Trustwave Secure Email Server

Version: 5.8, Last Revision: June 15, 2017

These notes are additional to the Trustwave SES User Guide and supersede information supplied in that Guide.

The information in this document is current as of the date of publication. To check for any later information, please see Trustwave Knowledge Base article Q12026.

What's New
Installation Notes
Upgrading Trustwave SES
Uninstalling
Hardware and Software Requirements
Change History

What's New

See the Change History for additional minor features and bug fixes.

Features New in Trustwave Secure Email Server 5.8

Updated Encryption Standards Support: Version 5.8 supports S/MIME Suite B. This version of Secure Email Serve is not compatible with any earlier version of Secure Email Server.
Updated Operating System Support: Version 5.8 supports installation on Windows 2012 and Windows 2012 R2. See the Hardware and Software Requirements section for a complete list of supported Operating Systems and Service Packs.

Features New in MailMarshal Secure Email Server 5.7

Updated Operating System Requirements: Version 5.7 server components must be installed on Windows 2008 (SP2) or Windows 2008 R2. See the Hardware and Software Requirements section for a complete list of supported Operating Systems and Service Packs.
Updated SQL Server Version Support: Version 5.7 supports SQL 2008 and 2012 for Reporting and Certificate databases. SQL 2000 is no longer supported. See the Hardware and Software Requirements section for a complete list of supported versions.
Updated Encryption Algorithm Support: Support for SHA2 and AES algorithms.
Updated Secure Email Rule conditions: Detailed options are available when checking for certificate errors (for incoming and outgoing encryption processing). A new condition allows detailed checking of certificate errors for message signing.

Features New in MailMarshal Secure Email Server 5.6

Trustwave SES (Secure Email Server) is a SMTP content analysis server, specifically designed to implement S/MIME encryption and signing functions.

Installation Notes

For installation scenarios, see the User Guide.
You can install Trustwave SES as a standalone gateway.
To implement a full Email Content Security gateway, use Trustwave SES in combination with Trustwave SEG or MailMarshal SMTP (6.4.5 or above).

Upgrading Trustwave SES

Trustwave SES 5.8 does not support direct upgrade of server components from any earlier version. You must perform a clean installation.
This requirement is due to the change to S/MIME Suite B and related technology changes.
Email sent through earlier versions cannot be processed by version 5.8.
Version 5.8 does not provide an installer for Reports. You can continue to use the Reports application distributed with version 5.7.

Uninstalling

You can cleanly uninstall the program as follows:

Make sure that all the services have been stopped including the SES Controller.
Close all Console and Configuration programs.
From the Windows Add/Remove Programs control panel, select Trustwave SES, and select remove.

To delete a Trustwave SES Certificate database, from a command prompt enter:

d:\>osql -U sa
Password:
1> drop database MailMarshalSESCertStore
2> go
Deleting database file 'C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\DATA\MailMarshalSESCertStore.mdf'.
Deleting database file 'C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\DATA\MailMarshalSESCertStore_log.LDF'.
1> exit

Substitute the name of your database. The file locations may differ. You may have two databases, one for Certificates and one for Logging/Reporting.

You may need to delete additional files from the original install path that have been created subsequent to the install by hand.
If you have installed Trustwave SES Reports or SQL Express, you can uninstall this software from the Windows Add/Remove Programs control panel.
If you have installed components on other workstations, remove them using the Windows Add/Remove Programs control panel on each workstation.

Hardware and Software Requirements

Hardware Required for Trustwave SES Server

Trustwave SES will run on any recent hardware designed for server installations. Hardware requirements naturally vary depending on the number of email users, the amount of email traffic, and other software that may be installed (such as Trustwave SEG or SQL with large reporting databases). The following minimum specifications are suggested as a guideline:

1,000 users: Dual core 2Ghz, 20 GB HD free, 3GB RAM
10,000 users: 4 cores 2.4 GHz, 100GB HD free, 4GB RAM

Sites with more than 10,000 users may require enhanced hardware. Trustwave SES supports multi-processor computers and various array implementations for very high traffic sites. Please contact Trustwave for a recommended configuration.

Note: Trustwave SES will not accept new messages if there is less than 100MB of free disk space available in the disk partitions where its working directories reside.

Trustwave SES server components require the following software

Windows Server 2012, Windows Server 2012 R2 or Windows Server 2008 R2.
SQL Server or SQL Express for the certificate database, and for logging if required.
- The minimum SQL version requirements are: SQL 2008 R2 SP2; SQL 2012 RTM; SQL 2014 RTM.
If you want to integrate Trustwave SES with Trustwave SEG using the "Return to Sender" delivery method, you must use Trustwave SEG/MailMarshal SMTP 6.4.5 or above.

Trustwave SES Client Tools (Configurator and Console) can be installed on the following

Windows 2012, Windows 2012 R2, Windows 2008 R2
Windows 7 or above

Notes:

The Trustwave SES installation will attempt to install some prerequisites if they are not present. Trustwave recommends that you install the pre-requisites prior to Trustwave SES installation so as to isolate any installation issues to the specific package.

Change History

5.8.1 (June 15, 2017)

MMS-269	Header decryption for specific messages could cause the decrypt service to stop. Fixed.
MMS-270	Sender and recipient properties in the envelope were changed unnecessarily. Fixed.
MMS-272	The default setting for newly imported certificates is "strip digital signature". This is the recommended setting to avoid the messages appearing as malformed to email clients.
MMS-274	In some cases where an attachment was an Office 2003 document containing an embedded Office 2007/2010 document, the message was deadlettered due to an unpacking problem. Fixed.
MMS-284	Crash dumps could be empty in certain cases. Fixed.

5.8.0.361 (May 19, 2016)

MMS-189	The product is rebranded as Trustwave Secure Email Server.
MMS-205	Cryptographic Providers are now split into Storage and Algorithm Providers.
MMS-238	Use of Proxy Certificates is not supported in version 5.8.
MMS-244	CRL checking for certificates with more than one CDP is improved.

5.7.2.9723 (May 1, 2013)

MMS-162	In release 5.7.0, the SES-specific performance counters were not available. Fixed. To resolve issues with the counters after upgrade, see Q15044.
MMS-164	Upgrading caused logging to be disabled due to an issue reading database credentials. Fixed.
MMS-165	Importing an invalid configuration could leave the installation in an unusable state. Fixed.
MMS-166	The "Active Sessions Total" performance counter did not decrement when a connection was closed. Fixed.

5.7.1.9707 (November 28, 2012)

MMS-159	Additional Rule Conditions have been added for Secure Email Rules to allow detailed checking of certificate errors when encrypting, decrypting, or signing a message.
MMS-160	Connecting to a SES 5.6 installation with a 5.7 Configurator could leave configuration in an unusable state. Fixed: Connecting from a mismatched Configurator is no longer allowed.
MMS-163	The micalg header was not set correctly for messages signed with sha-2 algorithms. Fixed.

5.7.0.9686 (September 3, 2012)

MMS-79	The Encryptor was checking the database for expired CRLs every 10 seconds. Fixed: the recheck time is now 1 minute.
MMS-100	The Configurator encountered an error when attempting Copy/Paste actions on certificates from the Harvesting folder. Fixed: Only Cut and Paste is allowed.
MMS-125	In version 5.6, upgrading between minor versions failed. Fixed.
MMS-127	MailMarshal SES now supports AES-128, AES-192, and AES-256 encryption algorithms (when using Windows 2008 and Microsoft Enhanced RSA and AES Cryptographic Provider v2).
MMS-129	The Receiver service could incorrectly detect that the mailbox name was too long (more than 255 characters). Fixed.
MMS-130	MailMarshal SES now supports SHA-2 algorithms (SHA-256, SHA-384, and SHA-512).
MMS-133	The MMEncrypt service did not generate a notification when deadlettering a message. Fixed.
MMS-138	Version 5.7 supports upgrade or migration from version 5.6.

5.6.0.5716 (August 8, 2010)

Initial release

Legal Notice

All rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or decompilation is strictly prohibited without the prior written consent of Trustwave. No part of this document may be reproduced in any form or by any means without the prior written authorization of Trustwave. While every precaution has been taken in the preparation of this document, Trustwave assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

While the authors have used their best efforts in preparing this document, they make no representation or warranties with respect to the accuracy or completeness of the contents of this document and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the author nor Trustwave shall be liable for any loss of profit or any commercial damages, including but not limited to direct, indirect, special, incidental, consequential, or other damages.

Trademarks

Trustwave and the Trustwave logo are trademarks of Trustwave. Such trademarks shall not be used, copied, or disseminated in any manner without the prior written permission of Trustwave.

About Trustwave®

Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.