|
Access Control
Allow users to modify their passwords
This option allows users to modify their SecurityGateway account passwords via the My Settings page.
Display the "Show Password" icon for password fields
Each password field contains an eye icon that a user can click to see the password he has just typed into the field. Disable this option if you do not wish to allow your users to see their passwords.
Allow users to view and manage their own quarantine folders
When this option is enabled, users can view and manage incoming messages for them that were placed into quarantine. This allows them to reach the View My Quarantine page to release messages, delete them, and so on.
Allow users to modify their own quarantine settings
Click this option to allow each user to edit the quarantine settings located on the My Settings page.
Allow users to view a log of messages addressed to or from their account
This allows each user to view his or her account's message log via the View My Message Log link in SecurityGateway. All messages to or from that user's email address will be listed in the log.
Allow users to view message transcripts
When this option is enabled, users can view the transcript details for a message in their message log or quarantine. When disabled, only administrators can view the transcript. This option is disabled by default.
Allow users to search and view archived messages addressed to or from their account
By default users can search and view archived messages addressed to or from their account. Clear this check box if you do not with to allow them to do this.
Allow users to delete archived messages addressed to or from their account
Check this box if you with to allow users to delete archived messages addressed to or from their account. This option is disabled by default.
Allow users to disable anti-spam tests for messages addressed to their account
Click this option if you wish to allow users to disable anti-spam testing on messages that are addressed to their accounts. When a user disables anti-spam testing for his or her account on the My Settings page, this will prevent the DNSBL, URIBL, Heuristics and Bayesian, and Outbreak Protection spam tests from being performed.
Allow users to disable "Account Hijack Detection" for their account
By default, users cannot control whether or not their accounts are exempt form Account Hijack Detection. Enable this option if you wish to allow users to control that option.
Allow users to enable Two Factor Authentication
Check this box if you wish to allow users to configure their account to require Two Factor Authentication when signing into their SecurityGateway account. When enabled, and the user signs in from a browser using a secure HTTPS connection, the Two Factor Authentication page will appear under their My Account options. Two Factor Authentication is an extra layer of security that requires you to authenticate yourself a second time when signing in, using a different authentication method. For example, you might sign in using your password and then authenticate yourself the second time by using your device's fingerprint reader, or by entering a special security code generated by an authenticator app on your phone.
Allow WebAuthn for Two Factor Authentication
Check this box if you wish to allow users to utilize the Web Authentication API (also known as WebAuthn) for two factor authentication. WebAuthn allows users to use biometrics, USB security keys, Bluetooth, and more for authentication. They will use the options on their Two Factor Authentication page to set up their preferred authentication methods (that page is only available to users when they access SecurityGateway via HTTPS).
|
For security, you cannot use the same authentication method for both passwordless sign-in and two factor authentication. Therefore if you wish to use both, choose a different authentication method for each. Visit: webauthn.guide, for more information on WebAuthn and how it works. |
Allow users to enable Two Factor Authentication email verification
Check this box if you wish to allow users to enter an alternative email address into SecurityGateway when setting up Two Factor authentication, so that they can receive verification codes via email rather than having to use the Google authenticator app. Turn off this option if you do not wish to allow verification codes via email.
Two Factor Authentication verification code sent over email expires after: [xx] minutes
When receiving Two Factor authentication codes via email, this is how long the user will have to enter the code before it expires. By default this is set to 10 minutes.
Require users to enable Two Factor Authentication
Check this box if you wish to require all users to use Two Factor Authentication when signing in. When this option is enabled, the first time a user signs in he will be presented with a Setup 2FA page.
Allow users to be remembered per device (requires HTTPS)
When this option is enabled, A "Remember me on this device" option will be displayed on the sign-in page whenever a user connects via a secure HTTPS connection. If a user checks the box, from that point forward he will be signed in automatically whenever he opens SecurityGateway on the same device, as long as simply closes his browser when he is finished rather than using the "Sign Out" option. If he signs out then he will have to sign in again the next time he connects. The user will be remembered for the number of days specified in the Number of days... option below. After that, he will be required to sign in again. This option is disabled by default. NOTE: A "Do not remember me on this device/browser" option will be available on the user's My Account » Settings page whenever the Remember Me option is active on their current device or browser. They can click that link to cancel Remember Me on the device.
Number of days users will be remembered (from 1 to 365)
When using the Allow users to be remembered per device option, this is the number of days that the user will be remembered before being required to sign in again. This is set to 30 days by default.
Sign-in Options
Display the "Forgot Password" link on the Sign-in screen
By default, a "Forgot Password" link appears on the Sign-in page, which can be used to email a link to the user to change his or her password. The link will be emailed to the address associated with the SecurityGateway user account. Clear this checkbox if you do not wish to display the "Forgot Password" link on the Sign-in page.
Allow WebAuthn at Sign-In
Check this box if you wish to allow users to sign in utilizing the Web Authentication API (also known as WebAuthn), which gives them a secure, passwordless sign-in experience, by allowing them to use biometrics, USB security keys, Bluetooth, and more for authentication. Users can register their passwordless sign-in credentials on their My Account » Settings page.
|
Visit: webauthn.guide, for more information on WebAuthn and how it works. |
Show the below administrator contact information on the Sign-In screen
Activate this option and enter some text in the box below if you wish to include some administrator contact information or links on the Sign-in page. The text you enter in the box can contain some HTML, such as anchors and images.
Defaults
Do not perform anti-spam tests for messages addressed to this account
Check this box if you wish to require This option governs the default setting of the user option of the same name on the My Settings page. When it is enabled, by default the server will not perform DNSBL, URIBL, Heuristics and Bayesian, and Outbreak Protection spam tests on messages addressed to the accounts.
Disable "Account Hijack Detection" for this account
Enable this option if by default you wish to exempt accounts from the Account Hijack Detection feature. Exemption could be necessary for accounts that legitimately send high volumes of mail in short periods of time. You can set this option for individual accounts on the Account Settings page.
Automatically allowlist addresses user send mail to
This option governs the default setting of the Automatically allowlist addresses I send mail to option under each user's My Settings page. When that is enabled for a user, every address to which that user sends a message will be added to his or her addresses allowlist, reached via the Allowlist link. This will help to ensure that future incoming messages to that user from those addresses will not get flagged as spam erroneously.
By default, all new passwords are required to be a minimum of eight characters and include at least one of each of the following:
•Upper case character
•Lower case character
•Number
•Special character (e.g. ;,_.?/-=)
There is a Do not require a strong password for this account option, located on the User Edit page, that you can use to exempt a user from this requirement.
When to display statistics graphs
Use this option to choose when the statistics graphs will be displayed on the Dashboard and Landing page. You can choose Automatic, Always, Manual, or Never.
Language
Use this drop-down list to set the default language that the server will use when it sends system-generated messages. There is a corresponding user option that individuals can use to override this setting for themselves.
Check passwords against a compromised password list from a third-party service
SecurityGateway can check a user's password against a compromised password list from a third-party service, and it is able to do this without transmitting the password to the service. If a user's password is present on the list it does not mean the account has been hacked. It means that someone somewhere has used an identical password before and it has appeared in a data breach. Unique passwords that have never been used anywhere else are more secure, as published passwords may be used by hackers in dictionary attacks. See Pwned Passwords for more information.
Use the drop-down to select how often you wish to check a password against the list since the last time that password was checked. You can choose:
•Never (Passwords are not checked against the list. This is the default setting.)
•A day since last checked
•A week since last checked
•A month since last checked
Number of items displayed per page
This option determines how many items to display per page when a user is logged into SecurityGateway, such as addresses in the allowlist, entries in the message log, and so on. At the bottom of each page there are controls that can be used to move through the additional pages when there are too many items to display on a single page. The default value for this option is 50.
Terms of Use
Require user to accept terms of use below before they can login
Enable this option and enter text into the box, such as a terms of use statement, if you wish to require users to accept the text each time they log in to SecurityGateway. The user can accept the statement by checking a box.
New Users
Send welcome message to new users
Enable this option if you wish to send a "welcome" message whenever a new user is created. This message provides a link to SecurityGateway so that the users can log in and manage their account preferences and quarantine folder. This option is disabled by default.
Send an alert to global administrators when a new user is created
Check this box if you wish to send a message to the global administrators whenever a new user account is created.
Check new user's password against 3rd party compromised password list
When this box is checked, the "Check passwords against a compromised password list..." option above will be used for a new user's password.
Allow user mailbox name to contain plus (+) character
Enable this option if you need to create users for which the mailbox name contains a plus (+) character. If enabled, those mailboxes will not be considered sub-address aliases. For example, frank.thomas+billing@example.com will be considered its own user rather than an alias of frank.thomas@example.com (see Subaddressing below).
Subaddressing (also known as plus addressing) is a method commonly used for appending a tag or folder name to an email address. Using this system, messages addressed to user+tag@domain (e.g. frank.thomas+billing@example.com) can be routed automatically to the account's folder that is included in the address. Some email servers will do this automatically, some will simply treat the address as an alias, and still others may not support subaddressing at all, treating the address as a regular email address rather than an address plus a tag.
For example, on a server that supports subaddressing, if frank.thomas@example.com has an IMAP mail folder called "billing," then an email arriving addressed to "frank.thomas+billing@example.com" would be delivered to Frank and routed automatically to that specific folder. If the server treats subaddresses as an aliases, then the message would simply be delivered to Frank's Inbox (however Frank could create an email filter to automatically place that message into his "billing" folder). If the server doesn't support subaddressing, then the message would be rejected, treating it as if it were addressed to an unknown user called, "frank.thomas+billing".
In SecurityGateway, when an incoming message is for that type of address, SecurityGateway checks to see if a user exists with that exact mailbox name including the "+" character, or if it is a subaddress alias of a user. If no user or alias is found, or if the user is found but it is time to re-verify them, then the appropriate user verification source will be queried. The user verification source query will use the full address received by SecurityGateway. This is done to ensure that the mail server will accept the address. If the address is verified, then SecurityGateway will create a new user or an alias of the user as needed.
Finally, when delivering the message to the domain mail server, SecurityGateway will always use the full email address that was included in the original message, e.g. "frank.thomas+billing@example.com".
If you select a specific domain in the "For Domain:" drop-down list box at the top of the page when configuring these settings, that domain will be listed here after saving the settings. Click the View/Edit link for the corresponding domain to review or edit its User Options settings, or click Reset to reset the domain's settings to the default Global values.
