LIQUID MACHINES EMAIL CONTROL SERVER™ Administrator’s Guide LIQUID MACHINES EMAIL CONTROL SERVER ENTERPRISE EDITION 7.0.0
LIQUID MACHINES EMAIL CONTROL SERVER™
Administrator’s Guide
LIQUID MACHINES EMAIL CONTROL SERVER ENTERPRISE EDITION 7.0.0
Liquid Machines Email Control Server Enterprise Edition Administrator‟s Guide
Copyright © 2004 & 2005 by Liquid Machines, Inc. All rights reserved. Confidential and proprietary information of Liquid Machines, Inc.
The material in this guide may not in whole or in part be copied, photocopied, reproduced, translated, or converted to any electronic or machine-readable form without the prior written consent of Liquid Machines. The information in this guide is for informational use only, is subject to change without notice, and should not be construed as a commitment by Liquid Machines. Liquid Machines assumes no responsibility or liability for any errors or inaccuracies that may appear in this guide.
This guide and the software described in this guide are furnished under a license accompanying the software and may be used only in accordance with the terms of such license. By using this guide, you agree to the terms and conditions of that license.
This product may use MySQL database software which is subject to and transferable under the License Agreement for Commercial Use for
MySQL Software between MySQL AB and Liquid Machines, Inc. MySQL is a registered trademark of MySQL AB. Copyright © MySQL AB.
This product may include software developed by the JBOSS Group (<http://www.jboss.org>). JBoss and JBoss Group are a registered trademark and servicemark of MarcFleury under operation by The JBoss Group, LLC.
This product may include software developed by the Apache Software Foundation (<http://www.apache.org>). Apache and Apache Software Foundation are registered trademarks of the Apache Software Foundation. Copyright © The Apache Software Foundation.
This product may include software developed by IAIK of Graz University of Technology. Copyright © Graz University of Technology.
This product may use the "OpenSSLtoolkit" provided by "The OpenSSL Project" and licensed under a dual-license (the OpenSSL license and the original SSLeay license). This product includes software developed by the OpenSSL Project for use in the OpenSSLToolkit (<http://www.openssl.org/>). This product includes cryptographic software written by Eric Young ([email protected]). This product includes software written by Tim Hudson (<[email protected] <mailto:[email protected]>). OpenSSL and The OpenSSL Project are registered trademarks of The OpenSSL Project.
This product may include "Redistributable" software licensed under the Sun Microsystems’ Java Runtime Environment (J2RE), Standard Edition, Version 1.4.1_X Supplemental License Terms to the Binary Code License Agreement. This product includes code licensed from RSA Security, Inc. Some portions licensed from IBM are available at <http://oss.software.ibm.com/icu4j/>. Sun, Sun Microsystems, and Java are trademarks or registered trademarks of Sun Microsystems, Inc.
This product may include XMLIO software developed by Achim Gädke and Peter Pipenbacher at the Center of Applied Informatics of the University of Cologne (www.zaik.uni-koeln.de ). Source code and patches are available at http://www.liquidmachines.com/about/oss.php.
This product may use MMC software library which is subject to the Common Public License Version 1.0 and is available for download at http://sourceforge.net/projects/mmclibrary.
This product may include Zlib software developed by Jean-loup Gailly and Mark Adler. Copyright © 1995-2003.
This product may include software developed by Computing Services at Carnegie Mellon University (http://www.cmu.edu/computing/). Copyright ©
1998-2000 Carnegie Mellon University.
This product may include software developed by Boost Software (http://www.boost.org). Copyright © Boost Software.
Liquid Machines, Policy Droplet, Freedom of Security, Enabling Secure Business, Omniva, and Omniva Policy Systems are trademarks of Liquid Machines, Inc.
Microsoft, Microsoft Excel, Microsoft Word, Microsoft PowerPoint, Microsoft Project, Visio, Windows Explorer, Windows XP, Windows 2000, Office 2003, and Windows Rights Management Services (RMS) are registered trademarks of Microsoft Corporation.
Adobe and Adobe Acrobat are registered trademarks of Adobe Systems Incorporated.
Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks or the names of their products. Liquid Machines, Inc. disclaims any proprietary interest in trademarks and trade names other than its own.
Table of Contents
1. Before You Install ................................................................................................... 1 1.1. Read the “Understanding Email Control Server” manual. ................................................... 1 1.2. Read the prerequisites for each component installation. ........................................................ 1 1.3. Check Your Skill Set ............................................................................................................... 1 1.4. Get the Team Together............................................................................................................ 2 1.5. Get a Head Start on Prerequisites ........................................................................................... 3 1.6. Get Your Users Ready ............................................................................................................. 3
2. Getting Started ........................................................................................................ 4 2.1. Starting the Administrative Console ....................................................................................... 4 2.2. Using the Console Remotely .................................................................................................... 4 2.3. Starting the Policy Server Configuration Wizard .................................................................. 6
3. Email Control Server Components ........................................................................ 7 3.1. Email Control Server .............................................................................................................. 7 3.2. External Email Control Server ............................................................................................... 7 3.3. Email Control Client ............................................................................................................... 7 3.4. Universal Viewer ..................................................................................................................... 7 3.5. Report Service ......................................................................................................................... 7 3.6. Message Cleanup Tool ............................................................................................................. 8 3.7. Gateway for BlackBerry........................................................................................................ 12 3.8. Client for BlackBerry Handhelds.......................................................................................... 13 3.9. Gateway for Exchange/SMTP ............................................................................................... 13 3.10. Email Archive Gateway ..................................................................................................... 20
4. Special Features .................................................................................................... 21 4.1. Message Contents Features ................................................................................................... 21 4.2. To Access the Features… ...................................................................................................... 21 4.3. Hide Universal Viewer Image Feature .................................................................................. 27 4.4. Pass Through Authentication Feature .................................................................................. 28 4.5. Secure Communications Feature .......................................................................................... 29 4.6. Outlook Delegate Access........................................................................................................ 30 4.7. Exchange Org Bridge ............................................................................................................ 31
5. Microsoft Rights Management Integration ......................................................... 37 5.1. To Enable Rights Management Integration… ...................................................................... 37
6. Managing Policies ................................................................................................. 39 6.1. Before You Start… ................................................................................................................ 39 6.2. What You Can Do ................................................................................................................. 41 6.3. If You Are Upgrading… ........................................................................................................ 42 6.4. Elements of a Policy............................................................................................................... 42 6.5. Precedence, Interaction, Collision ......................................................................................... 46 6.6. Checking Your Logic............................................................................................................. 50 6.7. Editing Policies ...................................................................................................................... 52 6.8. Policy Rules ........................................................................................................................... 70 6.9. Using Patterns in Rules ......................................................................................................... 86 6.10. More About SMTP Headers .............................................................................................. 98 6.11. Configuring the “Apply Controls” Menu on BlackBerry Handhelds ............................. 101
7. Managing External Recipients ........................................................................... 105 7.1. To Begin… ........................................................................................................................... 105 7.2. View a User‟s Properties ..................................................................................................... 106 7.3. Reset a User‟s Password ...................................................................................................... 108 7.4. Disable a User‟s Account ..................................................................................................... 108 7.5. Don‟t Delete Accounts! ........................................................................................................ 109 7.6. Registration Collisions......................................................................................................... 110
7.7. Partner Email Control Client .............................................................................................. 112 7.8. Customizing the Registration Page ..................................................................................... 114
8. Monitoring Activity ............................................................................................ 115 8.1. To Begin… ........................................................................................................................... 115 8.2. Who Is Installed? ................................................................................................................. 115 8.3. How Many Have Policies? ................................................................................................... 116 8.4. When Are Keys Deleted?..................................................................................................... 116 8.5. When Were Changes Made to Policies? .............................................................................. 117 8.6. Basic Read Message Activity ............................................................................................... 118 8.7. The Report Service .............................................................................................................. 121
9. Advanced Administration ................................................................................... 125 9.1. Backups ............................................................................................................................... 125 9.2. High Availability ................................................................................................................. 125 9.3. Automated Client Roll-out .................................................................................................. 130 9.4. Compromised Keys ............................................................................................................. 130 9.5. Corrupt Keys ....................................................................................................................... 130 9.6. Logging ................................................................................................................................ 131
10. The Discovery Process ..................................................................................... 134 10.1. Procedure Overview ........................................................................................................ 134 10.2. To Suspend Expiration… ................................................................................................ 136 10.3. To Resume Expiration… ................................................................................................. 137 10.4. To Extract and Decrypt Messages… ............................................................................... 137 10.5. Targeted Suspension ........................................................................................................ 148 10.6. Automating the Process ................................................................................................... 149
11. Appendices ....................................................................................................... 154 11.1. Microsoft Rights Management Analogs to Policy Manage Features .............................. 154 11.2. Regular Expression Syntax.............................................................................................. 156 11.3. PolicyPstToClearPst ........................................................................................................ 165 11.4. UpdateKeyServRegistry .................................................................................................. 169 11.5. The hotkey combinations in Client for Blackberry ......................................................... 170
Extended Table of Contents
1. Before You Install ................................................................................................... 1 1.1. Read the “Understanding Email Control Server” manual. ................................................... 1 1.2. Read the prerequisites for each component installation. ........................................................ 1 1.3. Check Your Skill Set ............................................................................................................... 1 1.4. Get the Team Together............................................................................................................ 2 1.5. Get a Head Start on Prerequisites ........................................................................................... 3
1.5.1. Acquiring the SSL Certificate ............................................................................................ 3 1.5.2. Coordinating DNS Changes ............................................................................................... 3 1.5.3. Configuring Firewalls ........................................................................................................ 3
1.6. Get Your Users Ready ............................................................................................................. 3 2. Getting Started ........................................................................................................ 4
2.1. Starting the Administrative Console ....................................................................................... 4 2.2. Using the Console Remotely .................................................................................................... 4
2.2.1. Connecting to a Different Server ........................................................................................ 4 2.2.2. Connecting Using the Canonical Hostname ........................................................................ 5 2.2.3. Connecting from a Trusted Domain or Over VPN............................................................... 5 2.2.4. Multiple Users ................................................................................................................... 5
2.3. Starting the Policy Server Configuration Wizard .................................................................. 6 3. Email Control Server Components ........................................................................ 7
3.1. Email Control Server .............................................................................................................. 7 3.2. External Email Control Server ............................................................................................... 7 3.3. Email Control Client ............................................................................................................... 7 3.4. Universal Viewer ..................................................................................................................... 7 3.5. Report Service ......................................................................................................................... 7 3.6. Message Cleanup Tool ............................................................................................................. 8
3.6.1. Requirements ..................................................................................................................... 8 3.6.2. Installation ......................................................................................................................... 8 3.6.3. Configuration .................................................................................................................... 8
3.6.3.i. Message Options ............................................................................................................ 9 3.6.3.ii. Attachment Options .................................................................................................. 10 3.6.3.iii. Servers ..................................................................................................................... 11
3.6.4. How Often Does It Run? .................................................................................................. 11 3.6.5. So Where Do I Install It?.................................................................................................. 11
3.7. Gateway for BlackBerry........................................................................................................ 12 3.7.1. Administrative Console .................................................................................................... 12 3.7.2. Logging ........................................................................................................................... 12
3.8. Client for BlackBerry Handhelds.......................................................................................... 13 3.9. Gateway for Exchange/SMTP ............................................................................................... 13
3.9.1. Configuration .................................................................................................................. 14 3.9.1.i. Modes of Operation ..................................................................................................... 14 3.9.1.ii. Updating Policies ..................................................................................................... 15 3.9.1.iii. Parameters............................................................................................................... 16
3.9.2. About SMTP Routing ...................................................................................................... 17 3.9.3. Logging ........................................................................................................................... 19
3.10. Email Archive Gateway ..................................................................................................... 20 3.10.1. Intelligent Archiving via Message Headers ....................................................................... 20 3.10.2. Logging ........................................................................................................................... 20
4. Special Features .................................................................................................... 21 4.1. Message Contents Features ................................................................................................... 21 4.2. To Access the Features… ...................................................................................................... 21
4.2.1. Message Body Retrieved from Exchange ......................................................................... 22 4.2.1.i. Requirements ............................................................................................................... 22
4.2.1.ii. What Does It Do? ..................................................................................................... 22 4.2.1.iii. What’s the Value? .................................................................................................... 22 4.2.1.iv. The Tech Scoop ........................................................................................................ 22
4.2.2. Attachments Retrieved from Exchange ............................................................................. 23 4.2.2.i. Requirements ............................................................................................................... 23 4.2.2.ii. What Does It Do? ..................................................................................................... 23 4.2.2.iii. What’s the Value? .................................................................................................... 23 4.2.2.iv. The Tech Scoop ........................................................................................................ 23
4.2.3. Messages Retained in Central Location ............................................................................ 23 4.2.3.i. Requirements ............................................................................................................... 23 4.2.3.ii. What Does It Do? ..................................................................................................... 23 4.2.3.iii. What’s the Value? .................................................................................................... 24 4.2.3.iv. The Tech Scoop ........................................................................................................ 24
4.2.4. Policy Mailboxes and the Mailbox User ........................................................................... 24 4.2.4.i. The Mailbox User ........................................................................................................ 24 4.2.4.ii. The Policy Mailboxes ............................................................................................... 24 4.2.4.iii. Configuring Email Control Server ............................................................................ 25 4.2.4.iv. Why So Many Mailboxes?......................................................................................... 26 4.2.4.v. What About Space Requirements?............................................................................. 26
4.3. Hide Universal Viewer Image Feature .................................................................................. 27 4.3.1. To Access the Feature… .................................................................................................. 27
4.4. Pass Through Authentication Feature .................................................................................. 28 4.4.1. To enable the feature… .................................................................................................... 28 4.4.2. What’s the Value?............................................................................................................ 29
4.5. Secure Communications Feature .......................................................................................... 29 4.6. Outlook Delegate Access........................................................................................................ 30 4.7. Exchange Org Bridge ............................................................................................................ 31
4.7.1. What Does It Do? ............................................................................................................ 31 4.7.2. Requirements ................................................................................................................... 32 4.7.3. Preparation ...................................................................................................................... 33 4.7.4. Configuration .................................................................................................................. 33 4.7.5. More About SMTP and NT Domains ............................................................................... 36
5. Microsoft Rights Management Integration ......................................................... 37 5.1. To Enable Rights Management Integration… ...................................................................... 37
6. Managing Policies ................................................................................................. 39 6.1. Before You Start… ................................................................................................................ 39
6.1.1. Inform Users .................................................................................................................... 39 6.1.2. Start Slowly ..................................................................................................................... 39 6.1.3. Keep It Simple ................................................................................................................. 40 6.1.4. Build Consensus .............................................................................................................. 40 6.1.5. Read This Whole Chapter ................................................................................................ 40
6.2. What You Can Do ................................................................................................................. 41 6.2.1. About Calendar Messages ................................................................................................ 41
6.3. If You Are Upgrading… ........................................................................................................ 42 6.4. Elements of a Policy............................................................................................................... 42
6.4.1. Who It Affects ................................................................................................................. 42 6.4.1.i. The Global Policy ........................................................................................................ 42 6.4.1.ii. Other Policies .......................................................................................................... 42
6.4.2. Categories........................................................................................................................ 43 6.4.2.i. Retention ..................................................................................................................... 43 6.4.2.ii. Confidentiality ......................................................................................................... 43
6.4.3. Defaults ........................................................................................................................... 43 6.4.4. Email Control Client’s Interface ....................................................................................... 44 6.4.5. Clear Text Archiving ....................................................................................................... 44 6.4.6. Policy Rules .................................................................................................................... 44
6.4.6.i. Conditions ................................................................................................................... 44 6.4.6.ii. Actions ..................................................................................................................... 45 6.4.6.iii. Not All Components Support All Actions and Conditions ........................................... 45
6.5. Precedence, Interaction, Collision ......................................................................................... 46 6.5.1. Policy Rules .................................................................................................................... 46
6.5.1.i. Adding Up Actions from Several Rules ......................................................................... 48 6.5.2. Policy Gateways .............................................................................................................. 49 6.5.3. Gateway for Exchange ..................................................................................................... 49 6.5.4. Gateway for SMTP .......................................................................................................... 49 6.5.5. Email Archive Gateway ................................................................................................... 49 6.5.6. Policy Locking ................................................................................................................ 49
6.6. Checking Your Logic............................................................................................................. 50 6.7. Editing Policies ...................................................................................................................... 52
6.7.1. To Begin… ...................................................................................................................... 52 6.7.2. To Create a New Policy…................................................................................................ 53 6.7.3. To Rename a Policy… ..................................................................................................... 54 6.7.4. To Delete a Policy… ........................................................................................................ 54 6.7.5. To Add a Retention Category… ....................................................................................... 55 6.7.6. To Edit a Retention Category… ....................................................................................... 56 6.7.7. To Add a Security Category… ......................................................................................... 57
6.7.7.ii. Configuring a Group-Confidential Category ............................................................. 59 6.7.8. To Edit a Confidentiality Category… ............................................................................... 61 6.7.9. To Set a Default Category… ............................................................................................ 62 6.7.10. To Copy a Category to Another Policy ............................................................................. 63 6.7.11. To Create Policy Templates for Email Control Client… ................................................... 63 6.7.12. To Edit, Delete or Set the Default Policy Template… ....................................................... 65 6.7.13. To Control Email Control Client’s Interface… ................................................................. 65
6.7.13.ii. Use Individual Settings. ............................................................................................ 65 6.7.13.iii. Automatically Delete Expired Policy Messages ......................................................... 66
6.7.14. To Choose Who the Policy Applies to… .......................................................................... 67 6.7.15. To Set the Archiving Policy… ......................................................................................... 69
6.8. Policy Rules ........................................................................................................................... 70 6.8.1. To create Policy Rules….................................................................................................. 71 6.8.2. To add a Policy Rule… .................................................................................................... 72 6.8.3. To Edit, Rename or Delete a Policy Rule… ...................................................................... 76 6.8.4. Conditions in Rules ......................................................................................................... 77
6.8.4.i. To choose words or phrases… ...................................................................................... 77 6.8.4.ii. To choose SMTP header values… ............................................................................. 78 6.8.4.iii. To choose Active Directory groups… ........................................................................ 79 6.8.4.iv. To choose message types… ....................................................................................... 80 6.8.4.v. To choose patterns… ................................................................................................ 81
6.8.5. Actions in Rules .............................................................................................................. 82 6.8.5.i. Allow forwarding: Confidentiality Option ..................................................................... 82 6.8.5.ii. Set retention to: Retention Option ............................................................................ 83 6.8.5.iii. Apply Setting to Attachments .................................................................................... 83 6.8.5.iv. Block recipient copying ............................................................................................ 83 6.8.5.v. Block recipient printing ............................................................................................ 83 6.8.5.vi. Do not deliver the message to anyone ....................................................................... 83 6.8.5.vii. Do not deliver the message to group members .......................................................... 83 6.8.5.viii. Alert user with: Warning Message ............................................................................ 84 6.8.5.ix. Report when this rule is applied ................................................................................ 84 6.8.5.x. Add X-Header SMTP header .................................................................................... 84 6.8.5.xi. BCC a copy of this message to: Mailbox ................................................................... 85 6.8.5.xii. BCC to without encrypting: Mailbox. ........................................................................ 85 6.8.5.xiii. Stop processing more rules. ...................................................................................... 85
6.9. Using Patterns in Rules ......................................................................................................... 86
6.9.1. To Create Patterns… ........................................................................................................ 87 6.9.2. To Edit Patterns… ........................................................................................................... 93 6.9.3. To Delete, Rename or Copy Patterns… ............................................................................ 96 6.9.4. More About Regular Expressions ..................................................................................... 97
6.10. More About SMTP Headers .............................................................................................. 98 6.11. Configuring the “Apply Controls” Menu on BlackBerry Handhelds ............................. 101
6.11.1. What You Do ................................................................................................................ 101 6.11.2. Message Format............................................................................................................. 101 6.11.3. Configuration Syntax ..................................................................................................... 101
6.11.3.i. Example 1 .............................................................................................................. 103 6.11.3.ii. Example 2 .............................................................................................................. 104
7. Managing External Recipients ........................................................................... 105 7.1. To Begin… ........................................................................................................................... 105 7.2. View a User‟s Properties ..................................................................................................... 106 7.3. Reset a User‟s Password ...................................................................................................... 108 7.4. Disable a User‟s Account ..................................................................................................... 108 7.5. Don‟t Delete Accounts! ........................................................................................................ 109
7.5.1. Recreating a Deleted Account ........................................................................................ 109 7.6. Registration Collisions......................................................................................................... 110
7.6.1. To search for the colliding account… ............................................................................. 111 7.6.2. To repair the collision… ................................................................................................ 111
7.7. Partner Email Control Client .............................................................................................. 112 7.7.1. Installing Partner Client ................................................................................................. 112 7.7.2. Security Implications ..................................................................................................... 113
7.8. Customizing the Registration Page ..................................................................................... 114 8. Monitoring Activity ............................................................................................ 115
8.1. To Begin… ........................................................................................................................... 115 8.2. Who Is Installed? ................................................................................................................. 115 8.3. How Many Have Policies? ................................................................................................... 116 8.4. When Are Keys Deleted?..................................................................................................... 116 8.5. When Were Changes Made to Policies? .............................................................................. 117 8.6. Basic Read Message Activity ............................................................................................... 118
8.6.1. How Do I Clear Out Report Activity?............................................................................. 119 8.6.2. Can I Do My Own Analysis? ......................................................................................... 120 8.6.3. What About External Recipients? ................................................................................... 120
8.7. The Report Service .............................................................................................................. 121 8.7.1. To set up Microsoft SQL for the Report Service… ......................................................... 121 8.7.2. To enable the Report Service on a particular Email Control Server… .............................. 122
8.7.2.ii. More about connection strings… ............................................................................ 123 8.7.3. Database Schema ........................................................................................................... 124
8.7.3.i. Table: PolicyReport ................................................................................................... 124 8.7.3.ii. Table: SendReport .................................................................................................. 124
9. Advanced Administration ................................................................................... 125 9.1. Backups ............................................................................................................................... 125 9.2. High Availability ................................................................................................................. 125
9.2.1. Fault Tolerant Hardware ................................................................................................ 125 9.2.2. Mirroring ....................................................................................................................... 125 9.2.3. Load Balancing and Failover .......................................................................................... 126
9.2.3.i. Replicating Data ........................................................................................................ 127 9.2.3.ii. Supporting Universal Viewer .................................................................................. 127
9.2.4. Geographic Redundancy ................................................................................................ 127 9.2.4.i. DNS Views ................................................................................................................. 128 9.2.4.ii. Trusted Email Control Servers................................................................................ 128
9.2.5. Offline for Clients .......................................................................................................... 129 9.3. Automated Client Roll-out .................................................................................................. 130
9.4. Compromised Keys ............................................................................................................. 130 9.5. Corrupt Keys ....................................................................................................................... 130 9.6. Logging ................................................................................................................................ 131
9.6.1. Email Control Server ..................................................................................................... 131 9.6.2. Email Control Client ...................................................................................................... 131 9.6.3. Gateway for BlackBerry................................................................................................. 132 9.6.4. Gateway for Exchange/SMTP ........................................................................................ 132 9.6.5. Email Archive Gateway ................................................................................................. 132 9.6.6. Client for Blackberry ..................................................................................................... 133
10. The Discovery Process ..................................................................................... 134 10.1. Procedure Overview ........................................................................................................ 134
10.1.1. Suspend Expiration ........................................................................................................ 134 10.1.1.i. What the User Sees ................................................................................................. 134 10.1.1.ii. What Happens Afterward ....................................................................................... 134
10.1.2. Enable Retention............................................................................................................ 134 10.1.3. Extract and Decrypt Messages........................................................................................ 135
10.1.3.i. Extract and Store ................................................................................................... 135 10.1.3.ii. Decrypt and Save ................................................................................................... 135
10.2. To Suspend Expiration… ................................................................................................ 136 10.3. To Resume Expiration… ................................................................................................. 137 10.4. To Extract and Decrypt Messages… ............................................................................... 137
10.4.1. Set Up a Dedicated Machine .......................................................................................... 137 10.4.2. Install Software .............................................................................................................. 138 10.4.3. Create the Service Account ............................................................................................ 138
10.4.3.ii. For Exchange 2000… ............................................................................................. 138 10.4.3.iii. For Exchange 5.5…................................................................................................ 138
10.4.4. Extract Messages ........................................................................................................... 139 10.4.5. Decrypt Messages .......................................................................................................... 148
10.5. Targeted Suspension ........................................................................................................ 148 10.5.1. Configuring Email Control Server .................................................................................. 148 10.5.2. Example ........................................................................................................................ 149
10.6. Automating the Process ................................................................................................... 149 10.6.1. Example ........................................................................................................................ 150 10.6.2. DailyDiscovery.vbs........................................................................................................ 153
11. Appendices ....................................................................................................... 154 11.1. Microsoft Rights Management Analogs to Policy Manage Features .............................. 154
11.1.1. Analog to external Email Control Server ........................................................................ 155 11.1.2. Analog to Email Archive Gateway ................................................................................. 155
11.2. Regular Expression Syntax.............................................................................................. 156 11.2.1. Literals .......................................................................................................................... 156 11.2.2. Wildcard ........................................................................................................................ 156 11.2.3. Repeats .......................................................................................................................... 157 11.2.4. Non-greedy repeats ........................................................................................................ 157 11.2.5. Parenthesis .................................................................................................................... 158 11.2.6. Non-Marking Parenthesis ............................................................................................... 158 11.2.7. Forward Lookahead Asserts ........................................................................................... 158 11.2.8. Alternatives ................................................................................................................... 158 11.2.9. Sets ............................................................................................................................... 159 11.2.10. Line anchors .............................................................................................................. 160 11.2.11. Back references .......................................................................................................... 161 11.2.12. Characters by code ..................................................................................................... 161 11.2.13. Word operators .......................................................................................................... 161 11.2.14. Buffer operators ......................................................................................................... 162 11.2.15. Escape operator .......................................................................................................... 162 11.2.16. Single character escape sequences .............................................................................. 162
11.2.17. Miscellaneous escape sequences: ................................................................................ 163 11.2.18. What gets matched? ................................................................................................... 164
11.3. PolicyPstToClearPst ........................................................................................................ 165 11.3.1. Usage ............................................................................................................................ 165 11.3.2. Parameters ..................................................................................................................... 165 11.3.3. Return Values ................................................................................................................ 166 11.3.4. Logging ......................................................................................................................... 166 11.3.5. Error Codes ................................................................................................................... 167
11.3.5.i. General Error ........................................................................................................ 167 11.3.5.ii. Cryptographic Errors ............................................................................................. 167 11.3.5.iii. Offline Errors ......................................................................................................... 167 11.3.5.iv. Network Errors ...................................................................................................... 167 11.3.5.v. Email Control Server Errors................................................................................... 168 11.3.5.vi. Message format Errors (DIMF) .............................................................................. 168 11.3.5.vii. Key Cache Errors .................................................................................................. 168
11.4. UpdateKeyServRegistry .................................................................................................. 169 11.4.1. Usage ............................................................................................................................ 169 11.4.2. Parameters ..................................................................................................................... 169 11.4.3. Return Values ................................................................................................................ 169 11.4.4. Logging ......................................................................................................................... 169
11.5. The hotkey combinations in Client for Blackberry ......................................................... 170
Liquid Machines Email Control Server
Enterprise Edition 1 Administrator’s Guide
1. Before You Install
1.1. Read the “Understanding Email Control Server” manual.
It is an important overview of components, features, concepts and requirements. It prepares you for issues
you will encounter, without getting lost in the technical details of implementation.
1.2. Read the prerequisites for each component installation.
Some components require additional server software or upgrades. Some require you to install SSL
certificates, change DNS records, or make other infrastructure changes.
1.3. Check Your Skill Set
Email Control Server is tightly integrated with Microsoft Windows and Exchange network infrastructure. That means it’s dependent on appropriately configured servers, workstations, email and web browser
applications, network services, and so on. That also means that administering it requires being skilled with
many aspects of Microsoft Windows technology. Specifically, you, as a system administrator or as a
support team, should be able to…
Install applications on Windows workstations.
Configure Outlook options.
Manipulate Outlook Personal Folders files (PST’s).
Configure Internet Explorer options.
Create servers in NT or Active Directory domains.
Install applications and upgrades on servers.
Edit text-based configuration files.
Edit the Microsoft Windows Registry on client and server machines.
Start, stop, and configure services on NT or Windows 2000 servers.
Schedule tasks to run automatically on servers.
Create user accounts and groups. Also organizational units, if you use Active Directory.
Give user accounts special permissions to manipulate other accounts, groups, or organizational units.
If you have them, understand and manage NT domain trusts, or Active Directory forests.
Liquid Machines Email Control Server
Enterprise Edition 2 Administrator’s Guide
Understand your Exchange organization.
If you have Exchange 5.5, enable address book replication between sites.
Give user accounts special permissions to access multiple Exchange mailboxes.
If you have them, understand Exchange sites or routing groups.
Acquire and install SSL certificates on Internet Information Services (IIS) servers.
Import and export an SSL certificate from one Windows computer to another.
Configure Domain Name System (DNS) records.
Configure your network routers and firewalls to allow HTTP and HTTPS access to the Email Server
from the Internet.
Configure your network routers and firewalls to allow Email Control Servers to communicate with
each other over appropriate protocols.
Interact with third parties who might manage your DNS records or network routers and firewalls.
If you will install Gateway for BlackBerry, understand and manage BlackBerry Server.
If you will install Gateway for Exchange/SMTP, understand and manage the Windows SMTP Service
that comes with IIS, and/or understand and manage Exchange servers and organizations.
If you will use it, understand and manage load balancing software or hardware.
If you will use the Reporting Service, understand and manage Microsoft SQL Server 2000.
If you will integrate with Microsoft Rights Management, understand and manage that service.
1.4. Get the Team Together
You may need to coordinate the efforts or input of several individuals in order to install Email Control
Server. It depends on the size and organization of your company.
To install servers, you may need to coordinate System Administrators, Domain Administrators, and
Network Administrators for your internal and external or DMZ network. You may also need to coordinate
service providers or consultants, if you use them to manage parts of your infrastructure.
To install client software, you may need to coordinate System Administrators, Domain Administrators, and
Help Desk personnel. You may also need to coordinate Human Resources personnel, Corporate Trainers
and your Change Management Officer. You’ll need them for training users, creating support documents,
and handling concerns about impacts on workflow and productivity.
To design good policies, you may need to coordinate Legal Counsel, Executive Management, Security
Officers, your Change Management Officer and Human Resources personnel.
Liquid Machines Email Control Server
Enterprise Edition 3 Administrator’s Guide
1.5. Get a Head Start on Prerequisites
Liquid Machines customers have found that a few prerequisites take extra time or deserve special attention.
Start the planning and effort early for…
1.5.1. Acquiring the SSL Certificate
You may need to submit a purchasing request. You may need to provide the certificate vendor with company documents such as articles of incorporation. The certificate authority may try to contact your
manager or supervisor.
1.5.2. Coordinating DNS Changes
You may need for one DNS name, say securemail.acme.com, to point to a different machine for your internal users than for computers on the Internet. This may require you to create multiple DNS views of
your DNS domain. It may require creating new domains. You may need to work with your ISP to enact
the changes.
Email Control Server requires DNS infrastructure in your internal network. WINS is not sufficient.
1.5.3. Configuring Firewalls
You may need to enable access from the Internet to the servers. You may need to enable communication
between different servers. You may need to work with your ISP to enact the changes.
1.6. Get Your Users Ready
Have the right people let your users know what’s going on. A note from Executive Management about the
need and the purpose might come first. Then IT or Human Resources staff can send a functional overview.
Give users a chance to express concerns and ask questions. Help them understand the paradigm shift, and
the impacts on workflow.
Distribute user guides. Give users a chance to review them.
Liquid Machines Email Control Server
Enterprise Edition 4 Administrator’s Guide
2. Getting Started
2.1. Starting the Administrative Console
1. Make sure you have installed Email Control Administrator on the server or workstation you will use.
2. Make sure your domain account is a member of the local Administrators group on the Email Control
Server machine. 3. From the Start menu on the desktop, from Program Files, from Liquid Machines choose Liquid
Machines Email Control Administration.
4. At the prompt, enter the common name of the policy service, for example securemail.acme.com.
5. The administrative console is displayed.
2.2. Using the Console Remotely
You can use Email Control Administrator from a remote workstation. You needn’t run it directly on the
Email Control Server. There are some circumstances where you may have to specially configure it in order
for it to work properly.
2.2.1. Connecting to a Different Server
Right-click on Liquid Machines Email Control Administrator and choose Connect to… In the dialog
box, type in the name of the server you want to manage and click OK.
Liquid Machines Email Control Server
Enterprise Edition 5 Administrator’s Guide
2.2.2. Connecting Using the Canonical Hostname
If you will use the canonical hostname of the Email Control Server to connect, rather than the “common
name of the policy service,” then the connection will fail, because the hostname you use will not match the one assigned to the Email Control Server’s SSL certificate. You might do this if you had several Email
Control Servers deployed in a high-availability configuration, and needed to change server-specific
parameters.
You can get around this by configuring Email Control Administrator to use the HTTP protocol, instead of HTTPS, to contact the server. To do so, on your workstation, in the registry key
\\HKEY_CURRENT_USER\SOFTWARE\Omniva\AdminTool, create a DWORD value labeled
UnsecuredScheme, and set the value to 1.
Note that this does present a security risk. Information the Email Control Administrator sends to the Email
Control Server will travel over the network in the clear. So for example the login name and password of
the Mailbox User, something you need to create for advanced features discussed later, would travel in the
clear.
2.2.3. Connecting from a Trusted Domain or Over VPN
If you are connecting from a trusted domain or over VPN, the Email Control Administrator may need help locating the appropriate domain controllers to contact for user information. If you experience this, you can
set one or both the following registry values to try and correct the problem.
\\HKEY_CURRENT_USER\SOFTWARE\Omniva\AdminTool\OverrideDomain is a string value
you should set to the NetBIOS name of the domain where the Email Control Server resides.
\\HKEY_CURRENT_USER\SOFTWARE\Omniva\AdminTool\SidLookupMachine is a string
value you should set to the NetBIOS or fully qualified DNS name of a domain controller. The domain
controller should be in the domain where the Email Control Server resides and your workstation
should have network access to it.
2.2.4. Multiple Users
Note that it is possible that more than one Administrator could be making changes to Policies, or to the Email Control Server configuration, at the same time. The Email Control Administrator offers no file
locking, source control or other protections against this, so make sure you advise and coordinate personnel
accordingly.
Liquid Machines Email Control Server
Enterprise Edition 6 Administrator’s Guide
2.3. Starting the Policy Server Configuration Wizard
1. From the Start menu, choose Programs, then Liquid Machines, then Liquid Machines Policy
Server Configuration.
2. You should recognize the wizard from the Email Control Server installation process.
3. Navigate through each screen, changing settings if you need. Your current settings are already
displayed.
4. Finish the wizard when you are done. Changes take effect immediately.
Liquid Machines Email Control Server
Enterprise Edition 7 Administrator’s Guide
3. Email Control Server Components
Components are stand-alone applications. They need to be installed separately.
3.1. Email Control Server
As you can guess, Email Control Server handles all the Policy design, and enforcement for your internal users. Most of this guide applies directly to its operation. You can find installation instructions for it in the
Install Guides.
3.2. External Email Control Server
And, as you can guess, external Email Control Server handles enforcement and client-less operations for
recipients outside your organization. Much of this guide applies directly to its operation. You can find
installation instructions for it in the Install Guides.
3.3. Email Control Client
Email Control Client is a plug-in you install into your Outlook mail reader. It provides native viewing and
offline capabilities for your end users.
Also, depending on how you choose to deploy Email Control Server and configure Policies, Email Control
Client becomes the executor of enforcement. It’s the one that encrypts messages, prevents forwarding, and
so on. Instructions to install are in the Installation Guides, and there is a cheat card for end users.
3.4. Universal Viewer
Universal Viewer is a service, provided by the Email Control Server or external Email Control Server, that allows recipients without Email Control Client to read protected emails. All they need is an HTML-
compliant, graphical web browser. There is a cheat card for recipients on Universal Viewer in the
Documentation folder of the software distribution.
3.5. Report Service
The Report Service is a function provided by the Email Control Server that allows you to track user
behavior. You can read about how to configure it in Chapter 5, section 5.3.
Liquid Machines Email Control Server
Enterprise Edition 8 Administrator’s Guide
3.6. Message Cleanup Tool
The Message Cleanup Tool interacts with your Exchange servers. It works through the Exchange
information stores, and physically deletes all protected emails that have expired.
3.6.1. Requirements
Windows 2000, XP or 2003 operating system
-- and --
Outlook 97, Outlook 98, Outlook 2000, Outlook XP SP1
-- or –
Exchange 5.5, 2000 or 2003
You can install at most one Message Cleanup Tool on an Exchange server, or other computer that will
access a given Exchange server.
3.6.2. Installation
The installer is located on the distribution media, in the Tools folder, in the Message Cleanup Tool folder.
The installer requires no special options, parameters, or input. When it finishes, it will run the
configuration utility discussed below.
3.6.3. Configuration
You can access the configuration utility from the Start menu, from Settings, in the Control Panel. It’s the Omniva Message Cleanup Utility applet. There are three main configuration tabs where you can make
changes. When you are done, click OK to save the changes.
Liquid Machines Email Control Server
Enterprise Edition 9 Administrator’s Guide
3.6.3.i. Message Options
When it finds an expired message, you can choose whether the tool…
Takes no action,
Deletes the message completely,
“Converts” the message, or
Converts the message, and moves it to the user’s Deleted Items folder.
On the Message Options tab, select the radio button that corresponds to one of these options.
You can also have the tool wait a certain number of days to perform the action. Set the field at the bottom
to the number of days that should pass after the message expires, before performing the action.
When the tool “converts” the message, it deletes the encrypted body and attachments, and replaces that
with the simple text string “This message has expired.” That way, it takes up a lot less space.
Liquid Machines Email Control Server
Enterprise Edition 10 Administrator’s Guide
3.6.3.ii. Attachment Options
Users might not apply security settings to attachments. On the Attachment Options tab, check the box to
let expired messages with unexpired attachments stick around.
Liquid Machines Email Control Server
Enterprise Edition 11 Administrator’s Guide
3.6.3.iii. Servers
On the Servers tab…
Put in the name of the Exchange server you want to cleanup.
Put in the name of an internal Email Control Server.
3.6.4. How Often Does It Run?
That’s up to you. You need to schedule the tool to run with Windows Task Scheduler. Set it up according to your needs. The full path to the command line utility is C:\Program Files\Omniva\Message
Cleanup\MessageCleanup.exe.
3.6.5. So Where Do I Install It?
For every Exchange server you want to process, you need to either install this on that server, or on another computer that will access that server. You can install at most one instance of the Cleanup Tool on any
given machine, and that instance can process at most one Exchange server.
Liquid Machines Email Control Server
Enterprise Edition 12 Administrator’s Guide
3.7. Gateway for BlackBerry
Gateway for BlackBerry allows users on your corporate BlackBerry servers to send and receive protected
emails.
3.7.1. Administrative Console
Login to the BlackBerry server using the BESAdmin account. From the Start menu, in Programs, in
Policy Gateway for BlackBerry, choose Policy Gateway for BlackBerry Service.
You can view the status of the Gateway. It should be assimilated into at least one virtual BlackBerry
server, and active.
You can view statistics about the Gateway, such as how many messages have passed through it, and how
many were protected emails.
In the pull-down menu at the bottom labeled Level, you can change the logging level. Click Apply to
enact the changes.
3.7.2. Logging
We recommend you set logging to None unless you are troubleshooting.
Errors and warnings, which you can use to troubleshoot problems, are logged to the machine’s application
event log.
Events and traces, which Liquid Machines Engineers can use to debug problems, are logged to files in
%HOMEPATH%\Local Settings\Temp\OmnivaLogs, where %HOMEPATH% is the location of the
BESAdmin account’s user profile. The filename extension is .log. Logging at this level causes the Liquid
Machines service, the BlackBerry server, and the Liquid Machines administrative application all to log
verbosely.
Liquid Machines Email Control Server
Enterprise Edition 13 Administrator’s Guide
3.8. Client for BlackBerry Handhelds
This component does two things:
Erases expired messages from the unit’s non-volatile memory (NVRAM).
Provides a user-friendly interface for choosing Policy Categories to apply to messages. (You can also do this with auto-complete text. Search the Liquid Machines Support KnowledgeBase for
more information on this.)
There is a cheat card for end users in the documentation.
3.9. Gateway for Exchange/SMTP
Gateway for Exchange/SMTP allows email passing through an Exchange server or Windows SMTP relay
to be converted into protected emails based on certain criteria.
Gateway for SMTP can also decrypt protected emails, and attach the Policies governing them in a hidden
format, so that they can later be re-encrypted for delivery. For example, you can set Gateway for SMTP to
decrypt a 1-year expiring message, pass it through a content scanner for further processing, and then re-
encrypt it with the 1-year expiration date, before delivering it to its final destination.
Gateway for Exchange can be placed in decryption mode, but this doesn’t make a lot of sense, and is not
recommended.
Liquid Machines Email Control Server
Enterprise Edition 14 Administrator’s Guide
3.9.1. Configuration
On the Gateway machine, in the Start menu, in the Omniva submenu, you will find the Omniva Policy
Gateway for SMTP configuration tool. This tool allows you to change the parameters you entered when you first installed the Gateway. It also allows you to change the Gateway’s operating mode for each
instance of the Windows SMTP Service on the machine.
Click Done when you have finished all configuration changes. You must restart the IIS Admin service for
the changes to take effect.
3.9.1.i. Modes of Operation
If you right-click on the name of the SMTP Service instance and choose Properties, you can set the
operating mode.
Liquid Machines Email Control Server
Enterprise Edition 15 Administrator’s Guide
3.9.1.i.i. Active Mode
In this mode, Gateway for Exchange/SMTP processes messages as they pass through it. If the Gateway
finds a hidden Policy attached, from a previous handling by another Gateway, it will use that Policy to control the message. Otherwise, it will process according to whatever Policies you have defined for it in
Email Control Administrator.
3.9.1.i.ii. Decrypt Mode
In this mode, the Gateway will decrypt a protected email into a clear text format. It will attach an HTML
file to the message that contains the original Policy, so that the Gateway may re-encrypt it later.
This mode makes sense on an SMTP relay, in a situation where you might want to decrypt messages
leaving your organization. You can pass them through a content filter, and then re-encrypt them on the
other side.
This mode may make less sense on an Exchange mailbox server. There is only one instance of the
Gateway in this case, and mail may flow just from one mailbox to another, not out of the server. So no
content filter can be inserted.
3.9.1.i.iii. Disabled Mode
In this mode, the Gateway does nothing, allowing the Exchange server or Windows SMTP Service to
function normally without trying to encrypt, decrypt or otherwise handle messages.
3.9.1.ii. Updating Policies
Normally Gateway refreshes its Policies from the Email Control Server every 90 minutes. You can force it
to update immediately by clicking the Update Gateway Policies Now button on the Configuration tool.
Liquid Machines Email Control Server
Enterprise Edition 16 Administrator’s Guide
3.9.1.iii. Parameters
If you click the Edit… button, you can change the parameters you entered at install time, namely, the
Gateway’s service accounts, the retention mailbox and Exchange server if any, and the administrative
contact.
See the Install Guide for Gateway for Exchange/SMTP for more details on how these parameters are to be
set.
Liquid Machines Email Control Server
Enterprise Edition 17 Administrator’s Guide
3.9.2. About SMTP Routing
In order to successfully configure the Gateway on an SMTP relay, so that it can decrypt protected emails,
pass them through a content filter, and then re-encrypt them, you must understand how to configure SMTP routing. In each link in the chain of email gateways, you must be able to configure the SMTP relay service
for that gateway, so that it passes the email to appropriate next link in the chain.
For example, suppose you already have a content filter in place, scanning for proprietary information in
outbound email. The flow of your SMTP routing looks like this:
Exchange Content Filter Internet
Here, you’ve configured the SMTP Internet Connector on Exchange to use the Content Filter as its
“smarthost.”
Liquid Machines Email Control Server
Enterprise Edition 18 Administrator’s Guide
If you want to add the Liquid Machines Gateway for SMTP into this architecture, so that it decrypts email,
hands it to the content filter, and then re-encrypts it, the email flow will then look like this:
Exchange Liquid Machines Decryptor
Content Filter
Liquid Machines Encryptor Internet
Here, you’ve configured the SMTP Internet Connector on Exchange to use the Liquid Machines Decryptor as its smarthost. And the Liquid Machines Decryptor uses the Content Filter as its smarthost. And the
Content Filter uses the Encryptor as its smarthost.
You don’t necessarily need to put each link in this chain on a separate Windows server. When you
configure an SMTP relay or connector for inbound traffic, you can ask it to listen on a non-standard TCP port. And when you configure one to use a smarthost for outbound traffic, you can ask it to send to a non-
standard TCP port on that smarthost. It may be possible for you to install the Content Filter and two
instances of a Windows SMTP Service relay all on the same machine, and configure them to pass email to
each other on these non-standard ports. A single installation of Policy Gateway for SMTP will allow you
to manage the operating modes for all the Windows relay instances, so you only have to install it once on a
particular server.
SMTP Routing can be complex and difficult, especially if your network is complex or your organization is
large. If you are unfamiliar with the terms or ideas above, or unsure about the nature of SMTP routing in
your message transport architecture (MTA), be sure to get consultation and approval from your email
system administrators before you make any routing changes.
Consult Liquid Machines Technical Support if you need more information, training or advice.
Liquid Machines Email Control Server
Enterprise Edition 19 Administrator’s Guide
3.9.3. Logging
Gateway for Exchange/SMTP logs trace level events to the c:\WINNT\Temp\OmnivaLogs folder in files
whose names begin with sg_. There is one file for each restarted session of the Gateway.
Gateway for Exchange/SMTP logs an event to the machine application event log when the Gateway is
restarted, and when it encounters an error severe enough that it delays message delivery for 60 seconds
before retrying.
Liquid Machines Email Control Server
Enterprise Edition 20 Administrator’s Guide
3.10. Email Archive Gateway
Email Archive Gateway allows you to decide whether the copy sent to the archive, of any protected email, is stored encrypted or as clear text. The setting is embedded in each protected email as it is generated. You
can control which Email Control Client users, or whether Gateway for Exchange/SMTP or Gateway for
BlackBerry, receive the setting by editing the Policy that applies to them. The setting is located on the
Archiving tab in the Policy dialog box.
Email Archive Gateway works with the KVS Journaling Service. If you install Email Archive Gateway on
a KVS Server, and the Server runs an instance of the Journaling Service, then the Gateway will handle all
email that arrives in the mailbox to which the Journaling Service is attached. So, you could attach the
Journaling Service to the mailbox you set up for the Liquid Machines Exchange retention feature. Or you
could enable Microsoft’s journaling on Exchange, and attach KVS to the Exchange mailbox configured for
it. Either way, Email Archive Gateway will appropriately handle all email that flows through the mailbox.
Email Archive Gateway does not work with KVS Archiving Service. You should familiarize yourself with
the different KVS services, so you can create an archiving strategy that best uses Email Control.
3.10.1. Intelligent Archiving via Message Headers
Email Archive Gateway can change the archive retention policy of a message entering the archive, based on the presence of certain message headers. That is to say, the Gateway can control how the archive
handles the message, based on the presence of the message header.
To accomplish this requires two steps:
1. Within your KVS archival installation, create the different archive retention categories you need.
Refer to your KVS documentation for instructions.
2. Within your Liquid Machines Email Control policies, configure Policy Rules to automatically add an
SMTP header to messages, a header that corresponds to the archive retention category.
Specifically…
The name of the header is x-omniva-retention-category.
The value of the header should be the name of the retention category exactly as you configured it
in KVS.
You can also add the header x-omniva-do-not-archive, setting its value to true, and then the
message will not be archived at all.
You can read more about Policy Rules in Chapter 6. Also, check the Liquid Machines Support web site for
more information on intelligent archiving.
3.10.2. Logging
To enable logging in Email Archive Gateway, in the Windows registry, in the key
\\HKEY_LOCAL_MACHINE\SOFTWARE\Omniva\KVS create a string value labeled LogLevel and
set its value to Debug. Files are logged to c:\ArchiveFilter.log.
Liquid Machines Email Control Server
Enterprise Edition 21 Administrator’s Guide
4. Special Features
Note that some features can be accessed from the Email Control Server Administration console. Some
others require you to run the Policy Server Configuration Wizard.
4.1. Message Contents Features
Message contents features affect the experience only for Universal Viewer. Part of the technology involves your internal Email Control Server communicating with your Exchange servers. And your external Email
Control Server initiating communication with your internal Email Control Server. Ask your Exchange
Administrators and your Security Officer for their perspective and input on this.
4.2. To Access the Features…
Start the administrative console. Expand the Liquid Machines Email Control Administrator folder.
Then right-click on the Configuration folder, and choose Properties from the pop-up menu. Features are
displayed on the Messages tab of the Configuration Properties dialog box.
Liquid Machines Email Control Server
Enterprise Edition 22 Administrator’s Guide
4.2.1. Message Body Retrieved from Exchange
If you check the box labeled Do not send HTML attachment, you enable this feature.
4.2.1.i. Requirements
The Email Control Server must be able to contact all Exchange servers in your organization.
The external Email Control Server must be able to initiate HTTP or HTTPS communication
with the Email Control Server.
You must configure policy mailboxes and the mailbox user, as documented below.
If you have Exchange 5.5 servers…
You must install Outlook 2000 or above on the Email Control Server.
You must choose a custom installation, and include the Collaboration Data Objects component.
The Mailbox User ( see below ) must be able to logon as a service to the Email Control
Server.
On the Email Control Server, Outlook must be configured as the default mail application for
the Mailbox User, and the Mailbox User must have successfully started it and logged in at
least once.
4.2.1.ii. What Does It Do?
For some mail readers and web browsers, Universal Viewer cannot render the message natively in a
window. Instead, it prompts the user to open the attached file called message_contents.html.
With this feature turned on, message_contents.html is not sent as part of the protected email. Instead,
users are prompted to click a hyperlink in the body of the email. When the Email Control Server receives
this request, it fetches the original message right out of the Exchange server. Then it decrypts and renders
this original message, and sends it back to the user.
4.2.1.iii. What’s the Value?
Some companies block HTML attachments from entering their mail system. So the message_contents.html attachment gets removed, and the users with these certain mail readers can’t read
the message. Sometimes the companies block the entire message, so it never even gets to the recipient.
You can get around that with this feature.
4.2.1.iv. The Tech Scoop
Messages can’t be rendered “natively” in certain mail readers because it requires advanced HTML code the
mail reader doesn’t understand.
Email Control Server stores a copy of the encrypted message in a special mailbox on the Exchange server.
Then it puts information about where to find the message in the “envelope” along with the message. Later,
Universal Viewer can use the information in the envelope to find and retrieve the message from Exchange.
Liquid Machines Email Control Server
Enterprise Edition 23 Administrator’s Guide
4.2.2. Attachments Retrieved from Exchange
If you check the box labeled Get message attachments from Exchange server, you enable this feature.
4.2.2.i. Requirements
The requirements are the same as for the first feature.
4.2.2.ii. What Does It Do?
If there are attachments to the protected email, Universal Viewer will provide hyperlinks for each one, at the top of the message body. When a user clicks on a hyperlink, Email Control Server retrieves the
attachment right out of the Exchange server. Then it decrypts it and sends it back to the user.
4.2.2.iii. What’s the Value?
Users don’t have to install Attachment Reader for Windows in order to view encrypted attachments.
4.2.2.iv. The Tech Scoop
Email Control Server stores a copy of the encrypted attachment in a special mailbox on the Exchange server. Then it puts information about where to find the attachment in the “envelope” along with the
message. Later, Universal Viewer can use the information in the envelope to find and retrieve the
attachment.
4.2.3. Messages Retained in Central Location
When you configure Policy Mailboxes, if you specified a retention mailbox for a particular Exchange server, then you enabled this feature for all users on that server. See “Policy Mailboxes and the Mailbox
User” below for more instructions.
This feature can offer you a basic archiving system. If you need a professional solution, Liquid Machines offers a Gateway for the KVS Enterprise Vault archiving system that can help you maximize its value as
well as protect your messages.
4.2.3.i. Requirements
You only need to set up one policy mailbox and the mailbox user. You can set up more than one mailbox if
you have more than one Exchange server.
4.2.3.ii. What Does It Do?
A copy of every protected email is sent to the mailbox.
Liquid Machines Email Control Server
Enterprise Edition 24 Administrator’s Guide
4.2.3.iii. What’s the Value?
Your company policies may require that documents be shredded after a certain time, but that they must be
kept until that time. With this feature, even if all users delete their copies, you still have this one. Until it
expires, that is. And you can search all the records right in one place.
4.2.3.iv. The Tech Scoop
Client and Gateway applications send a copy of every protected email to the email address of the mailbox.
If you have a lot of Exchange servers, placing the mailbox on any one server might overwhelm its storage capacity. You should consider deploying a separate Exchange server as your “archive server,” and place
the mailbox there. Or you can have a different retention mailbox for each server. Read more about it in the
“What About Space Requirements?” section below.
4.2.4. Policy Mailboxes and the Mailbox User
4.2.4.i. The Mailbox User
In the Windows NT trust realm or Active Directory forest where the Email Control Server resides, create a normal user account. You do not need to create a mailbox for the account. This user will be given
permission to access all the Policy Mailboxes.
4.2.4.ii. The Policy Mailboxes
If you will use either of the “retrieved from Exchange” features, you must create a mailbox on each Exchange server in your organization. You must also change the permissions on each mailbox so that the
Mailbox User can access them. ( If not everyone in your company will use Email Control Client or Client
for BlackBerry, you don’t need as many mailboxes. You only need one for each Exchange server where
client users’ mailboxes reside.)
If you will use only the “Retained in Central Location” feature, you can create only one mailbox, or a few
as suits your needs. Read the section below on “Why So Many Mailboxes?” and “What About Space
Requirements?” in order to help inform your decision.
Make sure you don’t put quotas on these special mailboxes, or if you do, put ones that reflect their
increased capacity needs.
Liquid Machines Email Control Server
Enterprise Edition 25 Administrator’s Guide
4.2.4.iii. Configuring Email Control Server
1. On the Messages tab, click the Change… button.
2. In the Exchange Account dialog box that pops up, type in the authentication information for the
mailbox user, then click OK.
3. On the Messages tab, click the Add… button.
4. In the Exchange Mailboxes dialog that pops up type in the…
Fully qualified hostname of an Exchange server,
The SMTP email address of the policy mailbox you created on that server, and
The SMTP email address of the policy mailbox you created for retention.
5. Click OK to close the dialog. Repeat this process for every relevant Exchange server. Be sure to
close the Messages window when you are done.
You can use the Edit button on the Messages tab to change the mailboxes for a particular Exchange server,
or you can use the Delete button to remove an Exchange server.
Note that if your DNS records contain multiple aliases for an Exchange server, and Outlook clients have been configured with these aliases, you must add an entry like the one above for each alias. You can and
should use the same policy mailbox and retention box for each alias.
Liquid Machines Email Control Server
Enterprise Edition 26 Administrator’s Guide
4.2.4.iv. Why So Many Mailboxes?
First of all, why any mailbox at all? Suppose that everyone in the company deletes their copy of the
message. Even the sender deletes it from his Sent Items folder. But then some external recipient tries to read the message. How is Universal Viewer supposed to retrieve it? If Email Control Server stores a copy
in a special box, then it can protect against this happening.
Now, why one for each Exchange server? First of all, remember that Email Control Server includes
information, about how to retrieve a message body or an attachment from Exchange, in the protected email “envelope.” It’s actually the Email Control Client or Gateway that does this. It turns out that these
components can only know the retrieval information for the Exchange server to which they are connected
via a MAPI session. They can’t learn any message ID’s for other servers in the organization. So you need
to have a Policy Mailbox on that same server, which means lots of mailboxes if you have lots of servers.
4.2.4.v. What About Space Requirements?
The answer is “It depends.”
Exchange uses a technology called single-instance storage to save space. For each information store, it
only keeps one copy of the actual message data on disk. Then it puts “pointers” to that copy in every
appropriate mailbox. So the copy in the Policy Mailbox is really just a pointer. What this means is that, no
matter how many “copies” of the message you have on a given server, only enough space to house one
copy of the message is actually taken up.
Whether you actually end up using more space depends on how long you will need to retain messages, how
long your users usually keep them around anyway, and whether it’s a Client or Gateway that’s creating the
messages. If you are going to make all messages expire in 90 days, and your Email Control Client users
have the habit of keeping items in their Sent Items folder for 6 months to a year, then your space
requirement will not increase. If you are going to make all messages expire after 9 months, but you
generally encourage your users to archive or delete messages after 30 days, your storage requirements will
increase. Also, if you have a single Gateway encrypting messages, then storage will all occur on the one
Exchange server to which the Gateway is connected.
If you are using only the “Retained in Central Location” feature, you can take a different approach to
storage requirements. You can create one or more new Exchange servers as sort of “archive servers.” You
provision them with plenty of disk space, and you place only the retention mailboxes on those servers.
Make sure you don’t put quotas on special mailboxes.
Liquid Machines Email Control Server
Enterprise Edition 27 Administrator’s Guide
4.3. Hide Universal Viewer Image Feature
As you know, Universal Viewer offers a transparent experience for most email readers, even without the Email Control Client for Outlook installed. Messages render right in a recipient’s reading window, and
require the recipient to take no action in order for that to happen. But for a minority of older or esoteric
email readers, the recipient must click once on a link, or open an attachment, in order to read the message.
The “Hide Universal Viewer Image” feature allows you to turn off this transparency, and force all
Universal Viewer recipients to click a link or open an attachment in order to view the messages. Liquid
Machines customers have experienced issues in the field for which this might be an appropriate solution.
Recipients have security turned on in their email readers that disables the transparency, and in a
way that disrupts or hides the one-click experience.
Recipients prefer to have clearer warning, or to have to take deliberate action, in order to read
protected messages.
Replying to a protected message when using Outlook and Word as Editor creates a long delay
while the compose window launches.
Users with Email Control Client installed, on Outlook 2003 with Windows XP SP2, find
themselves periodically prompted for their login credentials, for no apparent reason.
4.3.1. To Access the Feature…
1. Start the administrative console. Expand the Liquid Machines Email Control Administrator
folder. Then right-click on the Configuration folder, and choose Properties from the pop-up
menu. Navigate to the Advanced tab of the Configuration Properties dialog box.
2. Check the box labeled Hide Universal View Image in policy messages. 3. Click OK when you are done.
Clients and Gateways must be restarted in order to pick up this change. The feature only effects messages
composed after Clients and Gateways adjust to the new setting.
Liquid Machines Email Control Server
Enterprise Edition 28 Administrator’s Guide
4.4. Pass Through Authentication Feature
This feature allows the external Email Control Server to handle requests normally meant for the internal Email Control Server. The requests “pass through” to the internal server, which honors them and passes
the data back.
This feature requires the external server to be able to initiate HTTP or HTTPS communications with the
internal server. You may need your Network Administrator to configure firewalls and routers
appropriately. You may want to solicit the opinion of your Security Officer on enabling this feature.
4.4.1. To enable the feature…
1. Start the Policy Server Configuration Wizard on the external server. Navigate to the second screen.
2. Check the box labeled “Pass though authentication.”
3. Enter the IP address of the internal server ( any one if you have many ).
4. Then finish the wizard.
Liquid Machines Email Control Server
Enterprise Edition 29 Administrator’s Guide
4.4.2. What’s the Value?
It lets traffic meant for the internal Email Control Server originate from outside your company network.
For example, a company employee is using Outlook Web Access (OWA) to read a message from an airport kiosk. He needs to authenticate using his company Windows domain credentials. So the external server
catches the request and passes it in to the internal server. Or a company employee has installed Email
Control Client on his home computer. His network setup resolves the name of the external server as if he
were a computer on the Internet. The external server catches the requests from the client – for keys, for
policy settings – and passes them in.
4.5. Secure Communications Feature
This feature secures network traffic between Email Control Servers. It uses the Secure Sockets Layer
(SSL) protocol. Your Security Officer may appreciate this feature.
Start the Policy Server Configuration Wizard on the internal Email Control Server. Navigate to the last
screen. Features are enabled via the checkbox in the section labeled Protocol Encryption Options. When
you are done, be sure to finish the wizard.
Now you must do the same thing on the external server, in order for the feature to be fully enabled.
Liquid Machines Email Control Server
Enterprise Edition 30 Administrator’s Guide
4.6. Outlook Delegate Access
This feature allows assistants, who have Outlook delegate access to a supervisor’s mailbox, to have the same access to confidential messages as the supervisor. For example, suppose Fred Jensen, VP of Sales,
delegates access to his mailbox, through the standard Outlook mechanism, to his assistant Helga. If you
enable this feature, then Helga will be able to read recipient-confidential messages, and “VP’s Only”
group-confidential messages, sent to Fred.
This feature requires that both the supervisor and the assistant have Email Control Client installed.
If you remove delegation, then the delegator must also change his Windows network password, in order to
completely remove the delegate’s ability to read protected emails.
If you subsequently remove delegate access from the delegator’s configuration, the delegate may still be
able to read old protected emails in the delegator’s folders, because the delegate’s client will have cached
the keys. Remove the delegate’s key cache in order to solve this problem.
1. Start the administrative console. Expand the Liquid Machines Email Control Administrator
folder. Then right-click on the Configuration folder, and choose Properties from the pop-up menu
2. In the Configuration Properties dialog box, select the Advanced tab.
3. Check the Extend confidentiality to delegates checkbox.
4. Click OK to close the Properties dialog box.
Liquid Machines Email Control Server
Enterprise Edition 31 Administrator’s Guide
4.7. Exchange Org Bridge
In its basic configuration, Email Control Server generally considers the Exchange Organization as its measure of what the “company” is. That is, it sees mailbox-enabled users in the Organization as internal
recipients, and others, even contacts and other mail-enabled (but not mailbox-enabled) objects, as external
recipients.
But this may not work for you. You may have, as the result of acquisitions or ethical walls or whatever,
more that one Exchange Organization serving your company. You don’t want Email Control Server to
treat the users in one Organization as “foreign” to another Organization. You don’t want them to get
external recipient registration messages or get blocked from reading a group-confidential message. If that’s
the case, you want to configure the Exchange Org Bridge feature.
4.7.1. What Does It Do?
Email Control Server relies on being able to associate a user’s Windows login credentials with their email address. And it does that by looking at the values in particular fields within your Exchange 5.5
Organization (5.5 Org) or Active Directory (AD) database. If you have more than one Organization, there
is no single database where all users (with the right fields put in) are listed. For example, a user with a
mailbox in 5.5 Org “SPERRY” is probably listed as a contact in AD “BURROUGHS.” Which means that an Email Control Server integrated with “BURROUGHS” won’t know what that user’s Windows login
credentials are.
The Exchange Org Bridge feature allows Email Control Server to connect all the databases together. You
provide Email Control Server with the ability to access the directory – communicate with an “LDAP” server – for each Organization. Then you configure it with a table of your Exchange Organizations,
Windows NT or Active Directory domains, and the SMTP domains and aliases you house, in a way that
ties them all together.
Liquid Machines Email Control Server
Enterprise Edition 32 Administrator’s Guide
4.7.2. Requirements
If a certain Email Control Server will handle a certain user when they read messages, that Email
Control Server must reside in a Windows NT or Active Directory domain that trusts the domain where the user’s Windows account resides. So if Email Control Server is in the SPERRY
domain, and BURROUGHS\jsmith connects to it, SPERRY needs to trust BURROUGHS.
For a given internal recipient, any email alias assigned to them, that some other internal sender
will use, must be listed in their Exchange directory as an alias for their mailbox. For example,
suppose Bob’s real email address in Exchange is [email protected], and his buddy John’s real
email address is [email protected]. But Bob can also receive email sent to [email protected],
and this is the SMTP address John often uses when sending email to Bob. [email protected] needs
to be listed as a valid SMTP address in the properties of Bob’s Exchange mailbox.
The Windows account with which a user connects to Email Control Server must be the primary
account on their mailbox. Just being one of the accounts on the mailbox’s permissions list is not
sufficient.
In an Exchange 2000 or 2003 Organization, it’s OK if the account credentials exist in the
msMasterAccountSid attribute of the mailbox, or sidHistory attribute of the primary Windows
account associated with the mailbox. If you are unfamiliar with what these terms mean, you can contact
Liquid Machines Technical Support, or read about Active Directory Migration Strategies on the Microsoft
Active Directory web site.
Liquid Machines Email Control Server
Enterprise Edition 33 Administrator’s Guide
4.7.3. Preparation
1. In each Exchange Organization you will support, create a user account and mailbox especially for use
with this feature.
2. Make sure this user can make LDAP queries in the AD or 5.5 Org where it resides. The user should
be able to query and read all user object properties. (You shouldn’t have to do this if your Active
Directory or Exchange 5.5 installation is “out of the box.” You have to do extra domain
configuration work to restrict access to these queries.)
3. Make sure the Email Control Server can access at least one directory server via the LDAP protocol.
This is typically TCP port 389. In a 5.5 Org, this “LDAP” server is an Exchange server. For
Exchange 2000 or 2003 it will be an Active Directory Global Catalog server. (Again, if you are “out of the box,” and there are no firewalls in the way, this shouldn’t be an issue.)
4. Make sure you have a list of all the Windows NetBIOS domain names and SMTP domains that each
Organization supports.
4.7.4. Configuration
1. In Email Control Administrator, right-click on Configuration and choose Properties. Navigate to the Exchange Organizations tab.
Liquid Machines Email Control Server
Enterprise Edition 34 Administrator’s Guide
2. Right-click on Exchange Organizations and choose New…
Type in the fully qualified host name of an LDAP server for this Organization. Also type in the
domain-qualified login name and password for the service account you created for this Organization, for use with this feature. Click OK when you are done.
3. Expand the node labeled with the host name you used in step 2.
4. Right-click on NT Domains underneath the LDAP server name, and choose New…
Type in the NetBIOS domain name of one of the Windows user account domains that this
Organization serves. Click OK to save it. Repeat this action for all Windows account domains this
Organization serves.
Liquid Machines Email Control Server
Enterprise Edition 35 Administrator’s Guide
5. Right-click on SMTP Domains underneath the LDAP server name, and choose New…
Type in the SMTP domain name of one of the SMTP domains this Organization serves. Click OK
to save it. Repeat this action for all SMTP domains served by this Organization.
6. Repeat steps 2 through 5 for each Exchange Organization in your company.
7. If you expand the NT Domains or SMTP Domains nodes under any Organization’s LDAP server,
you can see the list of names you input.
If you want to delete a name, right-click and choose Delete.
8. Click OK to save the Configuration properties.
Liquid Machines Email Control Server
Enterprise Edition 36 Administrator’s Guide
4.7.5. More About SMTP and NT Domains
Let’s be a little clearer about what all NT Domains and SMTP Domains we need:
When users access an Exchange mailbox, they use some Windows login credentials. These
reside in a Windows domain. For any given Organization, you have to list out all the Windows
domains where there are accounts that might be used to access mailboxes.
An Exchange mailbox has one or more SMTP email addresses associated with it. For example, a mailbox might have [email protected], [email protected], [email protected] and
[email protected] all associated with it. For any given Organization, you have to list out all
the SMTP domains that all the mailbox aliases range into. So in this example you have to list out
at least acme.com, eng.acme.com and acmeinc.com.
If you need help with planning and deployment in a company with multiple Exchange Organizations,
please contact Liquid Machines Professional Services for assistance.
Liquid Machines Email Control Server
Enterprise Edition 37 Administrator’s Guide
5. Microsoft Rights Management Integration
You can now integrate Liquid Machines Email Control with your Microsoft Rights Management Services
(RMS) installation. A single configuration setting switches you over to using Microsoft RMS encryption, servers and authentication technologies to protect messages. Your Policies and Rules continue to function
exactly as you would expect. Liquid Machines Email Control Server brings you centralized and automated
management of policies, while RMS brings you additional control features and Microsoft core platform
technology.
Here are some things to be aware of when you choose to integrate with Microsoft RM:
You now have much greater control over Office documents. You can enforce print-blocking,
confidentiality, retention and other security features even when viewing an Office attachment.
You no longer install the Liquid Machines Email Control Client, but rather Microsoft Office 2003 and the Microsoft RM Client, or the RM Client and the RM add-in for Internet Explorer.
This becomes your protected mail reader or Universal Viewing technology.
All Policies will be applied by a Policy Gateway product, according to Policy Rules you
configure.
Rights Management core technology does not provide for forensic deletion. Although expired
messages will be inaccessible in the normal world, a computer forensics expert might be able to
recover them from the server storage media.
If you wish to interact with recipients outside your organization, you will need to publish your
Rights Management servers according to one of several Microsoft-recommended practices. You
will not need to deploy an external Email Control Server.
The following features and components are not supported with Rights Management Integration:
Message Contents Features
BlackBerries or the Gateway for BlackBerry
Outlook delegation
Email Archive Gateway
Message Clean-up Tool
Logging “access denied” events to the Report Service.
Discovery Tools
Some components have no relevant functionality when installed within an RM-integrated context, for
example Email Control Client or Pass-through authentication.
Some of these features have analogs within the basic Rights Management infrastructure. For example,
Pass-through authentication in Email Control Server maps to publishing Rights Management Services to
the Internet. In the Appendices, you can find a more complete list of these analogs. Consult your
Microsoft documentation, or contact Liquid Machines Professional Services if you need help with
configuring Microsoft RM, or mapping Email Control Server functionality to the RM platform.
5.1. To Enable Rights Management Integration…
Before you do this, if you have Gateway for SMTP/Exchange installed on any machines, you should also
install the Microsoft Rights Management Client on those machines.
Liquid Machines Email Control Server
Enterprise Edition 38 Administrator’s Guide
1. In Liquid Machines Email Control Administrator, right-click on the Configuration node and
choose Properties.
2. On the Messages tab, click the Key Management System… button.
3. Select the radio button labeled Microsoft Rights Management Services.
4. In the field at the bottom, type in the SMTP address of an Active Directory mail-enabled security
group or distribution list that does or will contain all company employees’ user accounts as
members.
5. Click OK to exit both dialog boxes.
Liquid Machines is a Microsoft Independent Solutions Provider. Please call us if you need advice or
expertise in building a Microsoft Rights Management environment.
Liquid Machines Email Control Server
Enterprise Edition 39 Administrator’s Guide
6. Managing Policies
6.1. Before You Start…
Once you start to expire and secure messages, there will be an impact on both your employees and your customers. People may be used to saving messages, so that they can reference them at a later date. But of
course now they will expire. They may be used to printing messages to put away in their files, but of
course now they might be print-blocked. Customers may have older browsers or email readers that require
a couple steps to read the message. They may need to download or install Attachment Reader. Or they
may just be surprised to see a new message format.
You can ease the impact and minimize the disruption if you follow these guidelines as your roll out your
email policy.
6.1.1. Inform Users
Let your users and your customers know what’s coming and why. Distribute user guides. Provide
additional training if necessary. And allow them time to react, to offer their concerns and questions, and have them addressed. The more they are prepared, the fewer questions there will be about usability and
impact.
6.1.2. Start Slowly
Create policies that enable only some of the security features. Distribute them to a pilot group, so that you can work through any issues within a smaller scope. Make sure to allow users to opt out by enabling one
policy category that avoids expiration or confidentiality.
As you stabilize deployment, expand the policies to a larger group, until you cover the whole organization.
Then enable additional features with the pilot group, test, and roll out again.
Make sure that highly restrictive features come at the last stages of deployment. For example, requiring
copy- and print-blocking, or preventing users from opting out, should come later.
Liquid Machines Email Control Server
Enterprise Edition 40 Administrator’s Guide
6.1.3. Keep It Simple
Try to create as few different policies as possible. Focus on your most fundamental needs and where you
can add the most value, and then construct a few blanket policies accordingly.
A simple policy architecture will be…
Easier to implement. You will have fewer categories to create and fewer user groups against which
you must apply and deny access.
Easier to understand and troubleshoot. You will have fewer interactions between defaults and override
settings. You’ll have to know less about an individual user in order to understand what policies apply
to them.
Easier for your users. They will be able to rely on default settings, and will need to choose from fewer exception cases.
For example, you could create a blanket, corporate-wide policy that makes all email confidential to the
company, and expiring after 90 days. You can add some extra categories for Executive Management, like
“30 days” and “7 days” and “For Your Eyes Only.” You could have anything that comes out of the Human Resources department, that has a Social Security number in it, be recipient-confidential and expire after one
year. And finally, you could restrict copy-blocking and print-blocking on any email that goes out to your
retail sales offices. The parameters in this case are few and simple, but they cover a wide variety of
workflow and security issues.
6.1.4. Build Consensus
Make sure that your team agrees on what policies should be created and enforced. If you know what everyone’s requirements are, you can author a simple, stable set of policies right from the start. You won’t
need to change policies a lot, which means your users won’t experience new snags because a policy
changed. You’ll be able to anticipate conflicts that might occur in production. And you’ll be on the same
page when it comes to training users and handling their concerns.
Make sure Executive Management and Counsel have primary input about where to add the most value.
They may have legal or regulatory concerns which take first precedent. Get in touch with Human Resource
about privacy issues and retention requirements. Work with middle managers regarding productivity and
workflow. Involve your Change Management Office if you have one, and make sure IT and Helpdesk staff
know what’s coming.
6.1.5. Read This Whole Chapter
The variety of policies you can apply, combined with the constraints of Email Control Server’s application logic, can make things pretty complex. Read this whole chapter. You want to gain a thorough
understanding of the rules governing and the elements within policies.
Liquid Machines Email Control Server
Enterprise Edition 41 Administrator’s Guide
6.2. What You Can Do
You can have one or more policy categories that expire messages after a certain amount of time you
define.
You can have one or more policy categories that make messages confidential to the company, to the
individual recipients of the message, or to specific groups of employees you define.
You can make a certain expiration or confidentiality category be applied by default.
You can allow users options other that the defaults, or allow them only the defaults.
You can disallow any non-expiring or non-confidential email.
You can have users choose a single menu item that applies a variety of Policy Settings.
You can have policy categories apply automatically, based on message content. For example, you can
mark any email with “TOP SECRET” in the subject line, or “private formula” in the body, confidential
to the company.
You can require attachments to be encrypted, or prevent them from being encrypted.
You can require that messages be copy- and print-blocked, or prevent them from being so.
You can lock, disable or hide parts of the user interface in Email Control Client. This way, users
cannot change settings, or could be completely unaware of the product and its operation.
You can automatically apply policies to email entering or leaving your organization, based on Policy
Rules you create.
You can prevent a message from being delivered at all, or prevent delivery only to certain recipients.
You can send clear text or encrypted copies of a message to another mailbox, for archival or for audit
and review.
You can add text to the headers of a message.
You can warn the sender if he takes certain actions, or is prohibited from taking them.
You can log violations to a database.
If you have installed Email Archive Gateway, you can decide whether protected emails are archived in
an encrypted format, or as clear text.
You can have expired messages automatically deleted from certain Personal Folder Files (PST’s) on
workstation hard drives.
You can control how long message data is kept within an archive system.
6.2.1. About Calendar Messages
Email Control Client and Gateway for BlackBerry do not process Calendar messages. If you send a
meeting request, no encryption will occur and no Policy Rules will trigger, regardless of anything else.
Gateway for Exchange/SMTP will process Calendar messages. So for example, a Rule that triggers on
messages sent from the “Brokers” groups that blocks all messages, will also block all meeting invitations
sent from “Brokers” members.
However, the Gateway will never encrypt Calendar messages, via Liquid Machines or Microsoft Rights
Management technology. So for example, the Gateway cannot set a meeting request to expire.
Liquid Machines Email Control Server
Enterprise Edition 42 Administrator’s Guide
6.3. If You Are Upgrading…
As you probably know, when Policies and Rules overlap, there are rules about the precedence and interaction. The logic has changed some from Liquid Machines Email Control Server 5.1. You should
read the next two sections until you thoroughly understand the changes, and then verify, before you
upgrade, that your existing Policies will not be adversely affected. You may need to include offline time
spent re-authoring Policies as part of your upgrade strategy.
6.4. Elements of a Policy
Policies have several different parts or elements.
6.4.1. Who It Affects
6.4.1.i. The Global Policy
The global policy, named “Global” in the display, affects everyone in the company. Its settings apply to
everyone.
The global policy settings also apply to messages that pass through Gateway for Exchange/SMTP or come
from BlackBerry handheld users via Gateway for BlackBerry.
6.4.1.ii. Other Policies
When you create other policies besides the global one, you choose which users and groups they affect.
If you want messages that pass through the Gateway for Exchange/SMTP to be affected by policy settings,
you must apply the policy to the service account that runs the Gateway.
If you want messages that come from BlackBerry handheld users to be affected by policy settings, you
must apply the policy to the BESAdmin service account that runs the user’s BlackBerry Server.
Liquid Machines Email Control Server
Enterprise Edition 43 Administrator’s Guide
6.4.2. Categories
6.4.2.i. Retention
Retention categories are those that cause messages to expire. You can choose expiration times ranging from 1 hour to 10 years. 1 year corresponds to 365 days and 1 month corresponds to 30 days. You can also
create categories that apply no retention.
If you do not create a category that applies no retention, all messages created will expire. The user will not
be able to choose to send a non-expiring message.
6.4.2.ii. Confidentiality
Confidentiality categories are those that prevent messages from being read by certain people. There are
three types.
Original recipients in To, Cc, Bcc only (recipient-confidential): Messages in this category can be
read only by the people who were originally sent the message.
Users in company directory only (company-confidential): Messages in this category can be read by
anyone who has a user account in a Windows domain that is trusted by the domain in which the Email
Control Server resides.
Users who are members of a group or distribution list (group-confidential): Messages in this
category can be read only by people in the group or distribution list.
In an Active Directory environment, this can be a mail-enabled security group or
distribution list.
In a Windows NT and Exchange 5.5 environment this can only be a distribution list.
People on the distribution list who are contacts ( not mailbox users ) must already be
registered with the external Email Control Server.
If you send a new message ( you don’t reply or forward an existing protected email ), marked company- or group- confidential, to some people outside the company or group, these people specifically will be able to
read the message. However, no one else outside the group or company will, even if they forward it on.
If you do not create a category that applies no confidentiality, all messages created will be confidential.
The user will not be able to choose to send a non-confidential message.
6.4.3. Defaults
Every policy must have one default retention and one default confidentiality category. These are the
settings applied if the user takes no action.
Defaults do not apply when Policy Rules are in effect. See below.
Policy Gateways have no concept of defaults. You must instead create a “rule of last resort” in the Policy
Rules, which are discussed below.
Liquid Machines Email Control Server
Enterprise Edition 44 Administrator’s Guide
6.4.4. Email Control Client’s Interface
You can control what options are available in Email Control Client’s interface.
You can enforce or prevent copy-blocking.
You can enforce or prevent print-blocking.
You can enforce or prevent automatic application of policies via Policy Rules.
You can enforce or prevent attachment encryption.
You can hide certain elements of the client interface, so that the user is unaware it is operating on the
message.
You can have users choose a single menu item, or “template,” that sets a variety of Policy items.
You can have expired protected emails automatically deleted from certain PST files on workstation
hard drives.
6.4.5. Clear Text Archiving
If you have Email Archive Gateway installed, you can specify that all messages generated by certain users
or groups of users are archived in clear text.
6.4.6. Policy Rules
You can create a list of Global Policy Rules. You can then configure Clients and Gateways to obey these
rules when applying various Policy Settings.
Each Policy Rule has one or more conditions that trigger it, and one or more actions that it takes. The
priority of a Rule is controlled by you; you can decide which one will trigger first.
6.4.6.i. Conditions
Conditions that can trigger a rule are…
Membership of the sender or recipient in a mail-enabled security group or distribution list in Active Directory. Nested groups are supported.
Occurrence of a text string or pattern in the header or body of the message.
Presence of a certain particular message format, specifically…
clear text,
encrypted using Liquid Machines Email Control Server algorithms,
encrypted using Microsoft Rights Management algorithms,
a non-delivery report (NDR), or
an Outlook calendar message.
You can have multiple conditions apply to a rule. Conditions are joined using a logical AND.
Liquid Machines Email Control Server
Enterprise Edition 45 Administrator’s Guide
6.4.6.ii. Actions
Once a rule is triggered by its conditions, it takes action on a message. Specifically, it can…
Apply any Policy Category settings.
Apply copy-blocking, print-blocking or attachment encryption.
Block delivery of the message completely.
Block delivery only to certain recipients.
Copy the message, either encrypted or in clear text, to another mailbox.
Add an item to the message headers.
Log a violation to the audit log.
Send or display an alert for the message sender.
Stop processing more rules.
You can have multiple actions taken on a message. And you can have multiple rules apply these actions.
How actions “add up” is discussed in the next section.
Note that not all message types can accept all actions. For example, you cannot encrypt a Calendar
message.
6.4.6.iii. Not All Components Support All Actions and Conditions
Specifically, Email Control Client and Gateway for BlackBerry do not support all of them.
The conditions these two do not support are:
From or to a member of an Active directory group,
Presence of a particular message format, and
Occurrence of a certain value in an SMTP header other than the recipient lines or subject line.
The actions these two do not support are:
Set an SMTP X-header, and
Block delivery only to certain recipients.
They do support blocking delivery to anyone.
Liquid Machines Email Control Server
Enterprise Edition 46 Administrator’s Guide
6.5. Precedence, Interaction, Collision
Policy categories are cumulative. That is, if you apply two different policies to a user, they will have
access to all categories and client interface settings in both policies.
As you can imagine, this means there could be conflict between policies. Which one will specify the
default? Which Policy Rules will trigger first? The paragraphs below explain the system.
The Global Policy always loses when it comes to categories and rules:
The default retention or confidentiality category in the Global policy will be overridden by those in
custom policies.
If a category in a custom policy has the same name as one the Global policy, the settings in the custom
policy’s category will take precedence.
Policy Rules in the Global policy are always processed after rules in custom policies.
You can‟t know which custom policy will win when it comes to categories and rules. When multiple
custom policies apply:
You can’t know which default categories will win out.
If two categories have the same name, you can’t know which category’s settings will win out.
You can’t know which Policy Rules will be processed first.
When it come to client interface settings, the rule is, any exception wins. That is, if any applicable policy specifies something other than the default, then the opposite of the default will take effect. The
defaults are:
Messages can be copied.
Messages can be printed.
Policy Rules do not apply.
Settings are not applied to attachments by default.
Users are notified if a Policy Rule applies a policy to a message.
Users can select expiration options.
Users can select confidentiality options.
Users can access the Security Options dialog box.
If a message is marked confidential, settings will be applied to attachments.
Also, with archive settings, any exception wins. So if you check this box in any policy that applies to a
user, the checked box is what will be applied.
You can allow or deny access to sets of policy categories and rules. So, when creating a hierarchy of
policies, you should allow access to a larger group, and then deny access to a smaller group, for a specific
policy set. You can then allow access to another policy for that smaller group, and deny access to an even
smaller subgroup. That way you can create an efficient administration of policy without causing conflicts.
6.5.1. Policy Rules
With Email Control Client, if Policy Rules are turned on and no rule applies, the user’s default options will
be applied.
Liquid Machines Email Control Server
Enterprise Edition 47 Administrator’s Guide
With Policy Gateways, policy defaults do not apply. Instead the Policy Rules must include a “rule of last
resort.”
To make Gateway for BlackBerry applies policy rules, in the policies that you create for it, ensure that in
the “Client” section, the “Automatically select policy settings” option is set.
Policy Rules do not automatically override policy settings chosen by the user. You must prevent user
choice and/or enforce Policy Rules by manipulating the Policy Client interface.
Policy Rules do not fill in settings the user has not chosen for an original message. For example, a message
sent with no confidentiality but an expiration time will not gain an expiration time through a Policy Rule.
What about protected emails which are not original, replies or forwards generated without an Email Control
Server component that contain a protected email somewhere within them? These are “derived” messages,
where a setting can be added when no setting exists.
Example: You send a recipient-confidential message to your friend at Hotmail. They reply back to you
and include your original message. The reply goes through Gateway for SMTP. The Gateway turns the
text of their reply into a protected email, and combines that with your original. It applies the recipient-confidential setting to this new message. Now, it tests the new message against its Policy Rules, and
discovers that email from Hotmail is supposed to be marked company-confidential, and expire in 90 days.
The Gateway adds the 90-day expiration, but does not override the recipient-confidential setting.
There is a nuance here, which is how Email Control Client and Gateway for BlackBerry view replies and forwards they create themselves. Are they original, or “derived?” That is to say, if John uses Email
Control Client to send Betsy a protected email, and Betsy replies using Email Control Client, will Betsy’s
Client consider her reply original or derived? The answer is “derived,” which means that her Client can
add settings.
This nuance makes it seem like Email Control Client and Gateway for BlackBerry can always add settings,
but Gateway for Exchange/SMTP can only add them sometimes.
Liquid Machines Email Control Server
Enterprise Edition 48 Administrator’s Guide
6.5.1.i. Adding Up Actions from Several Rules
Since you can apply several actions to a given message within a given Rule, and since multiple Rules can
apply actions to a single message, you have to consider how these actions “add up.” For example, it makes sense that if one rule blocks delivery to Finance and another to Accounting, then neither group will receive
the message. But what do you do if you want an expiration of 30 days, and of one year? The chart below
describes what happens for each type of action.
Confidentiality Settings The first rule that applies such a setting wins. That
setting sticks.
Expiration The rule with the shortest expiration time wins.
Block Delivery to Anyone Any occurrence of this blocks delivery to everyone,
regardless of what other rules might specify.
Copy-blocking:
Any rule that sets this wins.
Additional rule has no impact
Print-blocking:
Any rule that sets this wins.
Additional rule has no impact
Copy to a mailbox in clear text All mailboxes specified by the set of rules will get
copies.
Copy to a mailbox decrypted All mailboxes specified by the set of rules will get
copies.
Set X-Header:
A different header than other rules.
The header is added to the list to be inserted.
Set X-Header:
The same header as some other rule.
The first rule that sets the header wins.
Liquid Machines Email Control Server
Enterprise Edition 49 Administrator’s Guide
6.5.2. Policy Gateways
Policy Gateways use only the Global policy and any custom policies applied to their respective service
accounts. They use them exclusively. Gateways do not enforce policies that apply to users or groups of users. Gateways can however, apply a “policy rule of last resort,” can apply policies based on the presence
of certain email addresses in the message headers, or apply policies based on the membership of senders or
recipients in an Active Directory group.
After you create or change policies for a Gateway, you must wait 90 minutes, restart the Gateway, or click
the Update Gateway Policies Now button on the configuration tool, in order for the changes to take effect.
To make sure Gateway for BlackBerry applies Policy Rules, in the policies that you create for it, make sure
that in the “Client” section, the “Automatically select policy settings” option is set.
6.5.3. Gateway for Exchange
In order to support message blocking features in Policy Rules, for example for ethical walls applications, you must install Gateway for Exchange on all Exchange servers in your Organization. Installing on only
some servers may result in messages not being properly blocked.
Gateway for Exchange does not consistently support the “full blocking” feature in environments where certain Exchange servers have been designated as “expansion” servers. Liquid Machines does not
recommend you use expansion servers if you are deploying Gateway for Exchange for an ethical walls
application.
6.5.4. Gateway for SMTP
When Gateway for SMTP is not installed on an Exchange server, it has a certain limitation when expanding groups. Specifically, it cannot expand a group named in the recipient list, to see if some user is a member.
This means that, if you create Policy Rules for it that use membership of the sender or recipient in an
Active Directory group, the Rules may not cover as many emails as you expected.
For example, someone outside your company sends a message to, say [email protected]. And Bob is a
member of this group. Bob is also a member of the [email protected] group, and you have set up a Rule on
Gateway for SMTP that is supposed to block all inbound mail destined for members of [email protected].
The Gateway cannot expand [email protected] to find out if Bob is in it, and so cannot enforce the Rule.
The Gateway can expand groups in a Rule, to see if some recipient is named there. So in the example, if
Bob were named directly as one of the recipients, the Gateway would enforce the Rule.
6.5.5. Email Archive Gateway
Email Archive Gateway will decrypt a message with the clear text option set, even if that message is
embedded in a regular, non-protected email reply email.
6.5.6. Policy Locking
You may have noticed from the descriptions above that, if a protected email contains a certain setting, any
Email Control Server component will respect that setting while reprocessing the message. For example, if
Liquid Machines Email Control Server
Enterprise Edition 50 Administrator’s Guide
you reply to a protected email with Email Control Client, Email Control Client locks your reply to the
settings on the original message.
There are a couple exceptions to this:
Archiving: The archive setting is not preserved when a protected email is processed. So if Bob sends
a message to Alice that is to be archived in the clear, and Alice’s Policy settings forbid clear text
archiving, Alice’s reply to Bob will be archived encrypted.
Encrypting Attachments: The attachment encrypting setting is not preserved. So if Bob sends Alice
a message with encrypted attachments, and Alice replies and adds a new attachment, the new
attachment will not be encrypted unless Alice’s Policy mandates it.
6.6. Checking Your Logic
In a way, the different elements you can add to a policy, and the rules about precedence and so on, create a kind of programming language. It’s easy to understand, because there are few variables and few rules. It’s
easy to “write code” because you check boxes and choose menu items from a graphical interface. But as
you put more and more elements together, the rules about how they interact can have some unintended
consequences. You can end up having to “debug your program” by tracing back through the policy
elements and the rules step by step.
As you are developing your policies, before you apply them, check your logic. Create a graph or flow chart
of your policies, and apply it to representative users to verify the outcome. The flowchart below shows a
simple example. The yellow outcomes may not be what was intended. The red outcome is bad.
Liquid Machines Email Control Server
Enterprise Edition 51 Administrator’s Guide
Liquid Machines Email Control Server
Enterprise Edition 52 Administrator’s Guide
6.7. Editing Policies
6.7.1. To Begin…
1. Start the administrative console on the Email Control Server.
2. Select the Policies node. Existing policies show in the right frame of the window.
Liquid Machines Email Control Server
Enterprise Edition 53 Administrator’s Guide
6.7.2. To Create a New Policy…
1. Right-click on the Policies node.
2. From the pop-up menu, choose the New submenu, and then the Policy item.
3. A dialog box appears asking you to name the policy.
4. Then the new policy shows in the right frame of the window.
Liquid Machines Email Control Server
Enterprise Edition 54 Administrator’s Guide
6.7.3. To Rename a Policy…
1. Right-click on the policy and choose Rename from the pop-up menu.
2. The name becomes highlighted in a text box.
3. Type in the new policy name.
4. Select the policy again to save the change.
6.7.4. To Delete a Policy…
Right-click on the policy and choose Delete from the pop-up menu.
Liquid Machines Email Control Server
Enterprise Edition 55 Administrator’s Guide
6.7.5. To Add a Retention Category…
1. Right-click on the policy and choose Properties.
2. Select the Retention tab.
3. Click the Add button.
4. Type in a name for the policy, for example “For the Record – 90 Days”. It can be very helpful to
include the expiration time as part of the name.
5. Choose a unit of time, for example, “months”, from the pull-down menu on the right.
Liquid Machines Email Control Server
Enterprise Edition 56 Administrator’s Guide
6. Type in the number of units in the field on the left.
7. Click OK to save the category.
8. Click OK to save the policy settings.
6.7.6. To Edit a Retention Category…
You can select the category and then click the Properties button.
Liquid Machines Email Control Server
Enterprise Edition 57 Administrator’s Guide
6.7.7. To Add a Security Category…
1. Right-click on the policy and choose Properties from the pop-up menu.
2. Select the Confidentiality tab.
3. Click the Add button.
4. Type in a name for the policy.
Liquid Machines Email Control Server
Enterprise Edition 58 Administrator’s Guide
5. Choose a type of confidentiality by clicking a radio button.
6. Click OK to save the category.
7. Click OK to save the policy settings.
Liquid Machines Email Control Server
Enterprise Edition 59 Administrator’s Guide
6.7.7.ii. Configuring a Group-Confidential Category
If you selected the group-confidential option, you need to configure the group.
Click the Group… button.
Liquid Machines Email Control Server
Enterprise Edition 60 Administrator’s Guide
6.7.7.ii.i. If you use Exchange 2000 or higher… 1. Select the top radio button and click the Browse button. You get the standard user/group selector for
your platform.
2. Select the distribution list you want. Click OK.
3. Click OK in all dialog boxes to save the changes.
Liquid Machines Email Control Server
Enterprise Edition 61 Administrator’s Guide
6.7.7.ii.ii. If you use Exchange 5.5… 1. Select the bottom radio button.
2. Type the fully qualified domain of an Exchange 5.5 server.
3. Type in the SMTP address of the distribution list you want.
4. Click OK in all dialog boxes to save the changes.
6.7.8. To Edit a Confidentiality Category…
You can select the category and then click the Edit button.
Liquid Machines Email Control Server
Enterprise Edition 62 Administrator’s Guide
6.7.9. To Set a Default Category…
The retention and confidentiality categories each have a default.
1. Right-click on the policy and choose Properties from the pop-up menu.
2. Select either the Retention or Confidentiality tab, depending on where you want to change the
default.
3. The current default is listed in bold type.
4. To change to another category, click that category, then click the Set Default Button.
5. Click OK to save the changes.
Liquid Machines Email Control Server
Enterprise Edition 63 Administrator’s Guide
6.7.10. To Copy a Category to Another Policy
While you are creating or editing any expiration or confidentiality category, you can copy in the settings
from any other category in any other policy you have created.
1. In the Properties dialog for the category, click the Copy… button.
2. Select the category you want to copy settings from, and click OK.
6.7.11. To Create Policy Templates for Email Control Client…
Policy Templates allow the Email Control Client user to select a single menu item that sets a variety of Policy controls. Rather than being presented with an Allow forwarding and Expiration pull-down menu
in their compose window, they are afforded a single Apply policies menu.
Liquid Machines Email Control Server
Enterprise Edition 64 Administrator’s Guide
1. Right-click on the Policy and choose Properties.
2. Select the Templates tab.
3. Click the Add… button.
4. Type a Name for the template. This is the label that users will see in the pull-down menu.
5. Choose Retention and Confidentiality categories that you have created on the Retention and
Confidentiality tabs. The categories you choose will be applied when the user activates the
template.
6. Check the appropriate box if you also want the template to Block Copying, Block Printing, or Apply
Settings to Attachments.
7. Click OK when you are done.
You must also enable templates, as discussed in the Client Interface section below, in order for your
changes to affect the users.
Liquid Machines Email Control Server
Enterprise Edition 65 Administrator’s Guide
6.7.12. To Edit, Delete or Set the Default Policy Template…
1. Right-click on the Policy and choose Properties.
2. Select the Templates tab.
3. Click the Edit…, Set Default or Delete button as appropriate
6.7.13. To Control Email Control Client’s Interface…
1. Right-click on the policy and choose Properties.
2. Select the Client tab.
3. Enable or disable options as appropriate, by checking or unchecking boxes.
Use Templates
If you select Use Templates, then only the Apply Controls pull-down menu appears on the Email Control
Client. The Security Options dialog is not available; instead the options available in it are defined by the
templates. Also, automatic processing of Policy Rules is not available.
6.7.13.ii. Use Individual Settings.
If you select Use individual settings, the Email Control Client shows an Expiration and Allow
forwarding pull-down, as well as the Security Options dialog. Automatic processing of Policy Rules
becomes an option. And you can control the Client’s default settings by checking boxes in the two sections
discussed here:
Liquid Machines Email Control Server
Enterprise Edition 66 Administrator’s Guide
6.7.13.ii.i. “Options” Section
Show „Expiration‟ drop-down menu on toolbar: If you disable this, users will not see the
Expiration menu, and will not be able to choose from retention categories you give them. The default category will be applied, unless automatic policy selection changes it.
Show „Allow Forwarding‟ drop-down menu on toolbar: If you disable this, users will not see the
Allow Forwarding menu, and will not be able to choose from confidentiality categories you give
them. The default category will be applied, unless automatic policy selection changes it.
Show „Security Options‟ button on toolbar: If you disable this, users will not be able to access the
Security Options dialog box, and will not be able to make choices about copy- or print-blocking,
attachment encryption, or whether automatic policy selection is turned on. Defaults will apply unless
automatic policy selection changes them.
Selecting confidentiality option automatically encrypts attachments: With this enabled, if a
confidentiality category is in force, then attachments will be encrypted, even if the default is not to
encrypt attachments.
6.7.13.ii.ii. Defaults Section
These defaults can be overridden by the user, only if the Security Options dialog box is visible to them.
Automatically select policy settings: This means that, by default, any policy rules associated with the
policy will decide policy settings for messages.
Tell me when policies are applied to messages I send: If automatic policy selection is in force, the
user will receive notification when the policy rules do apply policy settings to a message.
Messages cannot be printed: Enabling this means messages are print-blocked by default, as long as
some retention and/or confidentiality setting is also applied.
Messages cannot be copied: Enabling this means messages are copy-blocked by default, as long as
some retention and/or confidentiality setting is also applied.
Apply settings to attachments: Enabling this means that by default, attachments will carry the same
policy settings as the message to which they are attached.
6.7.13.iii. Automatically Delete Expired Policy Messages
If you check this box, then, when Outlook is running, Email Control Client will automatically process certain kinds of Outlook Personal Folder Files (PST’s) on the local workstation. It will delete permanently
from the folders any protected emails whose expiration has passed. Protected emails for this purpose
include clear text replies that contain an embedded protected email, and protected emails that were
generated by foreign Email Control Servers. The specific kinds of PST’s are…
Any PST mounted directly in the user’s Outlook profile.
Any PST specified in the user’s Outlook auto-archive settings.
If you want to delete expired protected emails from Exchange folders, use the server-side Message Clean-
up Tool mentioned in section 3.6.
Liquid Machines Email Control Server
Enterprise Edition 67 Administrator’s Guide
6.7.14. To Choose Who the Policy Applies to…
1. Right-click on the policy and choose Properties from the pop-up menu.
2. Select the Users tab.
3. Click the Add… button in the first section.
4. Scroll through the list, double-clicking whatever group or users you want. When you are finished,
click OK.
Liquid Machines Email Control Server
Enterprise Edition 68 Administrator’s Guide
5. If you want to exclude certain subgroups or users from being affected by this policy, click the Add…
button in the second section, and follow the same procedure as in step 4.
6. In either section, if you want to remove certain users or groups from the list, select them and click the
Remove button.
You can also clear the list in each section by clicking the Remove All button.
Liquid Machines Email Control Server
Enterprise Edition 69 Administrator’s Guide
6.7.15. To Set the Archiving Policy…
On the Storage tab, check the box to allow clear text archiving, or leave it unchecked so that archive copies
remain encrypted.
You must have Email Archive Gateway installed for this setting to have any effect.
Liquid Machines Email Control Server
Enterprise Edition 70 Administrator’s Guide
6.8. Policy Rules
If you will use one or more of the Policy Gateways, or you will configure Email Control Client to automatically select Policy settings, you create Policy Rules. Each rule has one or more conditions – “Is
from Bob,” or “Covers TOP SECRET materials” -- and one or more actions – “Make company-
confidential,” or “Expire in 30 days.” If all the conditions are true for any given message, the actions are
applied.
You can have several Policy Rules. Rules are applied in the order you specify. You can configure any rule
to “stop rule processing” or to let processing of other rules in the list continue. If no condition in any rule is
true, no action is applied to the message.
Liquid Machines Email Control Server
Enterprise Edition 71 Administrator’s Guide
6.8.1. To create Policy Rules…
1. Right-click on the policy category and choose Properties.
2. From the Properties dialog box, select the Rules tab.
3. Click the Manage… button.
Liquid Machines Email Control Server
Enterprise Edition 72 Administrator’s Guide
6.8.2. To add a Policy Rule…
1. Click the New… button
Notice that you can create different kinds of rules. Truthfully all rules are based on a blank
template. The other rule types on this page are rules with some of the blanks already filled in.
Select Create a new rule from a blank rule, and click Next.
Liquid Machines Email Control Server
Enterprise Edition 73 Administrator’s Guide
2. From the next screen, check the box next to one or more conditions you want to apply.
Conditions are based on the occurrence of certain words, phrases, or patterns – regular expressions
which you can read about below –, in the message body or in specific message SMTP header fields.
Or on whether the message came from or will be delivered to a member of an Active Directory
security or distribution group. Or on what kind of message it is, like encrypted or not encrypted.
3. For each blue-colored hyperlink in the Rule description… click on it to choose words, phrases, patterns, SMTP header values, Active Directory groups, or message types.
Liquid Machines Email Control Server
Enterprise Edition 74 Administrator’s Guide
4. Click Next. On this screen, check the box next to one or more actions you want the rule to take.
Actions include setting confidentiality and expiration policies, archiving the message, blocking the
message, setting SMTP headers, alerting users or administrators, and halting rule processing.
5. For each blue-colored hyperlink in the Rule description… click on it to enter more information about
the action you want to take, for example what group to block.
Liquid Machines Email Control Server
Enterprise Edition 75 Administrator’s Guide
6. Click Next. On this last screen, enter a descriptive name for the Rule.
Notice that in some cases, you may author a rule that not all Email Control Server components can
process. If you do so, you’ll receive a warning at this screen.
Also, the name of the Rule may be visible to your end users in some cases, such as for alerts or blocked messages. Make sure you name Rules with this exposure in mind.
7. Click Finish to save the rule.
Liquid Machines Email Control Server
Enterprise Edition 76 Administrator’s Guide
6.8.3. To Edit, Rename or Delete a Policy Rule…
1. From the Policy Selection Rules screen, select the rule you want to take action against.
2. Click the Edit, Rename or Delete button as appropriate.
If you choose to edit a policy, you can navigate through the screens in the same way you would to add a
policy.
If you choose to rename a policy, type the new name in the dialog box that comes up, and click OK.
Liquid Machines Email Control Server
Enterprise Edition 77 Administrator’s Guide
6.8.4. Conditions in Rules
Remember that Email Control Client and Gateway for BlackBerry do not support all conditions.
The conditions these two do not support are:
From or to a member of an Active directory group,
Presence of a particular message format, and
Occurrence of a certain value in an SMTP header other than the recipient lines or subject line.
6.8.4.i. To choose words or phrases…
1. Type the word or phrase in the Add new: field and click the Add button.
The search is not sensitive to capitalization. The condition will be true if any one of the words or
phrases is found.
2. Click OK when you are done.
Liquid Machines Email Control Server
Enterprise Edition 78 Administrator’s Guide
6.8.4.ii. To choose SMTP header values…
Only Gateway for SMTP and for Exchange can search for SMTP headers. Email Control Client and
Gateway for BlackBerry will ignore this condition.
1. Type the name of the SMTP header in the Header name: field. Type a value for the header in the
Add new: field and click Add.
The condition will be true if the header’s value matches any value in the list.
2. Click OK when you are done.
You can read more about SMTP headers below.
Liquid Machines Email Control Server
Enterprise Edition 79 Administrator’s Guide
6.8.4.iii. To choose Active Directory groups…
Only Gateway for SMTP and for Exchange can process Active Directory groups. Email Control Client and
Gateway for BlackBerry will ignore this condition.
1. Double-click the group from the selection window.
Note that, when Email Control Server decides what groups a user belongs to, the “primary group” is
ignored. By default, “Domain Users” is any user’s primary group, so you shouldn’t use this one to make
Policy Rules. You might want to check with your Active Directory administrator to see if this default has
been changed.
Nested groups are supported.
Liquid Machines Email Control Server
Enterprise Edition 80 Administrator’s Guide
6.8.4.iv. To choose message types…
1. Select one or more options from the dialog box.
Email message: Plain email, not encrypted or anything.
Policy Mail message: encrypted using Liquid Machines Email Control Server algorithms.
Rights Protected message: encrypted using Microsoft Rights Management algorithms.
Non-delivery report: A message sent by a Policy Gateway, or possibly some other
Exchange or other email server, telling the sender that the email they sent was not delivered.
It has a standardized format that you can read about in Internet RFC’s.
Calendar message: A calendar message from Outlook. These are sent when people
schedule meetings with others, accept or decline meeting invitations, and so on.
If you select multiple boxes, the message type conditions are joined with a logical OR. So a whole Policy
Rule condition would look like…
Subject=”Hello!” AND ( Message-type=”Email message” OR Message-
type=”Calendar Message” ) AND Recipient=”Joe”
Note that not all message types can be affected by all Policy Actions. Refer to section 6.8.5 below for more
information.
Liquid Machines Email Control Server
Enterprise Edition 81 Administrator’s Guide
6.8.4.v. To choose patterns…
1. From the dialog box, choose a pattern from the list and click OK.
You can read more about patterns in the sections below.
Liquid Machines Email Control Server
Enterprise Edition 82 Administrator’s Guide
6.8.5. Actions in Rules
Remember that Email Control Client and Gateway for BlackBerry cannot perform the “Add SMTP header”
action.
You should know that, when choosing actions in Rules, not all actions can affect all message types. For
example, you cannot encrypt a Calendar message. The rules of thumb with this are:
You cannot encrypt Calendar messages.
You cannot change the Policy on any original protected email. So if Email Control Client sends a
message through Gateway for Exchange, the Gateway will not change the Policy or add settings
to it.
You can add settings to a derived protected email.
You cannot decrypt an existing protected email in order to place a clear text copy of it in the
archive.
Also, remember from the beginning of the section on Precedence, Collision and Interaction that Email
Control Client and Gateway for BlackBerry may have a different idea about what constitutes an original
message, and what is a “derived” one.
6.8.5.i. Allow forwarding: Confidentiality Option
Select an option from the list of confidentiality categories associated with this Policy. Then click OK. The
message will be marked confidential in this way.
Liquid Machines Email Control Server
Enterprise Edition 83 Administrator’s Guide
6.8.5.ii. Set retention to: Retention Option
Select an option from the list of retention categories associated with this Policy. Then click OK. The
message will be set to expire in this way.
6.8.5.iii. Apply Setting to Attachments
No further parameters are needed for this action. All actions applied to the message will also be applied to
attachments.
6.8.5.iv. Block recipient copying
No further parameters are needed for this action. Setting is applied to the message.
6.8.5.v. Block recipient printing
No further parameters are needed for this action. Setting is applied to the message.
6.8.5.vi. Do not deliver the message to anyone
No further parameters are needed for this action. No one will receive the message, and the sender will
receive a non-delivery report.
6.8.5.vii. Do not deliver the message to group members
No further parameters are needed for this action.
This action makes sense when one of the Rule conditions is that recipients are members of a certain Active
Directory group. Anyone on the recipient list who is a member of that group will not receive the message.
And any recipient not a member of that group will receive it. The sender will receive a non-delivery report
explaining who did and did not get the message.
Liquid Machines Email Control Server
Enterprise Edition 84 Administrator’s Guide
6.8.5.viii. Alert user with: Warning Message
Type your warning message in the box, and click OK. Email Control Client users will receive an error
dialog. Gateway components will deliver an email notice to the sender.
6.8.5.ix. Report when this rule is applied
An entry will be logged to the Report Service, discussed in section 6.7.
6.8.5.x. Add X-Header SMTP header
Type in the name for the header, and the value it will take, and click OK.
For example, you could put in X-Subject-Flag and Test Email. Or Acme-Hazard-Level and
Low Risk.
Use only letters, numbers, spaces and dashes when creating SMTP header names or values.
You can read more about SMTP headers below.
Also, you can use this action to control how Email Archive Gateway sets retention policies in the archive.
Read more about the Gateway in the chapter on Components.
Liquid Machines Email Control Server
Enterprise Edition 85 Administrator’s Guide
6.8.5.xi. BCC a copy of this message to: Mailbox
Type in the SMTP address of the mailbox and click OK.
The mailbox could be anywhere, in or outside your organization.
6.8.5.xii. BCC to without encrypting: Mailbox.
Type in the SMTP address of the mailbox and click OK.
The mailbox could be anywhere, in or outside your organization.
How this works is that, if the Rule performing this action was also going to encrypt the message, it will
make sure the copy that goes to the archive is not encrypted. This action will not decrypt an existing
protected email, such as one generated from Email Control Client.
6.8.5.xiii. Stop processing more rules.
No further parameters are necessary. This action stops rule processing and initiates message delivery. If this action is not present, then the message gets passed on to the next rule for more processing, even if this
rule took some action on it already.
Liquid Machines Email Control Server
Enterprise Edition 86 Administrator’s Guide
6.9. Using Patterns in Rules
As you saw in the previous section, you can have Policy Rules trigger on the existence, not just of words or phrases, but of more general patterns. For example, you could trigger a rule if a message contained any
Social Security Number, or any credit card number.
Liquid Machines Email Control Server
Enterprise Edition 87 Administrator’s Guide
6.9.1. To Create Patterns…
1. Create a new policy rule from a blank rule. In the Policy Rules Wizard, when you reach the screen
where you can select conditions, check the box labeled with specific pattern in the Subject.
Then click on the specific pattern hyperlink.
2. In the Select Pattern dialog box, click the New button.
Liquid Machines Email Control Server
Enterprise Edition 88 Administrator’s Guide
3. In the Create New Pattern dialog box, type in a name for the pattern, and a description.
Liquid Machines Email Control Server
Enterprise Edition 89 Administrator’s Guide
4. Now you can click the Add Fragment… button to add, one element at a time, a regular expression,
which would match a Social Security Number.
(You can read more about regular expressions below.)
5. A Social Security Number starts with 3 decimal digits. So on the left, you choose the One of these:
radio button, and then the Numbers [0-9] checkbox. On the right you choose the Exactly radio
button, and set times equal to 3.
Liquid Machines Email Control Server
Enterprise Edition 90 Administrator’s Guide
6. Click the Add button. You return to the Create New Pattern screen, and you see the regular
expression syntax that the wizard added to the pattern.
Liquid Machines Email Control Server
Enterprise Edition 91 Administrator’s Guide
7. Now let’s add a dash (-). Click Add Fragment… then choose the Exact phrase: radio button, and
type in the dash (-).
8. Then click Add. The dash gets added to the pattern.
Liquid Machines Email Control Server
Enterprise Edition 92 Administrator’s Guide
9. Go ahead and add more fragments, for certain numbers of decimal digits or dashes, until you have
what you think matches a Social Security Number.
10. When you are done, you can test to see if your pattern really works. Click the Test… button.
11. Type in a Social Security number. When you have typed in a valid number, the text of the number
turns green, and the message at the bottom of the dialog box says Pattern found in sample!
Liquid Machines Email Control Server
Enterprise Edition 93 Administrator’s Guide
12. Click Done to stop testing. Then click OK to save the pattern.
13. And now you can actually click Cancel to exit all dialog boxes. The pattern is already saved. You
needn’t save the Policy Rule or the Policy. You can go back at any time and use the pattern in any
Policy Rule.
6.9.2. To Edit Patterns…
You will notice that several patterns have already been created and saved for you. You can edit these patterns, or any other ones you create. In particular, you will want to edit the Internal Email Address and
the External Email Address patterns, to reflect the SMTP domain of your company.
Liquid Machines Email Control Server
Enterprise Edition 94 Administrator’s Guide
1. From the Select Pattern screen, select the pattern and click the Edit button.
Liquid Machines Email Control Server
Enterprise Edition 95 Administrator’s Guide
2. From the Edit Pattern screen, you can change the name and description. You can also click directly
in the Pattern ( as a regular expression ): field. Position the cursor, then type, delete, or paste text.
For example, highlight yournamehere and type in replacement text that corresponds to your
company’s SMTP domain name.
You can also use the Add Fragment… button to launch the Pattern Wizard, which can help you
create the regular expression.
3. Click OK when you are done.
If you edit the Internal Email Address pattern, you only need to put your root domain name in. It will match any subdomain. For example, typing in LiquidMachines will match eng.LiquidMachines.com,
tech.LiquidMachines.com, etc.
Make sure that, if your root domain has dots (.) in it, you put a backslash (\) in front of them. For example,
mystore\.isp.
You can follow a similar procedure for the External Email Address pattern. However, in this pattern, do
not type in any top level domain, like “.com” or “.net”. The end part of the pattern handles this for you.
Liquid Machines Email Control Server
Enterprise Edition 96 Administrator’s Guide
6.9.3. To Delete, Rename or Copy Patterns…
1. From the Select Pattern dialog box, select the pattern and click Delete, Rename or Copy as
appropriate.
2. If you click Rename, type the new name in the dialog box that comes up, and click OK.
3. If you click Copy, a new pattern appears in the Select Patterns dialog box, with the words “Copy of”
appended to the name of the original pattern.
You can edit the copy to suit your needs.
Liquid Machines Email Control Server
Enterprise Edition 97 Administrator’s Guide
6.9.4. More About Regular Expressions
Regular expressions are a kind of programming language for matching patterns. You can match something
as simple as a credit card number, or as complex as a list of chemical formulas. You can use these patterns
to trigger Policy Rules.
If you know how to use regular expressions already, you can type them directly into the Pattern: field in
the Create Pattern or Edit Pattern dialog box. For the syntax of regular expressions used by Liquid
Machines products, click the hyperlink at the bottom of the Create Pattern or Edit Pattern dialog box.
You will see a web page that explains the syntax.
The syntax is also explained in an appendix in this manual.
If you are not familiar with regular expressions, there are various training materials available. A web
search for the words “regular expression tutorial” will yield several online resources. O’Reilly &
Associates, Inc. publish several titles covering the subject, including Mastering Regular Expressions and
Regular Expression Pocket Reference. All these materials will help you gain better understanding and skill
with regular expressions.
Remember that, although training materials can help you understand and manipulate regular expressions,
they may not teach you the exact syntax of the implementation Email Control Server uses. For that you
must refer to the link at the bottom of the Create Pattern or Edit Pattern dialog box, or to the appendix in
this manual.
Liquid Machines Email Control Server
Enterprise Edition 98 Administrator’s Guide
6.10. More About SMTP Headers
All email messages contain a text body. That’s the part the sender composes, and the recipient reads. All email messages also contain headers, information the sender and recipient do not see, but that control the
behavior of the message, or give details about how it was created and how it traveled. You can use that
information to trigger Policy Rules.
Below is an email message displayed in Outlook. You can see the body, which contains a hyperlink. You
can also see information from some of the SMTP headers displayed at the top, in a user-friendly format.
For example, you can see that the sender is John Berkeley and the message was sent on March 24, 2003.
Liquid Machines Email Control Server
Enterprise Edition 99 Administrator’s Guide
In Outlook, if you right-click in the list of messages, on a message you received from outside your
company, and choose Options from the pop-up menu, you can see the SMTP headers. For example, in this
message, you can see that the “Sensitivity” header has been set to “Company-Confidential.” There is a
header showing the expiration date of the message, one showing it passed through Gateway for
Exchange/SMTP, and one showing which machine it originated from.
Liquid Machines Email Control Server
Enterprise Edition 100 Administrator’s Guide
If you scroll through the headers, you can find out when the message was sent, whether it contains HTML
or attachments, and maybe even what mail reader was used to compose the message.
Liquid Machines Email Control Server
Enterprise Edition 101 Administrator’s Guide
6.11. Configuring the “Apply Controls” Menu on BlackBerry Handhelds
Client for BlackBerry provides a friendly interface for creating protected emails. You can read the user
guide for Policy Client for BlackBerry, to see it in action.
You have to take special measures to configure the policy category menu on the handheld. Settings from
the Email Control Server administrative console do not go out to handhelds automatically.
The policy menu you configure for handhelds must contain a subset of policy categories, specifically the
ones contained in the policies that apply to the BESAdmin account on the user’s BlackBerry server.
Gateway for BlackBerry will not apply a user-selected policy that does not match one of these categories.
If you want to take control about choosing policies away from users, make sure the policy that applies to
the BESAdmin has only a default and no other categories, and/or applies Policy Rules.
6.11.1. What You Do
You send an email message to the BlackBerry user. They will see it in their Inbox in Outlook. They won’t
on their handheld. It will be processed and used to configure the options.
6.11.2. Message Format
The message must be sent in “plain text” format. It must not be a protected email, or HTML or Rich Text.
6.11.3. Configuration Syntax
The subject of the message must be exactly <Handheld_Policy_Settings>
The first three lines of the message body must be exactly <!-- This is an administrative email for your Blackberry. Do not reply
to this message. -->
<?xml version="1.0"?>
<Omniva_Admin>
Now, for each expiration category, you want to put in a group of lines that look almost like this:
<Policy_Category>
<Type>Expiration</Type>
<Name>policy name</Name>
<Expires_In>nn</Expires_In>
<Time_Units>Units</Time_Units>
</Policy_Category>
Liquid Machines Email Control Server
Enterprise Edition 102 Administrator’s Guide
For the text in bold, you need to substitute in real values. They need to conform to the policies you set up
on Email Control Server. They should be the same ones that apply to the BESAdmin.
For policy name, put in the name of the policy category exactly as you configured it on Email Control
Server, including any capitalization.
For Units, put in Hours, Days, Weeks, Months, or Years. Notice that all these words are
capitalized and in the plural.
For nn, put in the number of units you want, as a numeral.
Then, for each confidentiality category, you want to put in a group of lines that look almost like this:
<Policy_Category>
<Type>Confidential</Type>
<Name>policy name</Name>
</Policy_Category>
For the text in bold, you need to substitute in real values. They need to conform to the policies you set up
on Email Control Server. They should be the same ones that apply to the BESAdmin.
For policy name, put in the name of the policy category exactly as you configured it on Email Control
Server, including any capitalization.
The last line of the message should look exactly like
</Omniva_Admin>
You can send a new configuration message to the handheld anytime. You cannot set a default category.
If you want to make changes to policy categories that are already on the handheld, you have to delete the
old ones before you create the new ones. So before the category definition, put in a group of lines that
looks like this:
<Policy_Category_Delete>
<Name>policy name</Name>
</Policy_Category_Delete>
For the text in bold, you need to substitute in real values. They need to conform to the policies you set up
on Email Control Server. They should be the same ones that apply to the BESAdmin.
For policy name, put in the name of the policy category exactly as you configured it on Email Control
Server, including any capitalization.
Liquid Machines Email Control Server
Enterprise Edition 103 Administrator’s Guide
6.11.3.i. Example 1
You want to configure the policy category menu for Bob Johnson’s handheld. Your global policy includes
the following categories:
Category Name Settings
Memos 30 Days
Documents 90 Days
Records 1 Year
Company Only Users in company directory only
Eyes Only Recipients in TO, CC, BCC only
Bob is also a member of senior management. You have a policy called “For Execs” that also has the
following category:
Conversations 7 Days
(“For Execs” is also applied to the BESAdmin, or there is another policy applied to the BESAdmin that has
the same category.)
Also, Bob already has a category in his menu called Exec Test. You had put it there as a test.
Here’s what the whole configuration message looks like:
<!-- This is an administrative email for your Blackberry. Do not reply
to this message. -->
<?xml version="1.0"?>
<Omniva_Admin> <Policy_Category_Delete>
<Name>Exec Test</Name>
</Policy_Category_Delete> <Policy_Category>
<Type>Expiration</Type>
<Name>Memos</Name>
<Expires_In>30</Expires_In>
<Time_Units>Days</Time_Units>
</Policy_Category>
<Policy_Category>
<Type>Expiration</Type>
<Name>Documents</Name>
<Expires_In>90</Expires_In>
<Time_Units>Days</Time_Units>
</Policy_Category>
<Policy_Category>
<Type>Expiration</Type>
<Name>Records</Name>
<Expires_In>1</Expires_In>
<Time_Units>Years</Time_Units>
</Policy_Category>
<Type>Expiration</Type>
<Name>Conversations</Name>
Liquid Machines Email Control Server
Enterprise Edition 104 Administrator’s Guide
<Expires_In>7</Expires_In>
<Time_Units>Days</Time_Units>
</Policy_Category>
<Policy_Category>
<Type>Confidential</Type>
<Name>Company Only</Name>
</Policy_Category>
<Policy_Category>
<Type>Confidential</Type>
<Name>Eyes Only</Name>
</Policy_Category>
</Omniva_Admin>
6.11.3.ii. Example 2
You have already configured Bob’s policy category menu. You are doing this again because you changed the setting of the Documents category from 90 Days to 60 Days. And because Bob is no longer a senior
manager.
<!-- This is an administrative email for your Blackberry. Do not reply
to this message. -->
<?xml version="1.0"?>
<Omniva_Admin>
<Policy_Category_Delete>
<Name>Conversations</Name>
</Policy_Category_Delete>
<Policy_Category_Delete>
<Name>Documents</Name>
</Policy_Category_Delete>
<Policy_Category>
<Type>Expiration</Type>
<Name>Documents</Name>
<Expires_In>60</Expires_In>
<Time_Units>Days</Time_Units>
</Policy_Category>
</Omniva_Admin>
Liquid Machines Email Control Server
Enterprise Edition 105 Administrator’s Guide
7. Managing External Recipients
As you are aware, external Email Control Server is a member server in an Active Directory Domain.
(Depending on how it was installed, it may actually be a domain controller, and the only computer in the domain.) When you installed external Email Control Server, you created an organizational unit called
“Liquid Machines External Recipients,” or something similar. As external recipients receive their first
confidential messages and become registered with the service, corresponding user accounts are created
inside this organizational unit.
You manage external recipients just as you would regular user accounts. If you are familiar with Active
Directory, then you are already familiar with the interface. If you manage Windows NT and Exchange 5.5,
you will find the interface easy to transition to. Only some user properties will be relevant for Email
Control Server’s application.
7.1. To Begin…
1. Login to a domain controller as an administrator 2. From the Start menu on the desktop, in the Programs menu, in the Administrative Tools submenu,
choose Active Directory Users and Computers.
3. In the management console, expand the domain’s folder, and select the organizational unit’s folder.
The user accounts are displayed by email address in the right part of the window.
Liquid Machines Email Control Server
Enterprise Edition 106 Administrator’s Guide
7.2. View a User’s Properties
1. Right-click on the user, and choose Properties from the pop-up menu.
2. Select the General tab.
The user’s email address is used for the first name and the display name. No other naming
information is present. Also the address is added to the E-mail field.
In some circumstances, the same recipient may receive confidential email at several different email addresses. If this is true, and the recipient accesses those different accounts from the same
computer, then the E-mail field will contain the email addresses of all the different accounts. These
are known as “external recipient aliases.”
Liquid Machines Email Control Server
Enterprise Edition 107 Administrator’s Guide
3. Select the Account tab.
The login part of the user’s email address is used as the logon name. The domain part is used as the
logon domain. The real account name is randomly generated using the email address as a seed.
No other account properties are relevant for external Email Control Server.
External Email Control Server does not support some advanced password management features, such as
expiring passwords. It does support password complexity.
Liquid Machines Email Control Server
Enterprise Edition 108 Administrator’s Guide
7.3. Reset a User’s Password
You might reset a password if an external recipient informs you they have forgotten theirs.
1. Right-click on the user and choose Reset Password from the pop-up menu.
2. In the Reset Password dialog box, type in the new password twice, and click OK.
The console will confirm when the new password has taken effect.
7.4. Disable a User’s Account
You might disable an account if a recipient’s status with the company changes. Maybe they are no longer a
customer, or maybe they were fired from a partner firm.
When an account is disabled, the user can no longer read confidential email sent to them in the past or in
the future. They can still read messages marked as expiring but not confidential.
1. Right-click on the user’s account and choose Disable Account from the pop-up menu.
Re-enabling the account re-enables access to all confidential messages past and future.
Don’t delete the account! That won’t work, and you can read why below.
Liquid Machines Email Control Server
Enterprise Edition 109 Administrator’s Guide
7.5. Don’t Delete Accounts!
If you delete an account, and the recipient still has the first confidential message they received, they can use
it to re-register and recreate their account. If you want to lock someone out, disable the account.
Also, if you delete the account, someone else who might have that first message in their possession could
use it to falsely register with the service. Don’t delete accounts, disable them.
7.5.1. Recreating a Deleted Account
If you delete an account, you can recreate it by restoring it from backup. Or you can send them a confidential message with a registration request, so that they can re-register. Once the user registers again,
they will have access to all their old confidential messages.
To send a registration request, you must first delete Email Control Client’s cache of registered recipients.
1. Shutdown Outlook.
2. Make sure Windows Explorer will display hidden and system files. 3. In your user profile folder, in the subfolder Application Data/Omniva delete the file RegInfo.dat.
4. Start Outlook and send a confidential message to the recipient.
Liquid Machines Email Control Server
Enterprise Edition 110 Administrator’s Guide
7.6. Registration Collisions
In rare circumstances, registration collisions can occur, such that one user account ends up acquiring the
email address of another.
When a collision occurs, the following two symptoms occur:
The correct recipient never receives a registration letter. Instead they are prompted for a password, as
if they already know it.
The recipient’s email address does not exist in the list of users.
Liquid Machines Email Control Server
Enterprise Edition 111 Administrator’s Guide
7.6.1. To search for the colliding account…
1. In the management console, from the View menu, choose Advanced.
2. From the Action menu, choose Find...
3. In the Find Users dialog box, select the Advanced tab.
4. From the pull-down menu labeled Field, choose the User submenu, and then the Email Address
item.
5. From the pull-down menu labeled Condition: choose Ends with.
6. In the input field labeled Value: type in the email address of the correct recipient.
7.6.2. To repair the collision…
1. Open a web browser and access https://securemail.acme.com/KeyServ/AdminService.asmx, where
securemail.acme.com gets replaced with the common name of your policy service.
2. Find the link labeled UnregisterAlias and click through.
3. On the next page, for the parameter value, type in the name of the email aliases that should not be
associated with the account, and click the Invoke button.
Liquid Machines Email Control Server
Enterprise Edition 112 Administrator’s Guide
7.7. Partner Email Control Client
If some of your external recipients are also trusted business partners, you may want them to use Partner Email Control Client. They can compose secure messages when they communicate with you, or read
messages offline. Partner Email Control Client does have some limitations:
Only recipient-confidential messages can be sent. Composing company- and group-confidential email
is not supported.
Three retention policies for composition are hard-coded into the Client, for 30 days’, 90 days’, and 1
year’s expiration time. They cannot be changed.
Automatic policy application is not supported.
The default is not to send a protected email. Users must take action in order for that to happen.
Users can send new protected emails to anyone, not just your company employees.
If a partner forwards or replies to a protected email, Partner Client does enforce the original settings. So if you send the partner a group-confidential message that expires in 100 hours, the partner’s reply will be
group-confidential and will expire after 100 hours.
You install and configure Partner Client the same way you would Email Control Client, except that you use
the Partner Client installer. The partner must be registered with the external Email Control Server before
they can install.
Note: If you want more control over the policies applied to email entering your organization, and you are
not concerned about end-to-end encryption, use Gateway for Exchange/SMTP to secure correspondence
from partners and customers.
7.7.1. Installing Partner Client
First, you need to configure your external Email Control Server to support Partner Client. Run through the configuration wizard on the external Email Control Server, and enable the “Allow External Senders” and
“Pass-thru Authentication” features. You can read more about the pass-thru feature in the Features chapter
earlier in this manual.
Make sure the user has received and successfully read a confidential protected email, from the machine
where they will install Partner Client.
Distribute the Partner Client installer (opcexternal.exe in the Clients/for Outlook folder) and the Email
Control Client install guide to the recipient. Be sure to tell them the common name of your policy service.
Or package the installer so that it does this automatically, as per the details in the “Automating Roll-out”
topic in the Advanced Administration chapter.
Liquid Machines Email Control Server
Enterprise Edition 113 Administrator’s Guide
7.7.2. Security Implications
When Partner Client support is enabled, a hostile party who is also a registered external recipient can
mount a “directory harvest” attack against your external Email Control Server. This means that the attacker can repeatedly ask the server whether an email address is a valid one inside your corporation, or whether it
belongs to an external recipient registered with your external Email Control Server. Eventually, the
attacker could “harvest” several valid email addresses. Spammers are the most common users of such an
attack.
Since an attacker may be able to “harvest” a valid email address for an external recipient, he could then
know that this recipient is doing business with your company. This could be a risk to the recipient’s
privacy, or your company’s.
Liquid Machines Email Control Server
Enterprise Edition 114 Administrator’s Guide
7.8. Customizing the Registration Page
You can add your company’s logo or a custom message to the top of the registration page. Normally, at
registration time, the recipient sees something like…
You can customize all this part of the registration page.
1. On the external Email Control Server, create the text file customRegistration.txt in the
C:\Documents and Settings\All Users\Application Data\Omniva folder.
2. Add your customizations to this file. They will be displayed within the single cell of a one-row, one-
column table, so author your HTML accordingly.
This page is accessed over an HTTPS connection. So if you add links to images that go over plain HTTP,
your external recipients may receive a dialog from their web browser about allowing both secure and
insecure items.
Liquid Machines Email Control Server
Enterprise Edition 115 Administrator’s Guide
8. Monitoring Activity
Your internal Email Control Server offers several monitoring reports you can use to gauge the effectiveness
of deployment and usage, and to track changes.
8.1. To Begin…
1. Start the administrative console.
2. Expand Liquid Machines Email Control Administrator.
8.2. Who Is Installed?
In the Windows domain where the Email Control Server resides, you created a group called “Omniva Senders.” Email Control Server automatically adds the account of anyone who has Email Control Client
installed to this group.
You can view this group’s membership using the Active Directory User and Computers management
console, or the Windows NT User Manager. You cannot view the report from the administrative console.
You can also use the showmbrs command line utility from the Windows 2000 Resource Kit to create a text
file listing the members of the group.
Note that Email Control Server adds a member to this group the first time Email Control Client runs after an installation. If for some reason you have not created this group but have already installed clients, you
will need to reinstall those clients in order to get them in the list.
Liquid Machines Email Control Server
Enterprise Edition 116 Administrator’s Guide
8.3. How Many Have Policies?
1. Right-click on the Information folder and choose the Installation tab.
This report counts how many users have Email Control Client installed.
This report does not subtract from its counters when someone uninstalls Email Control Client. So these figures reflect the maximum achieved, not necessarily the current reality. It counts how many members are
in the Omniva Senders group.
8.4. When Are Keys Deleted?
Now choose the Activity tab.
Liquid Machines Email Control Server
Enterprise Edition 117 Administrator’s Guide
The report shows the last time one or more encryption keys were deleted.
8.5. When Were Changes Made to Policies?
1. Now select the History tab.
2. From the History report, from the pull-down menu select the policy you want to audit.
The report shows, in chronological order, when changes were made to a policy.
You can even select policies that have been deleted.
Note that currently no history of the actual changes is available for policies.
Liquid Machines Email Control Server
Enterprise Edition 118 Administrator’s Guide
8.6. Basic Read Message Activity
In order to enable basic read-message tracking, you must create the Windows registry key \\HKEY_LOCAL_MACHINE\SOFTWARE\Omniva\Policy Server\EnableIISLog as a string value
and set it to true.
The web server must be configured to log in W3C format, and have no custom logging fields defined or
enabled. This is the default installation mode for IIS 5.0.
In the Email Control Administrator, select the Message Statistics View folder.
For each time a protected email is read, the report shows…
Who sent the message.
What time it was sent.
Who read the message…
It also indicates if the user was outside the corporate network when they read the message.
Note that reads by external recipients are not reported on the internal Email Control Server.
What time it was read.
What happened…
The read was successful. That is, NoError occurred.
The message had already Expired.
The user was unauthorized, thus AccessDenied.
Liquid Machines Email Control Server
Enterprise Edition 119 Administrator’s Guide
At the bottom of the report page, there are links to additional pages.
Tip: You can also access this report with your web browser. The URL is
https://hostname/KeyServ/Anonymous/MessageStats.aspx, where hostname gets replaced with the
canonical hostname of the server.
8.6.1. How Do I Clear Out Report Activity?
Policy Mail Activity reports are generated by processing all web server logs that currently exist in the standard location. To clean out the report, move or delete all but the last few days of logs. Be sure to
backup the logs to stable, permanently stored media, if you will ever need access to the full report.
Internet Information Services (IIS) logs are located in %SystemRoot%\LogFiles\W3SVC1. The
filenames take the form exYYMMDD.log. The string W3SVC1 may be slightly different if there are
multiple web sites being served by this machine.
Liquid Machines Email Control Server
Enterprise Edition 120 Administrator’s Guide
8.6.2. Can I Do My Own Analysis?
Yes. You can process the IIS logs to do your own analysis. You need to be familiar with the W3C
extended log file format for web servers, and CGI query strings within HTTP GET requests. Here’s what
to look for:
Any line containing the string InlineImage or InlineLink represents one reading of a message.
The time of the HTTP request is the time of the reading.
The CGI query string contains the following relevant parameters:
id: the unique identifier of the message that was sent.
from: the email address of the user who created the original protected email, prefaced by the
string “rfc822:”.
at: the time the message was originally sent
recipient: who read the message. This field is blank if the recipient was external.
status: one of NoError, Expired, or AccessDenied.
auth: set to “External”. Present only if the request was originally against the external server.
To be clear, when an external recipient reads a message, recipient is empty and auth is set. If
auth is set and recipient is not empty, this represents an internal recipient reading from outside
the network, such as a Sales Associate reading from an airport kiosk.
A message reading is counted every time a web browser or mail reader renders the message. This means
that one user could generate several readings in a short amount of time. For example, a user without Email
Control Client who reads a copy- or print-blocked message will generate two readings, since the first time
they “read” the message, they will be presented with a graphic asking them to, “Click here to read the
message.” They click again and generate a second reading.
8.6.3. What About External Recipients?
As with the internal Email Control Server, policy mail read-message activity on the external Email Control Server is written to the IIS logs. There is no report available in the administrative console, but you can still
access the report via https://hostname/KeyServ/Anonymous/MessageStats.aspx.
Note that the email addresses of the external recipients are not included as part of the report.
Liquid Machines Email Control Server
Enterprise Edition 121 Administrator’s Guide
8.7. The Report Service
Email Control Server’s Report Service allows you to log audit violations to an SQL database. Certain events within the Email Control Server system trigger submission of data to the virtual Report Service.
Specifically…
Any time someone is denied access to a protected email or encrypted attachment, the Email
Control Server that denied access will log the event to the Report Service.
If a message triggers a Policy Rule, and the Rule includes a “report” action, the Client or Gateway
processing the Rule will log the event to the Report Service.
The Report Service in turn stores the event data in a common format in a Microsoft SQL Server 2000
database.
Each Email Control Server has installed with it by default a virtual Report Service. When you enable
the Report Service, then all Clients and Gateways which connect to that same Email Control Server
start logging events, as does the Email Control Server itself.
You can configure multiple Report Services to store data in the same SQL database.
8.7.1. To set up Microsoft SQL for the Report Service…
You must deploy Microsoft SQL Server 2000. You should be familiar with managing SQL server, specifically with creating a database, running an SQL batch file, adding permissions to a database, and
backing up the database. Refer to your Microsoft SQL Server documentation.
Create an SQL database. You can name it however you choose, but we suggest you start the name with
“LMEC.”
The Email Control Server machine must be able to access this database over the network, and the machine
account of the server must be able to login remotely to the database with administrative rights, or “full
control.” Make sure you set the permissions on the database accordingly.
Run the SQL commands in the Omniva.SQL file, located in the c:\wwwroot\inetpub\ReportServ folder,
against the database you created, in order to configure and schematize it.
Liquid Machines Email Control Server
Enterprise Edition 122 Administrator’s Guide
8.7.2. To enable the Report Service on a particular Email Control Server…
1. In the Email Control Administrator, right-click on the Configuration node and choose Properties. Then move to the Advanced tab.
2. Click the Reporting… button.
Check the box to enable reporting, and input the connection string in the field below.
3. Click OK to close all dialog boxes.
Liquid Machines Email Control Server
Enterprise Edition 123 Administrator’s Guide
8.7.2.ii. More about connection strings…
An SQL connection string consists of a list of name/value pairs separated by semicolons, like this:
First=john;Last=smith;Title=Mr
You can read about all the different value pairs in your Microsoft SQL Server documentation. Parameters
control what server and database are accessed, what login credentials are used, and all sorts of ways to
control the security, performance, and multiplexing of the connection. The most salient ones to remember
are:
Data Source= Put in the host name or IP address of the SQL Server.
Initial Catalog= Put in the name of the database you created.
Integrated Security= Put in SSPI. This is the most secure method. If you can’t support this
method, read your SQL Server documentation for other options.
Putting those together, you arrive at something like…
Data Source=sql1.dc.acme.com;Initial Catalog=OPMauditdb;Integrated
Security=SSPI
Liquid Machines Email Control Server
Enterprise Edition 124 Administrator’s Guide
8.7.3. Database Schema
8.7.3.i. Table: PolicyReport
A record is added to this table every time an audit event occurs.
Field: uniqueID: This is a unique record number generated by the database server.
Field: timeOfInsert: This is the date and time the record was actually committed to the
database.
Field: timeOfMessage: This is the date and time the message was created.
Field: timeOfViolation: This is the date and time the rule was triggered, or access was
denied to reading the message.
Field: sender: This is who created the original message.
Field: subject: This is the subject line from the original message.
8.7.3.ii. Table: SendReport
A record is added to this table (and correlated to one in the PolicyReport table) only when the audit event is
that a Rule was triggered,
Field: uniqueID: This is a unique record number generated by the database server.
Field: fkPolicyReport: This is the unique record ID of the corresponding entry in the
PolicyReport table.
Field: ruleName: This is the name of the Rule that was triggered, as it was configured in the
Policy.
Field: rule Description: This is the description of the Rule that was triggered, as it was
configured in the Policy.
Liquid Machines Email Control Server
Enterprise Edition 125 Administrator’s Guide
9. Advanced Administration
9.1. Backups
You should backup each Email Control Server or external Email Control Server. Critical data include
server configuration, security policies you have created, audit information, and encryption keys.
Liquid Machines’ recommendation for backing up the encryption keys housed on the Email Control Server
is to create one or more “warm spares” and store them in a network-safe location. That is, you set up an
Email Control Server, replicating the encryption key data as discussed under “Replicating Data” below, and
leave it on.
If your backup systems or policies do not allow you to create “warm spares,” Liquid Machines
recommends that you backup the encryption keys to their own, separate media, and that you physically
destroy the media once you have created the next, new backup. If the media is not destroyed, someone
might be able to recover old encryption keys, and therefore read protected emails that should have expired.
The keys are housed in the “All Users” profile directory on the servers. The specific location is:
For cleanly installed Windows 2000 and 2003, c:\Documents and Settings\All Users\Application
Data\Omniva\keys.
For upgrades from Windows NT, c:\Documents and Settings\All Users.WINNT\Application
Data\Omniva\keys.
Make sure you exclude this folder from your backup plan. Or handle it specially as previously described.
You should also backup the Active Directory database in the domain where the external Email Control
Server resides. This domain contains all information about external recipients who are registered to receive
confidential messages.
9.2. High Availability
Email is mission critical to your business. That means every component of the messaging systems needs to meet demands for uptime and performance. This includes Email Control Server. If Email Control Server
is down, recipients can’t read protected emails.
You can find whitepapers on complex HA configurations on Liquid Machines’ web site.
9.2.1. Fault Tolerant Hardware
Liquid Machines recommends you deploy Email Control Server and external Email Control Server on fault tolerant hardware. Specifically, we recommend the encryption keys be housed on a RAID 1 or RAID 5
disk configuration. Since encryption keys are mission critical data, RAID offers protection against loss.
9.2.2. Mirroring
All Email Control Servers and external Email Control Server in a given installation mirror the same set of
encryption keys. If one server fails catastrophically, you can copy the keys from another server as part of
Liquid Machines Email Control Server
Enterprise Edition 126 Administrator’s Guide
rebuilding the failed machine. Mirroring is accomplished by uniformly seeding the servers during product
installation. It does not require the servers to communicate with each other in any way.
Seeding is a very simple process. After you install the first Email Control Server, you simply copy the
folder where the keys reside to the exact same location on the next server. Then you install the product
software on the next server. The installation recognizes that you have already copied in the keys. See the
Replicating Data section on the next page.
9.2.3. Load Balancing and Failover
You can balance the client load across several Email Control Servers or external Email Control Servers.
You can use industry-standard technologies such as Microsoft Windows Load Balancing Service, or Cisco
Content Service Switches. You can also provide a failover mechanism this way.
If you need help planning or configuring a load-balanced or failover scenario, please contact Liquid
Machines Technical Support.
Liquid Machines Email Control Server
Enterprise Edition 127 Administrator’s Guide
9.2.3.i. Replicating Data
The SSL certificate on an existing server must be exported to and installed on the new server.
Encryption keys are replicated amongst load balanced servers automatically, because of uniform seeding at
installation time. Seeding is accomplished by copying the folder c:\Documents and Settings\All
Users\Application Data\Omniva\keys from an existing Email Control Server to the exact same location
on a new Windows server, and then installing Email Control Server on the new server.
Configuration parameters must be entered separately for each server. For example, if you enable the
Retention Mailbox feature, you must do so through the administrative console of each individual server.
Policies you created can be replicated via Microsoft Distributed File System (DFS), or some other file
replication technology. You should be well versed in the file replication technology in order to accomplish
this.
The directory you must replicate for policies is c:\ Documents and Settings\All Users\Application
Data\Omniva\policies. ( Or “All Users.WINNT” on machines upgraded from Windows NT. )
An overview of the procedure for Microsoft DFS would be to:
Create a DFS root on the main Email Control Server.
Create DFS replicas of this root on the other Email Control Servers.
On the main Email Control Server, in the DFS root you created, create a DFS link and associate it with
the folder where the policies are.
Create DFS replicas of this link on the other Email Control Servers, and enable them for automatic
replication.
9.2.3.ii. Supporting Universal Viewer
When someone views a message with Universal Viewer, several different HTTP and HTTPS requests are made to the Email Control Server all at once. All the requests must go to the same server, or rendering the
message will fail.
When all HTTP requests go to the same web server, during the cycle of a particular application, it’s called a
session. The application is called session-based. So your load balancing solution must support Universal
Viewer as a session-based application.
In Windows Load Balancing Service, you can do this by setting the affinity on the port rule for the service
to “single.”
On a Cisco Content Services Switch, you do this by making the service “sticky by IP.”
9.2.4. Geographic Redundancy
You can deploy internal Email Control Servers in different geographic locations, and ensure that users access the Email Control Server geographically closest to them. There are a couple different ways to
accomplish this.
Liquid Machines Email Control Server
Enterprise Edition 128 Administrator’s Guide
If you need help planning or installing a geographically redundant setup, please contact Liquid Machines
Policy Systems Technical Support. Also, check the Liquid Machines Support web site for additional
materials and documentation.
9.2.4.i. DNS Views
With this method, you deploy internal Email Control Servers in each geographic site. You create the
servers and replicate the data between them according to the instructions in the Load Balancing and
Failover section above.
Then you manipulate the DNS view of the client workstations at each site, so that it points the common
name of the policy service at their local Email Control Server. The easiest way to do this might be to create
a separate domain exclusively for the policy service, for example pmail.acme.com. Then you configure a DNS server at each site to host the domain, adding a pointer record, for example pm.pmail.acme.com, that
references the local Email Control Server.
9.2.4.ii. Trusted Email Control Servers
With this method you deploy internal Email Control Servers in each geographic site. You must also deploy an external Email Control Server or cluster for each site-local internal Email Control Server or cluster. The
internal Email Control Servers cannot “share” one external Email Control Server.
You replicate key and policy data between them as you would with the first method. You do not replicate
configuration information or the SSL certificate. It’s almost like completely separate Email Control Server
installations, except you replicate key and policy data.
Instead you choose a different common name for the policy service for each site, for example
securemail.asia.acme.com and securemail.europe.acme.com. You acquire SSL certificates for each of
these common names, and install them on the appropriate servers. You configure DNS to point the
appropriate common name at the appropriate server, both for Email Control Server and external Email
Control Server. When you install each server, you configure them according to their corresponding names
for the policy service and matching external Email Control Server.
Finally, when you install Policy Client, you configure it to point to the common name of the policy service
appropriate for its geographic locality.
Liquid Machines Email Control Server
Enterprise Edition 129 Administrator’s Guide
9.2.4.ii.i. What Happens…
When Policy Client generates a protected email, it gets a key from, and the message references, the local
Email Control Server.
When Policy Client reads a protected email, it always asks its local Email Control Server for the key, even
if the message came from one of the other servers.
For users without Policy Client, the Universal Viewing service will carry them back to the original server.
So for example, a user in Asia without Policy Client who receives a message from Europe will connect to
Europe’s server. Because of this, Liquid Machines recommends you deploy trusted servers only in major,
or hub, sites in each geographic region, and not in satellite offices for that region. Otherwise, users without
Policy Client might have to connect to servers that are network-wise very far away.
9.2.5. Offline for Clients
Email Control Client and Gateway for BlackBerry provide Outlook and BlackBerry users with offline
capabilities for reading and composing messages.
Liquid Machines Email Control Server
Enterprise Edition 130 Administrator’s Guide
9.3. Automated Client Roll-out
Email Control Client and Client for BlackBerry installers come in executable (EXE) and Microsoft Installer (MSI) formats that are compatible with automated roll-out technologies, such as Windows login scripts,
Active Directory Group Policies (GPO’s), Microsoft SMS and Intel Landesk.
Client for BlackBerry needs no configuration parameters, and can be run without alteration. They accept
all Microsoft Installer flags, such as /qn, which runs a “silent” install.
Email Control Client requires the common name of the policy service as its only parameter. You can pass
the executable the flag OPS_POLICYSERVER=securemail.acme.com where
securemail.acme.com gets replaced with the name of your service. You can edit the MSI file (or
create a transform) with standard MSI editing tools, such as Microsoft’s ORCA. In the Properties table,
add a row labeled OPS_POLICYSERVER and make its value be the common name of the policy service.
9.4. Compromised Keys
If an attacker somehow gets access to one of your Email Control Servers or external Email Control Servers, they might be able to copy the encryption keys and the information used to generate them. This would
compromise not only all existing protected emails, but all future ones generated as well.
If you detect an attacker, and after you have locked them out and cleaned up your systems, you should change the “key sequence identifier” on your primary Email Control Server, and then copy the encryption
keys from this server to all other servers. This will not protect existing messages, but will protect any
future messages sent.
You can change the identifier in the administrative console, on the Configuration tab. However, changing it does not create any effect. You should contact Liquid Machines Technical Support for the tools and
procedures necessary to complete this process.
9.5. Corrupt Keys
In the rare instance that the encryption keys on a server become corrupt, you will be notified via the administrative email address that you configured at installation time. The email has as its subject “Email
Control Server 'securemail.acme.com' is experiencing errors.” The body of the message contains the text
“Email Control Server 'securemail.acme.com' is experiencing errors related to key management. See the
Application event log for details.”
If key corruption does occur, you should stop the Liquid Machines Server, by shutting down IIS. Then re-
copy the keys from a Email Control Server suspected to have a valid key set, in the exact same way you did
to install your external Email Control Server or redundant Email Control Servers. Then restart the server
by restarting IIS.
The internal Email Control Server is most likely to have the correct key set, unless it has crashed and the
external Email Control Server has not.
Liquid Machines Email Control Server
Enterprise Edition 131 Administrator’s Guide
9.6. Logging
9.6.1. Email Control Server
Email Control Server, and external Email Control Server, log all output to the machine’s application event
log.
To change the verbosity of logging, use Notepad to edit the file
c:\Inetpub\wwwroot\KeyServ\Web.config. Find the section that looks like
<switches><!-- Sets the general log level.
Valid values are: 0=Off, 1=Error, 2=Warning, 3=Info, 4=Verbose -->
<add name="Global" value="3" />
</switches>
In the string value=”3”, change the 3 to 1, 2, 3, or 4 as appropriate. Then restart IIS.
The IIS logs also contain valuable information about the operation of Email Control Server. IIS logs are
located in c:\%WINDOWS%\system32\LogFiles\W3SVC1 by default. There is generally one file for
each 24-hour period. The string W3SVC1 may be different, if there are multiple virtual web servers
running on this machine.
9.6.2. Email Control Client
Email Control Client sends all log output to the user’s profile folder, to the
Local Settings\Temp\OmnivaLogs subfolder.
There are log files for each Outlook session. Three types of logs exist, one for the add-in, one for
Attachment Reader, and one if you are using Word as your email editor. The filenames begin with oc_,
ar_, and wa_, respectively.
You can set the max size of log files by setting the registry key
\\HKEY_LOCAL_MACHINE\Software\Omniva\Policy Client\LogLimit. This key must be a string
value key and to contain a file size in Mb. If key value is equal to 0 or greater than 4000 or illegal number
the logger does not split files.
In the folder c:\Program Files\Liquid Machines\Email Control Client there are three files,
logDefault.reg, logOn.reg, and logOff.reg. These are Registry Editor scripts, which set logging to
normal, verbose, or off, respectively.
Liquid Machines Email Control Server
Enterprise Edition 132 Administrator’s Guide
9.6.3. Gateway for BlackBerry
The amount of logging can be controlled through the Gateway’s administrative console. Please see the
Components chapter for more information.
Errors and warnings are logged to the machine’s application event log.
Events and traces are logged to files in %HOMEPATH%\Local Settings\Temp\OmnivaLogs, where
%HOMEPATH% is the user profile directory of the BESAdmin account. The filename extension is .log.
Logging at this level causes the service, the BlackBerry server, and the administrative application all to log
verbosely.
You can set the max size of log files by setting the registry key
\\HKEY_LOCAL_MACHINE\Software\Omniva\Policy Gateway for Blackberry\LogLimit. This key
must be a string value key and to contain a file size in Mb. If key value is equal to 0 or greater than 4000 or
illegal number the logger does not split files. Also a new log file is created with every Gateway restart.
9.6.4. Gateway for Exchange/SMTP
Gateway for Exchange/SMTP logs events to files in c:\%WINDOWS%\Temp\Liquid Machines\Logs.
The filenames begin with sg_.
You can set the max size of log files by setting the registry key
\\HKEY_LOCAL_MACHINE\Software\Omniva\Policy Gateway for SMTP\LogLimit. This key must
be a string value key and to contain a file size in Mb. If key value is equal to 0 or greater than 4000 or
illegal number the logger does not split files. Also a new log file is created with every Gateway restart.
You can set the logging level by setting the registry key
\\HKEY_LOCAL_MACHINE\Software\Omniva\Policy Gateway for SMTP\LogLevel to one of
Verbose, Info, Warning, or Error. The default is Info.
Gateway for Exchange/SMTP also logs events to the server’s application event log under the following
circumstances:
The Gateway is started or stopped.
The Gateway encounters an error that causes it to retry sending the message after 60 seconds.
The Gateway encounters an unknown error.
9.6.5. Email Archive Gateway
To enable logging in Email Archive Gateway, in the Windows registry, in the key
\\HKEY_LOCAL_MACHINE\SOFTWARE\Omniva\KVS create a string value labeled LogLevel and
set its value to Debug.
File are logged to c:\ArchiveFilter.log.
Email Archive Gateway shares some code with Gateway for Exchange/SMTP. So you can enable
additional logging via the Gateway mechanism.
Liquid Machines Email Control Server
Enterprise Edition 133 Administrator’s Guide
9.6.6. Client for Blackberry
For management of logging in Client for Blackberry:
1. Click on Omniva application icon to get "Control Categories" screen.
2. Click the wheel and choose "About".
3. Use following hotkey combinations:
Type the letter 'l' and then the letter 'g' to launch the log output screen.
Type the letter 'l' and then the letter 'e' to turn on logging.
Type the letter 'l' and then the letter 'd' to turn off logging.
Type the letter 'l' and then the letter 'c' to clear all log entries.
Liquid Machines Email Control Server
Enterprise Edition 134 Administrator’s Guide
10. The Discovery Process
Some day your company may be involved in a lawsuit. Once the suit is filed, your company is not allowed
to destroy any evidence – like email and paper documents -- until it’s over. During the proceedings, the other party will be given a chance to “discover” any evidence that might help their case. Depending on
what a judge says, they may be allowed to search – possibly electronically – through some or all of your
company’s existing email messages.
That’s the discovery process. And it has a few implications regarding Email Control Server, namely that…
Messages must not expire during the lawsuit, or they may be considered destroyed, and you could be
penalized.
The other party must receive readable versions of any email messages that they can and do request.
The company must continue to protect its intellectual assets from unauthorized access, and itself from future liability.
10.1. Procedure Overview
10.1.1. Suspend Expiration
The first thing to do, immediately upon being served with the lawsuit, is suspend expiration. You should never suspend expiration, or re-enable it, without a directive from Executive Management as advised by
Legal Counsel. If you do either without their mandate, you could expose the company to legal liability.
Once you do this, Email Control Server will not destroy any encryption keys, until you enable expiration
again. That way, you can extract and make readable any email that is requested as part of discovery.
10.1.1.i. What the User Sees
The user experience will continue to be that messages are kept confidential, or expire, or cannot be printed or copied. Email Control Server will not grant access for end-users to messages that should have expired,
even though it keeps the key available. That way, company assets are still protected.
10.1.1.ii. What Happens Afterward
When you do re-enable expiration, Email Control Server will delete all keys that should have expired
immediately. That way any documents not subpoenaed will cease to be a possible liability.
It can take Email Control Server up to 24 hours to physically delete the keys. However, it will not hand out
any keys it intends to delete during that time. You cannot “abort” the process and expect that whatever
keys were not yet deleted will become available.
10.1.2. Enable Retention
If you have not already enabled the message retention features when a lawsuit is served, then you might want to do so. This will protect against users who unwittingly destroy email by deleting it from their
mailboxes. Or, if you have a professional archival solution deployed, such as KVS Enterprise Vault, then
this system can protect you also.
Liquid Machines Email Control Server
Enterprise Edition 135 Administrator’s Guide
10.1.3. Extract and Decrypt Messages
Once expiration is suspended, and as discovery requests come in, you will need to extract email messages,
decrypt them, and send them to counsel. You may be asked to send all email messages on all servers and backup tapes. Or you may be asked to send email messages sent only by certain people during certain
periods of time
It may be to your advantage to extract messages only upon request. Or, if the process will last a long time
and messages created during the process will be requested, it may be smarter to extract and save new
messages on a daily basis.
10.1.3.i. Extract and Store
The first task is to extract and store the relevant email.
The Microsoft Exchange utility Exmerge is used if you are retaining the messages in an Exchange mailbox. Exmerge is highly configurable, and can be used to target and retrieve precisely what emails are needed.
Extraction criteria can include time, mailbox user, subject line content, and other parameters.
If you have a professional archiving system, refer to its instructions for extracting messages. For purposes
here, they must be saved to a Microsoft Personal Folder File (PST).
10.1.3.ii. Decrypt and Save
The second task is to decrypt the messages and save them in a readable format. The Liquid Machines tools
are used to decrypt the messages, and then they are saved in Microsoft Personal Folder (PST) files.
Liquid Machines Email Control Server
Enterprise Edition 136 Administrator’s Guide
10.2. To Suspend Expiration…
NOTE: Suspension of key destruction in the Liquid Machines Email Control Administrator will result in the suspension for all messages managed by the Email Control Server. Suspension of key destruction is an
“all or nothing” proposition.
1. Start the administrative console.
2. Expand the Liquid Machines Email Control Administrator node, right-click the Configuration
node and select Properties. Select the Advanced tab.
3. In the dialog box, choose the radio button labeled Suspended. Click YES in the ensuring
confirmation dialog.
Liquid Machines Email Control Server
Enterprise Edition 137 Administrator’s Guide
10.3. To Resume Expiration…
WARNING: If expiration has been suspended, resuming expiration will result in the immediate expiration of all messages that should have expired while the suspension was enabled. These messages will become
unrecoverable immediately.
1. Start the administrative console.
2. Expand the Liquid Machines Email Control Administrator node, right-click the Configuration
node and select Properties. Select the Advanced tab.
3. In the dialog box, click the radio button labeled Normal to restart expiration.
10.4. To Extract and Decrypt Messages…
10.4.1. Set Up a Dedicated Machine
The discovery process can take up a lot of hardware resources. Decrypting so many messages at once can
use a lot of processor time. And, depending on how much information is needed by the court, the process
can take a lot of disk space.
You should expect to consume twice as much disk space as it would take to store all the messages you need
in an Outlook Personal Folder (PST) file.
The Discovery Tools cannot be run on the same machine as where Email Control Server resides.
Liquid Machines Email Control Server
Enterprise Edition 138 Administrator’s Guide
10.4.2. Install Software
On the machine dedicated to the discovery process you will need to install…
Windows 2000 Server, Service Pack 3 or later.
Microsoft Outlook 2000 or later.
Liquid Machines Email Control Client.
Either… ExMerge, which you can find for Exchange 2000 in the Support folder on your Exchange 2000 distribution disk. For Exchange 5.5, ExMerge can be found in the second edition of the
BackOffice Resource Kit.
Or… the tools necessary to extract messages from your professional archiving system and store them
in PST files.
The Liquid Machines Email Control Administrator. Run the setup program in the Email Control
Administrator folder on your product CD, and install the Administrator, just as you would in other
circumstances.
10.4.3. Create the Service Account
1. In the domain where the dedicated machine resides, create a user account with login DiscoveryUser.
Make sure the login name and display name are spelled exactly that way, capital letters, no space
and all.
2. In the same domain, create a domain local group called Discovery Users. Add the service account to
this group.
3. Add the service account to the Administrators group local to the dedicated machine (not the domain
group).
4. Make the service account an Exchange administrator…
10.4.3.ii. For Exchange 2000…
1. Create a mailbox for the service account.
2. Add the service account to the Exchange Domain Servers security group.
10.4.3.iii. For Exchange 5.5…
1. Create a mailbox for the service account.
2. In the properties of the Organization, Site and Configuration objects in Exchange System
Manager, add the service account to the permissions list as a Service Account Admin.
Liquid Machines Email Control Server
Enterprise Edition 139 Administrator’s Guide
10.4.4. Extract Messages
You can use the Microsoft Exchange support utility ExMerge to extract messages from an information
store. ExMerge provides a graphical interface that allows you to select messages for extraction based on a number of different criteria. It then saves the extracted messages to PST files. You can also save the
settings so that you can run ExMerge in batch mode, and automate the discovery process.
Or, you can use the tools that come with your archiving solution to extract messages and store them in PST
files.
Before you extract messages, consider how much disk space, processor power, and hours you have each
day. You may want to extract and process messages in separate lots. For example, you might extract all
messages sent in a given week, or all messages from a certain group of users.
Note that the following procedure uses the ExMerge tool for Exchange 2000 as the example.
Liquid Machines Email Control Server
Enterprise Edition 140 Administrator’s Guide
1. Start the ExMerge utility. You see the welcome screen for the Mailbox Merger Wizard. Click Next.
2. On the next screen, select the second option, the two-step procedure.
Liquid Machines Email Control Server
Enterprise Edition 141 Administrator’s Guide
3. On the next screen, select the first option, step 1. (We’ll never do step 2.)
4. On the next screen, type in the name of your Exchange server.
5. Click Options… to select the extraction criteria.
Liquid Machines Email Control Server
Enterprise Edition 142 Administrator’s Guide
6. On the Data tab, check only the first box.
7. On the Import Procedure tab, select the second option, to merge data.
Liquid Machines Email Control Server
Enterprise Edition 143 Administrator’s Guide
8. On the Folders tab, select the “Ignore these folders” radio button, and check the “Apply actions to
subfolders” checkbox.
9. Click the Modify… button to choose folders.
10. In the Select Folders dialog box, double-click \Calendar, \Contacts, \Journal, \Notes, and \Tasks.
None of these things could contain protected emails.
Liquid Machines Email Control Server
Enterprise Edition 144 Administrator’s Guide
11. Click OK to save the folder selections.
12. On the Dates tab, you can select all messages, or you can choose a range of dates. Here we have
selected any messages delivered on a particular day.
Liquid Machines Email Control Server
Enterprise Edition 145 Administrator’s Guide
13. On the Message Details tab, you can search for messages based on the subject line, or on the names
of any attached files. Here we are searching for messages whose subject contains the string “pin
number”.
14. Click OK to save the changes. Then click Next to go to the next screen. This may take a few
moments while the address book is retrieved.
15. Select the mailboxes you want to extract. Then click Next.
Liquid Machines Email Control Server
Enterprise Edition 146 Administrator’s Guide
16. On the next screen, you can select a locale, if you are in a country other than the U.S.
17. On the next screen, you can select what folder the PST files will go into.
Liquid Machines Email Control Server
Enterprise Edition 147 Administrator’s Guide
18. On the next screen, you can save the settings you have chosen, and you can choose where the settings
files will be located.
19. On the last screen, the Wizard shows progress of the extraction. You can click Finish when it’s done.
You can use Outlook to view the messages, by opening the PST files in the target folder.
You don’t have to use ExMerge to extract messages. Although ExMerge offers powerful features, any tool
that creates PST files will do. Use the tools from your professional archiving solution. Or you could even
use Outlook to open a user’s mailbox and export the contents.
Liquid Machines Email Control Server
Enterprise Edition 148 Administrator’s Guide
10.4.5. Decrypt Messages
Once you have extracted the messages, you need to decrypt them. The Liquid Machines utility will decrypt
all the messages you extracted to the PST file, in place.
1. Login to the discovery machine as the DiscoveryUser service account.
2. Make sure that you have set up the Outlook profile for the service account so that you can access its
mailbox.
3. Open a command prompt. 4. Move to the directory where you installed the Discovery Tools.
cd c:\Program Files\Omniva\Discovery Tools
5. Run the PolicyPstToClearPst.exe program with appropriate parameters. The syntax is:
PolicyPstToClearPst –logdir WhereToPutTheLogs –pstdir
WhereThePstFilesAre –domain dc.domain.top
You need to replace some strings in the command with parameters appropriate for your installation:
WhereToPutTheLogs gets replaced with the full path to a folder where you’d like to keep the log.
WhereThePstFilesAre gets replaced with the full path to the folder where the extracted PST files
are.
dc.domain.top gets replaced with the fully qualified name of one of your domain controllers.
The program runs silently. When it’s done, you can check the log for success or errors. If it succeeds, then the extracted PST files will now contain all plain-text messages. All protected emails that were stored there
will be converted.
10.5. Targeted Suspension
In some legal circumstances, it may be that you don’t have to provide all email messages for discovery. A subpoena may specifically state that you need only provide messages from or to a certain person, or
containing a certain word in the subject. If this is the case, it may be appropriate for you to suspend
expiration for only those messages. That way, you meet your legal obligations while at the same time
mitigating risk in other areas.
The Liquid Machines discovery tools make this possible via a round-about procedure. Basically, you
suspend expiration, then extract and archive the relevant messages. You wait a week, extract and archive
all relevant messages created during that week, then configure Email Control Server to go ahead and expire
any messages that should have expired during that week.
10.5.1. Configuring Email Control Server
Normally, when expiration is suspended, the Email Control Server will expire no messages. In this case, we will modify the behavior so that it expires no messages whose expiration should occur after a
certain date and time.
Liquid Machines Email Control Server
Enterprise Edition 149 Administrator’s Guide
For example, if you suspend expiration on January 1, Email Control Server will stop expiring messages.
On June 1, if you configure the server with a March 1 targeted suspension date, it will immediately expire
all messages that should have expired during January or February, but not any that should have expired in
March, April, or May.
1. Open a command prompt.
2. Move to the directory where you installed the Discovery Tools..
cd c:\Path\To New Folder\Discovery Tools
3. Run the UpdateKeyServRegistry.exe program with appropriate parameters. The syntax is:
UpdateKeyServRegistry -ComputerName machine.domain.com –
SuspendedAfterDate yyyymmddhhmmss
You need to replace some strings in the command with parameters appropriate for your installation:
machine.domain.com gets replaced with the fully qualified domain name of the Email Control
Server.
yyyymmddhhmmss gets replaced with the date and time. For example, 20030101000000, for
January 1, 2003.
10.5.2. Example
Your company is involved in a patent suit regarding some chemical formulas. A company researcher
named Harvey Smythe always uses a custom Outlook template to draft patent forms for review by his
supervisor, and it automatically puts the name of the chemical formula in the subject line. You briefed
your corporate counsel about this, and they expect that within a couple months, the court will subpoena all email Harvey sent or received with “carbon dioxide” in the subject line. They tell you to recover as much
you can now, and to be sure you collect whatever else comes up in the next few months. No one else in
your company is part of the suit, and so your legal department requests that you still mitigate risk where
you can. You get the order on July 1, 2003. Here’s what you do:
1. Suspend expiration on the Email Control Server.
2. Enable retention on the Email Control Server, or rely on your archiving solution.
3. Extract and decrypt all email in Harvey’s mailbox with “carbon dioxide” in the subject line.
4. Wait a week. Then extract and decrypt all email in the retention mailbox sent or received by Harvey
between July 1 and July 8 with “carbon dioxide” in the subject line.
5. Configure the Email Control Server with a targeted expiration date of July 8.
Repeat the last two steps, changing the dates accordingly, until corporate counsel tells you otherwise. Be
sure to archive the messages to stable media.
You don’t have to repeat the last two steps each week. You can repeat them once a month, or every day,
depending on your needs.
10.6. Automating the Process
Depending on the nature of your Exchange infrastructure, the hardware resources available to you, and whether you make use of targeted suspension, you may find yourself frequently extracting messages,
Liquid Machines Email Control Server
Enterprise Edition 150 Administrator’s Guide
archiving files, reconfiguring the server, and so on. The labor involved may be significant enough to
warrant automation of the process. You have all the necessary tools at your disposal:
PolicyPstToClearPst.exe can be configured from the command line, returns exit codes, and can log
all output to a file.
UpdateKeyServRegistry.exe can be configured from the command line, returns exit codes, and can
log all output to a file.
And in fact, ExMerge can be configured with plain-text configuration files, can run silently from the
command line, and can log all output to a file. (Maybe your archiving system is scriptable, too.)
You could combine these utilities together with a batch file or Visual Basic script, and then run the batch
file or script at regular intervals using Windows Task Scheduler.
10.6.1. Example
Liquid Machines does not warranty the operation of, nor is responsible for any damage caused by, this
pseudo-code or any code based on its likeness.
Suppose you have 3 different Exchange servers in your organization. You have been subpoenaed to submit
for discovery all messages sent or received by Patty Johnson, and all messages with the word “Merger” in
the subject line. Your legal counsel generally picks up whatever electronic documents are available at the
end of each week. The procedures and pseudo-code below outline how to automate the process.
Liquid Machines Email Control Server
Enterprise Edition 151 Administrator’s Guide
To begin…
Suspend expiration.
Enable retention on the Email Control Server.
Create a folder, on the machine dedicated to discovery, that will hold all configuration and data, for
example c:\Discovery.
In that folder create 6 subfolders, one for each combination of Exchange server and search criteria, for
example, exch1-patty, exch1-merger, exch2-patty, and so on.
Use ExMerge to create and save settings files for each of these combinations. Be sure you target all
output, and save each set of files, to the appropriate subdirectory. (You don’t have to finish the
ExMerge process. You can cancel out after you save the settings.)
Now write a script or batch file that combines the utilities, these settings and folders, some error checking
and some incremental date changes. Whatever scripting tools you use, they must be able to:
Loop through several items in a list.
Search for text strings or patterns in a file.
Find and replace text string or patterns in a file.
Run another program and check its exit status.
Get the current date, add or subtract from it, and format it in a certain way.
Below is pseudo-code demonstrating what the script might look like:
$date = function( getTheDate )
$newstartdate = $date – ( 1 hour )
$newenddate = $newstartdate + ( 7 days )
For each $server in ( exch1 exch2 exch3 )
For each $criterion in ( patty merger )
Run exmerge, settings = c:\Discovery\$server-$criterion\exmerge.ini
If ( exmerge exit status = good )
Move c:\Discovery\$server-$criterion\outputfile.pst \
to c:\Discovery\$server-$criterion\outputfile-$date.pst
Else
Print “exmerge failed on $server-$criterion”
Quit
End if
Run PolicyPstToClearPst.exe, settings = “ \
–logdir c:\Discovery\$server-$criterion\ \
–pstdir c:\Discovery\$server-$criterion\ \
–domain acme.com”
If ( PolicyPstToClearPst.exe exit status = good )
Goto next
Else
Print “PolicyPstToClearPst failed on $server-$criterion”
Quit
End if
Find “SelectMessageStartDate” in c:\Discovery\$server-
$criterion\exmerge.ini, \
Replace with “SelectMessageStartDate = $newstartdate”
Find “SelectMessageEndDate” in c:\Discovery\$server-
$criterion\exmerge.ini, \
Replace with “SelectMessageEndDate = $newenddate”
End for
Liquid Machines Email Control Server
Enterprise Edition 152 Administrator’s Guide
End for
Run UpdateKeyServRegistry.exe, settings = “ \
-ComputerName securemail.acme.com \
–SuspendedAfterDate format( $newstartdate, “yyyymmddhhmmss” )”
If ( UpdateKeyServRegistry.exe exit status = bad )
Print “UpdateKeyServRegistry failed on $server-$criterion”
End if
Quit
You should run the script from the DiscoveryUser account.
You should run a script like this by hand the first time to make sure it works correctly. You might want to
comment out the part that runs UpdateKeyServRegistry.exe, until you verify the script’s operation. Then
you can schedule the script in Windows Task Scheduler to run once a week.
Liquid Machines Email Control Server
Enterprise Edition 153 Administrator’s Guide
10.6.2. DailyDiscovery.vbs
Liquid Machines does not warranty the operation of, nor is responsible for any damage caused by,
DailyDiscovery.vbs.
In the c:\Program Files\Omniva\Discovery Tools folder on the internal Email Control Server, you’ll find
DailyDiscovery.vbs, which is a functioning example of an automation script written in VBScript. The
script performs the following actions:
Validates the environment and establishes configuration parameters.
Deletes any temporary PST files from the folders where extracted date and decrypted data go.
Updates the SelectMessageEndDate parameter contained in the ExMerge.ini file to the current
date and time.
Calls the ExMerge program to create the set of PST files specified in the ExMerge.ini file.
Validates that the ExMerge program ran successfully by scanning the ExMerge.log file.
Copies the extracted data in the PST files to the decrypted data directory.
Validates that there are PST files that require decryption.
Calls the PolicyPstToClearPst program to process the PST files in the decrypted data directory.
Validates that the PolicyPstToClearPst.exe program ran successfully by scanning the PolicyPst.log
file.
Moves decrypted PST files to an archive folder whose name is based on the date and time.
Validates that all processing to this point has been successful.
Updates the SelectMessageStartDate parameter contained in the ExMerge.ini file to the
current date.
Calls the UpdateKeyServRegistry program to set the target suspension date to the current date.
You can review the code for hints on how to create your own.
Liquid Machines Email Control Server
Enterprise Edition 154 Administrator’s Guide
11. Appendices
11.1. Microsoft Rights Management Analogs to Policy Manage Features
The following table briefly outlines RM analogs to native Email Control Server functionality.
Email Control Server Native
Component or Feature
Analog Achieved Using Windows Rights Management (possibly with Email Control Server)
Email Control Server
Email Control Server + Windows Rights Management Services (RMS)
Cluster
external Email Control Server RMS with support for Microsoft Passport Service (more discussion below)
Email Control Client Outlook 2003 + Windows Rights Management (RM) Client
Attachment Reader Office 2003 + RM Client (or same as Universal Viewer)
Universal Viewer Microsoft Internet Explorer (IE) + RM Client + RM Add-in for IE
Report Service Report Service + RMS Cluster Audit Logs
Message Clean-up Tool none
Gateway for BlackBerry none
Client for BlackBerry none
Gateway for Exchange/SMTP Gateway for Exchange/SMTP
Email Archive Gateway Email Control Server Intelligent Archiving (more discussion below)
Message Contents Features none, or for just retention then Intelligent Archiving
Secure Communications Feature IPSec
Pass-Thru Auth Expose part of RMS Cluster to Internet
Outlook Delegation none
Liquid Machines Policy Systems is a Rights Management Independent Solutions Vendor. Please call us if
you need advice or expertise in building a Microsoft Rights Management environment, or with maximizing
the potential of a Email Control Server and RMS combined solution
Liquid Machines Email Control Server
Enterprise Edition 155 Administrator’s Guide
11.1.1. Analog to external Email Control Server
The most direct analog in Windows RM to Email Control Server external Email Control Server
functionality is enabling your RMS cluster to trust the Microsoft Passport Service. The conceptual steps
are
Add a server to your RMS Cluster and expose this server to the Internet
On this server, in IIS Manager, change the authentication mechanism on the RMS application to the “Passport” type.
In the RMS configuration, add an “external licensing URL,” and make the Internet-exposed
server available via this URL.
External recipients will need to register with the Microsoft Passport Service in order to read the protected
message sent to them.
There are other ways to publish content to the Internet with Windows RM, including making external
recipients part of an Organizational Unit within your Windows domain, deploying a separate Windows
domain and RMS installation in your DMZ and “trusting” it with your internal installation, and even
“trusting” other companies’ RMS installations.
11.1.2. Analog to Email Archive Gateway
Email Control Server’s Policy Rules include actions that can set message headers, and copy messages to special mailboxes, either in an encrypted or clear text format. These features can be combined to create an
“Intelligent Archive System” which is platform independent.
For example, suppose you want to use Rights Management to encrypt all email flowing through your
organization. At the same time, you want to archive messages in clear text for compliance reasons. And
you want to archive messages for different time periods based on their content. You can set up Policy
Rules that both encrypt messages so that they expire, and send clear text copies to a different mailbox
depending on the expiration time. You could then backup the mailboxes each to different media, and retain
the media only as long as the associated expiration time.
Liquid Machines Email Control Server
Enterprise Edition 156 Administrator’s Guide
11.2. Regular Expression Syntax
Copyright (c) 1998-2001 Dr John Maddock
Permission to use, copy, modify, distribute and sell this software and its documentation for any purpose
is hereby granted without fee, provided that the above copyright notice appear in all copies and that
both that copyright notice and this permission notice appear in supporting documentation. Dr John
Maddock makes no representations about the suitability of this software for any purpose. It is provided
"as is" without express or implied warranty.
This section covers the regular expression syntax used by this library, this is a programmers guide, the actual syntax presented to your program's users will depend upon the flags used during expression
compilation.
11.2.1. Literals
All characters are literals except: ".", "|", "*", "?", "+", "(", ")", "{", "}", "[", "]", "^", "$" and "\". These
characters are literals when preceded by a "\". A literal is a character that matches itself, or matches the
result of traits_type::translate(), where traits_type is the traits template parameter to class reg_expression.
11.2.2. Wildcard
The dot character "." matches any single character except : when match_not_dot_null is passed to the matching algorithms, the dot does not match a null character; when match_not_dot_newline is passed to the
matching algorithms, then the dot does not match a newline character.
Liquid Machines Email Control Server
Enterprise Edition 157 Administrator’s Guide
11.2.3. Repeats
A repeat is an expression that is repeated an arbitrary number of times. An expression followed by "*" can
be repeated any number of times including zero. An expression followed by "+" can be repeated any number of times, but at least once, if the expression is compiled with the flag regbase::bk_plus_qm then
"+" is an ordinary character and "\+" represents a repeat of once or more. An expression followed by "?"
may be repeated zero or one times only, if the expression is compiled with the flag regbase::bk_plus_qm
then "?" is an ordinary character and "\?" represents the repeat zero or once operator. When it is necessary
to specify the minimum and maximum number of repeats explicitly, the bounds operator "{}" may be used,
thus "a{2}" is the letter "a" repeated exactly twice, "a{2,4}" represents the letter "a" repeated between 2
and 4 times, and "a{2,}" represents the letter "a" repeated at least twice with no upper limit. Note that there
must be no white-space inside the {}, and there is no upper limit on the values of the lower and upper
bounds. When the expression is compiled with the flag regbase::bk_braces then "{" and "}" are ordinary
characters and "\{" and "\}" are used to delimit bounds instead. All repeat expressions refer to the shortest
possible previous sub-expression: a single character; a character set, or a sub-expression grouped with "()"
for example.
Examples:
"ba*" will match all of "b", "ba", "baaa" etc.
"ba+" will match "ba" or "baaaa" for example but not "b".
"ba?" will match "b" or "ba".
"ba{2,4}" will match "baa", "baaa" and "baaaa".
11.2.4. Non-greedy repeats
Whenever the "extended" regular expression syntax is in use (the default) then non-greedy repeats are possible by appending a '?' after the repeat; a non-greedy repeat is one which will match the shortest
possible string.
For example to match html tag pairs one could use something like:
"<\s*tagname[^>]*>(.*?)<\s*/tagname\s*>"
In this case $1 will contain the text between the tag pairs, and will be the shortest possible matching string.
Liquid Machines Email Control Server
Enterprise Edition 158 Administrator’s Guide
11.2.5. Parenthesis
Parentheses serve two purposes, to group items together into a sub-expression, and to mark what generated
the match. For example the expression "(ab)*" would match all of the string "ababab". The matching algorithms regex_match and regex_search each take an instance of match_results that reports what caused
the match, on exit from these functions the match_results contains information both on what the whole
expression matched and on what each sub-expression matched. In the example above match_results[1]
would contain a pair of iterators denoting the final "ab" of the matching string. It is permissible for sub-
expressions to match null strings. If a sub-expression takes no part in a match - for example if it is part of
an alternative that is not taken - then both of the iterators that are returned for that sub-expression point to
the end of the input string, and the matched parameter for that sub-expression is false. Sub-expressions are
indexed from left to right starting from 1, sub-expression 0 is the whole expression.
11.2.6. Non-Marking Parenthesis
Sometimes you need to group sub-expressions with parenthesis, but don't want the parenthesis to spit out
another marked sub-expression, in this case a non-marking parenthesis (?:expression) can be used. For
example the following expression creates no sub-expressions:
"(?:abc)*"
11.2.7. Forward Lookahead Asserts
There are two forms of these; one for positive forward lookahead asserts, and one for negative lookahead
asserts:
"(?=abc)" matches zero characters only if they are followed by the expression "abc".
"(?!abc)" matches zero characters only if they are not followed by the expression "abc".
11.2.8. Alternatives
Alternatives occur when the expression can match either one sub-expression or another, each alternative is separated by a "|", or a "\|" if the flag regbase::bk_vbar is set, or by a newline character if the flag
regbase::newline_alt is set. Each alternative is the largest possible previous sub-expression; this is the
opposite behavior from repetition operators.
Examples:
"a(b|c)" could match "ab" or "ac".
"abc|def" could match "abc" or "def".
Liquid Machines Email Control Server
Enterprise Edition 159 Administrator’s Guide
11.2.9. Sets
A set is a set of characters that can match any single character that is a member of the set. Sets are
delimited by "[" and "]" and can contain literals, character ranges, character classes, collating elements and
equivalence classes. Set declarations that start with "^" contain the compliment of the elements that follow.
Examples:
Character literals:
"[abc]" will match either of "a", "b", or "c".
"[^abc] will match any character other than "a", "b", or "c".
Character ranges:
"[a-z]" will match any character in the range "a" to "z".
"[^A-Z]" will match any character other than those in the range "A" to "Z".
Note that character ranges are highly locale dependent: they match any character that collates between the
endpoints of the range, ranges will only behave according to ASCII rules when the default "C" locale is in
effect. For example if the library is compiled with the Win32 localization model, then [a-z] will match the ASCII characters a-z, and also 'A', 'B' etc, but not 'Z' which collates just after 'z'. This locale specific
behavior can be disabled by specifying regbase::nocollate when compiling, this is the default behavior
when using regbase::normal, and forces ranges to collate according to ASCII character code. Likewise, if
you use the POSIX C API functions then setting REG_NOCOLLATE turns off locale dependent collation.
Character classes are denoted using the syntax "[:classname:]" within a set declaration, for example
"[[:space:]]" is the set of all whitespace characters. Character classes are only available if the flag
regbase::char_classes is set. The available character classes are:
alnum Any alpha numeric character.
alpha Any alphabetical character a-z and A-Z. Other characters may also be included
depending upon the locale.
blank Any blank character, either a space or a tab.
cntrl Any control character.
digit Any digit 0-9.
graph Any graphical character.
lower Any lower case character a-z. Other characters may also be included depending upon
the locale.
print Any printable character.
punct Any punctuation character.
Liquid Machines Email Control Server
Enterprise Edition 160 Administrator’s Guide
space Any whitespace character.
upper Any upper case character A-Z. Other characters may also be included depending upon the locale.
xdigit Any hexadecimal digit character, 0-9, a-f and A-F.
word Any word character - all alphanumeric characters plus the underscore.
unicode Any character whose code is greater than 255, this applies to the wide character traits
classes only.
There are some shortcuts that can be used in place of the character classes, provided the flag
regbase::escape_in_lists is set then you can use:
\w in place of [:word:]
\s in place of [:space:]
\d in place of [:digit:]
\l in place of [:lower:]
\u in place of [:upper:]
Collating elements take the general form [.tagname.] inside a set declaration, where tagname is either a single character, or a name of a collating element, for example [[.a.]] is equivalent to [a], and [[.comma.]] is
equivalent to [,]. The library supports all the standard POSIX collating element names, and in addition the
following digraphs: "ae", "ch", "ll", "ss", "nj", "dz", "lj", each in lower, upper and title case variations.
Multi-character collating elements can result in the set matching more than one character, for example
[[.ae.]] would match two characters, but note that [^[.ae.]] would only match one character.
Equivalence classes take the general form [=tagname=] inside a set declaration, where tagname is either a
single character, or a name of a collating element, and matches any character that is a member of the same
primary equivalence class as the collating element [.tagname.]. An equivalence class is a set of characters
that collate the same, a primary equivalence class is a set of characters whose primary sort key are all the
same (for example strings are typically collated by character, then by accent, and then by case; the primary
sort key then relates to the character, the secondary to the accentation, and the tertiary to the case). If there
is no equivalence class corresponding to tagname, then [=tagname=] is exactly the same as [.tagname.].
Unfortunately there is no locale independent method of obtaining the primary sort key for a character,
except under Win32. For other operating systems the library will "guess" the primary sort key from the full
sort key (obtained from strxfrm), so equivalence classes are probably best considered broken under any
operating system other than Win32.
To include a literal "-" in a set declaration then: make it the first character after the opening "[" or "[^", the
endpoint of a range, a collating element, or if the flag regbase::escape_in_lists is set then precede with an escape character as in "[\-]". To include a literal "[" or "]" or "^" in a set then make them the endpoint of a
range, a collating element, or precede with an escape character if the flag regbase::escape_in_lists is set.
11.2.10. Line anchors
An anchor is something that matches the null string at the start or end of a line: "^" matches the null string
at the start of a line, "$" matches the null string at the end of a line.
Liquid Machines Email Control Server
Enterprise Edition 161 Administrator’s Guide
11.2.11. Back references
A back reference is a reference to a previous sub-expression that has already been matched, the reference is
to what the sub-expression matched, not to the expression itself. A back reference consists of the escape character "\" followed by a digit "1" to "9", "\1" refers to the first sub-expression, "\2" to the second etc. For
example the expression "(.*)\1" matches any string that is repeated about its mid-point for example
"abcabc" or "xyzxyz". A back reference to a sub-expression that did not participate in any match, matches
the null string: NB this is different to some other regular expression matchers. Back references are only
available if the expression is compiled with the flag regbase::bk_refs set.
11.2.12. Characters by code
This is an extension to the algorithm that is not available in other libraries, it consists of the escape character followed by the digit "0" followed by the octal character code. For example "\023" represents the
character whose octal code is 23. Where ambiguity could occur use parentheses to break the expression up:
"\0103" represents the character whose code is 103, "(\010)3 represents the character 10 followed by "3".
To match characters by their hexadecimal code, use \x followed by a string of hexadecimal digits,
optionally enclosed inside {}, for example \xf0 or \x{aff}, notice the latter example is a Unicode character.
11.2.13. Word operators
The following operators are provided for compatibility with the GNU regular expression library.
"\w" matches any single character that is a member of the "word" character class, this is identical to the
expression "[[:word:]]".
"\W" matches any single character that is not a member of the "word" character class, this is identical
to the expression "[^[:word:]]".
"\<" matches the null string at the start of a word.
"\>" matches the null string at the end of the word.
"\b" matches the null string at either the start or the end of a word.
"\B" matches a null string within a word.
The start of the sequence passed to the matching algorithms is considered to be a potential start of a word unless the flag match_not_bow is set. The end of the sequence passed to the matching algorithms is
considered to be a potential end of a word unless the flag match_not_eow is set.
Liquid Machines Email Control Server
Enterprise Edition 162 Administrator’s Guide
11.2.14. Buffer operators
The following operators are provide for compatibility with the GNU regular expression library, and Perl
regular expressions:
"\`" matches the start of a buffer.
"\A" matches the start of the buffer.
"\'" matches the end of a buffer.
"\z" matches the end of a buffer.
"\Z" matches the end of a buffer, or possibly one or more new line characters followed by the end of
the buffer.
A buffer is considered to consist of the whole sequence passed to the matching algorithms, unless the flags
match_not_bob or match_not_eob are set.
11.2.15. Escape operator
The escape character "\" has several meanings.
Inside a set declaration the escape character is a normal character unless the flag regbase::escape_in_lists is
set in which case whatever follows the escape is a literal character regardless of its normal meaning.
The escape operator may introduce an operator for example: back references, or a word operator.
The escape operator may make the following character normal, for example "\*" represents a literal "*"
rather than the repeat operator.
11.2.16. Single character escape sequences
The following escape sequences are aliases for single characters:
Escape sequence Character code Meaning
\a 0x07 Bell character.
\f 0x0C Form feed.
\n 0x0A Newline character.
\r 0x0D Carriage return.
\t 0x09 Tab character.
\v 0x0B Vertical tab.
\e 0x1B ASCII Escape character.
\0dd 0dd An octal character code, where dd is one or more
octal digits.
Liquid Machines Email Control Server
Enterprise Edition 163 Administrator’s Guide
\xXX 0xXX A hexadecimal character code, where XX is one or
more hexadecimal digits.
\x{XX} 0xXX A hexadecimal character code, where XX is one or
more hexadecimal digits, optionally a unicode
character.
\cZ z-@ An ASCII escape sequence control-Z, where Z is
any ASCII character greater than or equal to the
character code for '@'.
11.2.17. Miscellaneous escape sequences:
The following are provided mostly for perl compatibility, but note that there are some differences in the
meanings of \l \L \u and \U:
\w Equivalent to [[:word:]].
\W Equivalent to [^[:word:]].
\s Equivalent to [[:space:]].
\S Equivalent to [^[:space:]].
\d Equivalent to [[:digit:]].
\D Equivalent to [^[:digit:]].
\l Equivalent to [[:lower:]].
\L Equivalent to [^[:lower:]].
\u Equivalent to [[:upper:]].
\U Equivalent to [^[:upper:]].
\C Any single character, equivalent to '.'.
\X Match any Unicode combining character
sequence, for example "a\x 0301" (a letter a
with an acute).
\Q The begin quote operator, everything that
follows is treated as a literal character until a
\E end quote operator is found.
\E The end quote operator, terminates a sequence
begun with \Q.
Liquid Machines Email Control Server
Enterprise Edition 164 Administrator’s Guide
11.2.18. What gets matched?
The regular expression library will match the first possible matching string, if more than one string starting
at a given location can match then it matches the longest possible string, unless the flag match_any is set, in which case the first match encountered is returned. Use of the match_any option can reduce the time taken
to find the match - but is only useful if the user is less concerned about what matched - for example it
would not be suitable for search and replace operations. In cases where their are multiple possible matches
all starting at the same location, and all of the same length, then the match chosen is the one with the
longest first sub-expression, if that is the same for two or more matches, then the second sub-expression
will be examined and so on.
Liquid Machines Email Control Server
Enterprise Edition 165 Administrator’s Guide
11.3. PolicyPstToClearPst
11.3.1. Usage
PolicyPstToClearPst -logdir LogDirectory -pstdir PstDirectory -domain DomainName [-username
UserName -password Password] [-ErrorFilter |nnn|[...|mmm|]][-verbose]
11.3.2. Parameters
-LogDir LogDirectory
Directory where log file is Located.
-PstDir PstDirectory
Directory where PST files are located.
-Domain DomainName
Domain name used for authentication.
-Username UserName
Username used for authentication.
-Password Password
Password used for authentication.
[-ErrorFilter |nnn|[...|mmm|]]
Pipe delimited list of errors to ignore.
[-verbose]
Verbose log file flag.
Liquid Machines Email Control Server
Enterprise Edition 166 Administrator’s Guide
11.3.3. Return Values
EXIT_SUCCESS (0)
Processing was successful
EXIT_FAILURE (1)
Processing was NOT successful
11.3.4. Logging
Date field: 'MM/DD/YYYY'
Contains the date that the log entry was written.
Time field: 'HH.MM.SS'
Contains the time that the log entry was written.
Context field 1 '[PST directory name OR PST file name]:
For the 'Info:Processed' log file entry, contains the directory that the PST files were processed from.
For all other log file entries, contains the name of the PST file being processed.
Context field 2 '[MAPI folder name]'
Contains the name of the MAPI folder being processed.
Context field 3 '[MAPI message details]'
Contains information about the MAPI message being processed: [SenderName - MessageSubject -
MessageDeliveryTime]
Context field 4 '[MAPI attachment file name]'
Contains the name of the MAPI attachment file being processed.
Log entry type field
'Info:' – Specifies that the log entry is an informational message.
'Warning' - Specifies that the log entry is a warning message.
'Error:' - Specifies that the log entry is an error message.
'Debug:' - Specifies that the log entry is a verbose (debugging) message.
Log entry text field
Contains the text of the log entry.
GETDIJOBERROR
Contains a numeric code identifying the error that occurred.
Liquid Machines Email Control Server
Enterprise Edition 167 Administrator’s Guide
11.3.5. Error Codes
11.3.5.i. General Error
0 DIEI_UNKNOWN - Unknown error
1 DIEI_OPERATION_CANCELLED - A pending operation was cancelled.
2 DIEI_OPERATION_TIMEOUT - A pending operation timed out.
3 DIEI_EOF - End-of-file was reached prematurely.
4 DIEI_NO_SUCH_POLICY_PROPERTY - A setting was requested for an unknown policy property.
5 DIEI_NO_SUCH_USER_PROPERTY - A setting was requested for an unknown user property.
6 DIEI_NOT_LOGGED_IN - Not logged in.
7 DIEI_ALREADY_LOGGED_IN - Already logged in.
8 DIEI_ACCESS_DENIED - User does not have access rights to the requested service/function.
9 DIEI_INVALID_ARG - One or more arguments were invalid.
10 DIEI_UKNOWN_EVENT_TYPE - The event type was unknown.
11 DIEI_NOT_IMPLEMENTED - Operation not implemented.
11.3.5.ii. Cryptographic Errors
100 DIEI_UNKNOWN_ALGORITHM - The requested cryptographic algorithm is not supported.
101 DIEI_CIPHER_ERROR - A cipher error occured.
102 DIEI_PADDER_ERROR - A padder error occured.
11.3.5.iii. Offline Errors
201 DIEI_NO_KEY_IN_CACHE - A required key does not exist in the key cache.
202 DIEI_NO_RECOVERY_KEY_IN_CACHE - A required recovery does not exist in the key cache.
203 DIEI_NO_USER_KEY_IN_CACHE - The user key does not exist in the key cache.
204 DIEI_NO_USER_KEY_DESCRIPTOR_IN_CACHE - The user key descriptor does not exist in
the key cache.
205 DIEI_NO_RNGSTATE_IN_CACHE - The RNG state data does not exist in the key cache.
206 DIEI_NO_CACHED_SERVER_TIME_OFFSET - The server time offset has not been cached.
11.3.5.iv. Network Errors
300 DIEI_NETWORK - General network error.
301 DIEI_ACCESS_TO_KEYSERVER_DENIED - Access to the keyserver was denied.
302 DIEI_PROXY_AUTH - Proxy authorization required.
303 DIEI_PROXY_AUTH_WEB - Proxy authorization from web page required.
304 DIEI_KEYSERVER_NOT_AVAILABLE - Keyserver not available.
305 DIEI_CERTIFICATE - Certificate error.
Liquid Machines Email Control Server
Enterprise Edition 168 Administrator’s Guide
11.3.5.v. Email Control Server Errors
400 DIEI_NO_KEY - A required key does not exist.
401 DIEI_UNEXPECTED_KEYSERVER_RESPONSE - Keyserver returned an unexpected response.
402 DIEI_UNEXPECTED_KEYSERVER_DATA - Keyserver returned unexpected data.
403 DIEI_KEYSERVER_IS_FOREIGN - Keyserver is foreign.
11.3.5.vi. Message format Errors (DIMF)
500 DIEI_EXTRACT_ERROR - An error occurred while extracting a protected email.
501 DIEI_NOT_DIMF - Message contents is not recognizable as a protected email.
502 DIEI_DIMF_VERSION - Message is a protected email, but cannot be extracted (requires
upgrade).
503 DIEI_MESSAGE_CORRUPTED - Message is a protected email, but has been corrupted.
11.3.5.vii. Key Cache Errors
600 DIEI_WRITE_HEADER_ERROR - Error writing KeyCache file header.
601 DIEI_WRITE_INDEX_ERROR - Error writing KeyCache index.
602 DIEI_READ_HEADER_ERROR - Couldn't read KeyCache header.
603 DIEI_BAD_HEADER - Improper KeyCache header.
604 DIEI_SEEK_INDEX_ERROR - Couldn't seek to KeyCache index.
605 DIEI_READ_INDEX_ERROR - Couldn't read KeyCache index.
606 DIEI_READ_URLTABLE_ERROR - Couldn't read KeyCache URL table.
Liquid Machines Email Control Server
Enterprise Edition 169 Administrator’s Guide
11.4. UpdateKeyServRegistry
In the Windows registry on the Email Control Server, sets or updates the value of the string value (REG_SZ) SuspendedAfter in the key HKEY_LOCAL_MACHINE\Software\Policies\Liquid
Machines\Expiration.
Stored as UTC time with format yyyy-mm-dd
11.4.1. Usage
UpdateKeyServRegistry –ComputerName KeyServiceComputerName –SuspendedAfterDate
yyyymmddhhmmss
11.4.2. Parameters
-ComputerName ComputerName
Name of computer where Email Control Server is installed.
-SuspendedAfterDate YYYYMMDDHHMMSS
Suspended after date in yyyymmddhhmmss format.
11.4.3. Return Values
EXIT_SUCCESS (0)
Registry was successfully updated.
EXIT_FAILURE (1)
Registry was NOT successfully updated.
11.4.4. Logging
Warning: Received duplicate - ComputerName parameters, using 'COMPUTERNAME'.
Warning: Received duplicate - SuspendedAfterDate parameters, using 'YYYYMMDDHHMMSS'.
Warning: Received unknown 'UNKNOWN' parameter.
Error: Must specify - ComputerName and -SuspendedAfterDate parameters.
Error: Could not convert - SuspendedAfterDate 'YYYYMMDDHHMMSS' to valid local time.
Error: Could not convert - SuspendedAfterDate 'YYYYMMDDHHMMSS' to valid UTC time.
Error: Could not update registry using - ComputerName 'COMPUTERNAME', WinEr
Liquid Machines Email Control Server
Enterprise Edition 170 Administrator’s Guide
11.5. The hotkey combinations in Client for Blackberry
For management of scrubbing and logging in Client for Blackberry use the special hotkey combinations.
1. Click on Omniva application icon to get "Control Categories" screen.
2. Click the wheel and choose "About".
3.1. For the hotkey combinations for management of logging look 9.6.6 “Logging Client for Blackberry”.
3.2. The hotkey combinations for management of scrubbing:
For Blackberry smartphones with QWERTY keyboard layout (57xx, 58xx, 65xx, 67xx, 72xx, 75xx,
77xx, 87xx, 88xx series):
Type the letter 's' (or 'a') and then the letter 'f' (or 'g') to launch the scrub frequency screen.
Type the letter 'x' (or 'z') and then the letter '!' (or 'q') to force scrubbing.
Type the letter 'x' (or 'z') and then the letter '*' (or 'c') to clear the scrubber map.
For Blackberry smartphones with reduced QW-ER-TY-OP keyboard layout (71xx and 81xx series):
Type the letter 'a' and then the letter 'g' to launch the scrub frequency screen.
Type the letter 'z' and then the letter 'q' to force scrubbing.
Type the letter 'z' and then the letter 'c' to clear the scrubber map.