Access / Authentication
The Web Authentication settings allow you to configure and manage the user authentication method for each internal domain to access the GUI.
Go to Settings > Access/Authentication. Edit <DomainAddress or URL of a particular network.> pop up is displayed.
Select your authentication method
The following authentication methods are supported:
Internal
This is the default authentication method.
GFI MailSecurity generates a unique password for each internal email address for which it processes mail.
If you forget your password you can receive it via email by clicking the Forgot your Password? link on the Login page and entering your email address. You can then change your password after logging in.
Internal is the Default authentication method
LDAP
Here you can specify an external LDAPLightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an (IP) network. enabled directory to authenticate and authorize users on a per-domain basis. GFI MailSecurity can be configured to support any LDAP compliant director including Microsoft Active DirectoryA technology that provides a variety of network services, including LDAP-like directory services., Lotus Domino, SunOne/iPlanet Directory Server and Novell eDirectory.
To authenticate with an external LDAP server you can specify LDAP as the Authentication Method for that domain and enter the LDAP server details.
The following table describes the LDAP fields to be entered:
| LDAP Settings | Description |
|---|---|
| LDAP Server | The name of the LDAP server that GFI MailSecurity attempts to connect to for authentication purposes. |
| LDAP Port | The port GFI MailSecurity uses to connect to the LDAP server for authentication purposes. This is set to 389 by default. |
| LDAP Anonymous Search | Some LDAP directories require a valid username/password to bind to the server in order to perform LDAP searches. Use this drop-down list to specify if anonymous bind is allowed to the LDAP server. |
| LDAP Search User DNDN stands for Distinguished names. The DN is the name that uniquely identifies an entry in the directory. | If anonymous bind is not permitted then you must specify the DN of the user that is used to bind to the Directory server specified in the LDAP server and port field as administrator. This is usually an email address or directory object of the form: cn=user,dc=company,dc=com. |
| LDAP Password | This field contains the password for the administrator profile specified in the LDAP Search User DN field. |
| LDAP Query |
This field specifies the attribute that contains the username of the person authenticating. The default is mail=%%EMAIL%% (here %%EMAIL%% is replaced with the email of the user authenticating. For example, if the email address of the authenticating user is joe@domain.com then %EMAIL%% is replaced with joe@domain.com. Similarly, %%USER%% can be used to specify the left-hand side of the email address. |
| LDAP Search Base | This field specifies the point of commencement of the search in the directory. If the LDAP server is able to determine the defaultNamingContext (Active Directory only) then you can specify %%defaultNamingContext%% and the authentication module determines this before doing the search. |
Enter the fields on this pop up. See the above table for help
SQL Server
SQL Authentication allows you to perform authentication against an external SQL server. Specify SQL as the Authentication Method and enter the credentials that the appliance uses to connect to the SQL server.
The following table describes the SQL authentication settings:
| SQL Settings | Description |
|---|---|
| SQL Database | This field specifies the SQL database type. |
| SQL Server | The IP address or hostname of the SQL server that GFI MailSecurity attempts to connect to for authentication purpose. |
| SQL Port | The port GFI MailSecurity uses to connect to the SQL Server for authentication purpose. This is set to 3306 by default. |
| SQL Username | The username used to connect to the SQL server in order to perform the authentication. |
| SQL Password | The password associated with the username. |
| SQL Database Name | The field contains the name of the database containing the authentication tables. |
| SQL Table | The SQL table to be queried for the authentication. |
| SQL Email Column | The column that contains the list of email addresses. |
| SQL Password Column | This field specifies the column that contains the password. |
| SQL Password Type | The password may be stored in plaintext format, or as a MD5 checksum, or encrypted. |
Enter the fields on this pop up. See the above table for help
POP3
When authentication against a POP3 server is enabled, users attempting to login to the GUI have their credentials authenticated via a POP3 server.
Enter the fields on this pop up. See the above table for help
The following table describes the POP3 authentication settings:
| POP3 Settings | Description |
|---|---|
| POP3 Server | The IP address or hostname of the POP3 server that GFI MailSecurity attempts to connect to for authentication purposes. |
| POP3 Port | The port GFI MailSecurity uses to connect to the POP3 server for authentication purposes. This is set to 110 by default. |
| POP3 Address Type | This is the format required by the pop3 server for the username. If the pop3 server requires only the mailbox name for authentication, then select the user. GFI MailSecurity then truncates the domain name from the user supplied email. |
IMAP
Enter the fields on this pop up. See the above table for help
The following table specifies the IMAP fields to be entered if using IMAP as the authentication method for the GUI:
| IMAP Settings | Description |
|---|---|
| IMAP Server | The IP address or hostname of the IMAP server that GFI MailSecurity attempts to connect to for authentication purposes. |
| IMAP Port | The port used by GFI MailSecurity to connect to the IMAP server for authentication purposes. This is set to 143by default. |
| IMAP Address Type | This field specifies the format expected by your IMAP server. Some IMAP servers require the credentials to be specified as an email address, while others require just the left-hand side of the email address (the username). |
You can use the Test Authentication feature on the Settings > Access/Authentication page to ensure that your settings are correct.
To test Authentication, enter the Email Address and Password of a user to test in the Test Authentication section and click Test.
GFI MailSecurity determines the authentication method to use for that domain and validate the supplied password.