XWall for Microsoft Exchange

        
       
XWall is a firewall that protects your Exchange server from viruses, spam mail and dangerous attachments
 

Works with:

 
  • Every version of Exchange server including Small Business Server 4.0 and 4.5 and Exchange 2000
  • Dial-up, dial-up routers, ADSL and leased-line connections to the Internet
  • MIME and UUENCODE messages, even with various Western and Eastern European languages

Benefits:

 
  • Scans inbound and outbound messages for viruses, even when the filename includes characters from foreign languages
  • Blocks messages by scanning the subject, the text part and/or the HTML part of the messge to prevent viruses like ILOVEYOU
  • Blocks attachments so that your users do not fill the Exchange server with unnecessary or dangerous files
  • Blocks attachments embedded in TNEF messages ( WINMAIL.DAT )
  • Blocks spam mail by checking incoming messages against MAPS (Mail Abuse Protection System)
  • Validates the senders domain and does not accept message from invalid domains
  • Detects looping messages before they harm your server
  • Runs as a service on NT or Windows 2000
  • Compresses messages when sending to reduce bandwidth (25% for zip files, 50% on average, 80% for WinWord and Excel)
  • Interfaces with MRTG to generate real-time statistics

Optional:
  • Schedule ETRN, even when not using a dial-up connection
  • Keeps a copy of every incoming and outgoing messages so that you can track each message
  • Writes a statistics file to give you an overview of your traffic 
  • Forwards messages to one or more alternate e-mail address
  • Forwards a whole domain to a single e-mail address
  • Forwards a whole domain to another domain
  • Utilizes static routes for specific mail servers (acts as a relay in a firewall DMZ)

Contents

  

System Requirements

  
  • Windows NT, Windows 2000 or Windows 95/98 with TCP/IP installed
  • Microsoft Exchange server, Lotus Notes or any other SMTP server

How It works

  

For incoming messages, XWall needs to get the message before your Exchange server will get it so that it can perform it checks before passing the message over to Exchange. Depending on whether you run XWall on the same machine as Exchange or on a different machine, XWall either needs to hook up to port 25 or to act as a relay host (respectively).

For outgoing messages, Exchange server passes the message to XWall, which performs its checks and then sends the message out in the Internet.
From Exchange Servers viewpoint, XWall is a normal relay host.

So the message flow for incoming messages would be Internet -> XWall -> Exchange server,
and for outgoing messages it would be Exchange server -> XWall -> Internet
 

Installation

  
  • Run Setup.exe or create a directory on your machine and copy all the files into this directory.
    Start MBAdmin.exe to configure XWall.
  • The first time you run XWall you will be prompted for the following information:
  • Postmaster's address

The address of the person who is responsible for maintaining XWall. XWall will send all error messages and undeliverable messages to this address.

  • Name or IP address of the Exchange server

The name or IP address of the Exchange server.
If XWall is running on the same machine as the Exchange server than you can use localhost as the name.

 

  • Running XWall on the same machine as Exchange server
  • Incoming Messages

If you run XWall on the same machine as the Exchange, then you must tell Exchange to listen on a separate port; i.e. not port 25, because only one application can listen to a specific port at one time and XWall needs to be the first application that gets SMTP messages.

  • Exchange 5.x

To do this open the file services, usually located in C:\WINNT\system32\drivers\etc\SERVICES with Notepad or any other text editor. Locate the line smtp 25/tcp mail and change 25 to the port of your choice (use 24 if you are not sure which one you should use) and save the file.

Restart the IMC (Internet Mail Connector) of the Exchange server to bring the new settings into affect.

  • Exchange 2000

Start System Manager (Exchange Admin) and select  Servers->Your Server->Protocol->SMTP->Default SMTP Virtual Server->Properties. In this dialog select the tab labeled General and then Advanced and here you can set the port on which this virtual server listens.

Also make sure Anonymous access is allowed or else XWall is not able to connect to Exchange.
In System Manager ( Exchange Admin) select Servers->Your Server->Protocol->SMTP->Default SMTP Virtual Server->Properties.
In this dialog select the tab labeled Access and then Authentication and enable Anonymous access.

Then start MBAdmin, select View->Options->IP Address->Exchange SMTP Port and type in the same port that you used in services .

  • Outgoing Messages
  • Exchange 5.x

Start Exchange Administrator, select the IMC and click on the tab labeled Connections.
Enable Forward all messages to host and type in localhost. Close the dialog and restart IMC.
From then on the Exchange server will forward all messages to the localhost, which basically means it sends them to XWall.

  • Exchange 2000

If you have no SMTP connector then start System Manager (Exchange Admin) and select  Servers->Your Server->Protocol->SMTP->Default SMTP Virtual Server->Properties. 
 In this dialog select the tab labeled Delivery and then Advanced. In Smart host type in localhost. 
Close the dialog and restart Exchange. From then on the Exchange server will forward all messages to the localhost, which basically means it sends them to XWall.

If you have a SMTP connector then start System Manager (Exchange Admin) and select Connectors->Your SMTP Connector->Properties->Forward all mail through this connector to the following smart host and type in the name or IP address of the machine where XWall is running. 
Close the dialog and restart Exchange. From then on the Exchange server will forward all messages to the name or IP address , which basically means it sends them to XWall.

 

  • Running XWall on a different machine then the Exchange server
  • Incoming Messages

Start MBAdmin, select View->Options->Exchange->Name or IP address of the Exchange server and type in the name or IP address of the Exchange server.

Depending on your DNS configuration you will need to change the MX record so that it points to the machine where XWall is running or else XWall will not get the messages before Exchange. 

  • Outgoing Messages
  • Exchange 5.x

Start Exchange Administrator, select the IMC and click on the tab labeled Connections.
Enable Forward all messages to host and type in the name or IP address of the machine where XWall is running. 
Close the dialog and restart IMC. From then on the Exchange server will forward all messages to XWall.

  • Exchange 2000

If you have no SMTP connector start System Manager ( Exchange Admin) and select  Servers->Your Server->Protocol->SMTP->Default SMTP Virtual Server->Properties. In this dialog select the tab labeled Delivery and then Advanced. In Smart host type in the name or IP address of the machine where XWall is running. Close the dialog and restart Exchange. From then on the Exchange server will forward all messages to XWall.

If you have a SMTP connector then start System Manager (Exchange Admin) and select Connectors->Your SMTP Connector->Properties->Forward all mail through this connector to the following smart host and type in the name or IP address of the machine where XWall is running. 
Close the dialog and restart Exchange. From then on the Exchange server will forward all messages to the name or IP address , which basically means it sends them to XWall.

 

Once you have done this you can start MBServer and check if all messages are properly routed.
 

XWall as a Microsoft NT Service

  
Keep in mind that XWall needs to reside on a local disk or the service controller will not be able to start it.
For the examples below, we assume XWall is in C:\XWall

Once you run XWall as a Service, errors will only be visible in the logfile. Consequently, before running it as a Service you must first ensure that XWall is running properly with no errors by launching it in Console Mode (i.e. starting it from an icon).

In general, installing XWall as a service should be your last task and not your first.

  • Installing XWall as a NT Service

Start MBServer.exe with the argument of install, by typing MBServer install at the command prompt and XWall will create the service.

By default it is an AutoStart Service and any time your computer is started, XWall will start.
You can start and stop XWall at any time via Control Panel

You can start and stop XWall at any time via Control Panel

Note: After you have started XWall as a Service, verify that XWall has no errors. 
You need to take a look into the logfile to do this.

  • Removing XWall as a NT Service

Start MBServer.exe with the argument of remove, by typing MBServer remove at the command prompt and XWall will delete the service.

How to stop XWall

  
  • XWall runs as a console application:
  • Press ESCAPE
  • Select Close from the system menu (works only on NT)
  • Press Alt-F4 (works only on NT)
  • XWall runs as a service on NT:
  • Open Control Panel, select Services, locate XWall and press the button labeled Stop
  • type Net Stop XWall at the command prompt

 

Upgrade to the Latest Version

  
You will find the latest version of XWall at http://www.dataenter.co.at/download.htm

To upgrade your current version of XWall:

  • Stop MBServer.exe and close MBAdmin.exe
  • Make a backup of your current MBServer.exe , MBAdmin.exe and ExchImp.exe
  • Extract MBServer.exe and MBAdmin.exe from the zip file and copy it into your XWall directory
  • Restart MBServer.exe

Helper Programs

  
  • Signal

Signal is a command line program that allows you to perform the same commands as from the Signal menu of MBAdmin.
You can force the download of POP3 messages by simply clicking on a link rather than starting MBAdmin.
Signal.zip can be downloaded from http://www.dataenter.co.at/download.htm

  • LogView

LogView allowss you to view the logfile in real time from any machine on your network.
This is especially useful if MBServer runs as a service.
LogView.zip can be downloaded from http://www.dataenter.co.at/download.htm

Common Problems - FAQ

  

Symptoms:

 Tthe logfile shows Error: Unable to connect to host

Cause:

 Exchange does not listen for incoming messages on port 25.
You can check if Exchange is listening on port 25 by typing (in a DOS box) telnet localhost 25 [enter]
When everything is working you should get back a greeting line, else you get a connection error.

Resolution:

 Exchange 5.x

Make sure that your Exchange server has Inbound SMTP enabled.
In Exchange Admin select the Internet Mail Service (IMS) , select the tab Connections and make sure Inbound & Outbound is checked in the section Transfer Mode.

Exchange 2000

Make sure the Virtual SMTP Server is listening on port 25.
Start System Manager (Exchange Admin) and select Servers->Your Server->Protocol->SMTP->Default SMTP Virtual Server->Properties. In this dialog select the tab labeled General and then Advanced and here you can set the port on which this virtual server listens.

Symptoms:

 The logfile shows Error: No Exchange server found at localhost

Cause:

 A SMTP server is responding, but it is not the one of Exchange.

The most common problems are:

  • The SMTP server of the IIS ( Internet Information Server ) is running
  • A proxy server with a virtual port mapping is active
  • The ip address you specified is wrong

In the Services applet look for a service called something like "Simple Message" and stop it ( and disable it ).

Then restart the Exchange IMS and it should work.

 

Resolution:

 In a DOS box type telnet localhost 25 [enter].
You will then get a greeting line of the SMTP server which should give you an idea what program is running.

Exchange 5.x

If the line reads something like 
220 yourserver.yourdomain.com.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.1600 ready
rather than
220 yourserver.yourdomain.com.com ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2653.13) ready
then the SMTP server of the IIS ( Internet Information Server ) is running.

In Control Panel->Services look for a service called Simple Mail Transport Protocol (SMTP) and stop it and disable it.
Then restart the Exchange IMS and it should work.

Symptoms:

 The logfile shows 550 5.7.1 Unable to relay for user@yourdomain.com

Cause:

This error happens in Exchange 2000 when the Exchange does feels responsible for your email domain.
Usually this results because was installed using a different domain than your email domain and so you need to manually tell Exchange for which domain it is responsible.

Resolution:

Exchange 2000

Start System Manager (Exchange Admin) and select Recipient->Recipient Policies.
Then either change the Default Policy or create a new policy and tell Exchange for which domain it should accept mail.

Additional info from Microsoft at Q289833

Symptoms:

 The logfile shows 505 5.7.1 Client was not authenticated

Cause:

Exchange 2000 does not allow Anonymous access and so XWall is not able to connect to Exchange.

Resolution:

Exchange 2000

In Exchange Admin select Servers->Your Server->Protocol->SMTP->Default SMTP Virtual Server->Properties
In this dialog select the tab labeled Access and then Authentication and enable Anonymous access.

or

Start MBAdmin, select View->Options->Exchange and check Exchange needs authentication and type in the user account and password XWall should use when connection to Exchange

Symptoms:

 The logfile shows Error: No AUTH command in EHLO found, Authentication failed

Cause:

Authentication is enabled in XWall, but yout Exchange does not support authentication.

Resolution:

Start MBAdmin, select View->Options->Exchange and uncheck Exchange needs authentication

Symptoms:

 XWall download the messages without any problem but the files stuck in the MSG-IN directory and XWall does not send them to Exchange.

Cause:

 There is an on-access virus scanner running that blocks XWall from accessing the downloaded files.

Resolution:

 In your on-access scanner disable the scanning of the XWall directory and below.

Most scanners will never find a virus that is in a raw message file, because they can not extract the attachments from the message and even if they would find anything, they would confuse XWall more than it would help.

If you enable the virus scanner support in XWall, it will extract the attachments and html pages from the message and call the scanner to scan it.

Symptoms:

 XWall is running as a console application without any problems, but when running as a service errors are reported.

Cause:

 The account you use to start the service does not have enough rights to use RAS or the Internet or the Proxy.

Resolution:

Start the service with Administrator or the account you use to logon onto NT and then it should work.

Symptoms:

 You have Windows 2000 and when running XWall as a console application the last screen line is not visible.

Cause:

By default the Windows 2000 screen buffer size height for a console application is set to 300 lines.

Resolution:

Select the Properties of the console and then select the tab labeled Layout and change the Screen Buffer Size Height to 25

Symptoms:

 XWall reports RAS problems when the Proxy server opens the line:

Cause:

 You should run XWall over the proxy rather that use the built in dial-up.

Resolution:

Information on how to configure your proxy can be found at Additional information for Using a Proxy server

Symptoms:

 You have a AVM Fritz! or B1 ISDN card and 
  • XWall reports: RAS port is not available
  • XWall reports: Another application is using the port  
  • NT server hangs after dialing
 

Cause:

This is a problem of the driver for the FRITZ! or B1 card (most likely its the AVM NDIS WAN v1.0).

Resolution:

You need to completely de-install the driver and RAS ( including all registry entries with Clearreg and Cearsys from AVM) and re-install the latest driver. This usually fixes the problem.

You should run XWall over the proxy rather that use the built in dial-up.
Information on how to configure your proxy can be found at Additional information for Using a Proxy server

 

Licensing Agreement

  
XWall © is copyrighted 1993-2001 by DataEnter, Michael Kocum

This product and its documentation may not, in whole or in part, be copied, reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any other natural or computer language, in any form or by any means whatsoever, be it electronic, mechanical, magnetic, optical, manual or otherwise, without the prior written consent of DataEnter. DataEnter makes no warranty or representation, either expressed or implied, with respect to the product XWall and its documentation, their quality, performance, merchantability, or fitness for a particular purpose. DataEnter reserves the right to revise the user's guide and make changes to the content without obligation to notify any person or organization of such change. In no event will DataEnter be liable for any direct, indirect, special, incidental or consequential damages, real or imagined, resulting from the use or purchase of this software. Under no circumstances shall DataEnter's liability for damages exceed the price paid for the software license. Should any remedy hereunder be determined to have failed, all limitations of liability and exclusion of damages set forth above shall remain in full force and effect. The extent of the DataEnter's warranty for the software and its documentation is limited to physical defects of the distribution media containing the software. Contact DataEnter to obtain return authorization for the replacement diskette within 30 days of the original date of purchase. Any further statement made by agents, employees, distributors or dealers of DataEnter do not constitute warranties and are not binding. No employee of DataEnter has the authority to modify any portion of this warranty. All brand and product names we refer to in the documentation are used solely for identification purposes and may be trademarks of other companies.

DataEnter, (the licensor) grants the buyer (the licensee) the right to use this copy of XWall (the program) on a single computer at a single location servicing a single Exchange server as long as the licensee complies with the terms of this license. The licensor reserves the right to terminate this license if the licensee violates any part of the agreement. The licensee agrees to make copies of the program only for backup purposes. The licensee agrees not to copy the documentation and to take all necessary precautions to ensure that the backup copies of the software are not distributed to or acquired by other parties.

Microsoft Exchange, Windows 95, Windows NT and Windows 98 are a trademarks of Microsoft Corp.
 

History

  
v3.01 1998-08-06
  • Released
v3.02 1999-09-27
  • Fixed quoting in CSV file
  • Added optional removing of Return-Receipt-To: for inbound and outbound messages
  • Added dialup, SOCKS, ETRN and relaying
  • Added address translation to translate e-mail domains, mailboxes or a complete domain to one single address
v3.03 1999-12-02
  • Removed Norton Anti Virus from the supported scanner options, because it does not return a proper errorlevel in the newest versions
  • Added support to limit concurrent connections
  • Added user defined message size limit
  • Added message compression when sending to another XWall (30 - 80% depending of the attachments in the message)
v3.04 2000-01-08
v3.05 2000-02-25
  • Added support for forwarding to a group of addresses and for recursive forwards
  • Fixed console screen when running as a interactive service
  • Added workaround for Win2000 which reports an error when shutting down the service
v3.06 2000-04-27
  • Fixed name server Auto Detect in Win2000
v3.07 2000-05-08
  • Added blocking of a message by subject to block viruses like "ILOVEYOU"
  • Added blocking of an outbound message by attachment name
  • Added From: address to DNS messages
v3.08 2000-07-18
  • Added the option to send a NDR when blocking an inbound attachment or subject
  • Added the option to check for a blocked subject case sensitive and case insensitive
  • Added support for CHUNKING (RFC 1830) for better sending to an Exchange 2000
  • Added authentication for secure sending to an Exchange 2000
  • Added complete support for RFC 1891 ( Delivers Status Notification)
  • Added signal to send the current logfile to postmaster
  • Added option to purge old logfiles
  • Updated option to remove return-receipt for the new Exchange 2000 read receipt
v3.09 2000-09-11
  • Fixed handling of a message with contains hundreds of sub messages
  • Added option to also deliver to the orignal e-mail address after forwarding
  • Added a workaround for servers that deny the RSET command
  • Added support for F-PROT 3.x anti-virus scanner
  • Added support for blocking a normalized subject
  • Added blocking of a message by message text
  • Added option to define static routes for specific e-mail domains
v3.10 2000-10-27
  • Fixed handling of yahoo multipart messages where a blank line is missing
  • Added a switch to allow relaying for client from an internal IP address
  • Added support for command pipelining (RFC1854)
  • Added support for message chunking (RFC1830)
  • Added support for virus scanning of html pages
  • Fixed relaying for domains with a static route when a smart host was specified
v3.11 2000-12-21
  • Fixed virus scanning with the newer versions of F-PROT
  • Added support for blocking based on ORBS spam list
v3.12 2001-02-10
  • Added support for RFC 2554 ( SMTP AUTH LOGIN )
  • Added support for RFC 2595 ( SMTP AUTH PLAIN )
  • Added support for RFC 2195 ( SMTP AUTH CRAM-MD5 )
  • Added support for SMTP AUTH NTLM
  • Changed the default SMTP connection limit to 100 concurrent connections
v3.13 2001-04-11
  • Changed the logfile to use UTF-8 rather than ASCII
  • Changed the .dat and .ini files to use ANSI and UTF-8 rather than ASCII
  • Changed the orbs blocking to use the new outputs.orbs.org
  • Changed the maps blocking to use the new dialups.mail-abuse.org and blackholes.mail-abuse.org
  • Changed the blocking of the subject to scan for strings rather than comparing from left to right
  • Changed the default action for a blocked inbound attachment to "discard"
  • Fixed the DNS query for the MX record to stop after the first server in the case a domain has no MX
  • Fixed the DNS query for the MX record to query for an A record even one of the DSN servers is down
  • Added support for messages encoded in UTF-7 and UTF-8
  • Added blocking based on string in the html part of a message
  • Added support for KOI8-R ( Russian ) and Big5 ( Chinese ) message decoding
  • Added support for code page 1255 ( Hebrew ) message decoding
v3.14 2001-05-04
  • Fixed detection of Magistr virus
  • Changed the parsing of the header of a message to accept only a blank line with CRLF as end-of-header
  • Added the option to scan embedded TNEF ( WINMAIL.DAT ) for viruses
v3.15 2001-06-07
  • Fixed decoding of messages with more than 40000 Content-Type definitions
  • Fixed console screen buffer handling when running on Windows 2000
  • Changed that no error is generated when the Exchange does not allow authentication
  • Added a check for an on-access virus scanner, because the scanner will block POPBeamer from accessing its files
  • Added additional checking when reading queued messages from disk
  • Added checking of the senders domain as an optional spam check
v3.16 2001-08-10
  • Fixed SMTP authentication with servers that announce only AUTH and PLAIN
  • Fixed a problem decoding the attachments of a multipart/related message
  • Fixed a bug when an out-of-range SMTP DATA command crashes XWall
  • Changed the default charset for non-deliver-messages from ISO-8859-1 to UTF-7
  • Removed support for the ORBS spam list, because the list is no longer working
  • Combined MAPS RBL, DUL and RSS into one lookup
  • Added inbound and outbound SMTP authentication
  • Added inbound SMTP authentication using NTLM
  • Added an option to relay messages for authenticated users ( allow XWall to act as a relay for POP3 clients )
  • Added infinite message loop detection
  • Added the option to manually define spam dns lookup services
  • Added the option to show real time statistic using MRTG (Multi Router Traffic Grapher)
  • Added "mark subject" as an action when a message is blocked
  • Added the option to automatically BCC every message to a specific e-mail address
  • Added the option to CC every blocked message to a specific e-mail address
v3.17 2001-10-18
  • Fixed setting of the expiration time of a message when XWall restarts
  • Fixed the decoding so that it does not take forever to normalize a message with a very large body text
  • Changed definition of MAPS, because MAPS is now a pay service
  • Added user defined Spam Lookup Services
  • Added support for Sophos Anti-Virus 3.x

Changed: 2001-10-18 10:05
Privacy Statement

Copyright © 1996-2001
DataEnter, Michael Kocum

Wagramerstrasse 93/5/10
A-1220 Vienna, Austria

Fax: +43 1 2031320 or +1 (209) 231-5293
E-mail: support@dataenter.co.at