4.5 3rd Party Integration

Secure Messaging Gateway can integrate with other software. These interfaces will show up under Limit Interface in Policy Management. Each interface is independent of the others, therefore a single message may appear multiple times in Message Tracker as the message encounters each interface.

On the Secure Messaging Gateway Server:

Go to Module Management | Interfaces | 3rd Party Application Manager.
Select Add New.
Select the Host Secure Messaging Gateway server, this will add the Server Address.
Select the Services OU set, this will create the Application key.
Press Save.
Refresh the screen and open the new 3rd Party Application to get the Application Key.

If you are operating a Secure Messaging Gateway cluster of multiple scan engines. You may set the Scanner Fault tolerance. If they are set to the same priority, then this will automatically send messages to be scanned to the servers in the cluster in Round Robin-style fault tolerance.

4.5.1 GroupWise 18

Secure Messaging Gateway can integrate with GroupWise.

GMS Scanning:

On the GroupWise Mobility Server:

1. Open the mobility configuration file at:

/etc/datasync/configengine/engines/default/pipelines/pipeline1/connectors/mobility/connector.xml

2. Add the following elements to the configuration file under the <connector><settings><custom> section.

The values are as follows:

1 - enabled. If enabled, all the other elements must be correct.

0 - disabled.

This is the DNS or IP address of the Secure Messaging Gateway.

This is the port number for Secure Messaging Gateway.

80 for HTTP

443 for HTTPS

1 - secure (HTTPS)

0 - non-secure (HTTP)

This is the application key defined in the Secure Messaging Gateway WebAdmin under:

Module Management | Interfaces | REST Interface Manager | GMS | Application Key. Copy this key to the xml element.

For example, if you want to have Secure Messaging Gateway GMS scanning enabled, and it is on the smg.company.com host, using port 443, connecting via HTTPS with an Application Key of 365c2949-0fb3-4d81-9dd2-421727bf08e3:

<securegatewayHost>smg.company.com</securegatewayHost>

Webaccess Scanning (WASP):

NOTE:WASP does not specify the direction of a message, so do not enable scan by message direction when creating a WASP policy.

On the GroupWise Web Access Server:

edit the file: /var/opt/novell/groupwise/webaccess/webacc.cfg

edit the following lines

#------------------------------------------------------------------------------

# GWAVA Virus Scan

#------------------------------------------------------------------------------

GWAVA.enabled=true

GWAVA.version=7

GWAVA.host=<Secure Messaging Gateway IP or Hostname> Fore example,151.155.209.46

GWAVA.apiKey=<Secure Messaging Gateway Application Key(see above)> For example, ed89c7a4-840a-4b30-9477-ac1e57363d44

Example: If a webaccess policy is created that blocks messages that have a message size greater than 100k, then if a user attempts to send a message whose total size is greater than what the policy allows, then the webaccess client will alert the user with a dialog stating: “This mail cannot be sent for security reasons.” which is what WASP is limited to communicating.

The WASP log will be found on the GroupWise server under /var/opt/novell/groupwise/webaccess/logs

MTA Scanning:

On the MTA:

Edit the domain.mta file

Add the following lines to the end:

--vscan-EXCLUDE

--vstype-MESSAGE

--vsaction-DISCARD

--vsserver-<Secure Messaging Gateway Host> For example, 151.155.209.46

--vsdomain-<Your Domain> For example, jimmyhop125.com

--vsnamevalue-<gwavaman><mta_agent><id_object></id_object></mta_agent></gwavaman>

--vskey-<Secure Messaging Gateway Application Key(see above)> For example,"7de7780f-6ffb-47fb-af82-4f7c996d8ae3"

--vsnoadm

--vsnostatus

--vsport-7108

--vscanner-"/opt/novell/groupwise/agents/bin/gwmtavs"

NOTE: The MTA does not have a user interface so will be unable to alert the client of issues. Configure the policy with notification to alert the user.

IMAP Scanning:

Scan IMAP. See IMAP Interface