XWall Email Control System-Getting Started

The Spammers are more resourceful than you may think. Unlike virus scanners there is no quick fix for all spamming situations. However, the XWall Spam filter features all the elements you need to have a real impact on your Spam problem. Your company's requirement may be different from others. XWall can adapt to many needs. Ceratec would like to show you how we set up XWall for our local clients. A successful XWall installation will block Spam with a minimum of false positives. Rule #1- don't go for overkill. Learn about the filters before implementing them. Please look for details in the XWall manual. On this page you see an example installation that works for our local clients. It's a basic initial installation and does not include configuring XWall.

Where to install the XWall Spam filter

Before you start installing XWall you should understand that XWall accommodates many users with different needs. Some have as few as 10 clients; others may have 5000 or more. Some features work well for 50 users but are questionable for 2000 users. As example, you may want to forward the spam to the postmaster for a few days if you have 20 users. But what good would it do if you serve 6000 mailboxes and you're faced with 100,000 spam messages in your postmaster mailbox?

You find a complete installation guide in the XWall Online Manual

XWall can be installed on the same system as Exchange or on a different machine all together. If you choose a separate machine, you must adjust your router / firewall to point port 25 to XWall or change the MX record if the system is on the "outside" . Generally, I install it on the same machine.

Reasons why you would NOT run XWall on the same system with the mail server:

- your mail server is not windows based
- your mail server can't change the SMTP port
- your exchange server is already overloaded
- you don't want to mess with the exchange server
- you use some hard to integrate virus scanner
- you have more than 3000 users

Once you have decided how your XWall setup should look. you can extract and start installing XWall.

Extracting XWall files.

XWall is a very compact program. The zip file is less than 2 megs. Unzip the file using winzip or any other extraction utility. Locate the folder containing the extracted XWall files and run the setup. Once installed you will find 2 menu items XWall server and XWall admin. If you look in the XWall folder the files will be called mbserver and mbadmin. Now you are ready to start to set up XWall. Start up the XWall Admin.

First Wizard Setup Screen

Postmaster:

The first field asks for the postmaster. Basically it wants to know where to send notification to the mail administrator. XWall can route the identified Spam messages to the postmaster for review.

Exchange:

XWall needs the Exchange info. If XWall runs on the same machine as exchange, the IP address is localhost (127.0.0.1) and the port is 24. Please note you must modify this port in the Exchange server setup. See the instructions below.. If XWall runs on a different machine, you need to enter the IP address of the exchange server. The port will be 25.

Authentication:

Make sure XWall can send the messages to the Exchange server. Most likely your Exchange Server does not need authentication. Also once XWall is up and running you need to remove any message blocking in Exchange. If not, the mail will backup into XWall. Specially remember to remove things like size limits. Instead, the limits need to be applied in XWall. Under these considerations, localhost situations usually setup without problems. If XWall has to send the mail to a different system, make sure the other system can and will accept mail from XWall.

Second Wizard screen

SEND SMTP MESSAGES

How was Exchange sending out mail before the XWall installation? Most likely you want to do the same in XWall. However, I personally often use the 3rd option for the reasons given below.

- Exchange sends out message directly to the other mail server

In this case you set the first line in XWall to read " Send messages directly to the recipients mail server."

-Exchange is using Smarthost and is relaying all outgoing mail through your ISPs SMTP server.

In some situations (like dynamic IPs) you may use your ISP's SMTP relay. I set XWall to " Relay all messages through the Smarthost."In the field SMART HOST enter your ISP's SMTP server. Example: smtp.yourisp.com

-The 3rd option allows you to attempt direct delivery and uses the Smarthost if it can't be delivered directly. This is a good choice in today's spam world. If a mail server blocks you for some reason you have a second shot using your ISP's SMTP transport.

Set XWall to "Use Smarthost only to relay if direct connect fails."

DNS SERVER

This is one of the most important settings to get right. If your DNS server is not working right XWall will have trouble sending mail and checking for spam. Almost 50% of XWall installation failures have to do with bad DNS servers and firewalls blocking the DNS requests. This is particularly true if installed on a separate machine of a test setup. You must list a fully qualified DNS server in the TCP/IP setup on the machine. Of course, your DNS server will do that IF IT RESOLVES ALL EXTERNAL ADDRESSES. Often the internal DNS servers do not resolve external addresses reliably. If your outgoing messages stack up, it's an indication the DNS does not do a good job. Often XWall will complain about a bad DNS server setting in the log. You can correct that by adding a good DNS to your TCP/IP setup of the machine. Simply enter it in the DNS field. Just replace the "autodetect". If you don't have a good DNS handy, you can use this one for testing - 216.88.76.6.

I typically do not check the "Refuse inbound mail.... " field. XWall does a great job queuing mail if your Exchange server has a problem.

Leave the connection limits as set by default. Too low limits could slow down XWall.

Third Wizard Screen

XWall needs to know your domains. Enter ALL domains maintained on your Exchange server or that your SMTP Mail server handles. If you forget a domain XWall will reject the messages for the omitted domain. You will have looping problems and, of course, can't receive mail for that domain. Please enter only one domain per line.

XWall - Exchange interactions

Depending on the configuration you selected for your XWall install, you need to establish the interaction with Exchange. Select from the scenarios below and make the adaptation to the routing or port selection.

Running XWall on the same machine as Exchange server

Incoming Messages
If you run XWall on the same machine as the Exchange, then you must tell Exchange to listen on a separate port; i.e. not port 25, because only one application can listen to a specific port at one time and XWall needs to be the first application that gets SMTP messages.

Exchange 5.x
To do this, open the file services, usually located in C:\WINNT\system32\drivers\etc\SERVICES with Notepad or any other text editor. Locate the line smtp 25/tcp mail and change 25 to the port of your choice (use 24 if you are not sure which one you should use) and save the file.
Restart the IMS (Internet Mail Service) of the Exchange server to bring the new settings into affect.

Exchange 2000/2003
Start System Manager (Exchange Admin) and select Servers->XXXXXX ( Your Server)->Protocol->SMTP->Default SMTP Virtual Server->Properties. In this dialog select the tab labeled General and then Advanced and here you can set the port on which this virtual server listens. In the default mode you will find the value 25. For Xwall to work on the same machine you need to change this port. Typically we use port 24 but any other free port will work too.

This is a screenshot from a simple Exchange 2003 server installation showing the tree you need to open to get to the place for the port change.

Once you completed setting the exchange server port to 24 you need to stop and restart the SMTP service so the change can go into effect.

The port you select in exchange needs to be the same you set in Xwall.

Also make sure Anonymous access is allowed or else XWall is not able to connect to Exchange. In System Manager ( Exchange Admin) select Servers->Your Server->Protocol->SMTP->Default SMTP Virtual Server->Properties. In this dialog select the tab labeled Access and then Authentication and enable Anonymous access.

Then start MBAdmin, select View->Options->Exchange->Exchange listens on port and type in the same port that you used in Services/System Manager.

Outgoing Messages
(this step is optional and is not needed for inbound spam blocking)

Exchange 5.x
Start Exchange Administrator, select the IMS (Internet Mail Service) and click on the tab labeled Connections.
Enable Forward all messages to host and type in localhost. Close the dialog and restart the IMS.
From then on the Exchange server will forward all messages to the localhost, which basically means it sends them to XWall.

Exchange 2000/2003
If you have no SMTP connector then start System Manager (Exchange Admin) and select Servers->Your Server->Protocol->SMTP->Default SMTP Virtual Server->Properties.

In this dialog select the tab labeled Delivery and then Advanced and in Smart host type in localhost.
Close the dialog and restart Exchange. From then on the Exchange server will forward all messages to the localhost, which basically means it sends them to XWall.

If you have a SMTP connector then start System Manager (Exchange Admin) and select Routing Groups->Exchange->Connectors->Your SMTP Connector->Properties->Forward all mail through this connector to the following smart host and type in the name or IP address of the machine where XWall is running.

Close the dialog and restart Exchange. From then on the Exchange server will forward all messages to the name or IP address , which basically means it sends them to XWall.

Running XWall on a different machine then the Exchange server

Incoming Messages
Start MBAdmin, select View->Options->Exchange->Name or IP address of the Exchange server and type in the name or IP address of the Exchange server.

Depending on your DNS configuration you will need to change the MX record so that it points to the machine where XWall is running or else XWall will not get the messages before Exchange.

Outgoing Messages
(this step is optional and is not needed for inbound spam blocking)

Exchange 5.x
Start Exchange Administrator, select the IMS (Internet Mail Service) and click on the tab labeled Connections.
Enable Forward all messages to host and type in the name or IP address of the machine where XWall is running.
Close the dialog and restart the IMS. From then on the Exchange server will forward all messages to XWall.

Exchange 2000/2003
If you have no SMTP connector start System Manager ( Exchange Admin) and select Servers->Your Server->Protocol->SMTP->Default SMTP Virtual Server->Properties. In this dialog select the tab labeled Delivery and then Advanced. In Smart host type in the name or IP address of the machine where XWall is running. Close the dialog and restart Exchange. From then on the Exchange server will forward all messages to XWall.
If you have a SMTP connector then start System Manager (Exchange Admin) and select Connectors->Your SMTP Connector->Properties->Forward all mail through this connector to the following smart host and type in the name or IP address of the machine where XWall is running.
Close the dialog and restart Exchange. From then on the Exchange server will forward all messages to the name or IP address , which basically means it sends them to XWall.

First Launch

This concludes the install. You can exit the Xwall admin and start the XWall server for the first time. You will see the blue XWall log screen. The screen show the latest 20 lines on the log. If it scrolls too fast you find the same info in the log file XWall builds. Please note, if you "X" this screen you will shut down XWall. Also to exit XWall, make the blue screen the foreground application and press Esc, then confirm the exit.

Later, in a day or two you may want to install XWall as a service. Just go to the command line, change to the XWall folder and type MBSERVER INSTALL

Possible PROBLEMS

IF the XWall log lists a complaint about the virus scan it means your real-time scanner is scanning the XWall folder and/or Temp folder. Please exclude these folders. I usually create a temp folder in the XWall folder and set Xwall to use that folder as temp directory. You can do that in the XWall Admin View->Advanced->advanced->temp folder. If you do not exclude these folders you will have errors like "timeout reading data" because the virus scan is locking the file.

You see SMTP and Exchange in and outbound connections (4) starting. If the SMTP Inbound connection fails it means something is listening on port 25 already. It's Exchange or an SMTP service in most cases or it's an SMTP based virus scanner.

Please note XWall uses the EICAR virus test file. This is not a virus. It's a test file that is supposed to trigger a virus alert in your virus scan. Virus scanners should not scan the XWall folder. Read more about it in the XWall configuration page.

For Spam blocking and filter setup, consult the manual or visit the XWALL CONFIGURATION page.