Table of ContentsPreviousNextIndex

Securing access to the GFI MailSecurity configuration

The GFI MailSecurity configuration is entirely web-based. For this reason it is imperative that proper access security is configured so that only authorized users get access to the setting-up of rules and the quarantine store.

You can configure access security to the GFI MailSecurity configuration pages and quarantine store via the GFI MailSecurity SwitchBoard application. To configure access security, follow these steps:

1. Click on the GFI MailSecurity SwitchBoard shortcut found under Start } Programs } GFI MailSecurity.

2. The GFI MailSecurity SwitchBoard application is loaded. You now need to select whether you want to allow only local access to the Configuration and Quarantine Store or else both local and remote. To allow only local access, select the Local mode option, so that the Configuration and Quarantine Store can only be accessed when working directly on the server machine where GFI MailSecurity is installed. On the other hand to allow both local and remote access, select the IIS mode option, so that authorized users both from the local machine and other remote machines can access the GFI MailSecurity Configuration and Quarantine Store.

Screenshot 12 - GFI MailSecurity SwitchBoard

3. If you selected the Local mode option, you do not need to configure anything else. If you selected the IIS mode option you now need to configure the Active Directory accounts or groups which have access to the Configuration and Quarantine Store, and you can also change the virtual directory name where the GFI MailSecurity pages are stored.

NOTE: If you select Local mode you need to add `http://127.0.0.1' to the list of trusted sites in Internet Explorer. For further information refer to the `Adding local host to the trusted sites list' below.

Screenshot 13 - Local host address must be added to trusted sites list

4. To configure access security, click the Security... button.

5. The IIS mode access control list dialog is displayed. This dialog allows you to configure who gets access to the configuration pages and the quarantine store in separate access control lists.

Screenshot 14 - Configuration / Quarantine store Access Control Lists

6. To configure the accounts which get access to the configuration pages, use the Add and Remove buttons underneath the Configuration URL Access Control List. If you want to deny access to a listed account without removing it from the list, select the check box under the Deny column.

7. To configure the accounts which get access to the quarantine store, use the Add and Remove buttons underneath the Quarantine URL Access Control List. If you want to deny access to a listed account without removing it from the list, select the check box under the Deny column.

NOTE: So as to avoid reselecting the same accounts twice, once for each list, you can easily drag and drop accounts and groups between the two lists.

8. When ready click the OK button to close the dialog.

9. If you want to specify a different virtual directory name you can do so by editing the entry in the Virtual directory edit box.

10. Click the OK button to save your changes. A popup dialog will display the progress while applying the new settings.

Screenshot 15 - New SwitchBoard settings successfully applied

11. When the process completes, click on the OK button.

Adding local host to the trusted sites list

When you configure GFI MailSecurity to be accessible only locally, you need to add the local host address, `http://127.0.0.1', to the list of trusted sites in Internet Explorer. To do this, follow these steps:

1. Click on the Control Panel shortcut under the Start menu.

2. From the Control Panel open the Internet Options applet.

3. The Internet Properties dialog is displayed. Access the Security tab and click on the Trusted sites icon from the Web content zone list.

Screenshot 16 - Internet properties dialog

4. Click on the Sites... button.

5. The Trusted sites dialog is displayed. In the Add this Web site to the zone: edit box specify `http://127.0.0.1'.

6. Click the Add button. The local host address is added to the Web sites list.

Screenshot 17 - Trusted sites dialog

7. Click the Close button.

8. Click the OK button in the Internet Properties dialog to close it and save the new settings.

Table of ContentsPreviousNextIndex