System

Network Settings

In this section you can setup the Hermes SEG network settings such as Hostname, IP address, Subnet, DNS and gateway. It's highly recommended that the Network Mode be set to Static.

NOTE: This section requires any saved changes to be applied by clicking the Apply Settings button on the bottom of the page.

1. Network Mode

Network Mode can be set to Static or DHCP.

In Static mode, the following fields must be filled in manually (Figure 1):

Figure 1

image-1606010676804.png

In DHCP Mode, the following fields must be filled in manually and the rest of the settings will be automatically retrieved from a network DHCP server (Figure 2):

Figure 2

image-1606010944666.png

2. Host Name

This is the Network name you want to assign to the Hermes SEG without the domain part. For instance, if your host name is smtp.domain.tld, you would simply enter smtp in the Host Name field.

3. Primary Domain Name

This is the Domain name you want to assign to the Hermes SEG without the host part. For instance, if your host name is smtp.domain.tld, you would simply enter domain.tld in the Primary Domain Name field.

3. IP Address

This setting is valid only for Static Network Mode. Enter the IPv4 IP Address that you want to assign to the Hermes SEG.

4. Subnet Mask

This setting is valid only for Static Network Mode. Select the correct Subnet Mask for your network from the drop-down.

5. Gateway

This setting is valid only for Static Network Mode. Enter the IPv4 Gateway IP Address for your network.

6. DNS1

This setting is valid only for Static Network Mode. Enter the IPv4 IP Address of the primary DNS Server for your network.

7. DNS2

This setting is valid only for Static Network Mode. Enter the IPv4 IP Address of the secondary DNS Server for your network if applicable.

8. DNS3

This setting is valid only for Static Network Mode. Enter the IPv4 IP Address of the tertinary DNS Server for your network if applicable.

Console SSL Settings

NOTE: This feature is only available with Hermes SEG Pro License.

In this section you can specify a custom 3rd party CA certificate, private key and CA chain for the Administration Console as well as the User Self-Service Portal. Hermes SEG comes pre-configured with a self-signed certificate which is not ideal for a production systems since self-signed certificates generate browser errors. You will need PEM encoded certificates and an unecrypted Private Key.

A PEM encoded certificate is human readeable certificate that starts with:

-----BEGIN CERTIFICATE-----

and ends with

-----END CERTIFICATE-----

An unecrypted Private Key starts with:

-----BEGIN PRIVATE KEY-----

and ends with

-----END PRIVATE KEY-----

 

1. Certificate

  1. Under the Console SSL Settings, ensure you select 3rd Party Specified SSL Certificate. Once you make the selection, the Paste Contents of CertificatePaste Conents of Unencrypted Key and the Paste Conents of Root and and Int CA Certificate fields will become enabled.
  2. Open your PEM encoded certificate with a text editor and select and copy the entire contents of the file to include the  -----BEGIN CERTIFICATE-----  and the -----END CERTIFICATE----- lines.
  3. Under the Paste Contents of Certificate field, delete the existing contents so you are left with an empty field.
  4. Paste the contents of the file you copied from Step 2 into the empty Paste Contents of Certificate field.

2. Unecrypted Key

  1. Open your unecrypted key with a text editor and select and copy the entire contents of the file to include the  -----BEGIN PRIVATE KEY-----  and the -----END PRIVATE KEY----- lines.
  2. Under the Paste Contents of Unecrypted Key field, delete the existing contents so you are left with an empty field.
  3. Paste the contents of the file you copied from Step 1 into the empty Paste Contents of Unecrypted Key field.

3. Root and Int CA Certificate

  1. Open your PEM encoded CA Bundle certificate with a text editor and select and copy the entire contents of the file to include the  -----BEGIN CERTIFICATE-----  and the -----END CERTIFICATE----- lines. Please note that CA Bundle certificates usually include more than one certificate in a single file, so ensure you select ALL the certificates in the file.
  2. Under the Paste Contents of Root and Int CA Certificate field, delete the existing contents so you are left with an empty field.
  3. Paste the contents of the CA Bundle certificate you copied from Step 1 into the empty Paste Contents of Certificate field. 
  4. After pasting all the contents, click on the Save & Apply Changes button (Figure 1).

Figure 1

image-1606011319985.png

After you click the Save & Apply Changes button, the system will perform a validation on the certificate, private key and CA bundle combination. If you get a Success!! message, refresh your browser to see your new certificate. If there are errors, verify the contents you pasted in each field especially the Certificate and the Unencrypted Key fields since those seem to be the cause of most errors.

Admin Console Firewall

This feature is only available with Hermes SEG Pro License.

The Administration Console Firewall allows you to specify IP Address(es) that will be allowed access to the Administration Console independendent of the User Self-Service Portal. By default, all IP Addresses are allowed access to the Administration Console as well as the User Self-Service Portal.

The Administration Console is reachable through https://<ipaddress>:9080/admin/ where the User Self-Service Portal is reachable through https://<ipaddress>:9080/users/ where <ipaddress> is the IP address or the hostname of your Hermes SEG. By enabling the Administration Console Firewall, you will be restricting access ONLY to the https://<ipaddress>:9080/admin/ address.

For best security, it's recommended that you enable the Administration Console Firewall to restrict access only to specified IP addresses.

Note: In order to prevent a lockout of the Administration Console, the system will not allow you to enable the Administration Console Firewall unless the IP address that you are accessing the the Administration Console from is in the list of Allowed IP Addresses. Additionally, it will not allow you to Delete the IP address you are accessing the Administration Console from from the list of Allowed IP Addresses.

  1. Before the system will allow you to enable the firewall, you must first enter the IP Address that you are accessing the Administration Console from, which can be found on the top right corner of the page next to the Your IP Address is section (Figure 1)

Figure 1

image-1606011553076.png

  1. Enter your IP Address the under the IP Address to be allowed section and then click the Add IP button (Figure 2).

Figure 2

image-1606011599295.png

  1. Repeat for as many IP addresses as required.
  2. As you add each IP address, they will show up under the Allowed IP Addresses section (Figure 3)

Figure 3

image-1606011713599.png

  1. Once you are finished adding IP address(es), on the top of the page, under the Firewall Status section, select the Enabled option and click the Save Settings button (Figure 4).

Figure 4

image-1606011775106.png

  1. Test your firewall by attempting to access the Administration Console https://<ipaddress>:9080/admin/ (where <ipaddress> is the IP address or the hostname of your Hermes SEG) from an IP Address that you did NOT allow in Administration Console Firewall. You should a You are not authorized to access this system message (Figure 5)

Figure 5

image-1606011866491.png

 

AD Integration

NOTE: This feature is only available with Hermes SEG Pro License.

Hermes SEG requires a listing of Internal Recipients in order to process incoming email and deliver that email to the correct recipient mailboxes which are located on an email server(s) which are specified under the Gateway --> Relay Domains part of the system.

Hermes SEG allows you to connect to Active Directory in order to automatically import the SMTP email addresses of your Active Directory users without having to manually input each one. The system will create Internal Recipients from each SMTP address it imports automatically. The import process can also be set to run at a scheduled interval so user additions or deletions will automatically be handled by Hermes SEG without manual intervention.

In order to import Internal Recipients via Acive Directory you must first create an AD connection. In order to create an AD connection, you must first  validate the connection and once succesful, you will be able to save the connection.

Add AD Connection

  1. Under the Connection Mode section, you will notice that ONLY the Validate Connection is enabled and selected. The Save Connection option is not available because the connection has not been validated yet
  2. Under the Connection Name field, enter a descriptive name for the connection
  3. Under the Domain Controller field, enter the IP or the FQDN of a domain controller or simply enter the FQDN of your domain so you don't bind the connection to just one domain controller.
  4. Under the Distinguished Name field, enter the DN of the recipients locations, or you can simply enter the DN of the entire domain. For example, if your domain is east.domain.tld, your DN should be DC=east, DC=domain, DC=tld. Ask your Administrator if you have any questions
  5. Under the Netbios Domain Name enter your domain Netbios name. For example, if your domain is east.domain.tld, your netbios domain could simply be DOMAIN. Ask your Administrator if you have any questions
  6. Under the Username field enter a username that has access to enumerating user objects in your domain
  7. Under the Password field, enter the password for the username from Step 7
  8. If you wish to schedule the automatic import of Internal Recipients on a specified interval, ensure you check the Schedule SMTP Address Import checkbox and select the interval form the drop-down box and click the Submit button (Figure 1)

Figure 1