Postini releases version 6.11

Release Date: Targeted for end of July 2007

These early access release notes describe new features in Release 6.11 for Postini Email Security, Message Archiving, Policy Enforced TLS, and IM Security. This information is subject to change. The updated release notes will be sent on the day of the release and posted to the Postini Support Portal.

Following topics are covered in these Release Notes:

• Email Security
• Message Archiving
• Policy Enforced TLS
• IM Security
• Batch Command and Field Updates

Email Security

Release 6.11 adds several important new features for Postini Email Security (formerly referred to as Perimeter Manager), including new Attachment Manager features, Message Center improvements, Directory Sync support for IBM Lotus Domino, Directory Sync alerts, changes to authorizations and batch fields, and a new Outbound Configuration Guide.

After the day of the release, you may find detailed information on features in the Email Security Administration Guide.

New Service Name
The Perimeter Manager email protection service is now named Postini Email Security.

Attachment Manager
With Release 6.11, Attachment Manager binary scan feature now recognizes/identifies Microsoft Office 2007 file types.

In an upcoming maintenance release, Attachment Manager will include these enhancements:

• The Administration Console will have an org level control for turning on and off Attachment Manager container cracking (this control is "on" by default).
• Administrators will have the ability to turn binary scanning on and off (this control is "off" by default).
• Additional file types are now supported in the list of executables, compressed files, and Microsoft Office documents.

Message Center
Release 6.11 adds several improvements to Message Center, including general navigation enhancements, and a new User Access permission to control the ability to view images, attachments, and links.

General Navigation Improvements
Message Center includes several navigation improvements for ease of use based on customer feedback.

You can access search controls by clicking the Search icon in the upper-left corner of the quarantine. Additionally, the "Deliver Selected" control is moved to the upper-right corner of the page, the Show Recipients control is now located at the top of the From column in the quarantine, and users can now sort their messages by the Block Reason column.

Additionally, the date in the far-left column has been changed to a shorter format (for example, 6/28/07 10:00 AM). Rolling over the date provides the full format (day of the week, date, time of day, and time zone).

Changes to the Junk Email Blocking Page
Activated / Deactivated toggle links are now used for settings on the Junk Email Blocking page.
Additionally, a drop-down list is provided for Overall Junk Filter settings, and radio buttons are now used for category filters (rather than the sliders that were used in previous releases). Users' filtering levels are unchanged.

Threat Protection Updates
This release includes improvements to Postini's operational processes which enable accelerated responses to emerging attacks. Targeted filters are now released more rapidly to combat zero-hour spam and virus threats.

Directory Sync
Support for IBM Lotus Domino
Directory Sync now includes support for IBM Lotus Domino and IBM Tivoli directory servers. Directory Sync automates user management by securely connecting to your LDAP directory server and mapping your user hierarchy to the Postini services.

Directory Sync Alerts
If Directory Sync tries to synchronize with your directory server and fails during a scheduled synchronization, Directory Sync now sends an alert to the address listed for Summary Reports. This Alert contains information on why the synchronization failed, which allows further troubleshooting.

Scheduled Synchronization Improvements
Setting up Directory Sync synchronization to run automatically is now easier. If an automated message fails for any reason, you'll receive an alert to the email address you set up, providing details of what caused synchronization to fail. Also, the date format for scheduling now matches the time zone of the organization.

New Authorization Privileges
Release 6.11 includes new authorization privileges and changes to existing privileges.

Changes include:

• A new Message Center authorization privilege for viewing images, attachments, and links.

Several authorization privileges also have new names, including the following:

• "Assign domains" is now "Manage Domains".
• Billing Statements privilege is now called the Usage Statements privilege.
• The Industry Specific privilege is the Industry Heuristic privilege.
• External Encryption Management and Outbound External Encryption have changed to be Message Encryption Management and Outbound Message Encryption privileges.
• The Archive Resend privilege is now the Archive Recover privilege.

New Outbound Services Configuration Guide
The Postini Outbound Services Configuration Guide provides step-by-step instructions on how to configure the most popular mail servers for Postini Outbound Services for Email Security. This replaces the numerous Knowledge Base articles, and also provides an overview of the outbound configuration.

Message Archiving

New Service Name
The Postini Archive Manager service is now named Postini Message Archiving.

New Service Packages
Postini Message Archiving is now available in three packages: Basic, Standard, and Professional. As a current Message Archiving customer, you continue to receive all features and options, which now form the Professional package.

Search Panel and Other Enhancements

• The search panels have been reorganized for easier and quicker searching, and the search results display has been streamlined for quicker browsing.
• A new Actions menu in the upper-left corner of Message Archiving screens provides quick access to common options, including navigating between results and search panels, using search shortcuts, and exporting messages from the archive.

Policy Enforced TLS

TLS Certificate Validation
Policy-Enforced TLS now includes the ability to analyze and validate TLS certificates to block messages with malformed or spoofed certificates. You can set Policy-Enforced TLS to verify the format of the certificate, or to examine the trusted source or domain within the certificate. You can specify different settings for each domain. Configure the TLS Certificate Validation feature under Outbound Servers > TLS in the Administration Console.

New settings are Verify Certificate, Domain Check, and Trust Check. Verify Certificate confirms that the certificate has proper form and syntax. Domain Check verifies the certificate, and also verifies that the sender's domain matches the domain in the certificate. Trust Check verifies the certificate and the domain, and also examines the certificate to confirm that the trust who signed the certificate is correct.

Note: Trust Check and Domain Check will fail if the domain listed in the certificate does not match the MX hostname, and will only work with certificates that declare hostnames, rather than IP addresses.

IM Security

New Service Name
The Perimeter Manager for IM service is now named Postini IM Security.

Support for Yahoo Messenger File Transfer
For Release 6.11, IM Security will support Yahoo Messenger file transfers for IM users.

Batch Command and Field Updates

Release 6.11 includes the following new batch commands and field updates:

Postini Message Encryption
The encryption modify_org command has two updates:

• The encryption modify_org command has a default service parameter and a criteria header string parameter added to the syntax.
• The encryption modify_org command no long requires IM Management authorization to run.

Policy Enforced TLS

• The domain_tls add, domain_tls delete, domain_tls display, and domain_tls modify commands have additional authorization requirements. For domain_tls add, domain_tls delete, and domain_tls modify, inbound or outbound TLS privileges must be modifiable. For domain_tls display, read privileges are required for inbound or outbound TLS.
• The org and user ext_encrypt fields are now called message_encryption. The displayorg and displayuser commands will reflect this change as well as any reports output.
• A new public org-level field, message_encryption_criteria, holds a string the administrator uses to determine whether to encrypt a message.

Postini IM Security

• For IM Security, the org_im_settings modify command and the file_transfer_receive and file_transfer_send fields can now perform a Yahoo! IM file transfer.

Postini Email Security

• The Approved and Blocked Senders lists can now add and remove user addresses with '$' symbols. Additionally, related to several fields giving status of different notifications, notification files are now limited to 500 KB.
• The password_policy update command has an updated syntax:
  
  password_policy update org=<org name> | iid=<org id> [, min_length=<1 - 10 | null >] [, required_complexity=<no | yes | null>] [, max_login_attempts=<1 - 10 | null>] [, lockout_period=<1 - 999 number of minutes | null>] [, max_password_age=<1 - 999 number of days | null>] [, password_history=< 0 | 1 - 24 >] [, cascade= <no | yes | null>]