Europa Rel 2.0 admin faq

1 System Setup

1.1 Do I need to change the HTTPs port number?

Yes, if your firewall HTTPs port (443) is already occupied by your web server.

No, if your external IP address is completely assigned to Europa or no external access.

1.2 What HTTPs port can I use?

Any free firewall port. Just suggestion: port 8888 or 8080. Remember to add that port forward rule into your firewall.

1.3 Can I constantly change HTTPs port number?

Yes, however, it is highly not recommended. Europa uses the HTTPs port number to generate the call back URL. After the HTTPs port number is changed, the end-user can only access Europa with the newly generated call back URL.

1.4 What is the DNS requirement for internal/external web access?

Using your Europa's Host Name and Primary Domain Name to create the following DNS entry.
- For example: Europa Host Name is mail; and Europa Primary Domain Name is nosuch-domain.com.
Define an internal DNS entry mail.nosuch-domain.com and points to the internal Europa IP address.
Define an external DNS entry mail.nosuch-domain.com and points to your external IP address.

1.5 We do not have internal DNS server. Can our users totally depend on the external DNS server?

In general, Yes: The external DNS will return your Europa external IP address, then your users can access Europa through the external IP address.

No, if your firewall by default blocking the internal access to the external IP address. For example, Cisco firewall blocking all the traffic from internal network to the external IP address. Therefore, you need an internal DNS server to provide the internal Europa IP address for the internal users.

1.6 What is the DNS requirement for Europa acts as email server?

For incoming email, change your domain's MX record to your external IP address.
For outgoing email, change your domain's PTR record to your external IP address.

1.7 Why I care the PTR record?

DNS reverse lookup technique is widely adapted by major organization and email service providers. If your PTR record is not setup correctly, these email server will refuse your Europa SMTP connection.

1.8 How can I verify my MX and PTR record?

Go to http://www.dnsreport.com and enter you domain name.
Does your MX record points to your external IP address?
Does your PTR record points to your external IP address?

1.9 Should I use my personal email ID as admin email address?

In general, do not use your personal email ID. Since Europa will quarantine the whole system SPAM into admin quarantine box, it is difficult for you to identify your personal SPAM. It is difficult to pass the admin responsibility to other user.

2 Domain Setup

2.1 Should I change the User Session Time Limit to Never?

It is your call. As administrator, you should balance in-between the risk of email security and user convenient.

2.2 How to use "Quarantine Email" option?

User: SPAM is quarantined into recipient's Quarantine Manager.
Monitor: SPAM will not send to the recipient ID.
- SPAM is directly sent to Email Address for quarantine monitor email ID.
- SPAM is quarantined into Domain Admin Email Address if the above email ID is not defined.
Both: SPAM is quarantined into both the recipient ID and the above :qmonitor email ID.

2.3 How to use the "Unknown Emails" option?

Drop: the email is dropped.
Quarantine: the email is quarantined to Unknown users' Email Address if this address is defined. Otherwise, the email is quarantined to Domain Admin Email Address.
Forward: the email is forwarding to Unknown users' Email Address if this address is defined. Otherwise, the email is forward to Domain Admin Email Address.
Pass Through: Europa does nothing. Let the email server to handle this email.

2.4 Why I should drop the unknown emails?

More than 60% of SPAM are using Directory Attack (try different recipient names) technique.
The volume of SPAM is huge. It does not make sense to capture them; and it is impossible to scan through them.
Since the recipient ID is not valid, you should drop these unknown emails.

3 Service Information

3.1 What is the "maximum number of users" means?

It means 'maximum number of user IDs' in this Europa system. It is not related to the number of domains.

3.2 Can I activate more Europa features?

Call Jovian support, get the long Activation code, and apply it to Europa.

3.3 Why should I "Enable Forwarding Service"?

If some users want to forward their incoming email to their PDA or BlackBerry. See the Email Environment FAQ for more information on forwarding email.

3.4 If I disable "Personal Filter" (PSM), what will happen?

No black/white listing filter.
No more email envelop function.
Cannot rename known attachment extension.

4 Appliance Admin

4.1 What is the "RO" user ID for?

It is a Read-Only user ID for examining the system status without explore the sender information. RO user ID cannot alternate any system parameter. However, this ID should only be used As-Need purpose.

4.2 How to use the "Export All Existing Mails to External Mail Server"?

If back-end email server does not respond for a period of time, Europa can manually or automatically switch from SPAM filter mode to email server mode. All the queued or incoming email are then stored into Europa. The user can use Web email client to access to those new emails. After the back-end email server is up, you can export either ALL or From Last Export emails back to the email server.

4.3 When Europa switch from filter mode to email server mode, can the users access their old email?

No. This feature will available in the next release.

4.4 How to expand the email archive and how read these email?

The archive file is an UNIX tar and gzip file. Unix tar -zxvf command or Windows WinZip can expand the archive into your directory. The email files are stored in the following directory structure: {domain_name}/email_archive/{user_id}/{YYYY_MM_DD-hh_mm_ss}.eml

Email files are basically in MIME text format, so you can perform text search with them. On Windows, .eml file extension is associated with Outlook application, your can double click the email file to display the email content. On UNIX, you need KMail or KWord application to display the email content.

4.5 Should I using the self generate certification or buy one?

Since the self generate certification has no root CA to support, so the browser display the SSL warning message when the user first connect to the Europa. It is better to buy a SSL certificate.

4.6 Do I need to buy another SSL certification when Europa IP address is changed?

No, SSL certification is based on the host name. You need to buy another SSL certification if the host name is changed, not the IP.

4.7 What is the Backup and Restore for?

Backup function backing up all the system, domain, user parameters plus user emails and quarantined SPAM. Restore function can restore all the above information back to Europa machine. Backup and Restore functions allow the administrator quickly to bring up Europa from the old data. Please backup every night and store the file to your secured file server.

In case, you restoring data file to a new Europa hardware, you need to call Jovian support for the new Activation code.

5 Service Admin

5.1 What is "Connection Level Protection" (CLP)?

SMTP is a TCP/IP communication protocol. During the initial TCP/IP connection time, Europa performs the IP connection level protection check. If the sender's IP/domain is invalid, Europa immediately drops the SMTP TCP/IP connection. Therefore, less CPU resource is needed to handle these SPAM.

5.2 What is "Heuristic Connection Protection" (HCP)?

In general, the Real-Time Blackhole List (RBL) has few hour delay time. Therefore, RBL is not effective to stop the zombie attack. Europa continually to collects all the SPAM/Virus sender IP information into its internal HCP database. So, HCP is same as RBL except HCP is local real-time blackhole list.

You can change HCP's threshold value and time interval in Service Admin > HCP setup page.

5.3 Why Europa's Anti-Virus function is not zero-hour?

In general, around 1% of email contains virus. Europa can synchronize the virus definition down to a hour with the public virus database. The most important fact: 98% of virus comes from http/ftp download. Therefore, the anti-virus program in the end-user machines are the most effective defence mechanism.

5.4 Is "Optical Character Recognition" (OCR) word list updated automatically?

No, Europa OCR only loaded with the standard set of word list. To effective capture the image SPAM, the administrator needs to update the OCR word list for their domain.

5.5 Why Europa OCR cannot catch the "viagra" word in the image SPAM?

It is easy for human to recognize the embedded "viagra" word in the image SPAM. If the spammer plays some photoshop trick, in general, today OCR program cannot catch these embedded words in the image SPAM. Or, we need a super computer to run OCR program.

5.6 What is Europa Anti-Relay for?

Just in case, some end-user machines catch virus and become a zombie machine. This function prevents Europa become a SPAM relaying machine.

6 Email Policy

6.1 Should Europa integrated with LDAP (or Active Directory)?

Yes, there are few benefit:

During Directory Attack, Europa can verify the recipient with LDAP.
For the new LDAP user, Europa can automatically add the user ID when Europa recives his/her email.
Single password to sign-on.

6.2 How many level of groups can I create?

Basically, no limit. Europa group structure should match with your organization structure. In general, these information should already defined in the LDAP (or Active Directory) database. Europa can import these information during setup time.

If the LDAP admin ignored the group information, the whole domain users are in one flat group. The rule of thumb is "group level should not more than 4".

6.3 How can I add addition SPAM/HAM keyword rules?

Email Policy > Spam Keywords
For the Simple / Regular Expression pages to add additional keywords or to define addition pattern.
Using positive number score to present SPAM and nagative number score to present HAM.

6.4 Can I add addition SPAM/HAM keyword rules for the email header?

No, not yet. Next version.

6.5 How my black listed item be promoted to group level?

When all the group members have the same black listed item, it is then promoted into the group level.
If the group only has one member, his/her black listed items will not be promoted.

6.6 In the "Black List Statistics" page, what is the Ratio means?

The Ratio format in XX/YY. It means XX members in the total YY members group. 11/33 means 11 users in the 33 member group.

6.7 What is the "Daily Email Summary" default value?

When a new user ID is created, that new ID is added into the daily email summary report listing. If the user does not want the daily email summary, the user must reset that value themselves.

7 Tools

7.1 What is the "Email B/W Analysis" for?

It is a dynamic analysis tool to simulate how a sender email to traverse the Black/White listing and display the result.

7.2 What is the "Remote Support" for?

Europa using this function to SSH call back Jovian support machine.

8 Logs & Reports

8.1 What the "Email Report" "Adv Search" for?

The users can fine tune their search criteria. However, the search pattern only apply to pre-format event logs. So, the users should not search for the 'Tagged' or 'Forward' words. The users should enter the search pattern such as 'john' (sender name) or '47.235.11' (sender IP).

8.2 What is the "Operation Status"?

It allows the admin to see the live operation status such as TCP/IP connection, reject unknown recipient, rejected by RBL, HCP, SPF, and the normal incoming email.

8.3 If the user complains about "I cannot receive an expecting email", what can I do?

Both Email Summary and Historical Report can report the flow of the normal incoming email such as B/W listed, Drop/Quarantine/Tagged email.

For searching all the possible problem, use Operation Report > Operation Historical Report", it can display the last 14 days events: TCP/IP connection, email for unknown recipient, HCP, CLP rejection condition, etc.

For display the searching based on user ID, use Operation Report > CLP Report and 'with Valid Users', it can display the last 14 days events: rDNS, RBL, HCP and SPF.

8.4 Why I need this "CLP Report"?

Some senders do not correctly setup their PTR records for rDNS lookup; or someone black listed their IP into RBL, ..., etc. This record can show their connection rejecting reason.

8.5 What can I do if a valid sender connection is blocked?

Choices are:

Lower your Europa setting such as no rDNS, or no RBL check. However, this is highly no recommended.
Ask the sender to fix the problem and resend the email. In most cases, this is for their benefit.

8.6 What can I do if the valid sender is blocked by Europa local HCP database?

Using CLP Report to get their connection IP; and go to System Service Logs > HCP Log to see why their IP was added into Europa HCP database. Ask the sender to fix the problem. Go to Service Admin > HCP Setup to delete their IP address from HCP database. Then, they can resend the email.

8.7 Why the sum of the percentage in Email Report's Pie chart is not 100%?

If the slice is less than 5%, that slice will not be displayed in the Pie chart. It is too messy to all the small slice(s) in the Pie chart.

8.8 Why in the Email Report's 3D Bar chart, the White-Listed and Pass-Through are covered the Tagged, SPAM and Virus bars?

You are very luck since the volume of the SPAM and Virus are lower than the normal email. In the normal case, the volume of SPAM, Virus, Tagged emails are much higher than the normal email.

8.9 What is the "Access Violation Report" for?

After the spammer's IP is added into Europa HCP database, and Europa stops them at the TCP/IP connection time. However, they can/will continue to connect to Europa. This report reports their connection frequency.
Invalid SSH login.
Invalid Web page login.

8.10 Why Europa do not integrated with firewall to block the IP connection?

Not all the firewall has this type of interface or API.
The number of violated IP listing is huge. In our case, we collected 20,000 violated IP addresses in the first 4 months. If Europa does generate firewall rules to block the IP addresses, in most cases, the firewall rules will be overloaded and will slow down the firewall throughput.

8.11 What is the "System Services Logs" > "Setup Log" for?

It recorded all the system setup chanage events since day one. Therefore, the administrator can easily to trace the when is changed and what is changed.

8.12 What are Europa performance factors?

Europa performance is bounded by the internet and the network performance rather than its CPU and RAM size. For each SMTP connection and email, Europa will talk to many external services: DNS for reverse lookup, RBL prviders, SPF, internet SPAM databases. Therefore, Europa (SPAM filter appliance) is network bounded rather than CPU bounded.

8.13 What is "System Activity Report" for?

Even though everyone thinks "email is critical" and "system performance is important" (see the "Europa performance factors" FAQ for more details). Therefore, some vendors will keep putting their users to buy a bigger and larger machine. With this SAR report, the administrator can see the true Europa system performance.

9 Jovian Support

9.1 What is best approach when I have problem?

Try the Admin and User Guide.
Try the Jovian's online Europa FAQ.

If possible, try to match your problem to our terminology such as email envoloping, HCP, etc.

Try your VAR (Value-Added Reseller) since they help you to setup your email environment and Europa.
Send Email to Jovian support mailto:support@joviantechnology.com
Call Jovian support at 1-888-584-2584 or 905-366-0100.

9.2 What information should I collect before call Jovian support?

Logon to your Europa, click the upper-left hand "Europa" logo. The information is displayed in the About Europa page.
The purchase information: the name of the VAR, date of purchase, etc.

9.3 Any RMA support?

Go to http://www.joviantechnology.com and click Customer service.
Download the Return Merchandise Authorization (RMA) form, fill-in, and fax it back to 905-602-6265.

10 Miscellaneous

10.1 What happen when Europa harddisk is near to full?

Europa will send a warning email to the system admin when its hard disk is 70% full.
Europa will send a critical email to the system admin when its hard disk is 80% full.
System admin can/should
- Ask the users to delete the old messages.
- Reduce the Days of Quarantine.
- Drop the unknow/spam emails instead of quarantine them.

10.2 What happen when Europa's hard disk fail?

For Europa model 250 - model 5000, Europa has RAID 1 (2 hard disk array).
When one of the hard disk fail, Europa will send "mdadm monitoring" email to the system admin.
In general, these models can continue the operation with one hard disk.

10.3 What should I do when I received the "mdadm monitoring" messages?

Using Appliance Admin > Backup / Restore page
Perform Manual Backup and send the file to your secured file server.
Double check all your previous backup files.
Call your VAR or Jovian support.

10.4 What happen the external email server (for example: Exchange) crash?

When Europa cannot talk to the back-end email server for a period of time, Europa will send a notification email to the system admin.
Depend on the email switch over setting. Europa can automatically switch over as email server to avoid loss of email.

10.5 How can Jovian support its Europa machine?

There are few choices:

Reset the RO account, and allow Jovian support to access your Europa with the RO account.
Add a SSH port forwarding rule and allow Jovian to logon to your Europa: external port 2222 to internal Europa port 22.
Without change any firewall rule, Europa can perform reverse ssh call to Jovian support machine. Talk to Jovian support to synchronic the call-in time.

10.6 Can the users access Europa email server from external internet?

It depends on what is the access means:

Web email client and Quarantine Manager access: add the HTTPs (default is 443) port forwarding rule into your firewall.
POP3 access: add the POP3s (995) port forwarding rule into your firewall.
IMAP access: add the IMAPs (993) port forwarding rule into your firewall.
SMTP send access: add the SMTPs (465) port forwarding rule into your firewall.

Add a DNS entry (see the "DNS requirement for internal/external web access" FAQ above).