GFI MailEssentials License
About GFI MailEssentials
GFI MailEssentials License is a cloud-based anti-spam solution that helps small to large enterprises manage spam emails and prevent potential malware threats. It comes with an admin console, which enables users to synchronize critical data such as attachments or keywords and maintain logs of mail flow in a centralized database.
GFI MailEssentials lets businesses configure security settings to block incoming mails containing specific keywords, social security numbers or file extensions. It provides users with an administrative dashboard to view recent updates, logs or email statistics and generate reports on email interactions across the organization. Additionally, managers can utilize the exploit engine to detect malicious email-based Trojan executables and quarantine suspicious files.
GFI MailEssentials facilitates integration with third-party anti-virus engines such as Bitdefender, Avira, Sophos, Kaspersky and Cyren to detect new system threats. Pricing is available on request and support is extended via phone, email and other online measures.
GFI Software is an American developer of IT software founded in 1992. It offers a wide range of IT solutions, including network performance, patch management, auditing, security scanning, and more. One of these solutions is GFI MailEssentials, which provides anti-spam and email security for on-premises mail servers. Having reviewed its GFI Archiver in the past and been pleasantly surprised by it, I was eager to have a look at MailEssentials. And here we are! In this product review, I take an in-depth look at GFI MailEssentials v21.5 (build 20190321). However, being such a powerful and complete product means that I can only cover its main features briefly in this review.
It shouldn’t come as a surprise that MailEssentials can be installed in a VMware or Hyper-V virtual environment, which is exactly what I did for this review.
In terms of hardware, the requirements depend on a range of factors, such as email volume and the number of antivirus engines enabled, but as a minimum:
- Processor: 2GHz with multiple cores.
- Memory (RAM): 2GB dedicated to MailEssentials.
- Disk space: 10GB dedicated to MailEssentials.
As to software, MailEssentials supports:
- Any version of Microsoft Windows Server (64-bit) from 2008 R2 onwards.
- Microsoft IIS SMTP service or Microsoft Exchange Server 2010/2013/2016/2019.
- Microsoft Messaging Queuing Service (MSMQ).
- Microsoft .NET Framework 4/4.5.
- ASP.NET & Windows Authentication role services when installing on Windows Server 2008 R2 onwards.
- Microsoft SQL Server/Express is suggested for the reporting engine database for installs with more than 100 mailboxes.
GFI MailEssentials can be deployed in a variety of ways. Ideally, it should be installed and configured in a way that makes it the email gateway for the organization, both for inbound and outbound emails. However, it can be installed on its own servers or it can be installed directly in the same servers as Exchange. In Exchange 2010 environments, MailEssentials can be installed on the servers with the Edge Server Role, Hub Transport Role or Hub Transport and Mailbox Roles. With Exchange 2013 and above, it can be installed on the Edge Transport role or Mailbox role servers.
Installing MailEssentials on a mail gateway/relay server is commonly used for larger organizations or those that wish to keep MailEssentials and Exchange (or any other mail server being used) separate for any reason, like patching, high availability, and so on. In this scenario, MailEssentials is usually hosted in the DMZ and relays inbound emails to the mail server. This way, spam, and viruses are filtered before these emails are received on the mail server, thus reducing unnecessary email traffic. It also provides additional fault tolerance, where if the mail server is down, we can still receive email since these are queued on the MailEssentials server.
For this review, I deployed two GFI MailEssentials servers in my DMZ and configured them to relay emails to the internal Exchange 2016 environment. Outbound emails were also being relayed through MailEssentials.
When installing GFI MailEssentials on the same server as Exchange, no preinstall actions or configurations are required. When installed on its own, MailEssentials uses the IIS SMTP service as its SMTP server and, therefore, the IIS SMTP service is configured to act as a mail relay server. The admin guide provides clear instructions on how to do this, so administrators will not have a problem whatsoever. In a high level, these are the steps involved:
- Enable IIS SMTP service.
- Create SMTP domains for email relaying.
- Enable email relaying to the internal mail servers.
- Secure the SMTP email-relay server.
- Enable mail server to route emails via MailEssential.
- Update MX records to point to MailEssentials.
- Test new mail relay server.
The installation itself is as straightforward as possible using the intuitive installation wizard:
The only important decision during this wizard is the User Mode Selection screen:
In this screen, we must choose the mode that MailEssentials will use to retrieve the list of email users. Please note that the selected user mode cannot be changed after installation. The list of modes available depends on the environment where GFI MailEssentials is installed.
- Active Directory: This option, which is only available when installing MailEssentials on an Active Directory (AD) domain-joined server, allows MailEssentials to retrieve a list of mail-enabled users from AD, which can be used for filtering.
- SMTP: This mode is for when an AD domain is not available or if we want to manually manage the list of users. In this mode, MailEssentials automatically populates the list of local users using the sender’s email address in outbound emails. The list of users can also be managed from MailEssentials’ admin console.
- Remote Active Directory: This option is only available when installing MailEssentials on a machine that is not AD-joined. In this mode, MailEssentials retrieves the list of users from a remote AD domain (using LDAP), even though the MailEssentials server is not joined to a domain. This mode can be used, for example, when installing MailEssentials in a DMZ.
- GFI Directory: Only available when installing MailEssentials on a server that is not AD-joined.
In this mode, MailEssentials connects and fetches users from GFI Directory (a directory of users and groups that integrates with GFI products). This mode is best suited for installations that do not have AD, yet want the features and functionalities that a user directory offers.
Following the installation of MailEssentials, we are presented with a post-installation wizard, which allows us to configure the basic settings to get MailEssentials routing and processing emails:
In this wizard, there is another important screen named Default anti-spam action where we select the default action to be taken when emails are detected as spam. This action applies to anti-spam filters only. Emails found with malware are automatically quarantined by default. When installing MailEssentials on Exchange, we have the option to Move to Outlook junk email folder. However, when installing it on its own, only the following options are available:
Since many organizations prefer their spam email to be delivered to users’ junk email folder, we can achieve this by creating a mail flow rule in Exchange that looks for the X-GFIME-MASPAM and/or X-GFIME-BLOCK-REASON message headers and sets the spam confidence level (SCL) for that message. This way, those emails will be delivered to the users’ junk email folder.
Let’s now have a look at MailEssentials dashboard and main features.
When we open MailEssentials, we are presented with the Dashboard. This gives us a quick overview of all the enabled or disabled services, how many emails have been quarantined, how many emails were detected with malware or spam, and more. Straightaway, we can see from the left-hand pane, some of the great number of features available in MailEssentials.
Under the Logs tab, we can see a list of all the processed emails or we can easily perform a search for any email received in the past:
Updates give us a quick overview of the antivirus and anti-spam definition updates:
The reason why I am starting with the multi-server feature is because it is both an important one as well as a new one. It enables communication between different GFI MailEssentials servers so that configuration data can be shared across the servers. This is great for organizations with multiple email gateways and email servers, where managing individual servers can be a tedious task without a unified console, not to mention prone to errors and misconfiguration. Once multi-server is configured, this problem is resolved and day-to-day configuration tasks can be done using a single console.
Configuring the multi-server feature is straightforward. We promote one of the servers as the master server while all the other servers are configured to connect to it as slaves.
We can also define what we want to be synchronized between servers, and choose to have a centralized quarantine and reporting:
When everything is set up, each server will scan emails flowing through it, but their configuration, such as anti-spam policies, for example, are synchronized from the master server. If the master goes down, the slave servers will continue to work normally. For reporting and quarantine data, all this data is queued on the slave servers until the master is back online.
GFI MailEssentials enables administrators to filter and detect viruses, spam, and other malicious content in emails. After all, this is its main purpose! The following are the three main nodes in MailEssentials:
- Email Security configures virus scanning and other malware-related filters.
- Anti-Spam configures spam filters, as well as the Whitelist for email that bypasses spam filtering.
- Content Filtering configures rule-based filters that identify and block specific email content.
One of the strong points of GFI MailEssentials is that it provides five different anti-malware scanning engines: Avira, BitDefender, Kaspersky, Cyren, and Sophos:
Notice the message at the top stating that “the settings on this page will be synced to all MailEssentials servers.” This is because of the multi-server feature we just discussed.
As expected, we can configure the priority of each scanning engine, as well as disable any we might not want to use:
There are also additional options, such as Information Store Protection, which enables scanning the Exchange Information Store for viruses; Trojan and Executable Scanner, which blocks emails with executable files; Email Exploit Engine checks for known email exploits; and HTML Sanitizer removes scripts from emails and HTM\HTML attachments within them. By default, all features are enabled, and blocked emails get quarantined. This can be changed by updating the properties of each virus scanners\filters individually:
Another major feature of MailEssentials is, obviously, its powerful anti-spam capabilities. Here, we have everything we could expect from a solid anti-spam solution, with the following spam filters enabled by default: SpamRazer, Anti-Phishing, Directory Harvesting (if installed on an AD-joined server), Email Blocklist, IP DNS Blocklist, and URI DNS Blocklist:
Similar to the antivirus scanning engines, we can configure the filter priority for every anti-spam feature or agent, giving us great control over what takes precedence over what:
There are just so many features that it is simply impossible to cover them all, so I will just focus on a few important ones. SpamRazer is the anti-spam engine that determines if an email is spam or not by using email fingerprints, email reputation, and content analysis. SpamRazer is the primary anti-spam engine and is enabled by default. It also includes Sender Policy Framework (SPF) filtering that detects forged senders.
As mentioned earlier, when MailEssentials processes an email and determines it is spam, it adds two message headers to the email. These can be used to create an Exchange mail-flow rule to act on them, for example, or to troubleshoot the reasons why a particular email was deemed spam. In the following screenshot, we can see these headers and all the findings from SpamRazer that lead to the decision to mark this particular email as spam:
With Anti-Phishing, we can configure MailEssentials to Quarantine, Delete, or Tag emails that attempt to fraudulently acquire sensitive information by trying to persuade the recipient to visit a malicious website by clicking on the URI in the message. We can even configure our keyword list to adapt MailEssentials to our environment. After all, a financial organization typically has different requirements than an educational institution.
Another great feature is the Bayesian Analysis, an anti-spam adaptive technique based on artificial intelligence algorithms, hardened to withstand the widest range of spamming techniques available today. It is disabled by default as it is highly recommended that administrators “train” the Bayesian filter before enabling it. GFI recommends operating MailEssentials for at least one week for the Bayesian filter to achieve its optimal performance. This is required because the Bayesian filter acquires its highest detection rate once it adapts to an organization’s email patterns.
Bayesian filtering is based on the principle that most events are dependent and that the probability of an event occurring in the future can be inferred from the previous occurrences of that event. The mathematical basis of Bayesian filtering has been adapted by GFI MailEssentials to identify and classify spam. If a snippet of text frequently occurs in spam emails but not in legitimate emails, it would be reasonable to assume that this email is probably spam.
The Email Blocklist and Whitelist nodes enable administrators to enable or disable Personal Whitelist/Blocklist for end-users, block/allow specific domains at a global level, configure trusted IPs that are ignored by the GFI MailEssentials spam filtering, and much more: