Getting Started

1. Access Hermes SEG Administrator Console

The Hermes SEG appliance has a default IP address of 192.168.69.254 and a subnet mask of 255.255.255.0. Access the Hermes SEG Administrator Console by any of the following 2 methods:

Method 1

  1. Temporarily set a workstation to the 192.168.69.0/24 (255.255.255.0) network and give that workstation an IP address on that network, for example 192.168.69.100. Connect that workstation on the same network segment as the Hermes SEG appliance and ensure you can ping the appliance and then access the Hermes SEG Administrator Console Web GUI at https://192.168.69.254:9080/admin/logon.cfm with the following credentials:

Username: admin
Password: ChangeMe2!

  1. On initial login to the Hermes SEG Administrator Console, the system will automatically navigate you to the System Settings page in order to set the MySQL Database Credentails.

Method 2

  1. Login to the Hermes SEG appliance through the Vmware console with the following credentials (Figure 2):
Username: hermes
Password: ChangeMe2!
 
Figure 2

 

  1. Become root by issuing the following command and entering the ChangeMe2! password again
sudo su
  1. Edit the /etc/network/interfaces file with vim
vi /etc/network/interfaces
  1. Adjust the network settings to match your network (Figure 3)

Figure 3

  1. Save the file
  2. Restart networking
ifdown ens160 && ifup ens160
  1. Testing network by pinging IP address 8.8.8.8
  2. Access the Hermes SEG Administrator Console Web GUI at https://<ipaddress>:9080/admin/ where <ipaddress> is the IP you set in Step 4 with the following credentials:

Username: admin
Password: ChangeMe2!

  1. On initial login to the Hermes SEG Administrator Console, the system will automatically navigate you to the System Settings page in order to set the MySQL Database Credentails.

2. Set System Settings MySQL Database Credentials

  1. If this is a brand new installation, Do NOT fill in Postmaster E-mail Address field yet. If this is a system restored from backup, DO fill in the Postmaster E-mail Address field with an email address that contains a domain that your system relays e-mail.
  2. Do NOT fill in the Admin E-mail Address field yet.
  3. Fill in the MySQL Hermes Database Username (Default Username is hermes).
  4. Fill in the MySQL Hermes Database Password (Default Password is pdT63m5C205AiuSu1bey).
  5. Fill in the MySQL Djigzo Database Username (Default Username is djigzo).
  6. Fill in the MySQL Djigzo Database Password (Default password is DwRV08foKDrZCeYIvfIm).
  7. Fill in the MySQL SysLog Database Username (Default Username is rsyslog)
  8. Fill in the MySQL SysLog Database Password (Default Password is fs82UL4oFtwzk6vGclvV).
  9. Click the Save Settings button (Figure 4).

Figure 4

3. Set Network Settings

  1. Navigate to System --> Network Settings (Figure 5)

Figure 5

 

  1. Select the Network Mode. It's highly recommended that the Network Mode is set to Static.

Note the steps below assume you have set a Network Mode of Static

  1. Fill in the Host Name field. Ensure you enter only the name without the domain part. For example, if the FQDN of your Hermes SEG appliance is going to be smtp.domain.tld, then in the Host Name field you will simply enter smtp without the domain part.
  2. Fill in the Primary Domain Name field. For example, if the FQDN of your Hermes SEG appliance is going to be smtp.domain.tld, then in the Primary Domain Name field you will simply enter domain.tld.
  3. Fill in the Hermes SEG appliance IP Address, select the appropriate Subnet Mask for your network, fill in the Gateway and DNS1. If applicable, fill in DNS2 and DNS3 fields.
  4. Click on the Save Settings button. Once the settings are saved, they will not take effect until you click on the Apply Settings button.
  5. Click on the Apply Settings button.
  6. Since you chaged the Hermes SEG IP Address, the system will appear not to be responsive and your browser will most likely time out. Now, you must access the Hermes SEG Administrator Console Web GUI at https://<ipaddress>:9080/admin/ where <ipaddress> is the IP you set in Step 6.

4. Setup Relay Domains

In order for Hermes SEG to deliver email, you must first set the domain(s) that Hermes SEG will process email for along with their corresponding email server(s). You can add as many domains and email servers as required. An email server can be configured as an IP address or a Host Name as long as the Hermes SEG can reach it over Port TCP/25. Multiple domains can be pointed to the same email server if necessary.

  1. From the Hermes SEG Administrator Console, navigate to Gateway --> Relay Domains
  2. Under the Relay Domain Destination Type, select whether you are adding an IP Address Destination to an email server or a Host Name Destination to an email server.

If you are adding an IP Address Destination

In the Relay Domain field enter the domain name, in the IP field enter the email server's IP address, in the Port field enter the email server's port number (if other than 25) and click the Add button (Figure 6).

Figure 6

If you are adding a Host Name Destination

In the Relay Domain field enter the domain name, in the Host field, enter the email server's Host Name part of the FQDN address (without the domain part), in the Domain field, enter the email server's domain part of the FQDN address, in the Port field enter the email server's port number (if other than 25), check the MX Lookup checkbox if necessary and then click the Add button (Figure 7).

Figure 7

4. Set System Settings Postmaster & Admin E-mail Address

  1. From the Hermes SEG Administrator Console, navigate to System --> System Settings.
  2. Fill in Postmaster E-mail Address field with an email of a domain you setup in Step 3 above.
  3. Fill in the Admin E-mail Address field with an email of domain outside of the system (i.e. a domain that the system does not relay email Ex: someone@hotmail.com).
  4. Click the Save Settings button.

5. Setup Relay IPs & Networks

In addition to inbound email, if the email server(s) you added will also be sending outbound email through the Hermes SEG (recommended), you must allow their IP address(es) to send (relay) email through the Hermes SEG.

  1. From the Hermes SEG Administrator Console, navigate to Gateway --> Relay IPs & Networks
  2. Ensure IP Address is selected and the under the IP Address field enter the IP Address of the email server that you want to allow to send email through the Hermes SEG, under the Note field, enter a short description identifying the email server (ensure that you don't use any spaces or special characters in the Note field) and click the Add button (Figure 8)

Figure 8

  1. Repeat as necessary for every email server that you want to allow to send outbound email through the Hermes SEG.
  2. As you add entries, you will notice that each entry shows up under the Permitted Relay Ips/Networks to be added section (Figure 9)

Figure 9

 

  1. After you are finished adding all your permitted email servers, you must apply the settings in order for the changes to take effect. On the bottom of the page, click on the Apply Settings button (Figure 10)

Figure 10

5. Initialize Pyzor and Vipul's razor

Pyzor is a collaborative, networked system to detect and block spam using digests of messages. Vipul's Razor is a distributed, collaborative, spam detection and filtering network.

Hermes SEG uses both of these components for better spam detection. Both of these components must be initialized before Hermes SEG can use them.

Initialize Pyzor

  1. From the Hermes SEG Administrator Console, navigate to Content Checks --> Initialize Pyzor and click on the Initialize Pyzor button. Wait for successful completion before proceeding further (Figure 11).

Figure 11

Initialize Vipul's Razor

Before attempting to initialize Vipul's Razor, ensure the Hermes SEG has outbound Internet access. Initialization can take a few minutes to complete, so please be patient.

  1. From the Hermes SEG Administrator Console, navigate to Content Checks --> Initialize Vipul's Razor and click on the Initialize Razor button. Wait for successful completion before proceeding further (Figure 12).

Figure 12

6. Clear Bayes Database

The Bayes Database tries to identify spam by looking at what are called tokens; words or short character sequences that are commonly found in spam or ham.

On a new Hermes SEG installation, it's always best to ensure a clean Bayes Database before you start processing email.

  1. From the Hermes SEG Administrator Console, navigate to Content Checks --> Clear Bayes Database and click on the Clear Database button. Wait for successful completion before proceeding further (Figure 13).

Figure 13

 

7. Add Internal Recipients Manually

Hermes SEG requires a listing of Internal Recipients in order to process incoming email and deliver that email to the correct recipient mailboxes which are located on an email server(s) which were previously specified on Section 2 Setup Relay Domains of this guide above, The system will ONLY allow you to add recipients with domains that were specified under Section 2 Setup Relay Domains of this guide above.

This method will allow you to add Internal Recipients manually one by one. Hermes SEG also supports automatic import of recipients via AD/LDAP but that feature is only available with Hermes SEG Pro License. If you have a SEG Pro License and you wish to utilize AD/LDAP Recipient import, please see Section 7 Add Internal Recipients Automatically with AD/LDAP Directory of this guide below.

  1. From the Hermes SEG Administrator Console, navigate to Gateway --> Internal Recipients
  2. Under the Manually Add Internal Recipient section, enter a valid email address in the Internal Recipient E-mail Address field and click the Add button. Add as many email addresses as necessary. As you add Internal Recipients, you will notice that each email address is populating the Internal Recipients to be added section (Figure 14).

Figure 14

  1. Once you have finished adding all the Internal Recipients, click on the Apply Settings button on the bottom of the page in order to apply your changes (Figure 15)

Figure 15

8. Add Internal Recipients Automatically with AD

Hermes SEG requires a listing of Internal Recipients in order to process incoming email and deliver that email to the correct recipient mailboxes which are located on an email server(s) which were previously specified on Section 2 Setup Relay Domains of this guide above, The system will ONLY allow you to add recipients with domains that were specified under Section 2 Setup Relay Domains of this guide above.

This method will allow you to add Internal Recipients automatically via an AD connection. Please note, this feature is ONLY available if you have a Hermes SEG Pro License.

In order to import Internal Recipients via AD, you must first create an AD connection. In order to create an AD connection, you must first  validate the connection and once succesful, you will be able to save the connection.

Validate & Save AD Connection

  1. From the Hermes SEG Administrator Console, navigate to System --> AD Integration
  2. Under the Connection Mode section, you will notice that ONLY the Validate Connection is enabled and selected. The Save Connection option is not available because the connection has not been validated yet
  3. Under the Connection Name field, enter a descriptive name for the connection
  4. Under the Domain Controller field, enter the IP or the FQDN of a domain controller or simply enter the FQDN of your domain so you don't bind the connection to just one domain controller
  5. Under the Distinguished Name field, enter the DN of the recipients locations, or you can simply enter the DN of the entire domain. For example, if your domain is east.domain.tld, your DN should be DC=east, DC=domain, DC=tld. Ask your Administrator if you have any questions
  6. Under the Netbios Domain Name enter your domain Netbios name. For example, if your domain is east.domain.tld, your netbios domain could simply be DOMAIN. Ask your Administrator if you have any questions
  7. Under the Username field enter a username that has access to enumerating user objects in your domain
  8. Under the Password field, enter the password for the username from Step 7
  9. If you wish to schedule the automatic import of Internal Recipients on a specified interval, ensure you check the Schedule SMTP Address Import checkbox and select the interval form the drop-down box and click the Submit button (Figure 16)

Figure 16

  1. If the AD connection validation is succesful, the system will then enable the Save Connection option under the Connection Mode section. If not, please check the provided information and try again.
  2. Once the Save Connection option is enabled under the Connection Mode section, select it and then click the Submit button again to save the connection (Figure 167)

Figure 17

  1. The connection you just added will now show up under the Delete Existing AD Connection(s) section. You can add as many AD connections as required (Figure 18)

Figure 18

Automatically Import Internal Recipients via AD Connection

  1. From the Hermes SEG Administrator Console, navigate to Gateway --> Internal Recipients
  2. Since you have added an AD connection from the previous steps, the Import from Active Directory option under the Add Internal Recipients section will now be enabled. Selecting the Import from Active Directory option will automatically populate the Import Internal Recipients from Active Directory drop-down with the Active Directory connection(s) you previously added. Ensure the correct connection is selected from the drop-down and click the Import button.
  3. The Internal Recipients to be added section, will automatically be populated with SMTP address(es) from Active Directory (Figure 19)

Figure 19

  1. Finally, click on the Apply Settings button on the bottom of the page to import all the recipients into your Hermes SEG (Figure 20)

Figure 20

9. Set Encryption Settings

  1. From the Hermes SEG Administrator Console, navigate to Encryption --> Encryption Settings.
  2. Fill in Encryption by e-mail subject keyword field or leave it set to default [encrypt].
  3. Select whether you wish to Remove the e-mail subject keyword after encryption or leave it to default Yes.
  4. Fill in the Secure Portal Address. The address should be the Internet accessible FQDN of the Hermes SEG system on port 9080 followed by /web/portal/. Ex: https://hermes.domain.tld:9080/web/portal/
  5. Fill in the PDF Reply Sender E-mail field. This must be an email address with a domain that Hermes SEG relays email. Ex: postmaster@domain.tld
  6. Click the  button for the Server, Client and Mail Secret Keyword fields to generate random keywords, or set your own 10-character minimum uppler/lower case letter/number keywords.
  7. Click on the Save Settings button (Figure 5).

Figure 5

 

10. Change the Hermes SEG Administrator Console admin Account Password

  1. From the Hermes SEG Administrator Console, navigate to System --> Change Password
  2. In the Existing Password field, enter the default password of ChangeMe2!
  3. In the New Password field enter the new password. Passwords must be at least 8 characters long, they must contain letters, numbers and special characters.
  4. In the Verify New Password field, repeat the new password you entered and click on the Change Password button (Figure 21)

Figure 21

Change the Hermes SEG Appliance System Password

  1. Launch and login to the Hermes SEG appliance through the Vmware console with the following credentials (Figure 22):
Username: hermes
Password: ChangeMe2!
 

Figure 22

  1. Become root by issuing the following command and entering the ChangeMe2! password again
sudo su
  1. Issue the following command to change the password
passwd hermes
  1. You will be prompted to Enter new UNIX password. Enter a new password and press enter.
  2. Next, you will be prompted to Retype new UNIX password. Repeat the password and press enter.
  3. You should get a confirmation message that password updated succesfully (Figure 23)

Figure 23

 

10. Change the Ciphermail Web GUI admin Account Password

  1. With your web browser navigate to https://192.168.69.254:9080/ciphermail and login with the following credentials (Figure 24):

Username: admin
Password: ChangeMe2!

Figure 24

  1. Once logged in, click on the Admin entry on the top menu and on the Administrators page, click on the admin username (Figure 25).

Figure 25

  1. In the Edit Administrator: admin page, enter a new password in the first Password field and then verify it in the second Password field and then click on the Apply button at the bottom of the page (Figure 26). Passwords must be at least 8 characters long, they must contain letters, numbers and special characters.

Figure 26

  1. Logout of the Ciphermail Web GUI by clicking on the Logout button on the left of the page (Figure 27).

Figure 27

11. Recommendations

Add Barracuda and Zen Spamhaus RBLs

  1. In order to use the Barracuda RBL you must first register for a free account. Goto http://www.barracudacentral.org/rbl and register for a free account.
  2. From the Hermes SEG Administrator Console, navigate to Content Checks --> RBL Configuration
  3. Under the Select the type of entry section, ensure Block List is selected. Under the Block List field enter b.barracudacentral.org, under the Weight field enter 3 and then click the Add button.
  4. Repeat Step 3 to add zen.spamhaus.org with a weight of 3 also (Figure 28)

Figure 28

  1. Finally, click on the Apply Settings button on the bottom of the page to apply the RBL changes (Figure 29)

Figure 29