Creating a Cloud Pre-Filter Policy Parent topic

To provide email security services to a domain, create a policy for that domain.
Note
Note
If your network uses a proxy server, verify your proxy settings are correct at AdministrationProxy, before creating a Cloud Pre-Filter policy.
Creating a Cloud Pre-Filter policy requires the following steps:

Step 1: Domain Settings Parent topic

Procedure

  1. Click Cloud Pre-Filter.
    The Cloud Pre-Filter Policy List screen appears.
  2. Click Add.
    The Step 1: Specify Domain and Destination Server screen appears.
  3. Provide the name of the domain to protect.
    Note
    Note
    Specify a domain or subdomain, for example, domain.com or *.domain.com. Top-level domains are not allowed, and only a single level of subdomain matching is supported.
  4. Click Add under Specify Destination Server.
    The Destination Server screen appears.
  5. Specify the addresses of the domain's actual destination servers to allow Cloud Pre-Filter to relay messages to these servers after processing.
    1. Select one of the following from the Address Type drop-down list:
      • IP address: IP address of the MTA or IMSVA that receives messages from Cloud Pre-Filter
      • A record: Hostname Cloud Pre-Filter uses for DNS lookup
      • MX record: Mail exchange record Cloud Pre-Filter uses for DNS lookup
      Note
      Note
      A policy can only contain one address type for a destination server. An IP address and an A record are considered to be the same type. An MX record is considered to be a different type.
    2. Provide an address for IMSVA in the Address field.
    3. Provide a port number for communication between IMSVA and Trend Micro Email Security SaaS Solutions. The default value is port 25.
    4. Provide a value for Priority for the destination server.
      The Priority option specifies routing priority for the destination servers. Cloud Pre-Filter service will attempt to route messages to servers with higher priority values first. The lower the number, the higher the priority.
      You do not need to specify a priority for an MX record destination server. The priority for the MX record will be resolved automatically.
  6. Click Add.
    The Step 1: Specify Domain and Destination Server screen appears, with IMSVA’s details in the Destination Server list.

Step 2: Configuring Condition Settings Parent topic

Approved and Blocked Senders
Messages from Approved Senders are able to bypass the Email Reputation service and antispam filters, while messages from Blocked Senders are prevented from reaching recipients.
Specifying an IP address will block or approve all messages from that IP address.
The approved lists take precedence over the blocked list, the Email Reputation filter, and the antispam filter. All messages from addresses that match the addresses in the approved list are not processed by these filters.
Note
Note
The Approved list from Email Reputation, IP Profiler or spam rules can be imported to the Cloud Pre-Filter Approved list.
Valid Recipients
This feature works by comparing the list of users on your LDAP servers to a list of your users on Cloud Pre-Filter. The Cloud Pre-Filter list of your users is generated by synchronizing with your LDAP servers.
Use the valid recipient check to block all messages that do not have a recipient on your domain. This prevents malicious messages and spam from reaching your network.
Tip
Tip
Trend Micro recommends enabling scheduled synchronization to ensure all valid messages reach your network. LDAP servers must be configured before enabling the valid recipient check and scheduled synchronization.

Procedure

  1. Click Next.
    The Step 2: Specify Sender conditions screen appears.
  2. Click Add to add an entry to the list.
    The Add Approved Sender List or Add Blocked Sender List screen appears.
  3. Provide an email address or IP address.
  4. Click Add beside the IP Address and Email Address fields.
    The entry appears in the list.
    WARNING
    WARNING
    The wildcard character * may be used to specify any string in the local-part (local-part@domain.com) of email addresses. Use wildcard characters with caution as they may allow or block messages from a large set of email addresses.
  5. Click Add under the list.
    The entry appears in the specified list.
  6. To import entries to the approved or blocked senders list:
    • When using the import function, use a text file with only one full email or IP address per line.
    • When importing sender addresses, ensure that you select the correct import mode. Selecting to replace addresses will delete all existing addresses from the list.
  7. Click Import for the specified list.
    A dialog box appears.
  8. Specify the file to import.
  9. Click Import.
    The list displays the imported entries.
  10. Select Enable valid recipient check.
  11. Select Synchronize LDAP server with Cloud Pre-Filter daily.
    Note
    Note
    Trend Micro recommends enabling scheduled synchronization to ensure all vaild messages reach your network.
    After upgrade, the recipient check and scheduled synchronization cannot work properly because the local LDAP cache is empty. You can manually trigger recipient check and scheduled synchronization by clicking Save & Synchronize in LDAP settings.

Step 3: Configuring Filter Settings Parent topic

The Step 3: Select Filter screen contains settings for three filters:

Cloud Pre-Filter Filters

Filter
Description
Email Reputation
Email Reputation enables you to take advantage of a dynamic and constantly updated email source rating system to block spam and other unwanted messages. Email Reputation blocks messages from source IP addresses whose current reputation ratings are poor.
You can choose Email Reputation Advanced or Email Reputation Standard. Email Reputation Standard queries the standard reputation database. Email Reputation Advanced queries the standard reputation database as well as a dynamic database that is updated in real time.
Antivirus
When enabled, the antivirus filter can stop messages containing known and unknown malware code, whether this code is contained in an attachment or embedded in the message body.
Messages found to contain malware code are automatically deleted.
Antispam
When enabled, the antispam filter checks messages for spam and phishing characteristics. The filter identifies messages as spam based on the selected catch rate.
The antispam filter uses a Web Reputation and spam prevention filter to stop spam from entering your network.
The antispam filter can use two approaches when detecting spam:
  • Spam: This setting is very conservative. Almost every "spam" detection is truly an unwanted message. This setting has the following actions: Delete and Quarantine.
  • Potential Spam: This setting is more aggressive. However, there may be some messages marked as "spam" that may be legitimate messages. This setting has the following actions: Delete, Quarantine, and Pass.

Procedure

  1. Click Next.
    The Step 3: Select Filter screen appears.
  2. Specify the status for the filters.
  3. Specify the action for the filters.
    The filters use the following actions:
    • Delete: Deletes the entire message without quarantining it
    • Quarantine: Saves a copy of the entire message in the local IMSVA quarantine area.
      Administrators can delete or deliver the message after assessing the message.
    • Reject: Rejects the message without quarantining it
    • Pass: Cloud Pre-Filter performs no action and sends the messages directly to IMSVA. IMSVA then scans the messages.
  4. Click Finish.
    Cloud Pre-Filter Policy List appears with the domain appearing in the list. The status for the filters display along with the domain.