Securing access to the GFI MailSecurity configuration/quarantine

2 Installing GFI MailSecurity : 2.12 Securing access to the GFI MailSecurity configuration/quarantine

2.12

Securing access to the GFI MailSecurity configuration/quarantine

The GFI MailSecurity configuration and quarantine store can be accessed through a web browser and thus it is imperative that you configure proper access security so that only authorized users can set-up rules and manage the quarantine store.

You can configure access security to the GFI MailSecurity configuration pages and quarantine store via the GFI MailSecurity SwitchBoard application. To configure access security, follow these steps:

1. Click the GFI MailSecurity SwitchBoard shortcut found under Start ► Programs ► GFI MailSecurity.

2. The GFI MailSecurity SwitchBoard application is loaded. You now need to select whether you want to allow only local access to the Configuration and Quarantine Store or else both local and remote. To allow only local access, click Local mode, so that the Configuration and Quarantine Store can only be accessed when working directly on the server machine where GFI MailSecurity is installed. On the other hand, to allow both local and remote access, click IIS mode, so that authorized users, both from the local machine and other remote machines, can access the GFI MailSecurity Configuration and Quarantine Store.

Screenshot 17 - GFI MailSecurity SwitchBoard

3. If you selected Local mode, you do not need to configure anything else. If you selected IIS mode you now need to configure the Active Directory accounts or groups that have access to the Configuration and Quarantine Store, and you can change the virtual directory name where the GFI MailSecurity pages are stored.

NOTE: If you select Local mode you need to add ‘http://127.0.0.1’ to the list of trusted sites in Internet Explorer. For further information, refer to Adding local host to the trusted sites list section below.

Screenshot 18 - Local host address must be added to trusted sites list

4. To configure access security, click Security… next to the Virtual Directory box.

5. In the IIS mode access control list dialog box you can configure who gets access to the configuration pages and the quarantine store in separate access control lists.

Screenshot 19 - Configuration / Quarantine store Access Control Lists

6. To configure the accounts that get access to the configuration pages, use the Add and Remove buttons underneath the Configuration URL Access Control List. If you want to deny access to a listed account without removing it from the list, select the check box under the Deny column.

7. To configure the accounts that get access to the quarantine store, use the Add and Remove buttons underneath the Quarantine URL Access Control List. If you want to deny access to a listed account without removing it from the list, select the check box under the Deny column.

NOTE: To avoid reselecting the same accounts twice, once for each list, you can easily drag and drop accounts and groups between the two lists.

8. When ready click OK.

9. If you want to specify a different virtual directory name, you can do so by editing the entry in the Virtual directory box.

10. Click OK to save your changes. A progress bar shows you the progress while applying the new settings.

Screenshot 20 - New SwitchBoard settings successfully applied

11. When the process completes, click OK.

Adding local host to the trusted sites list

When you configure GFI MailSecurity to be accessible only locally, you need to add the local host address, ‘http://127.0.0.1’, to the list of trusted sites in Internet Explorer. To do this, follow these steps:

1. Click the Control Panel shortcut under the Start menu.

2. From the Control Panel open the Internet Options applet.

3. In the Internet Properties dialog box click the Security tab and then click the Trusted sites icon from the Web content zone list.

Screenshot 21 - Internet properties dialog

4. Click Sites.

5. In the Trusted sites dialog box specify ‘http://127.0.0.1’ in the Add this Web site to the zone box.

6. Click Add. The local host address is added to the Web sites list.

Screenshot 22 - Trusted sites dialog

7. Click Close.

8. Click OK in the Internet Properties dialog box to close it and save the new settings.