP Connection

It is possible to secure the LDAP connection through different methods. To protect the transmitted data and the LDAP connection from unauthorized access, you have the following options:
  • Encrypt the communication with LDAPS through TLS/SSL.
    If you are using LDAPS, configure the port and activate LDAPS as shown in Activate the LDAP Connection.
  • Restrict the IP address range for connections to us only.

Limit the Directory Service to our IP Address Range

Limit the IP address range of your directory service in your firewall to connections to us only.
  1. Add the following IP address ranges to your firewall:
    • 1. range: 83.246.65.0 with subnet 255.255.255.0, corresponds from 83.246.65.0 to 83.246.65.255
    • 2. range: 185.140.204.0/22 with subnet 255.255.252.0, corresponds from 185.140.204.0 to 185.140.207.255
    • 3. range: 94.100.128.0/20 with subnet 255.255.240.0, corresponds from 94.100.128.0 to 94.100.143.255

Control Panel Login through LDAP

Configure the Control Panel authentication to use the credentials from your Active Directory.
The Control Panel login is only possible through an Microsoft Active Directory (AD).
  1. In the advanced settings under Control Panel login, activate the checkbox Control Panel authentication with LDAP credentials. Control Panel Manual (Whitelabel)
If you want to use a different LDAP server for the Control Panel login:
  1. Deactivate the checkbox Use LDAP information for Control Panel login. a. Define the logon information in the appearing fields. Control Panel Manual (Whitelabel)
  2. You can filter users in the field LDAP Filter.
The default filter proxyAddresses=* gets all users from an Active Directory.
  1. Click on Login test, to test the login for a specific user from your Active Directory. a. Enter the email address and the password of an Active Directory user. b. Click on Ok. Control Panel Manual (Whitelabel)fancybox image
The authentication is checked and you will get a notification.
  1. Click on Save in the lower left corner of the window.
You have configured the Control Panel login through LDAP.

Synchronize users with LDAP

Synchronize users from your directory service with LDAP. With the synchronization of users from your directory service, alias addresses are automatically assigned. The benefit is that only one spam report is sent out for the primary email address including all alias addresses.
To import users, you must create your directory service groups inside the Control Panel manually. To assign users to the correct groups, the groups must have exactly the same group names as in your directory service. For additional information about adding groups, see the Control Panel manual: Groups administrative component.
  1. Activate the checkbox Synchronize user/group into Control Panel.
If you want to use a different directory service for the user and group synchronization:
  1. Deactivate the checkbox Use LDAP information for User/Group Synchronization. a. Define the logon information in the appearing fields. Control Panel Manual (Whitelabel)
  2. Enter the LDAP filter for the user objects and exceptions in the field LDAP Filter.
    The default entry: (|(sAMAccountType=805306368)(sAMAccountType=268435456)(sAMAccountType=268435457)(objectclass=publicFolder)) selects all users of an Active Directory. If you want to change the filter, use the following syntax: (|(xxxxxxxxxx=xxxxxxxxxx)(xxxxxxxxxx=xxxxxxxxxx)) The preceding | defines an OR relation between the parameters in the following brackets. Therefore, only one parameter must match. If you want an AND relation between the parameters, you must use a preceding &. In addition, at least one entry must stand in the brackets.
  3. Enter the LDAP attributes in the corresponding fields.
    AttributeDescription
    EmailThe attribute where the email addresses are stored in your directory service. In an Active Directory this is the attribute proxyaddresses=*.
    E-Mail aliasesThe attribute, where the email alias addresses are stored.
    GroupThe attribute, where the groups are stored.
    sAM Account NameThe attribute where the users' account names are stored.
    min. userMinimum number of users, that have to be captured by the LDAP synchronization for a change.
    min. groupsMinimum number of groups, that have to be captured by the LDAP synchronization for a change.
    E-mail for alertsNotifications are sent to this email address.
    Alert after x minutes without UpdateMinutes without synchronization, after that a notification is sent.
  4. Click on Save in the lower left corner of the window.
Control Panel Manual (Whitelabel)

Webfilter Login via LDAP

Activate the Webfilter login via LDAP.
  1. Navigate in the lower window area to the tab Webfilter login.
  2. Activate the checkbox Activate Webfilter login.
If you want to use a different directory service for the Webfilter login:
  1. Deactivate the checkbox Use LDAP information for Webfilter login. a. Define the logon information in the appearing fields. Control Panel Manual (Whitelabel)
  2. Enter the LDAP filter for the email addresses of the Webfilter user.
The filter for all users in the Microsoft Active Directory: proxyAddresses=* is set as default. If your directory service has a different structure, you can change the filter individually.
  1. Click on Save in the lower left corner of the window.
The Webfilter login via your directory service is now set up. Control Panel Manual (Whitelabel)

Activate LDAP for Signature & Disclaimer

To use Signature & Disclaimer, activate it in the Control Panel. After the activation, optionally configure a different LDAP server for the synchronization and enter filters for the user synchronization.
  1. Select Service Dashboard > LDAP connection > Advanced Signature and Disclaimer in the Control Panel.
  2. Activate the checkbox Activate Signature and Disclaimer. a. Confirm the notificacion with OK.
Activating Signature & Disclaimer could be additionally charged depending on your license.
Follow this step if you want to use a different directory service for the user synchronization with Signature and Disclaimer.
  1. Deactivate the checkbox Use LDAP information for Signature and Disclaimer.
The value proxyaddresses=* selects all users in an Active Directory. If your template does not comply with your directory structure, you can customize it here individually.
  1. Enter the desired filter in the field LDAP Filter.
  2. Click on Save in the lower left corner of the window.
You have activated LDAP for Signature & Disclaimer in the Control Panel. Control Panel Manual (Whitelabel) Now you can configure Signature & Disclaimer for users and groups of your directory service. You’ll find further information on how to configure Signature & Disclaimer Signature & Disclaimer.

Setup Customers / Domains (P)

You can create new partners and customers (domains) in the Service Dashboard. Here you will learn how to:
  • create new partners,
  • create new customers (domains ),
  • create new Office 365 customers/domains

Create New Partners (P)

You can create a new partner in the Control Panel.
  1. Log on to the Control Panel with your administrative authentication data.
  2. Select the customer or partner from the scope selection under which a new customer or domain is to be created. Control Panel Manual (Whitelabel)
  3. Go to Service Dashboard.
  4. Click on .
  5. In the field User name enter the name of the new partner.
  6. Enter the administrator’s email address into the field Email:
    a)  If you select the Send login information to checkbox, the password will be sent to the email address entered in the Email field.
    b) Alternatively, you can manually enter a password in the Password field. In this case the password will not be sent.
  7. Select the status in the field Status.

    Note: If you set the status to Deactivated, the system tries to deliver emails to the mail server entered above for seven days without user verification. If the sender does not accept the emails after this time, a bounce email is sent to the sender with the information that the message could not be delivered.

  8. Select the predefined time zone.
  9. Click on Save, to safe your changes.
You have created a new partner.

Create new Customers/Domains (P)

You can create a new customer (domain) in the Control Panel.
  1. Log on to the Control Panel with your administrative authentication data.
  2. Select the customer or partner from the scope selection under which a new customer or domain is to be created. Control Panel Manual (Whitelabel)
  3. Go to Service Dashboard.
  4. Click on .

    Note: A new customer corresponds to a primary email domain. Optionally, you can set up additional alias domains or additional services in a second step.

  5. Specify the name of the customer’s primary email domain in the field Primary domain. Control Panel Manual (Whitelabel)
  6. Enter the administrator’s email address into the field Email:
    a)  If you select the Send login information to checkbox, the password will be sent to the email address entered in the Email field.
    b) Alternatively, you can manually enter a password in the Password field. In this case the password will not be sent.
  7. Select the status in the field Status.

    Note: If you set the status to Deactivated, the system tries to deliver emails to the mail server entered above for seven days without user verification. If the sender does not accept the emails after this time, a bounce email is sent to the sender with the information that the message could not be delivered.

  8. Select the predefined time zone. You can directly activate the spam filter for the new customer. Information about the settings of the spam filter can be found under .
 

Attention: Activating filter options can cause additional license fees. Please inform yourself about the costs before activating!

  1. Optional: Activate the checkbox Activate Email Filtering and configure the necessary settings to activate the spam filter for the new customer.
  2. Click on Save, to safe your changes.
New customer / new domain has been created.

Create new Office 365 Customer (P)

Prerequisite: A customer domain has been created.
  1. Enter the destination address of your Office 365 environment into the field IP/Host Address.

    Note: You can find the destination address in your Office 365 environment. At portal.office.com, navigate to Admin centerSetupDomains. You can find the corresponding entry under Exchange OnlineMX.

    Control Panel Manual (Whitelabel)
  2. Enter the following value under Outgoing relay / Email traffic in order to filter outgoing emails from Office 365 as well: 1.1.1.1 Control Panel Manual (Whitelabel)
  3. Click Save to save your changes.
A new Office365 customer has been created.

Whitelabeling – Control Panel Customization (DAP)

You can customize the Control Panel to embed your company’s color, logo and favicon. Furthermore, you can select a theme for your Control Panel and add support and email information. The customization is displayed to all users logging in to the domain you provide.

Note: The operation of a customized Control Panel incurs costs according to the price list.

Prerequisites to Customize the Control Panel

  • You have an administrator role or a partner role.
  • You have provided your domain’s certificate to the support.

    Note: The certificate must at least support SHA256 and use 2048 bit key length. Also check the note below about the automated generation of an SSL/TLS certificate.

  • Additionally, you must create a CNAME record for your domain. Otherwise, the URL of the original Control Panel domain is shown in the browser.
    • Contact the support to create a CNAME record for your domain.

Customize the Control Panel

  1. Login to the Control Panel.

Note: You need administration or partner authorization to customize the Control Panel.

  1. Select the domain or the partner role from the scope selection you want to customize the Control Panel for.

Note: You can only change the customization with the selected role.

  1. Select the section Whitelabeling on the left side.
  2. Select Appearance.
Control Panel Manual (Whitelabel)
  1. Enter the URL of your Control Panel website in the field URL.

Note: If you change the URL subsequently, you must also update the CNAME record for your domain.

  1. Select a primary color for your Control Panel. The primary color is responsible for the font color and other design elements.
    1. Click in the field under Primary color to open a color selection.Control Panel Manual (Whitelabel)
    2. Pick the desired color. The selected color is represented in the field as HEX or sRGB.
    3. You can insert the color code directly into the field as well.
  1. Select a theme for your Control Panel under Theme.
  • Activate the radio button Dark to select a dark theme. Control Panel Manual (Whitelabel)
  • Activate the radio button Bright to select a bright theme. Control Panel Manual (Whitelabel)
  1. Click on Browse… under Logo to select your Logo.

Note: For the best result, upload a logo with a minimum resolution of 160 × 80 pixel.

Control Panel Manual (Whitelabel)
  1. Click on Browse… under Favicon to select your favicon.

Note: The favicon must be uploaded in ICO file type (filename extension .ico). For the best result upload the favicon with a resolution of 128 × 128 pixel.

Control Panel Manual (Whitelabel)
  1. Click on Save to confirm your customization. The deployment can take up to five minutes.
  2. Refresh the Website to see your customized Control Panel.

Note: You must be logged in to your Control Panel domain to see the customization.

Control Panel Manual (Whitelabel)

Customize the Progressive Web App

Customize the app name and the app icon of the progressive web app to the design of your company.  
  1. Select WhitelablingAppearance.
  2. Enter the desired app name in the field App Name. Control Panel Manual (Whitelabel)
  3. Upload a picture with the file type PNG under App Icon. Control Panel Manual (Whitelabel)
Underneath the file selection for the App icon you can see a preview of the icon in various sizes. As well as you can see a preview of the splashscreen under Splashscreen. The splashscreen is displayed while loading the progressive web app and contains the file that was uploaded under Logo. fancybox image
  1. Save your settings.
The logo and the app name is displayed on the homescreen of mobile devices.

Example: Customize the Control Panel

Below is an example for customizing the Control Panel which explains and visualizes what the customizations do. Control Panel Manual (Whitelabel)

Fallback Design

The fallback design ensures, that the Control Panel is shown without any company specific attributes, in case of misconfiguration. In the case, that your domain has not been recorded and your configuration cannot be set, an alternative design is selected. Therefore, the Control Panel gets the dark theme, without any logo or favicon. For the primary color a default green will be used.

Displayed Email Information

The system automatically sends emails in various situations, for example when users reset their passwords. You can define a greeting formula, a contact person, the sender address and a disclaimer for these emails.

Add Email Information

  1. Select Email information.
  2. Enter the name of the contact in the field Contact.
  3. Enter the sender address for outgoing system emails in the field Sender address for email templates.
  4. Enter the required information for a disclaimer in the field Disclaimer.
All data below is just an example. Inform yourself in your company which information is required for outgoing system emails. Control Panel Manual (Whitelabel)
  1. Click on Save to apply the settings.

Contact Data in the Control Panel

The contact data phone number and email address is shown in the Control Panel. Control Panel Manual (Whitelabel) If you want to change the contact data, you must provide them under Support information (See: Add Support Information in the Control Panel).

Contact Data Processing

The contact data is processed hierarchically from bottom up.

Underneath a customer are several domains. That customer has provided his contact data on the top level.
Thus, every user of the underlying domains gets the contact data of the customer. If contact data for a underlying domain is provided, it will be shown to the users of that specific domain.

Add Support Information in the Control Panel

  1. Select Support information.
  2. Enter the support phone number of your company in the field Support phone number.
  3. Enter the support email address of your company in the field Support email address.
Control Panel Manual (Whitelabel)
  1. Click on Save.

Email Categories

Your emails are classified into the following categories:
Email Category Description
Clean The category clean indicates that no threat was found.
Infomail Infomails are promotional emails that can either be classified as clean or spam.
Spam Emails classified as spam.
Content Emails with illegal attachments. Defined by the partner or domain administrator.
Virus Emails containing a virus.
ATP Emails containing threats identified by Advanced Threat Protection.
Rejected Rejected emails.

Classification Reasons

The following sections are structured in the different classification types for emails. The tables list the reasons shown in the email display with their explanations.

Classifications ATP, Rejected and Virus

ClassificationReasonDefinition
ATPBusiness Email CompromiseFraudulent email with a fake sender from your own company.
ATP, Rejected, VirusMalicious AttachmentAt least one attachment of the email is malicious.
ATP, Rejected, Virusmalicious Email ContentThe email contains malicious content.
ATP, Rejected, VirusMalicious URLThe email contains links to malicious websites or documents.
ATP, VirusMassive Attack PreventionThe email matches the pattern of a starting malware campaign.
ATP, VirusPhishingThe email contains characteristics of a phishing attack.
ATPSandboxAt least one attachment of the email was dynamically analyzed in the ATP sandbox and rated as malicious.
ATPTargeted FraudThe email matches the pattern of a targeted fraud attack.
RejectedBlock by Compliance Filter PolicyThe email was blocked by a compliance filter rule as a virus.
RejectedRBLThe sending host of the email has a negative reputation.
RejectedSPF FailureThe SPF check in the envelope of the email failed.

Classification Content

ClassificationReasonDefinition
ContentDetached by Content Filter PolicyAt least one attachment is not permitted due to the settings in the Content Filter.
ContentRejected by Content Filter PolicyThe email was rejected according to the content filter guidelines because it contains at least one forbidden attachment.

Classification Spam

ClassificationReasonDefinition
SpamBad Host ReputationThe sending host of the email has a negative reputation.
SpamBad IP ReputationThe IP address of the sending host of the email has a negative reputation.
SpamBad Sender ReputationThe sender of the email has a negative reputation.
SpamBad URL ReputationThe email contains at least one link to a web server with a negative reputation.
SpamBlacklisted by User PolicyThe sender or sending host of the email is listed on the recipient's blacklist.
SpamDKIM FailureThe DKIM validation failed.
Spam DMARC FailureThe DMARC validation failed.
SpamSPF FailureThe SPF check failed.
SpamSpam ContentThe email contains content that is classified as spam.
SpamSpam by Compliance PolicyThe email was classified as spam by a compliance filter rule.

Classification Valid

ClassificationReasonDefinition
VaildClean by Compliance policyThe email was classified as valid by a compliance filter rule.
ValidGood Sender ReputationThe sender or sending host of the email has a positive reputation.
ValidHamHam is the opposite of spam. Thus a desirable email that matches a valid pattern.
VaildSender Whitelisted by PolicyThe sender or sending host of the email is listed on the domain administrator's whitelist.
ValidStatusmailAutomatically generated system notification, such as a spam report.
ValidWhitelisted by User PolicyThe sender or sending host of the email is listed on the recipient's whitelist.

Old Classification Reasons

Important: The following classification reasons are deprecated, but are still used in the Flash Control Panel.

Classification ATP/Content/Virus

ReasonDefinitionActivity
Virus-scan01Found identical attributes of classified virus emails in metadataVirus
Virus-scan01-XARG-VFound known virus structure in multiple attributes of the emailVirus
Virus-scan02-Header-VFound virus signature in email headerVirus
Virus-scan03-Link-VaLinking of a compromised URLVirus
Virus-scan04-Body-VFound virus signature in email bodyVirus
Virus-scan05-<VirusName>Virus found – known, classified virusVirus
virus-scan07-doubleextensionFound a file with veiled or faked file type in an archiveVirus
Virus-scan07-archive-in.archiveFound nested archives in an archiveVirus
virus-scan07-heur-exploitFound minimum one unknown and potentially dangerous file in an archiveVirus
Virus-scan07-fakeoffice2003Found macro code of office 2007 in an office 2003 fileVirus
virus-scan07-potential-fake-archiveFound an archive with wrong declaration of content type (MIME-Content-Type)Virus
Virus-scan06-<VirusName>Virus scanner 2 found a virusVirus
Virus-scan08-executableFound potentially dangerous file in attachmentVirus
Virus-scan09-ASEzipHeuristicsEvidence of phishing and suspicious attachment foundVirus
Virus-scan09-asehtmlheuristicsEvidence of phishing and suspicious attachment foundVirus
Virus-scan09-ASEurl 0xHeuristicsEvidence of phishing and suspicious link foundVirus
Virus-scan10-<VirusName>Indistinct virus message through Heuristic intend analysisVirus
Virus-scan12-AttachmentVFound virus signature in attachmentVirus
Virus-scan13-ASE-PhishingHeuristicsEvidencce of phishing and suspicious email header foundVirus
Virus-scan14-Short-URL-obfuscationLinks are veiled through nested URL shorteningVirus
Virus-scan15-ASE-PhishingDirect link to malware or phishing websiteVirus
Virus-scan16-ASE-Phishing-heurEvidence of phishing and inconsistent sender address Virus
Virus-scan17-ASE-office-macro-exploitFound evidence of malware and office file with macros, OLE-object or VBS code as attachmentVirus
Virus-scan17-office-webarchive-exploit-heurEvidence of malware and attachment with suspicious content foundVirus
virus-scan17-office-rtf-exploit-heurEvidence of malware and attachment with suspicious content foundVirus
virus-scan17-MacroEvidence of malware and attachment with suspicious content foundVirus
Virus-scan17-office-macroEvidence of malware and attachment with suspicious content foundVirus
Virus-scan18Evidence of malware and the email was sent by different senders or email serversVirus
Virus-scan21-<Virusname>Virus message by optional virus scanner 3Virus
Virus-scan22-<Virusname>Virus message by optional virus scanner 4Virus
ContentfilterCustomer defined forbidden attachmentContent

Classification Blocked

GrundDefinitionAktion
450 4.1.1rejection when relay check is enabledBlocked
450 4.1.8sender address rejected : domain not foundBlocked
450 4.5.5early spam detection (temporarily blocked) Blocked
450 4.5.6temporary failure in MTA - please retryBlocked
450 4.5.7temporary failure in MTA - please retryBlocked
504 5.5.2recipient address rejected : fully - qualified adress is neededBlocked
504 5.5.2sender adress rejected: fully - qualified address is neededBlocked
550 5.1.1unknown recipient (SMTP check)Blocked
550 5.2.2explicit blocking of sender or recipient addressBlocked
550 5.5.3recipient address rejected: multi-recipient bounceBlocked
552 5.5.2message size (content filter)Blocked
554 5.5.3email rejected due to Content Filter Size LimitBlocked
554 5.5.4IP sender address with a negative reputationBlocked
554 5.5.5email rejection due to SpamBlocked
554 5.5.6loop detectionBlocked
554 5.5.7email rejected due to content of attachmentBlocked
554 5.6.1signature of spam in mail header resp. subjectBlocked
554 5.6.2spam link signature detectedBlocked
554 5.6.3spam text signature detectedBlocked
554 5.6.4virus email blockedBlocked
554 5.6.5TLS encryption required by customer ruleBlocked
554 5.7.1unknown domain or unknown recipient (LDAP check)Blocked

Classification Spam

ReasonDefinitionActivity
admin-blblacklist controlled by adminQuarantined
ase-blindividual blacklist controlled by support dep.Quarantined
ase-recap1diffuse spam fingerprintQuarantined
ase-rep1IP reputation list 1Quarantined
ase-rep2IP reputation list 2
Quarantined
ase-recap4diffuse spam fingerprintQuarantined
asespf7-1SPF filter variant 1Quarantined
asespf7-2SPF filter variant 2Quarantined
bodytagspam signature in mail textQuarantined
bouncetagbounce mail managementQuarantined
dirtyipreputation filter on IP basis Quarantined
fingerprintre - captured spam mail by hashQuarantined
headerspam signature in mail headerQuarantined
linkad linkQuarantined
rbl50pre-stage to 554 5.5.4 but not blocking yetQuarantined
sameipsignature recognition through spam enginesQuarantined
scoredynamic content evaluationQuarantined
Score Tagdynamic content evaluationQuarantined
spamreputation filter based on sender serverQuarantined
spamip-netIP range of servers with poor reputationQuarantined
spam-sumspam fingerprintQuarantined
subjecttagspam signature in subject lineQuarantined
user-blblacklist controlled by the userQuarantined
wcspam pattern recognitionQuarantined
xargbounce attack or individual customer ruleQuarantined
zombiebotnet computerQuarantined

Classification Valid

ReasonDefinitionActivity
asespf1familiar sender, type 1Valid
asespf2familiar sender, type 2Valid
asespf3familiar sender, type3Valid
ase-wlindividual whitelist controlled by the support dep.Valid
big2email size increased email reputation in multi-criterial scoring functionValid
bigmessageemail size increased email reputation in multi-criterial scoring functionValid
body-wlwhitelist signature in mail text, type 1Valid
body-wl2whitelist signature in mail text, type 2Valid
header-wlWhitelist signature in header, type 1Valid
header-wl2Whitelist signature in header, type 2Valid
knownsendersender address with positive reputation, type 1Valid
noreasonunevaluated emailValid
qsender2sender address with positive reputation, type 2Valid
realbouncesent via bounce managementValid
scoredynamic contents evaluationValid
sender-ipIP sender address with positive reputationValid
subject-wlwhitelist signature in subject line, type 1Valid
subject-wl2whitelist signature in subject line, type 2Valid
user-wlwhitelist controlled by userValid
xarg-wlbounce mail or individual customer ruleValid

Ruleset Order

The spam filter rules are processed according to a specific priority. Once a higher level priority has taken effect, processing typically stops. In some cases, this can lead to messages being blocked despite a whitelist entry for the sender’s address, because the IP address of the sending server is on the RBL blacklist.   Rule order (from top to bottom in descending priority) mail inbox email arrival
  • RBL list (block)
  • Mass spam detection (block)
  • Compliance filter (deliver)
  • Virus check (quarantine)
  • Content filter, if activated (quarantine)
  • User-based whitelist string (deliver)
  • User-based blacklist string (quarantine)
  • Administrative whitelist (deliver)
  • Administrative blacklist (quarantine)
  • General whitelist (deliver)
  • General spam rules (quarantine)
Delivery

Note: The compliance filter cannot be used to create exceptions for the content filter, so in this case the content filter takes precedence over the compliance filter.

Email Authentication Methods (DAP)

We offer different email authentication capabilities that can be used separately or combined.
  • SPF validation (Sender Policy Framework)
  • DKIM validation and signing (DomainKeys Identified Mail)
  • DMARC validation (Domain-based Message Authentication, Reporting and Conformance)
All of these methods are designed to additionally protect your company’s email infrastructure from spam and phishing.

SPF Functionality

SPF (Sender Policy Framework) is an email authentication method designed to prevent the forgery of sender addresses. For this purpose, the IP addresses of the authorized servers are entered in the DNS zone in the form of a TXT record. The receiving mail server can use this SPF entry of the domain to check whether the received email was sent from an authorized or an unauthorized mail server. If the sender information of the e-mail matches the TXT record, the email will be delivered, otherwise it will be rejected or treated as spam.

DKIM Functionality

DKIM (DomainKeys Identified Mail) is a method of email authentication designed to prevent emails from being manipulated during transfer. DKIM adds a signature to the email header when an email is sent. When an email with a DKIM signature is received, the receiving mail server queries the public key that was entered in the DNS zone of the sending domain via TXT record. This key is used to check whether the signature is correct.

Combination of SPF and DKIM

The introduced methods SPF and DKIM can be combined to provide better protection against forged senders and altered emails. If only DKIM is used, it is possible to exploit a valid email signed by DKIM. As long as it is not changed, this email can be sent in bulk to different people with a valid DKIM signature. To prevent this, SPF can be used additionally. SPF checks the origin of the email (real IP/DNS of the mail server) so that forwarding is prevented. This is because a valid email cannot be sent again and emails from other IP addresses are rejected. This prevents the re-sending of “valid” DKIM messages as spam.

DMARC Functionality

DMARC (Domain-based Message Authentication, Reporting & Conformance) defines how the recipient should handle emails depending on the results of the SPF and DKIM checks.   With DMARC, email recipients should be able to determine whether the alleged message matches what the recipient knows about the sender. Otherwise DMARC contains instructions on how to handle inconsistent messages. Assuming a recipient uses SPF and DKIM, the procedure looks approximately like this: Control Panel Manual (Whitelabel) For information on how DMARC handles passed and failed SPF and DKIM checks, see the Decision Matrix of DMARC Policies.

Note: DMARC reporting is currently not supported.

Setting up SPF

To set up SPF, it is necessary that you choose a SPF filter variant. Subsequently, enter the desired SPF entries in your DNS zone. Afterwards you can order the SPF filter.

SPF Variants

Two different filter variants are available for SPF.   Variant 1: Verification for the same sender and recipient domain In variant 1, the SPF check only takes place if the sender domain matches the recipient domain of the email, thus only internal emails are checked. This method is recommended to prevent targeted attacks under fake email addresses of your own domain.   Variant 2: Check all sender domains Variant 2 runs the SPF check for every sender domain, if there is a TXT record for it.This method should be used if there is a high incidence of address forgery from different sender domains. Be aware that using this variant may cause the false-positive rate to increase if several communication partners have not configured the TXT records correctly.

SPF logic

The IP addresses of the sending servers are checked with the stored entries from the TXT record. When checking the SPF entry, a distinction is made between a hard or soft fail. This check takes effect if the SPF entry does not match the sender information. A decision matrix then indicates how to handle the incoming email.   The following logic is taken into account when checking the TXT record:
Step Checked part of the email Configuration Type of fail Action
1 Envelope (MAIL FROM) -all Hardfail reject
2a Header (From) ~all Softfail quarantine
2b Header (From) -all Hardfail quarantine
Explanation: Step 1: Checking the envelope sender address (MAIL FROM) In the first step, an SPF check of the sending MAIL FROM address from the envelope of the email takes place. If this is not entered in the TXT record, the email is rejected (hardfail). If the sender address is authorized, a further check of the From address takes place in step 2. Step 2: Checking the header address (From) In the second step, the From address from the header of the email is checked. If the address is not entered in the TXT record, the email is quarantined, regardless of the configured setting to Hard- or Softfail (-all/~all).

Add SPF Record to DNS Zone

Note: If you are using the SPF filter of variant 1, you must set a TXT record in your DNS zone. This entry must contain all mail servers that are allowed to send emails from your own domain. This entry is optional for variant 2 of the SPF filter.

  • Contact the support to add a SPF Record to the DNS zone.

Activate SPF

Set the corresponding TXT record in your DNS zone before commissioning SPF.
  • To activate the SPF filter, send an email with the subject Enable SPF to the support and inform the support about the following information:

Setting up DKIM

To set up DKIM, you must use a CNAME record to refer to the public key in our DNS. Then open a ticket at our support to order DKIM.

Set the CNAME Record

  • Contact the support to set a CNAME Record.

Activate DKIM

Before commissioning DKIM, set the corresponding CNAME entry in your DNS zone.
  • Send an email with the subject Enable DKIM to the support and inform the support in this email:
    • for which domains you want to activate DKIM;
    • Whether you want to use DKIM for validation and signing, only for validation or just for signing emails;
    • that you have set the CNAME record.

Setting up DMARC

To set up DMARC, you must first activate SPF in variant 2 and/or DKIM. Then open a ticket at the support to activate DMARC.

Activate DMARC

To use DMARC it is necessary to activate SPF in variant 2 and/or DKIM for the desired domain.
  • Send an email with the subject Enable DMARC and inform the support team in this email:
    • for which domains you want to activate DMARC;
    • whether SPF and/or DKIM are activated for these domains;

Decision Matrix of DMARC Policies

The DMARC decision matrix shows how DMARC handles messages in case of passed or failed DKIM and SPF checks.
SPF and DKIM Check DMARC Result Result
SPF pass + DKIM pass DMARC pass Deliver
SPF pass + DKIM fail DMARC fail Quarantine
SPF fail + DKIM pass DMARC fail Quarantine
SPF fail + DKIM fail DMARC fail Quarantine
The table shows that only if both the SPF and DKIM checks have been passed, the DMARC result is positive and the email will be delivered. Otherwise the email will be quarantined.

Emails in the Control Panel

DKIM Emails for which the DKIM signature does not match the corresponding entry in the DNS will be quarantined. In the spam report and in the control panel, the affected emails are marked as spam, so you can deliver them as required. Under the column Reason you will see DKIM Failure if DKIM applies to a specific email.   SPF Emails that have been detected by the SPF filter and found not to have been sent by a server registered in the DNS will be quarantined. In the spam report and in the control panel, the emails concerned are classified as spam and can be delivered as required. In the control panel these emails are displayed with the reason SPF Failure.   DMARC Emails detected by DMARC and found not to comply with the SPF and/or DKIM policies will be quarantined and displayed in the spam report and control panel, rejected or delivered (nothing) depending on the policy you have chosen. These emails are displayed in the control panel with DMARC Failure as reason.

Troubleshooting: Increased Outbound False Positive Rate

Emails that should be delivered are reported as spam by the SPF filter. Condition:
  • Either the SPF filter in variant 1 is active and incoming internal emails are incorrectly detected as spam
  • Or you have activated the SPF filter of variant 2 and a communication partner informs you that emails from your domain are detected as spam.
Cause: Faulty TXT record The IP addresses of your mail servers entered in the TXT record are incorrect or missing. Remedy: Customize TXT Record
  • Add the IP addresses of your mail servers to the TXT record or correct the incorrect IP addresses.
Remedy: Adding IP addresses to the whitelist
  1. Open the Control Panel.
  2. Select the respective domain from the scope selection.
  3. Select Black- & Whitelist.
  4. Select the Tab Whitelist.
  5. Click on Insert and enter the corresponding IP address
  6. Click on Submit to confirm.

Troubleshooting: Increased False Positive Rate on Inbound Emails with SPF Variant 2

Emails that should be delivered are reported as spam by the SPF filter. Condition: Your SPF filter runs in variant 2 and incoming emails from certain domains are incorrectly detected as spam. Cause: Incorrect TXT record of the communication partner Remedy: Informing the communication partner
  • Inform the communication partner about a possibly incorrect SPF configuration.
Adding IP addresses to the whitelist
  1. Open the Control Panel.
  2. Select the respective domain from the scope selection.
  3. Select Black-/Whitelist.
  4. Select the Tab Whitelist.
  5. Click on Insert and enter the corresponding IP address of the sender domain.
  6. Click on Submit to confirm.

Glossary

The glossary defines all uncommon words used in this manual.

Note: Since the manual is not completed, the glossary will be updated.

WordDefinition
Control PanelUserinterface to manage the email traffic and services.
Domain administratorIs responsible for a primary email domain, the related alias mail domains, as well as all email addresses defined or definable by them.
Partner Is responsible for several clients. Each client corresponds to a primary email domain, its alias mail domains and all email addresses defined or definable by them.
InfomailAn email classified as advertisement
BlacklistSender emails that should always be classified as spam are entered on the blacklist.
WhitelistSender emails that should always be classified as clean are entered on the whitelist.
Suggest Edit