IronMail Edge 1.0 User Guide
Contents
1. SSH Configuration Field Description Running A red or green light icon indicates whether or not the service is currently running Note that in some situa tions the Running icon may not refresh when clicked i e change from green to red as expected If the icon does not toggle click the SSH Configuration hyperlink in the left navigation frame of the Web Administration interface to refresh the page rather than clicking the Running icon a second time Service Uptime This column indicates in days hours minutes and seconds how long a service has been running since it was last restarted Clicking the CLI Access hyperlink on the SSH Configuration screen opens the CLI Access Properties screen On this screen you can set the log level for Command Line Interface CLI Access Properties ei GREEN es Log Level petanen v Similarly clicking the CipherTrust Support Access hyperlink opens the associated properties screen On this screen you can configure the port through which CipherTrust Support can access the appliance CipherTrust Support Access Properties e CipherTrust Secure Support Port 20022 Gm ree con CipherTrust Inc 165 TronMail Edge 1 0 system Backup System gt Configu ration gt Backup 166 IronMail allows administrators to backup the configuration settings for the appliance e g email policies Mail and Queue Service settings etc2. Available The table lists available software updates To ensure updates the list is current click Refresh List at the bottom of the screen Product Name This column displays the name of the CipherTrust product e g lronMail or Centralized Management Console Product Version This column displays the version number of the soft ware The version of software this document describes is version 6 0 Service Release This column displays the name of the Service Release Service Releases are named in incremental numbers in ascending order Date Down This column displays the date when the software file loaded was downloaded to IronMail s disk Date Installed This column displays the date when the software file was installed on the appliance SS 172 CipherTrust Inc System Updates Product Updates Field Description Current State This column displays the software file current state The state can be one of four values e Available The file is available and ready to be down loaded from CipherTrust s Update Server e Downloaded The file has been downloaded to disk but has not yet been installed It may be deleted or installed e Installed The file has been installed Pending State If a file s status has changed see immediately below the new status is displayed in this Pending column The new status does not take effect until Commit Scheduled Changes is cl
3. CipherTrust Inc Delivery Status Notifications may be delivered to one or more individuals in addition to the message sender if this option is enabled and valid email addresses are provided in the input field immediately below If Enable DSN to Forwarded Address is enabled above DSNs may be delivered to one or more addresses entered in this input field Enter valid email addresses separated from each other by commas Do not enter spaces between commas and subsequent email address If enabled IronMail will cache the MX records or A records provided by a DNS query for domains to which it delivers messages the caching will occur right after delivery to the server The MX record remains in cache until the MX record s time to live TTL has expired after which IronMail deletes it Caching MX records may provide improved performance because it reduces the need to perform an MX lookup for each mail delivery If lronMail is unsuccessful in querying for MX records it will query for A records and try to deliver mail to the A record It will cache whichever record it delivers to successfully Enter a number between 100 and 2500 representing the maximum number of MX records IronMail will store in its cache Every 5 minutes lronMail will delete MX records whose DNS specified TTL has expired When the administrator defined limit has been reached Iron Mail will not allow any additional MX records into its cache until i
4. CipherTrust Inc 123 TronMail Edge 1 0 124 Reporting gt Advanced gt Detailed Logs In high mail volume environments some logs may grow very large up to 100 200 MB in size Log files larger than just 1 MB will typically take longer to open in IronMail s web interface than administrators will care to wait Administrators are encouraged then to use an SSH client such as the freely available Putty client to open these logs Within the command line interface logs open instantly and queries within them are as fast Detailed Logs FTP SCP Configuration Archive Method User Name Confirm Password FTP v Hostname Password Path Schedule Time 00 File Information click on file name to view the detail of this service View View Log View Log View Log View Log View Log View Log View Log View Log Download e Delete File Name Download Int Admin Download Alert Manager Download Int Scheduler Cleanup Download Int Webadmin Download Audit Log Download Int Reports Download Int Scheduler Download Int Scheduler FTP Show all files Show all files Show all files Show all Files Show all files Show all files Show all files Show all files Copyright 2005 CipherTrust Inc All rights reserved Detailed Logs Field Description FTP SCP Config
5. 18 CipherTrust Inc Setting Up Iron Mod Incoming from the Internet Rules to allow IronMail to accept connections from the Internet Port 25 ae SMTP Required for mail reception Port Cipher Optional allows CipherTrust to connect to 20022 Trust your lronMail for Technical Support Outgoing to the Internal Network Rules that allow IronMail to connect to Description the mail servers TCP UDP Description Port 25 SMTP Required for mail delivery Port 53 TCP UDP DNS Optional for an IronMail CMC if your DNS is outside the network you must open the port allowing IronMail CMC to connect to it Incoming from the Internal Network Rules to allow IronMail to receive connections from the mail servers TCP UDP Description Port 22 TCP Command Optional only if you want to access the Line Inter command line interface from inside the face network Port 25 SMTP Required for mail delivery Port TCP HTTPS Required this is the port used to con 10443 nect to lronMail s WebAdmin interface If you do not have a DMZ it is safe to install the IronMail appliance on your internal network because its hardened face and built in firewall features protect it If you install IronMail inside the network simply open the necessary port holes in the firewall Ensure that your fire wall s port settings match the previous table CipherTrust Inc 19 TronMail Edge 1 0 Firewall Routing Rules No D
6. Approximately every 10 seconds IronMail will check if Filesystem Integrity Monitor has finished its tests and then refresh the page with CipherTrust Inc 93 TronMail Edge 1 0 the results If Filesystem Integrity Monitor ever reports that a single file failed contact CipherTrust Technical Support immediately File System Integrity Field Description Start Time The date and specific time the test began appears in this field End Time The date and specific time the test ended appears in this field Total System The total number of files checked by the File System Files Monitored Integrity test shows here Total System The number of files if any that failed the integrity test Files Failed shows here Check System This button allows you to run a File System Integrity check at will should circumstances warrant it 94 CipherTrust Inc V Reporting Introduction IronMail s reporting and monitoring tools are what make IronMail such a robust and usable appliance Through its logs administrators can determine exactly which IronMail processes examined a mes sage indeed whether or not IronMail even received the message When an IronMail policy acts upon a message the reports and logs will describe exactly what condition of the policy caused IronMail to act In addition to reporting on IronMail s internal message processing this program area also contains Health Monitor
7. Services Status The top panel provides data about a variety of services configured by specific functions within IronMail Services Status Service Uptime SMTPI Service 0000 16 54 45 Services Status Field Description Service This column lists the various mail services that are being monitored Each service name is also a hyper link that opens the specific service properties screens for the service in question CipherTrust Inc 55 TronMail 6 0 Services Status Field Description Auto Start This column indicates for each service whether or not it is configured to be started automatically if it is not running when it is checked by Health Monitor A check mark indicates the service is configured to restart And X indicates it is not so configured Clicking the current symbol will toggle the configuration to the other status Running A green light icon in this field indicates the service is currently running A red icon indicates it is not run ning Clicking the icon will toggle the service off and on Uptime This column displays the time in days hours minutes and seconds the service has been running since it was last started Active Protec This table tracks the current status of four forms of active protection tion Status e Denial of Service protection e SMITPI Service load throttling e SMITPIS Service load throttling e DNS Hijack protection
8. Download Detailed Logs Show All Files Field Description FTP SCP Config The top portion of the screen is used to configure the uration archiving of the specific logs Archive Method Select an archive method IronMail should use when transferring the Logs e SCP Select SCP to transfer the file securely using the SCP protocol An SCP server must be configured and running on the archive machine s FTP Select FTP to transfer the file in plain text non securely using the FTP protocol The FTP server must be configured and running on the archive server Note that IronMail issues a passive FTP command Note that if multiple IronMail appliances are configured to transfer files the hostname is appended to the file name Hostname Enter the host name of the archive server User Name Enter a valid username with SCP or FTP privileges Password Enter a valid password Confirm Pass Confirm the password by entering it again word 126 CipherTrust Inc CipherTrust Inc Advanced Reporting Detailed Logs Show All Files Field Description Path Enter the path string to the location on the archive server where lronMail should transfer the logs Note the relative path must be entered that is the starting point or subsequent directory below which the user account has access privileges Examples are fironmail or ironmail the two are
9. a subsystem that examines all other core application subsystems as well as hardware to ensure that the appliance is operating as designed And on the belief that IronMail cannot truly protect an enterprise s email system if the appliance itself is vulnerable an Alert Manager can be configured to generate email pager or SNMP trap alerts to the administrator when ever Health Monitor detects that IronMail is not performing as designed In this section In this section you will find the B following chapters Reports Viewer e Chapter 7 Alerts Manager H Alert Hee e Chapter 8 Health Monitor oe e Chapter 9 Advanced Report Alert Mechanism Alert Viewer mg EI Advanced Reports Configuration Detailed Logs Summary Logs EI Health Monitor Configuration Configure Alerts CipherTrust Inc 95 TronMail 6 0 The Reports Viewer When you log into the Reporting program area the opening screen is the Reports Viewer This screen lists IronMail s reports and briefly describes them Each Report Name is a hyperlink that opens a more detailed page about the specific report revealing recent history and allowing you to review or transfer reports Login gt Reporting Reports Viewer PDF Reports Report Name Description Edge Summary Edge Summary HTML Reports J Report Name Description Shows the results of IronMail s intrusion monitoring and activity password strength Mail IDS Report gt S 2 x p denial o
10. Mail PN QRH RR RR RR Policy Manager Adding or Editing User Accounts Field Description New User The left side of the screen contains the data fields for naming the user and assigning a password User Name If you are adding a new account enter the user name in this field If you are editing an existing account the name will already be populated NOTE The user name may be up to 16 characters long with no space The following characters are allowed s A Z first character only e az 0 9 _ underscore first character az 0 9 dash _ underscore for second through 16th characters New Password Enter the new password for the account Passwords must be at least 8 characters long with no spaces The following characters are allowed s A Z a z 0 9 dash _ underscore for all characters Confirm Pass word Confirm the password by entering it again Assign Role Per mission The right side of the screen contains a table that lets you grant or deny access to specific roles in IronMail and assign permissions for those roles where access is granted Role The first column shows all the available IronMail roles The list is not configurable 138 CipherTrust Inc Configuring Web Administration Adding or Editing User Accounts Field Description Enable role Click the Enable checkbox to allow th
11. The top portion of the screen is used to configure the uration archiving of the daily logs Archive Method Select an archive method IronMail should use when transferring the Logs e SCP Select SCP to transfer the file securely using the SCP protocol An SCP server must be configured and running on the archive machine s FTP Select FTP to transfer the file in plain text non securely using the FTP protocol The FTP server must be configured and running on the archive server Note that IronMail issues a passive FTP command Note that if multiple IronMail appliances are configured to transfer files the hostname is appended to the file name Hostname User Name Enter the host name of the archive server Enter a valid username with SCP or FTP privileges CipherTrust Inc CipherTrust Inc Advanced Reporting Detailed Logs Field Description Password Enter a valid password Confirm Pass word Confirm the password by entering it again Path Enter the path string to the location on the archive server where IronMail should transfer the logs Note the relative path must be entered that is the starting point or subsequent directory below which the user account has access privileges Examples are ironmail or ironmail the two are functionally iden tical Bear in mind that some Windows FTP servers may not translate on the fly forward slashe
12. Aert Levels iginanti aa e aa a aad T aaia EEN AEEA 97 Alert Clas Ssa ai aaa deed EE eege EES A 99 Adding an Alert Class ooo eccceeeeeecesneeeeeneeeeeneeeeeaaeeeeeaaeecneeeeeaaeeseeaaeeseeessaaeesseaeeeseeeeesseeesaeeesnaaees 99 Editing an Aler er EE 100 Alert Mechanisms niea a aeaa Eet e A a 102 Adding an Alert Mechentem i c cecceecctcesciceseceeenactesdseeedsecntevaeadsesccteesseeetsvierevebbeunssdetebeedersbuntennzest 103 The Alert Viewer o atcetadshteenitahaietatins acid REES nee ee el ne deed A 107 Chapter 8 The Health Monitor ssssssssnnnsnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nna 111 linthis eh apte EE 111 Configuring the Health Monitor ccceececceeeeeeeeeeeeeeneeeeeeeeaaeeeeeeeaaeeeeeeeeaaeeeeseecaaeeeseesneeeeesenaaes 111 Health Monitor s L Sts eege aaa ES EA ARA Se Ee 115 Configuring lronMail Alerts ccccccececeeeeeeeeeeenne eee eeeeaaeeeeeeeaaeeeeseeeaaeeeeeeeaaaeeeeeeeaeeeeeeencaeeeeeeeas 117 Chapter 9 Advanced Reporting 2 ccsccceceeeeeeeeeeeeeeeeeeeeeeeeneeseeeeeeeseeesneeeeeseeeeees 119 Mtis chapter coirasses iaaea reaa ia Ea Ea a EEE EN dined enced 119 Reports Configuralion sesnacsrsc inin nn ETE 119 Report DESCHIPTIONS os ccdscneeesdeceraceesadephoeedebeces scence tees ANERER ie a aii 123 Detailed LOGS nnii eene Eed Se EE EE 123 Summary LOGS ccceccecceceeeeceeeeeeeeecceaaeeeeeeeeeeeeeeeececeeaaaecaeeeeeeeeeeeeeseeeeccaeeaecaeeeeeeeneeeeeeeeesaes 128 EE E 135 ai
13. Recent worms and viruses are examples of the results from intrusions Web Mail Attacks Many enterprises allow their mobile workers to access corporate e mail through applications such as Outlook Web Access OWA or iNotes Web mail requires a web server which is subject to numerous vulnerabilities blended threats viruses and worms IronMail is a hardened e mail gateway appliance that acts as an appli cation specific firewall It allows only valid and safe connections to e mail servers In this section In this section you will find the fol lowing chapters bk e Chapter 5 Mail Firewall El Mail Firewall e Chapter 6 Mail IDS Configure Mail Services EI Mail Routing Domain Based DI Mail IDS EI Application Level DoS Protection Configure EI Network Level Analysis Console Configure Signature Manager El System Level Program Integrity File Systern Integrity ee 54 CipherTrust Inc Available Reports The first screen that appears when Protection Manager opens is the Protection Manager Quick Snapshot This report screen consists of three panels containing tables that provide current information about processes within this program area Login gt Protection Manager Protection Manager Quick Snapshot Services Status Service ir Uptime SMTPI Service 0000 16 54 45 Active Protection Status Service DoS Status SMTPI Service Load Throttle SMTPIS Service Load Throttle DNS Hijack Protection Mail IDS Status
14. S at the beginning and end of the IronMail generated text string Note When you go to the Verisign web page to get your certificates you will be asked what platform you plan to use Select Apache If you choose Windows or IIS the certificates you download will not work with IronMail appliances When you click Submit the CSR is submitted to the Certificate Authority CA IronMail creates and stores a private key public key text string in its database When this string is submitted to a CA after the administrator completes and submits the CSR a second time the issuing authority generates a new public key string The new certifi cate information appears in the CSR List The install procedure allows you to paste this string in the IronMail Certificate section of the Install Security Certificate window and com plete the certificate generation IronMail is pre configured with an unsigned certificate in order to immediately provide secure SSL connections required for administra tive sessions with the Web Administration interface While the invalid certificate does allow encryption of email messages that security is minimal because IronMail will not be able to authenticate itself to other servers which may refuse to send messages to it Therefore in order to provide genuine security a valid Security Certificate must be installed When the Certificate Authority returns the necessary certificate infor mation click Install on the CSR L
15. You can delete an entire class from the list by checking Delete for all the services and clicking Submit A confirmation alert will appear click OK to complete the deletion All the services will go back to the default Common class After the Alert Classes have been created create the Alert Mechanism for each class to determine how alerts will be delivered CipherTrust Inc 101 TronMail Edge 1 0 Alert Mechanisms Reporting gt Alert Manager gt Alert Mechanism The Alert Mechanism page is where Alert Manager is configured to send alerts to the administrator by email pager or SNMP traps An alert mechanism must be configured for each level of alert and for each group or class of IronMail subsystems for which the adminis trator wants notification For example if administrators want to be notified whenever the SMTPO Service stops performing reported as an Error alert by IronMail an Error email pager or SNMP alert mechanism must be configured for the class that contains the SMTPO Service Conversely if alert mechanisms for Information alerts are not created for a particular class no Information alerts for any sub system within that class will be sent to the administrator Alert Mechanism mal ei RESTART w EMAIL zl EMAIL Alert Class ee server User Address lete Mail RESTART ctqa net admin ctqa net F The Alert Mechanism page contains three pick lists allowi
16. 50 se The Alert Viewer Field Description This column displays the internally generated ID num ber of each alert The ID number is also a hyperlink that opens a secondary browser window displaying details of the alert Class Type This column displays the name of the class that con tains the subsystem that generated the alert The Class column heading is also a hyperlink allow ing the administrator to sort the contents of the Alert Viewer table by class in ascending and descending order This column identifies the level of the alert The Type column heading is also a hyperlink allowing the administrator to sort the contents of the Alert Viewer table by alert level in ascending and descend ing order CipherTrust Inc 107 TronMail Edge 1 0 The Alert Viewer Field Description Received Date This column identifies the timestamp when the alert was generated The Received Date column heading is also a hyper link allowing the administrator to sort the contents of the Alert Viewer table by Received Date in ascending and descending order Sent Date This column identifies the timestamp when the alert was delivered The Sent Date column heading is also a hyperlink allowing the administrator to sort the contents of the Alert Viewer table by Sent Date in ascending and descending order Status This column identifies the status of the alert and wil
17. Active Protection Status Service Dos Status SMTPI Service Load Throttle SMTPIS Service Load Throttle DNS Hijack Protection Active Enabled D E v Active Protection Status Field Description Service This column lists the services by name Active If the service is currently in operation that fact is indi cated by an icon in this column Enabled Icons in this column indicate if the service is enabled or not A check mark indicates the service is enabled an exclamation point indicates it is not Mail IDS Status The Mail IDS Status section tracks results of intrusion detection tools at three levels e Application Level 56 CipherTrust Inc CipherTrust Inc Network Level System Level Mail IDS Status Application Level DoS Monitoring SMTPI Service Network Level Total Number of Alerts Source IP Addresses Destination IP Addresses System Level Total Programs Monitored Failed Total System Files Monitored Failed Mail IDS Status Field Description Application Level DoS Monitoring This area reports the results from Application Level Protection tools This field includes reports of Denial of Service attacks on three different services A number of detected attacks since midnight will show for each service The services are SMTPI POP3 IMAP4 The DoS Monitoring label is a hyperlink that opens the DoS
18. Report Name Options Action GEGER Transfer FTP SCP Report Name Options bai en_U5 40080036 displayValue Transfer Report Name Options Action FTP SCP Mail IDS Report Create amp Email Email Address es jfrancis ciphertrust com Reports Configuration Field Description FTP SCP Config The top section of the screen is used to configure uration transfer and archiving for all reports 120 CipherTrust Inc CipherTrust Inc Advanced Reporting Reports Configuration Field Description Archive Method Hostname User Name Password Confirm Pass word Select an archive method lIronMail should use when transferring the Reports e SCP Select SCP to transfer the file securely using the SCP protocol An SCP server must be configured and running on the archive machine e FTP Select FTP to transfer the file in plain text non securely using the FTP protocol The FTP server must be configured and running on the archive server Note that IronMail issues a passive FTP command Note that if multiple IronMail appliances are configured to transfer files the hostname is appended to the file name Enter the host name of the archive server Enter a valid username with SCP or FTP privileges Enter a valid password Confirm the password by entering it again Path Enter the path
19. Routing Type STATIC E Machine Name DNS Domain 2 59 39 40 lame Test domain for documentation IP Side Note Ge hea Adding a New Routing Domain Field Description Protocol From the list select the mail service For IronMail Edge SMTP is the only selectable option Domain Name Enter the domain or sub domain name that IronMail will use to host the domain Routing Type Select the routing type for the domain from the pick list For lronMail Edge the routing type is always Static CipherTrust Inc 77 TronMail Edge 1 0 Adding a New Routing Domain Field Description Machine Name Enter the IP address of the mail server responsible DNS Domain for the domain s mail Name IP Side Note Enter any explanatory or descriptive notes that should appear in the mapping table When the information is complete click Submit the Domain Based Routing screen will update as shown below Domain Based Mapping Table The data has been updated successfully Machine Domain Name Routing Type Name DNS Domain IP Side Note Name DEFAULT STATIC 10 65 1 30 ctdev net STATIC 10 65 1 30 doc ctqa net STATIC 10 20 30 40 Test domain for documentation CJ a Editing an To edit the configuration of an existing routing domain click the Existing hyperlink for that domain which appears in the Machine Name DNS Domain Domain Name column on the
20. This portion of the User s Guide will provided descriptions of Iron Mail functions and features that fall outside the scope of the normal GUI approach to managing the system The content may vary as func tionality is added or modified In this section you will find the following chapter e Chapter 15 The Command Line 191 TronMail 6 0 192 CipherTrust Inc Using the Command Line In this chapter Using the Command Line In this chapter you will find information about the following topics e The Command Line e The Commands The Command Line From the Con sole From a Secure Shell CipherTrust Inc IronMail allows the Administrator to access much of the functionality available through the Graphical User Interface GUI from the com mand line The Administrator may access the command line through either of two methods e via the Console which is a keyboard connected directly to the IronMail appliance or e from a workstation using a Secure Shell SSH Role management for the command line is accomplished at log in The user name and password the Administrator enters will be used to ver ify access rights and permissions If a keyboard and a monitor are connected to the IronMail appliance and the IronMail is currently running the monitor shows a log on prompt The keyboard must be attached to the IronMail appliance before the appliance is powered on After the Administrator enters a valid use
21. This step will test the connectivity between your rons appliance and the CipherTrust update infrastructure Connectivity is required in order to use the SmartStart Feature to configure your IronMail appliance You will use the update infrastructure inthe ray steps to E the version of the software installed on your Een to download the latest best proces Pre configuration or Threat Response update GE and to install the most current Anti Virus engine updates and virus signatures Lower Right The lower portion of all SmartStart screens like the sample below will Configuration contain the actual IronMail configuration screens required to complete screens the specific step you are applying IP Subnet Side Note IP Subnet Side Note for IP Add IP Subnets from a file Export IMPORTANT The screen images that populate this portion of the SmartStart screen will retain their own instruction text or help text Accessing To access SmartStart as part of the initial installation and setup of the SmartStart IronMail the Administrator Admin user account simply logs into IronMail the first time CipherTrust Inc 23 TronMail 6 0 ver 1 0 0 C Cipher Trust cael Administration Login User Name user Password eeeceeee Screen 1 of the SmartStart process opens Screen 1 Net The initial screen is designed to welcome the administrator give basic work Connec SmartStart instruction and test for Network C
22. gt Configu ration gt Out of Band Out Of Band Enable Out of Band Management Enable Out of Band Management Attribute WS RE IP Address 10 50 1 111 Ethernet Setting autoselect v IP Netmask 255 255 128 0 v 160 CipherTrust Inc System Configuration Out of Band Management Field Description Enable Out of Click the check box to enable management of the Band Manage appliance via a secondary network interface card ment rather than via the same interface that is used for mail flow Attribute The names of the attributes that must be configured are listed in this column e IP Address Enter the IP address for the second network interface card e Ethernet Setting select the appropriate netmask from the drop down list e IP Netmask Select the proper Ethernet setting from the list You may choose to let the IronMail automatically select the appropriate setting or choose from multiple options for 100baseTX or 10baseT Current The current value or default for each attribute shows in the appropriate data field Pending If you enter potential changes and click Submit your new parameters will show in the Pending column If you click Submit they will be implemented If you click Clear Pending they will be deleted and the configura tion will remain as it was After entering and or selecting the required values click Submit The data will display in the P
23. i 2c 2eie aches E EEkEEEEC EES apes e a eea A CE Eae eaters EOE A GREE 77 Gelle ET Existing Re EE 78 Chapter 6 Mail Intrusion Detection Service cccceeccceeceeeeeeeeeeeeeeeeeeeeeeeeeeneeees 81 inthis Ee 81 Application Level Protection irisan aa aa a aaa aa aaa aiaa 81 Denial of Service Protection c cccccceceeeeeeeceeeeeeeeaaeeeceeeeeeeeeeeeseseeaaaeaaeceeeeeeeeseeseeteeennaeees 81 Configuring Application Level Protection eeeessseeeessrresesennnesssnnnaaarennesesnsnnadenennnestnannaaanennnae 83 Network Level Protection ssiicsrsroniimiisaniiss aidia a aai a aai aaa 85 Analysis Console cece 85 Configuring Network Level Protection sseassseeseeesressssrnsssesrnnnnininnnsntunnnaantnnnanataannnnnnannnanean nne 86 Signature Manager ssssesessssssrrrssseittsstttt ee errr nett eee renee eee ee eee aeee eee raeeeeeeneeeeeeeeneeeeeeea 89 Signat re DICHON ANY EE 90 Signature Updates iiic24 nie a ee ee eh ees dR ee 91 system Level Protection isiccc ccctisscen piace csseesdas cacudeteds aeedexssyaghidextaace en Bee e 92 iv CipherTrust Inc Program Integrity 0 0 ceceeeeeeeeeee eee eeeeeeeeeeeeneeee sees aeeeeeeseeeeeeeeseceeeeeeeeeeeaaeeeeseeaaeeeeseeeaaeeeseeaaaes 92 File System e Le ET 93 V Reporting E 95 NrOdUCION ET 95 IRANS S eCG e E E E E 95 The Reports VIGWER ENNEN e da aiaa adaa ENEE AE NEEN 96 Chapter 7 Alert Manager eege EES annann aaa 97 Iert EISE orriren eege r a a a a 97
24. in case of disk failure The backup should only be used to restore data to the same IronMail appliance Backup ei Password Leeeeesss Confirm Password Leeeeeess Enter and confirm a password to be associated with the backup file and click Submit This password will be required when the backup is restored The following screen appears confirming the action Backup Result Configuration Backup Information Download Configuration File Click the View Log button to see the log describing the backup action BACKUP 09242005 1 5 3 5 5 3 eg BACKUP 09242005 15 35 53 Args passed DB lt gt operation Type lt BACKUP gt Push Components lt gt BACKUP 09242005 15 35 53 Backing up Database ct BACKUP 09242005 15 35 55 Backing up system files BACKUP 09242005 15 36 01 Custom pages backed up for system backup BACKUP 09242005 15 36 05 Encrypting using password BACKUP 09242005 15 36 06 Encoding the datafile gt ct w3 admin java webapp webadmin tmp im 6 0 0 20050924153553 zip BACKUP 09242005 15 36 08 Cleaning the CMCTMP directory BACKUP 09242005 15 36 08 Cleaning the CMCTMP directory done BACKUP 09242005 15 36 08 Completed Operation Type lt BACKUP gt CipherTrust Inc CipherTrust Inc System Configuration Clicking the Configuration File hyperlink will open a screen that pro vides information about the backup file and allows the Administrator to save the compressed folder for
25. the appliance Are you sure Y N n Discarded the changes ironmail CipherTrust Inc 197 TronMail Edge 1 0 ironmail run clean message Forcing immediate clean up will highly impact the performance of the appliance Are you sure Y N Discarded the changes ironmail The parameters and syntax for the run report command are as shown below The run report command will create all enabled reports from the Reports Configuration screen with the exception of the Policy Configuration Report and the Vulnerability Assessment report both of which are run only at the Administrator s discretion ironmail ironmail run reports Invalid command Usage run reports lt MM DD YYYY gt ironmail ironmail run reports 10 12 2004 Generating reports will highly impact the performance of the appliance Are you sure Y N n No report job submitted ironmail The SET Com The set command is used to start stop enable and disable IronMail mand services to configure the serial port and to unlock user accounts that have been locked due to excessive failed login attempts The set com mand accepts three parameters serial service and user unlock Once the user enters the command and first parameter the screen displays a list of sub parameters Command Summary set serial cli ups service enable lt SERVICE gt disable lt SERVICE gt start lt SERVICE gt stop lt SERVICE gt user unlock lt USERNAME gt lt
26. web cgi is a category of signatures related to attacks against web based CGI applications and scripts The category name is also a hyperlink that opens in a secondary browser window a list of all the individual signatures within that category Enable The Enable check boxes for each category allow the administrator to decide whether or not to include an entire category of signatures in lronMail s real time analysis of email traffic Signature Dic Click an attack category s hyperlink to open a list all the individual tionary attack signatures within that category Protection Man ager gt Mail IDS gt Network Level gt Signature Manager gt Dictionary Signature Manager Dictionary BAD TRAFFIC List Word or Phrase Enable Action BAD TRAFFIC 0 ttl SR BAD TRAFFIC bad frag bits None BAD TRAFFIC data in TCP SYN packet BAD TRAFFIC ip reserved bit set Hl K 90 CipherTrust Inc Mail Intrusion Detection Service Signature Dictionary Field Description Signature The signature s category name appears at the top of the screen Word or Phrase This column identifies a friendly name of the attack signature Enable Select or deselect a signature s Enable check box to indicate whether or not lronMail should include it in its real time analysis of email traffic Action lronMail is capable of actively responding to some attacks typically by resetting the
27. 0 Administration gt Web Admin Con figuration gt User Manage User Account Account gt Man a Write Permissions Read Permissions Last Login Delete age Account admin Write Roles SI NjA Sat 17 5eptember 2005 NJA at 10 57 19 EDT guest Nia Mon 12 September NjA 2005 at 14 56 16 EDT jfrancis Write Roles wi NjA Sat 17 September 2005 NJA at 10 55 34 EDT techwriter Write Roles NJA Never Login NjA trainee NJA Read Roles NI Never Login NJA A table of user accounts is displayed The table shows the logon name and program permissions for each user account Until user accounts are created only the admin super user account is displayed Web Admin User Accounts Field Description User This column lists the user names for all users who have permissions on IronMail Write Permis If the user has write permissions for any roles the pick sions list in this column will show all those roles If no write permissions are granted the column will display N A Read Permis If the user has read only permissions for any roles sions the pick list in this column will show all those roles If only write permissions are granted the column will display N A Last Login This column displays the date and time of the user s last login If the user has not yet logged in the column will carry the message Never Login Help Des
28. 01 01 2020 IDS Updates 01 01 2020 TrustdSource Updates 01 01 2020 TRU Response Updates 01 01 2020 Software Updates 01 01 2007 Hotfix Update 01 01 2007 Encrypted Message Filtering 01 01 2007 Update Services Paste the License Key provided by CipherTrust Support Copyright 2005 CipherTrust Inc All rights reserved License Manager Field Description Features Sub Features The licensable features installed on your IronMail are listed in this column Each feature will have one or more subfeatures listed in this column Some subfeatures are licensed sepa rately Expire Date The expiration date for each license is listed next to the associated subfeature If license expiration does not apply the column will show N A Paste the License Key pro vided by Cipher Trust Support For any license renewal you will receive a new license key from CipherTrust Support You must copy and paste that key into the available space When you have done so click Submit to renew the license 182 CipherTrust Inc CipherTrust Inc System Updates Administrators can add licenses or extend the expiration date for product features or services at any time Licenses accumulate that is concatenate on the appliance Note If a Secure Delivery license is installed after IronMail s initial installation the administrator must logout and log back in to Iron Mail
29. BOUND BY ALL OF THE TERMS AND CONDITIONS OF THIS AGREEMENT IF CUSTOMER DOES NOT AGREE WITH ANY OF THE TERMS OR CONDITIONS OF THIS AGREEMENT CUSTOMER IS NOT AUTHORIZED TO USE THE APPLIANCE FOR ANY PURPOSE WHATSOEVER PLEASE IMMEDIATELY CEASE USE AND CONTACT CIPHERTRUST Please print a copy of this Agreement for Customer s records 1 License This Agreement grants Customer i a non exclusive non transferable license to use one copy of the IronMail Software the IronMail License and if purchased by Customer ii a non exclusive non transferable license to use one copy of the anti virus software for a specific period of time as indicated on the Customer s purchase order and or CipherTrust s invoice the Anti Virus License the IronMail License and if applicable Anti Virus License collectively referred to as the License solely on and in conjunction with the Appliance Hardware on which it is installed This Agreement also authorizes Customer to use the related written materials and online or electronic documentation collectively Documentation solely in conjunction with the Appliance CipherTrust and its suppliers retain title to all patents copyrights trade secrets trademarks and other intellectual property rights in the Software and the Documentation This Agreement shall not affect a sale of the Software and Customer shall not acquire hereunder any rinht_title nr interact in the Snftwara ar Nariimantati
30. CipherTrust Support engineers when technical support is required Select the log level you prefer Options are Critical Error Information e Detailed Run Interval secs Enter a number representing in seconds the length of time from when the Health Monitor completes one run to when it starts another It is recommended that this Run Interval not be set lower than the default 300 sec onds five minutes During periods of high IronMail activity e g heavy mail load it may take several minutes or more for Health Monitor to finish its tests 112 CipherTrust Inc The Health Monitor Health Monitor Properties Field Description Failure Count Enter a number representing how many times Health Monitor should repeat a failed system test before recording the failed test as an error If this value is set to 10 and a certain test fails 9 times but passes on the 10th try IronMail does not record an error Only if the test fails on the 10th successive attempt will Iron Mail log it as a error and move on to the next test It is highly recommended that this default value 10 not be changed without first consulting with CipherTrust Technical Support If Notification is enabled below and IronMail s Alert Manager is configured for it lronMail will send an email pager or SNMP alert to the administrator when this occurs Disk Space While there is a small disk partition
31. Field Description Protocol This column shows the mail service SMTP for the domain Lists the domain or sub domain name that IronMail hosts in the corresponding user input field Domain Name 76 CipherTrust Inc Mail Firewall Domain Based Routing Field Description Routing Type This column lists the routing type for each domain as it has been configured See the Add New Domain Rout ing screen for details Machine Name This column shows the fully qualified machine name DNS Domain IP address or domain name for the mail server respon Name sible for the domain s mail More than one machine name or IP address may exist to provide better routing Fail over occurs in the order in which the machines are listed in this field IP Side Note This column lists any explanatory or descriptive notes that were configured when someone added a new domain or edited an existing domain Delete To remove mapping of a domain to an internal server check its Delete box and click Submit Adding a New To add anew routing domain to the Domain Based Routing screen Routing click the Add New button at the bottom of the screen The following Domain screen will open allowing you to configure the new domain Protection Man agement gt Mail Firewall gt Mail Add New Domain Routing E Routing gt Domain Protocol SMTP e Based gt Add New Domain Name doc ctga net
32. Forwarded Addresses DSN Forwarded Addresses Enable DNS Caching DNS Cache Limit TTL for amp Records secs Domain Connection timeout secs Quarantine Undeliverable Messages Attach Original Message for DSN Send FQDN on Helo Ehlo DETAILED v 10 0 900 14400 86400 17281 submit Reset cancel Copyright 2005 CipherTrust Inc All rights reserved SMTPO Service Properties Field Description Log Level lronMail generates detailed logs that record the activi full Critical Error Information Detailed ties of all its subsystems The detailed logs may be saved to disk and sent to CipherTrust engineers for troubleshooting purposes The Log Level set here determines the type and amount of detail written to the log Select the proper log level from the drop down list The options are Note that in high email volume environments 50 000 messages per day the SMTPI Service s log can eas ily grow to 100 MB or more per day If IronMail is not configured to delete these logs after 3 7 days there is a danger that IronMail s hard disk can quickly become CipherTrust Inc Mail Firewall SMTPO Service Properties Field Description Strong Server Authentication fails Deliver mail if Strong Server Authentication CipherTrust Inc Receivin
33. Inc The Dashboard In this chapter The Dashboard When a user logs onto IronMail after the appliance has been deployed the opening screen is the Dashboard This configurable col lection of tables and graphs allows the user to efficiently review the status and the performance of the system The goal is to facilitate any decision making that may be required as well as to provide quick rec ognition of trends or of problems In this chapter you will find information about the following topics e The Dashboard Screen e Configuring the Dashboard e Configuring the Graphs The Dashboard Screen Logon gt Dash board Encryption Protection Manager Reporting Administration System Executive Summary Services Status Inbound 8 Service SMTPI Service cunt Update status Name Curent DZ avaiable Current Version Version Status Version IronMail Nia Ma o Connection Blocking Status Threat Response MIA Status Total Connections Accepted Total TLS Connections Total TrustedSource Rejections System Utilization Total Connections Blocked e Total Grevlist Rejections Mail IDS Status 10 65 1 66 10 65 1 252 NOTIFICATION INFORMATION Count H H H H H H 33 x Configure ka Save Configuration This page is refreshed every 4 minute s Last refreshed Tue 27 December 2005 at 10 40 39 EST Copyright 2005 CipherTrust Inc Alll rights reserved The Dashboard is the first screen the user see
34. IronMail has generated during the past three hours Reporting gt Alert Manager gt Alert Viewer Alert Viewer mp 802 801 800 799 798 797 796 795 794 793 792 791 790 789 788 787 786 785 784 Class Monitor Updates Monitor Monitor Monitor Monitor Monitor Monitor Updates Monitor Monitor Monitor Updates Updates Updates Monitor Updates Updates Monitor Type Received Date Sent Date Status INFORMATION 10 06 2005 10 26 17 10 06 2005 10 26 21 NOTIFICATION 10 06 2005 10 21 38 10 06 2005 10 21 40 INFORMATION 10 06 2005 10 21 13 10 06 2005 10 21 15 INFORMATION 10 06 2005 10 16 09 10 06 2005 10 16 09 INFORMATION 10 06 2005 10 11 05 10 06 2005 10 11 08 INFORMATION 10 06 2005 10 06 01 10 06 2005 10 06 02 INFORMATION 10 06 2005 10 00 57 10 06 2005 10 01 01 INFORMATION 10 06 2005 09 55 52 10 06 2005 09 55 54 NOTIFICATION 10 06 2005 09 51 18 10 06 2005 09 51 23 INFORMATION 10 06 2005 09 50 48 10 06 2005 09 50 48 INFORMATION 10 06 2005 09 45 44 10 06 2005 09 45 47 INFORMATION 10 06 2005 09 40 40 10 06 2005 09 40 41 NOTIFICATION 10 06 2005 09 39 58 10 06 2005 09 40 01 NOTIFICATION 10 06 2005 09 39 03 10 06 2005 09 39 05 NOTIFICATION 10 06 2005 09 37 53 10 06 2005 09 37 55 INFORMATION 10 06 2005 09 35 36 10 06 2005 09 35 40 NOTIFICATION 10 06 2005 09 35 33 10 06 2005 09 35 35 NOTIFICATION 10 06 2005 09 35 09 10 06 2005 09 35 10 INFORMATION 10 06 2005 09 30 32 10 06 2005 09 30 33 v 4 Page 1 of 1 Go gt
35. It is recommended that you place IronMail in a DMZ if your network supports it If you do so you must create rules to allow the protocols for outside world to IronMail IronMail to outside world Iron Mail to the internal mail server and internal mail server to Iron Mail There should be no open protocols from outside to inside bypassing IronMail when using a DMZ configuration The following diagram and table describe the ports you must open in your firewall to allow IronMail to function correctly CipherTrust Inc 17 TronMail Edge 1 0 De Militarized Zone DMZ Firewall Routing Rules Internet DMZ lronMail A key advantage to the DMZ configuration is that IronMail s analysis of incoming messages is performed before the messages actually pene trate the firewall IronMail sends its output back to the firewall before it is allowed inside the system With a non DMZ placement incoming messages are inside the firewall before IronMail scans them Outgoing to the Internet Rules to allow Edge to open a connection to the Internet TCP UDP Description Port 25 Required for mail reception Port 123 TCP UDP N TP Port 53 TCP UDP DNS Optional for an IronMail CMC if your DNS Required if using Network Time Protocol is outside the network you must open the port allowing IronMail CMC to connect to it Port TCP Cipher Required in order for IronMail to request 20022 Trust software anti virus updates
36. Man ager gt Mail IDS gt Application Level gt Configure Use the values entered in this window to set the threshold for applica tion level attacks aimed at the internal network Application Level Configuration Denial of Service Protection Denial of Service Window secs Denial of Service Count 100 100 Gtm Reset cance CipherTrust Inc 83 TronMail Edge 1 0 Configuring Application Level Protection Field Description Denial of Service If Denial of Service Protection is enabled IronMail will Protection monitor all TCP connections to all email ports on which it listens 25 110 143 etc and block future connections for any IP address that exceeds the Denial of Service threshold created with the two val ues that appear immediately below lronMail will dis continue accepting connections from the offending IP address for the length of time specified in the Denial of Service Window below Once that length of time passes lronMail will again begin allowing connections from that source IP address Ensure that lronMail s Alert Manager is configured to send Warning alerts for the SMTPI Service so an administrator may immediately add the offending IP address to lronMail s Local Deny List after which Iron Mail will no longer accept connections from that IP address Be aware that in some environments applications legitimately make high numbers of connecti
37. Om P ON In executes command n from the top l n executes commands from the bottom Gn nS 208 CipherTrust Inc
38. SERVICE gt IronMail Services smtpproxy smtpsproxy smtpo pop3proxy pop3sproxy imap4proxy imap4sproxy etc lt USERNAME gt IronMail User Account The set serial command configures IronMail s serial port to do one of two things to allow connection of a keyboard console directly to the 198 CipherTrust Inc Using the Command Line appliance using the cli sub parameter or to allow connection of an uninterruptable power supply using the ups sub parameter ironmail ironmail set serial Invalid command Usage set serial clilups ironmail set serial ups The serial port is already set ironmail set serial cli Warning The change may take up to 5 minutes Serial port has changed ironmail set serial ups Warning The change may take up to 5 minutes Serial port has changed ironmail The set service command is used to enable disable start or stop an IronMail service Note a disabled service cannot be started A service can also be disabled in the GUI by de selected the Autostart option for that service ironmail ironmail set service Invalid command Usage set service enableldis ablelstartlstop ironmail set service enable Invalid command Usage set service enable lt SERVICE gt ironmail set service disable Invalid command Usage set service disable lt SERVICE gt ironmail set service start Invalid command Usage server ser
39. Select the appropriate key size in bits for the public key to be installed Options are e 1024 bits e 512 bits The larger key is more secure but is slower to pro cess Email Address Enter the email address for the Administrator for the certificate Password Confirm Pass word Enter the password to be used by the Administrator to maintain the certificate Confirm the password by entering it again When you have completed the necessary information click Submit The CSR List will refresh to add your new CSR CSR List The data has been updated successfully Canonical Name Organization Organizational Installed Docs_Test docs ctga net CipherTrust Documentation N o rroll_Test im bigiron ctqa net CipherTrust Inc Quality Assurance N o Add New l Install l Submit IronMail will generate a private key public key pair and display in a text string the public key to be submitted to a trusted root source such as VeriSign for Security Certificates Open a second browser window to navigate to a Security Certificate issuing source Copy and paste the IronMail generated text string into the appropriate input field of the Certificate Authority s web page when applying for a Certificate When copying and pasting the key information include the 46 CipherTrust Inc Installing an X509 Certificate CipherTrust Inc Managing Certificates CERTIFICATE REQUEST
40. TCP connection If an action is possible the Action column will display a pick list allowing the choice of either TCP Reset or ICMP Reset Leave the action set to None if Iron Mail should not reset the connection if an attack is detected Only administrators familiar with firewall rules should enable actions for attack signatures IronMail will blindly reset connections when it encounters packet data it thinks matches attack signatures whether the data stream is valid or not And because IronMail has been specifically hardened and thus immune from these attacks setting an action may be moot Signature Note that CipherTrust regularly updates its database of attack signa Updates tures updated signatures may be automatically downloaded and installed on individual IronMail s However customers must have purchased a Mail IDS Updates license to benefit from these updates CipherTrust Inc 91 TronMail Edge 1 0 system Level Protection Program Integrity Protection Man ager gt Mail IDS gt System Level gt Program Integrity 92 IronMail is foremost an appliance to protect the internal mail servers sitting behind it An integral component of its security however is ensuring that it that is IronMail has not been compromised by an attacker The Program Monitor and File Monitor services therefore check IronMail s program files and filesystem in order to detect whether or not
41. This column indicates in days hours minutes and seconds how long a service has been running since it was last restarted If the uptime appears less than expected it may indi cate that the service was manually stopped and restarted by an administrator or was stopped by an administrator and was restarted automatically by Iron Mail s Health Monitor Clicking the SMTPI name hyperlink opens the SMTPI Service Proper ties screen SMTPI Service Properties ei Log Level Secure Client Communication SSL SIZE Extension MB External Banner Insert Received headers Enable Load Throttling Connection Limit Message Limit Maximum Recipient Per Message Pattern Rejection Message Patterns to Match Enable Recipient Pattern Match Enable UUCP Addressing Reject Invalid MailFrom Enforce Command Line Length Maximum Messages Per Connection Block TS Range GreyList TS Range Send Messages to IronMail DETAILED v ITP Proxy Server Bea 1000 20000 50 J Recipient address patter SE mocme Copyright 2005 CipherTrust Inc All rights reserved CipherTrust Inc 61 TronMail Edge 1 0 The following configuration options are available SMTPI Service Properties Field Description Log Level lronMail generates detailed logs that record the activi ties of all its subsystems The detailed logs may be sav
42. a value of 1 or 2 is entered in the Strong Server Authentication option above and the host or domain name on the receiving server s Security Certificate cannot be authenticated this option determines whether or NOT IronMail will deliver the message If unchecked messages will not be delivered when the Security Certificate cannot be authenticated If checked IronMail will deliver the message regardless of the certificate s authenticity 67 TronMail Edge 1 0 SMTPO Service Properties Field Description Recipient Server Certificate Valida tion DNS MX Lookup If enabled this option requires the strongest possible server authentication before sending messages Iron Mail will validate the Security Certificate with the trusted root source that issued it This verifies that the root of the receiving server s Security Certificate is a valid Certificate Signing Authority CSA If this option is enabled and verification fails the con nection will be dropped If the option is disabled a ver ification failure will be logged but the connection is allowed and the message will be delivered The veri fication failure event is logged in the SMTPO Ser vice daily detailed log file If enabled IronMail will use a DNS MX lookup to iden tify where to send email it is to deliver IronMail uses the DNS servers whose IP addresses are listed in System gt Configuration g
43. an administrator to easily manage policies push software and anti virus file updates as well as pull logs reports and alert messages Contact CipherTrust Sales to learn if Centralized Management Console architecture can aid in a particular enterprise email environment If an IronMail appliance is to be managed by a CMC it must have the CMC s public key installed Store CMC Key 27 CMC Key Information File C IM6_O Resources Key Browse The Store CMC Key page contains a Browse button Use it to navigate to the file containing the Centralized Management Console s CMC public key which the CMC Administrator exported and saved to disk The master slave connections can only be mediated though this public key The key provides for encrypted sessions between the CMC and its slaves a master and slave cannot communicate without it After navigating to and selecting the CMC s public key file click Store CMC Key to install the CMC s public key The Reset button clears the Browse navigation input field if Store CMC Key has not yet been clicked 189 TronMail Edge 1 0 Resetting Keys If an IronMail appliance breaks down due to unexpected events and is not accessible online to CipherTrust Support the appliance may be restored using a Recovery CD The following steps are required for restoring the IronMail appliance 1 CipherTrust Support ships a Recovery CD to the customer 2 The Administrator
44. an attempt has been made to alter code in any of its files or if an attempt was made to insert Trojan horses or delete impor tant system files The first time IronMail restarts after the Initial Con figuration Wizard is run its Program Monitor and File Monitor test the system in order to build an initial database of IronMail s file set and file system Thereafter these two services run nightly immedi ately before the Mail IDS log is generated Administrators may run File Monitor and Program Monitor on demand at any time by click ing Check System in their respective windows Every night at approximately midnight IronMail examines every exe cutable file within its scope to verify that they have not been altered The Program Integrity page displays how many files were scanned and the number of files that failed its test i e are now different from their original version To manually run IronMail s Program Monitor ing in between scheduled sessions click Check System It will take a little less than a minute to run its tests Program Integrity Start Time End Time Mon Oct 3 16 38 09 EDT 2005 Mon Oct 3 16 39 32 EDT 2005 A Total Programs Monitored 8057 Total Programs Failed D Check System After clicking Check System IronMail will check approximately every 10 seconds if Program Integrity Monitor has finished its tests then refresh the page with the results If Program Integrity Monitor ever reports that a single
45. attempted connection to your mail servers detecting and blocking all known or potentially harmful connections IronMail employs CipherTrust s patented Mail Firewall technology to deliver the most robust email gateway protection avail able In this chapter In this chapter you will find information about the following topics e Mail Services e Configure Mail Services e Mail Routing e Domain Based Routing Mail Services IronMail implements three services or subsystems to process mes sages transmitted via the SMTP email protocol e The SMTPI Service processes messages coming into the IronMail appliance via port 25 The I signifies coming Into IronMail New IronMail users frequently confuse incoming messages with messages coming into the network from the Internet In fact the SMTPI Service processes all messages coming into the IronMail appliance whether originating inside or outside the local network see SMTPI SMTPIS Services e The SMTPO Service processes all messages that IronMail delivers out of the appliance The O represents delivered Out of Iron Mail Again new IronMail users mistakenly think of the SMTPO Service as the subsystem that delivers email originating within the network to users out in the Internet While this is true it is more correct to understand that the SMTPO Service delivers all mes sages out of the appliance whether their destination is inside or outside the netwo
46. boots the IronMail appliance using the CD The CD installs the fresh CTBSD the customized operating system on the IronMail and the user is asked for the serial number of the IronMail appliance 3 Support also mails the customer a temporary license valid for 30 days This license only enables the System tab in the IronMail interface The license is generated using the default ct_maint key 4 The Administrator runs the setup wizard The license is required at this stage of the process Reset Keys Password Submit Reset 5 The Administrator uses the screen shown above System gt Reset Keys and the instructions that follow to create new keys for ct_maint ct_upgrade and cmc Note This action will overwrite all default keys 6 The Administrator downloads the encrypted file lt serialnum gt keys zip The Administrator sends the downloaded file and the password used in creating the keys to CipherTrust Support 7 Support places the new keys in operation by 8 deciphering the setup file and replacing the old keys with the new ones 9 generating the new license using the new keys 10 emailing the new permanent license to the customer 11 The customer installs the new license which enables all licensed features of IronMail and if a backup exists restores the backup on the IronMail 190 CipherTrust Inc Introduction In this section CipherTrust Inc VIII Additional Functions
47. default to a new password This step is strongly recommended After you have changed the Admin password on the screen at the bot tom of the SmartStart page use the commands on that screen to record your configuration Then you may proceed to another screen by click ing that screen s link in the left menu Screen 9 Fin This screen provides information that allows you to exit SmartStart ishing Smart gracefully taking you back to the login screen Start Finish SmartStart Click the Exit SmartStart button to quit the SmartStart mode You will be redirected to the login page To return to the SmartStart mode select the Administration tab left menu option SmartStart Configuration Exit SmartStart Finish SmartStart CipherTrust Inc 29 TronMail 6 0 If you have finished SmartStart click Exit SmartStart to proceed to the login screen When You Have Ifyou have applied all the steps of SmartStart your IronMail appliance Finished is now configured for deployment using best practices configuration SmartStart CCipherlrust sen ver 1 0 0 Administration Login UserName useri e Log into IronMail using your user name and password and you will see the IronMail Dashboard IronMail s opening screen Encryption Protection Manager Reporting Administration System Inbound Auto S Service Gire Running Uptime SMTPI Service 4 0005 16 48 46 me os amm DEE Count Curent D Available Curr
48. effectively When you have tested network connectivity go to the next screen by clicking the links in the left menu Network Connectivity has successfully been established E Add Accounts E Change Admin Password E Finish SmartStart The left side of the screen con tains the menu listing all 9 screens that may be used in SmartStart for IronMail Edge You will use this menu to select the portion of the wizard you wish to apply You may click on any SmartStart screen link to open it without regard for the order on the menu However some of the steps must be taken in order Read the screen instructions before you apply the screen Screen 1 the Network Connec Check Connectivity Copyright 2005 Cipher Trust Inc All rights reserved Installation Steps El Check for Network Connectivity E Software Updates EJ Threat Response Updates EY SMTP Route Setup D Reports Configuration D Alerts Setup EJ Add Accounts E Change Admin Password E Finish SmartStart tivity check is the opening screen for SmartStart since connectivity is required to apply some of the other steps The upper portion of the screen as seen below extending across the screen except for the left menu area contains informative text about 22 CipherTrust Inc Best Practices Configuration the screen you are currently viewing It may provide instructions and other important information about the step you are about to complete
49. file failed contact CipherTrust Technical Sup port immediately CipherTrust Inc Mail Intrusion Detection Service The information available here may also be viewed in IronMail s Dash board and the Mail IDS Report that is created daily Program Integrity Field Description Start Time The date and specific time the test began appears in this field End Time The date and specific time the test ended appears in this field Total Programs The total number of programs checked by the Pro Monitored gram Integrity test shows here Total Programs The number of programs if any that failed the integ Failed rity test shows here Check System This button allows you to run a Program Integrity check at will should circumstances warrant it File System Integrity Similarly every night at approximately midnight IronMail examines its internal filesystem to ensure that no non IronMail generated files have been created on it or that none of IronMail s files were deleted To manually run IronMail s File Monitoring in between scheduled ses sions click Check System It will take a little less than a minute to run its tests Protection Man ager gt Mail IDS gt System Level gt File System Integ rity File System Integrity Start Time End Time Mon Oct 3 16 39 32 EDT 2005 Mon Oct 3 16 39 41 EDT 2005 Di Total System Files Monitored 863 Total System Files Failed 0 Check System
50. functionally iden tical Bear in mind that some Windows FTP servers may not translate on the fly forward slashes to back slashes In those cases back slashes are required as path delimiters File Information The lower portion of the screen shows available logs of the type selected in date order Download Click the hyperlink for any log file to download that file Transfer FTP If the file is to be archived click the check box SCP File Name This column lists the available versions of the specific log file in ascending date order A sample from a detailed log appears below 127 TronMail Edge 1 0 ALERT 10062005 00 00 01 Starting Spin Run 39669 AlertSpinner 39669 10062005 00 00 01 No of alerts in alertList AlertSpinner 39669 10062005 00 00 01 Ending Spinner thread ALERT 10062005 00 00 01 Ending Spin Run 39669 ALERT 10062005 00 00 01 Sleeping Run 39670 ALERT 10062005 00 00 06 No of threads under work 0 ALERT 10062005 00 00 06 Starting Spin Run 39670 AlertSpinner 39670 10062005 00 00 06 No of alerts in alertList AlertSpinner 39670 10062005 00 00 06 Ending Spinner thread ALERT 10062005 00 00 06 Ending Spin Run 39670 ALERT 10062005 00 00 06 Sleeping Run 39671 ALERT 10062005 00 00 11 No of threads under work 0 ALERT 10062005 00 00 11 Starting Spin Run 39671 AlertSpinner 39671 10062005 00 00 11 No of alerts in alertList AlertSpinner 39671 10062005 00 00 1
51. hyperlink appears in this column Exporting an Because the Security Certificate may cost a considerable sum of money X509 Certificate ronMail provides a mechanism allowing administrators to archive a copy of it for safekeeping Additionally the public key of installed SSL and S MIME Security Certificates may be exported to disk so they may be shared with trusted domains To export from certificate storage in the X509 List click the Export link for the certificate you want to store The Export Security Certificate screen displays Export Security Certificate Export Information Certificate IMSOB2SWDCert2i Certificate Type v Password CipherTrust Inc 49 TronMail 6 0 Importing an X509 Certificate Encryption gt Advanced gt Certif icate Management gt X509 Certs gt Certs Store gt Import Exporting an X509 Certificate Field Description Certificate Enter the name of the certificate to be exported Certificate Type From the pick list select the certificate type Options are e P7 This contains the public key of a selected X509 Security Certificate in P7C format This file may be shared with other domains to provide for message encryption The domain s server will specify which for mat is required e PEM This contains the public key of a selected SSL or S MIME Security Certificate in CER format This file may be share
52. in the left menu This step allows you to update the software on your IronMail appli ance to the most current available version Software Updates 2 This step allows you to update the software on your IronMail appliance to the most current available version Connectivity is required for this step Depending upon the version of the IronMail software currently installed this update may require more than one step and may involve rebooting the appliance IF you need to install more than one release to get to the most current version use this screen each time to download and install each upgrade in order one upgrade at a time If the appliance must be rebooted you will be brought back to the SmartStart feature when you log in again Keeping your software version up to date ensures you have the best chance to detect and defeat intrusions spam and other e mail network attacks After you have set up configuration changes on the screen Lai use the commands on that screen to record your configuration Then you may proceed to the next screen by clicking the links in the left menu Load a Package Se Browse Upload Product Name Product version Service Release Date Installed Current State Pending State Date Downloaded Refresh List Commit Scheduled Changes e Copyright 2005 CipherTrust Inc All rights reserved SmartStart Software Updates Network connectivity is required for this step Depending upon the
53. intrusion detection sys tem What this means to an organization is that IronMail Edge can safely be placed at the network edge to perform its role IronMail Edge does not rely on any commonly used MTA software as many of those are known to have vulnerabilities Additionally IronMail Edge will block hacker attacks that use methods such as denial of service attacks syn flood Telnet or ping attacks and buffer overflow attacks FP jslrustedSource I l Internal Network IronMail Edge Mail Gateway Se K e C Internet mm Sa IronMail Edge relies on TrustedSource CipherTrust s revolutionary reputation system for information about every sender that attempts to connect to the protected enterprise s mail servers TrustedSource is the first and only reputation system to combine traffic data whitelists blacklists and outbreak detection with the unparalleled strength of CipherTrust s global customer network of more than 1600 customers in 40 countries including over one third of the Fortune 500 It is also the only reputation system available that is able to provide numerical scoring for every IP address across the Internet approximately 4 2 bil lion When the IronMail Edge appliance receives an SMTP connection request the box will hold the response to the sender until the sender reputation is understood IronMail Edge utilizes the intelligence pro vided by TrustedSource to make high speed decisions about whether messages
54. messages to an SMTPO Quarantine Queue Access quarantined undeliver able messages at Queue Manager gt Outbound Queue gt Quarantined Messages From the SMTPO Quaran tine Queue administrators may re send the mes sages so that IronMail makes up to another five attempts to deliver it Select this option if the original message is to be attached for DSNs generated If this option is not selected only headers of the message are attached If this option is enabled IronMail will send the Fully Qualified Domain Name when it establishes a connec tion Clicking the Global hyperlink on the last row of the Configure Mail Services table opens a secondary browser window allowing configura tion of additional message delivery options The Global Properties screen allows the Administrator to configure properties for IronMail s mail service It is important to remember that specific property settings made here will have impact on other Iron Mail processes One example is choosing to enable High Performance or choosing not to enable it CipherTrust Inc Protection Man agement gt Mail Firewall gt Config ure Mail Services gt Global CipherTrust Inc Global Properties Mail Firewall Default Domain External Inactivity Time out secs Internal Inactivity Time out secs Default Character Set Archive Messages Enable Statistical Information to be Shared Enable Spam and Other Message Information to
55. name may not be changed or deleted CipherTrust Inc 153 TronMail Edge 1 0 SmartStart Configuration IronMail s SmartStart Configuration option first appears when a new IronMail appliance is deployed After the Installation Wizard has been run to bring the appliance to a state where it can receive configuration options SmartStart appears This same functionality is available to Administrators using the admin super user account This can be useful if SmartStart was not completed initially and is no longer opening as the first screen after login Administration gt SmartStart Config uration SmartStart Configuration D SmartStart mode Post Installation SmartStart mode L I When the Administrator navigates to the SmartStart configuration option the screen shown above displays To continue with the option click icon to the right The following message box opens Microsoft Internet Explorer WARNING Reinstalling the Pre Configuration package from SmartStart may override or erase previously setup TronMail configurations and rules To continue with SmartStart click OK The opening screen for Smart Start appears Check for Network Connectivity This step will test the connectivity between your IronMail appliance and the CipherTrust update infrastructure Connectivity is required in order to use the SmartStart Feature to configure your IronMail appliance You will use the update infrastructure in the Follo
56. next time you log in IronMail will return you to the SmartStart screen from which you logged out 3 If you click Quit at the top of the screen you will leave SmartStart and will be taken to the Dashboard screen You will not automati cally return to SmartStart when you log in again 4 Since some SmartStart steps need to be done in a specific order please read the instructions on each screen before you apply it As illustrated in the screen shot that follow SmartStart screens are divided into three sections C CipherIrust IronMail Edge 1 0 0 Check for Network Connectivity SmartStart Logout Contact Us 2 This step will test the connectivity between your IronMail appliance and the CipherTrust update infrastructure Connectivity is required in Installation Steps El Check for Network Connectivity E Software Updates E Threat Response Updates EX SMTP Route Setup E Reports Configuration G Alerts Setup order to use the SmartStart feature to configure your IronMail appliance You will use the ur update the version of the software installed on your appliance to download the latest best practices Pre configuration or Threat Response update packages and to install the most current Anti Virus engine updates and virus signatures Connectivity check might require a couple of minutes to complete ipdate infrastructure in the Following steps to Using the SmartStart feature will allow you to configure your IronMail easily and
57. or more parameters Separate the command word and parameters from each other with a single space Press Enter after the last parameter On screen help is available by typing help Typing help before any command word displays help for that command For some commands typing help before the command word and parame ters can provide more information ironmail The simulated screen shot below displays the allowable parameters and help text for the help edit command ironmail help edit The EDIT command is used to edit network interface routing table as well as enable or disable the support access feature Command Summary edit interface primary oob route add delete support enable disable The EDIT Com The edit command is used to modify specific configuration settings for mand the parameters interface route and support It impacts the way Iron Mail appears to and works with clients Examples showing the syntax for the edit command are shown in the simulated screen shot below Command Summary edit interface primary oob clearpending route add delete support enable disable ironmail edit interface primary lt PRIMARY gt IP Address 10 50 1 234 lt PRIMARY gt Netmask 255 255 255 0 196 CipherTrust Inc Using the Command Line lt PRIMARY gt Select media type from the list or press ENTER to use default Default autoselect 10baseT UTP 10baseT UTP full duplex 100baseTX 100baseTX ful
58. scans Eege Segelen Eege ee ee 157 Appliance Configuration c ccccccceceeeeeeeeceeecencaeceeeeeeeeeeeececeeceaeaaecaeeeeeeeeeeeeesecesnscaceeaeeeeeess 157 Out of Band Management 2 cc2 cesta ce ceeevicacee ect sataaeee SEENEN ee stacceee ed nkseceevasdadeeeevadiaen steve 160 PROU MING WE 162 The Serial POM EE 163 DOH eene IC Le ET 164 SYSTEM BACKUP E 166 System Rosto vesce priiniii arna AE EEE E neandeaveisaatiewseasdancueeaas 168 The Check Tool 2 2 02 cc ccc cece ceceeeeeeececaeee eee ee eee eee eee cea aeaaeaeceeeeee eee eesaaaaaaanaaeeeseeeeeeeeeseeeeessnnaeeeeeeess 170 Chapter 13 System Updates 0 ccccceeseeeeceeeceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeneeens 171 ln tS CMAN eege ielesgt e Sege deeg ege eeneg Seis enee See eege d eege keete ees edd e 171 Software Updates 0 20 0 ccccccccececeeeeeeeeeeceeceecaeeeeeeeeeeeseeeacaaaaaeaeeeeeeeeeeeeeeseesecceecaeeeeeeeeeeeseeeeesenreees 171 PRODUCE leie E EE 171 Hotfix Updates cecececececccc cece eee eeeeeeeceeaeaecaeeeeeeeeeeeceeeacaaaaaeceeeeeeseeeeseceecccuceceeeeseeeeeeseseseeeees 173 Applying the Updates oisnean iia aa aa se T a ai a a 174 Threat Response Updates iii i scssccccctavesccdidessanadaddeadaatedetiasanaddeadesnnd danannatadcanasd adddaadaatadeneansans 176 TrustedSource Updates sseesseoseeneerrnrttnstesttttttttt ttn nttenttest tt tE EEA EEEANEeS AEE EEEn EEn nn Ennan eenn EE nn 176 Configuration Updates escerai eei AEA 178 Mail IDS
59. select the hours of the day when you want the Cleanup Cycle to run When you have completed setting the times for one day you may pick another day and repeat the process Continue until you have set up your complete weekly schedule When the configuration has been properly entered click Submit to implement the new Cleanup Schedule CipherTrust Inc 151 TronMail Edge 1 0 Configuring Appliance Certificates This screen is used to select the X 509 Certificate IronMail will use for SSL encryption All installed X 509 certificates will show on the pick list The Administrator selects one from the pick list and clicks Submit Administration gt Configure Appli ance Certificate Configure Certificate Select Certificate DEFAULT Although this function may be logically seen as part of Certificate Management the screen is actually located under Administration 152 CipherTrust Inc General Administration Functions Changing the Admin Password Administrators are strongly encouraged to change the default Admin password originally set as password during their first administra tive session After that the password may be changed at any time at the Administrator s discretion Administration gt Change Password Change Password Password Information Old Password eecccces New Password eoccccee Confirm Password eceeosos The Admin password may be changed but the admin user
60. should be rejected or allowed based on a quick IP lookup operation IronMail Edge maximizes speed and efficiency by caching TronMail 6 0 the TrustedSource data locally with regular updates streamed from the central TrustedSource server Using the TrustedSource data Iron Mail Edge can take any of the following actions e When IronMail Edge receives a connection request from a known bad sender such as a spammer or hacker it rejects the connection immediately without accepting any data into corporate network The sender receives an error code telling them not to retry the con nection as it will only lead to another rejection e When a sender receives a score from TrustedSource that falls into the suspicious range IronMail Edge will again reject the connec tion but will ask the suspicious sender to retry This traffic shap ing or throttling is very effective in slowing down the volume of bad e mail Legitimate senders will receive the request and resend the message which will then be accepted Conversely spammers phishers and the like typically will not retry re sending mass quantities of messages is expensive and their mass mailing pro grams are not written to include retry logic e Messages from good senders will pass through the IronMail Edge box to the mail server without any processing IronMail Edge will not acknowledge to the sender that the message has been received until the mail gateway confirms
61. string to the location on the archive server where IronMail should transfer the Reports Note the relative path must be entered that is the starting point or subsequent directory below which the user account has access privileges Examples are ironmail or ironmail the two are functionally iden tical Bear in mind that some Windows FTP servers may not translate on the fly forward slashes to back slashes In those cases back slashes are required as path delimiters Schedule Time Select from the Hour and Minute pick lists a time when lronMail should automatically transfer the Reports It is recommended that administrators choose a transfer time after 4 AM to allow enough time for the reports to run and rollover the previous days logs Compress at Size Enter a number to represent in MB the size at which lronMail will compress reports to save disk space Top N users to be displayed Enter a number to determine how many users will be displayed in each report e g the top 10 or 15 Treat action LOG as When an action of LOG is triggered how should the messages that triggered action be represented in the Executive Report as good or bad The Reports List The lower portions of the screen are used to configure the individual reports 121 TronMail Edge 1 0 122 Reports Configuration Field Description Report Name This field in e
62. the beginning and ending lines that appear with the License Key as shown CipherTrust License IronMail CipherTrust Installation Wizard Enter License 301VFCsY3rempadpyOTS8xXDzs0d zHhoCS7W0tflZDgNgqfLidX 6CNwj2g zIMKut7SisZLicxJsD aPBy4A1MbELALKrbESi8JiiwabKzNfP AMjrNYzFWVVOsdCYjspvsatLO14BJV8780UGODsz6u End CipherTrust License After pasting in the key click Next 6 Enter the host name for the appliance created by your Network Administrator The host name is the text preceding the domain name In the example servername yourdomain com server name is the host name and yourdomain com is the domain name e IronMail CipherTrust Installation Wizard Step 1 of 9 Enter the Host Name for this IronMail This should be obtained from your network administrator The host name is combined with the domain name to create your Internet Address also called the Fully Qualified Domain Name The name can be any combination of A Z letters 0 9 numbers and the hyphen Typical host names for IronMail are mail or mailhost Example Host Name mailhost Host Name im E Ga Click Next 7 Enter the domain name for the domain to which the appliance will belong e g yourdomain com ee 10 CipherTrust Inc Setting Up IronMail LS ao lronMail CipherTrust Installation Wizard Step 2 of 9 Enter the Domain Name for this IronMail This should be obtained from your network administrator Th
63. the delivery of the message 62 CipherTrust Inc Mail Firewall SMTPI Service Properties Field Description Enable Load IronMail has a very powerful and efficient engine Throttling capable of processing tens of thousands of messages very quickly However in very high email environ ments or during times of peak volume IronMail can dynamically throttle the rate of incoming connections based on how many messages have already been received and are still in the process of being exam ined As the number of unprocessed and still being processed messages grows the SMTP Service will begin lowering the numbers of simultaneous email connection requests it accepts When IronMail reaches an administrator defined maximum message load see immediately below the SMTP Service drops to its default low acceptance rate of three simul taneous connections see the Load Throttling graphic below As the message load decreases the rate of simultaneous incoming SMTP connections increases again When IronMail s load throttling is in effect users trying to send mail to domains IronMail hosts will receive a 421 Server busy Try again alert mes sage in their email client if their connection is refused The load throttling parameters are established by the Connection Limit and Message Limit fields that fol low Connection Limit Enter a number between 100 and 500 to represent the maximum number of simultaneous i
64. time for troubleshooting and policy tuning purposes or it may be exported so that a third party application can perform advanced grouping sorting and querying within it The first field is the date and timestamp when the message was received by the SMTPI Service The second field is the process ID a number used internally by IronMail to identify which IronMail processes are processing a mes sage For example the JoinQ has one process number while the SMTPO Service has another process number The third field is the message identifier a number IronMail uses to uniquely identify a message If the message is accepted by the SMTPI Service the message identifier becomes the Message ID See the first sample log entry above However if the message is not accepted by IronMail for example the message is from an IP address that appears on a Deny List this value will be the source IP address and port number See the second sample log entry above The fourth field is the Action number a 0 or 1 indicating whether IronMail took an action on the message because of the rules of an email policy A 0 means no action was taken the message passed straight through IronMail untouched A 1 means that IronMail per formed some action on the message The fifth field is an internal numeric code representing the action IronMail took a number representing for example whether IronMail stamp
65. time after 4 AM to allow enough time for the reports to run and rollover the previous days logs File Information The lower portion of the screen is a table that shows information about all the detailed logs View Click the hyperlink for any individual log file to open that file for viewing Download Click the hyperlink for any log file to download that file Transfer FTP If the file is to be archived click the check box SCP Delete Click the check box and then click Submit to delete the log File Name This column lists the name of the log Summary Log in this case Show all files Clicking this hyperlink opens a screen that lists all available versions of the specific log Log files remain available until they are deleted by the Cleanup pro cess Clicking the show all files hyperlink opens the list screen 131 TronMail Edge 1 0 Reporting gt Advanced gt Sum mary Logs gt Show All Files Summary Logs FTP SCP Configuration Archive Method User Name Confirm Password File Information Summary Log FIP ES Hostname Password Path Download Transfer FTP SCP Submit J Reset Back Copyright 2005 CipherTrust Inc All rights reserved Summary Logs Show All Files Field Description FTP SCP Config The upper portion of the screen is used to configure uration archiving of the individual summary logs A
66. 1 Ending Spinner thread ALERT 10062005 00 00 11 Ending Spin Run 39671 ALERT 10062005 00 00 11 Sleeping Run 39672 ALERT 10062005 00 00 16 No of threads under work 0 ALERT 10062005 00 00 16 Starting Spin Run 39672 AlertSpinner 39672 10062005 00 00 16 No of alerts in alertList AlertSpinner 39672 10062005 00 00 16 Ending Spinner thread ALERT 10062005 00 00 16 Ending Spin Run 39672 ALERT 10062005 00 00 16 Sleeping Run 39673 ALERT 10062005 00 00 21 No of threads under work 0 ALERT 10062005 00 00 21 Starting Spin Run 39673 AlertSpinner 39673 10062005 00 00 21 No of alerts in alertList AlertSpinner 39673 10062005 00 00 21 Ending Spinner thread ALERT 10062005 00 00 21 Ending Spin Run 39673 ALERT 10062005 00 00 21 S5leeping Run 39674 ALERT 10062005 00 00 26 No of threads under work 0 ALERT 10062005 00 00 26 Starting Spin Run 39674 AlertSpinner 39674 10062005 00 00 26 No of alerts in alertList AlertSpinner 39674 10062005 00 00 26 Ending Spinner thread ALERT 10062005 00 00 26 Ending Spin Run 39674 ALERT 10062005 00 00 26 S5leeping Run 39675 ALERT 10062005 00 00 31 No of threads under work 0 ALERT 10062005 00 00 31 Starting Spin Run 39675 AlertSpinner 39675 10062005 00 00 31 No of alerts in alertList AlertSpinner 39675 10062005 00 00 31 Ending Spinner thread ALERT 10062005 00 00 31 Ending Spin Run 39675 ALERT 10062005 00 00 31 S5leeping Run_ 39676 Summary Logs Detailed Log files
67. 166 231 DNS is also capable of reverse lookup resolving an IP address to a fully qualified domain name The reverse lookup may also be used to detect and reject certain kinds of address spoofing used by hack ers Most Internet email servers use both of these features For a reverse lookup to work you must publish a reverse zone eg 166 168 63 in addr arpa that contains PTR records mapping IP addresses onto node names You must create a reverse zone with your IP address in reverse octet order followed by the text string in addr arpa For example the forward zone is yourdomain com and the reverse zone is 166 168 63 in addr arpa You can check whether reverse lookup is working using the nslookup command Using nslookup on an IP address with that switch in addr arpa will do a reverse lookup IP to Host Name and display the resolved name as shown below su 2 04 nslookup 10 0 3 101 Server pridocon ctqa net Address 10 0 3 55 Name im ex ctqa net Address 10 0 3 101 16 CipherTrust Inc Setting Up Iron Mod An example of a forward lookup Host Name to IP follows su 2 04 nslookup im ex ctqa net Server pridocon ctqa net Address 10 0 3 55 Name im ex ctqa net Address 10 0 3 101 Internal Mail Configuration of your internal mail servers is very simple Make Iron Server Configu Mail the only IP address allowed to connect to your mail server and ration re direct your se
68. AS EO 43 Kee ee 43 Adding a CSR a scace ec ck orate cakes nes eiae ia aa E E a cade suennene oak st cnden AEREE EE EEE 44 Installing an X509 Certificate ooo ceeeee eee e renee ee eeneeeeeeeeseneeee sees eeaeeeseeeeeseaeeesenaeeseeeeeeeneeeenaa 47 Storing X509 e 48 Exporting an Ee Du Me 49 Importing an X509 Certificate 2 0 2 cece cece cecee nenen ste ee ee cee te eee ee eee aeaeeeeee sage ceeeesenaeseeeeseeeeeeeeeeeeeeeeeeees 50 IV Protection IUCR aaa aces ee ante cae ee ee eee 53 IA tIS SECON gece ccaceths kcecs bent sedis raaa E O a E Eaa a are aa ea eE SEEE ESEE 54 Available Reports cccccccceeeeeececeneece eee eeeeeeeeeececaaaeaaeaeeeeeeeeeeeeeeseceaaaaeeeeeeeeeeeeeeseteeesecnineeeeeess 55 SONICS S AIUS erento ierra Eege ees eege deet Seele deeg ee 55 Active Protection Status ccccccccccccecceeecececeeeeeaaeeceeeeaece ce caaaaaeceseqeaaeceseseeeaeeeeeecesaeaeeeseaeeeeeeeaes 56 Mail DS Status rerent nerdene eneee rea stat edee eea PE rare PEA Enne aeee Ee AEE EEE POE EEOAE REE 56 Chapter 5 Mail Firewall s isc ciccccstessceves ccccssstveseteeccewevcetecccetecceseccersondesessseesvesvercsertesnens 59 inthis ele EE 59 EIST le EE 59 Configure Mail Services 0 2 cece cnet eee etneee sere tienes ee tneeee ee eaeeeeeeniaeeeesenieeeeeessneeeeenea 60 GEELEN EESE 61 SMTPO OEM Ces geed ee 65 Elei Edel E 72 Mail Routing seriinin iaeiei E AAEE ENA ia Aai EREA rna AE 76 Domain Based ROUUNG WE 76 Adding a New Routing Domain
69. CP server must be configured and running on the archive machine s FTP Select FTP to transfer the file in plain text non securely using the FTP protocol The FTP server must be configured and running on the archive server Note that IronMail issues a passive FTP command Note that if multiple IronMail appliances are config ured to transfer files the hostname is appended to the filename Hostname Enter the host name of the archive server User Name Enter a valid username with SCP or FTP privileges Password Enter a valid password 130 CipherTrust Inc CipherTrust Inc Advanced Reporting Summary Logs Field Description Confirm Pass word Confirm the password by entering it again Path Enter the path string to the location on the archive server where lronMail should transfer the logs Note the relative path must be entered that is the starting point or subsequent directory below which the user account has access privileges Examples are ironmail or ironmail the two are functionally identical Bear in mind that some Windows FTP serv ers may not translate on the fly forward slashes to back slashes In those cases back slashes are required as path delimiters Schedule Time Select from the Hour and Minute pick lists a time when lronMail should automatically transfer the Logs It is recommended that administrators choose a transfer
70. Configure screen lists all portlets each one representing a reporting mechanism that have not been configured to appear on the existing Dashboard To add a portlet to the Dashboard click the portlet to highlight it Dashboard Configuration Preferences Executive Summary Iron Web Mail Service Status je Status e Status Connection Blocking Status Graphs System Utilization Status Mail IDS Status d i d Alert Viewer Outbound Hist Then click the arrow pointing to the panel Left Panel or Right Panel where you want the new information to appear The portlet will be moved to that panel as shown below CipherTrust Inc 145 TronMail Edge 1 0 Dashboard Configuration Preferences Executive Summary Iron Web Mail Service Status Queue Status Spam Policy Status Update Status Connection Blocking Status Graphs System Utilization Status Ma Executive Summary Inbound Histori Alert Viewer Executive Summary Outbound Histc Secure Delivery The new portlet is set to appear at the bottom of the panel by default If you want to change the placement of any portlet highlight it and use the Up or Down button beside the panel Click Finish to record the change Encryption Protection Manager Reporting Administration System Executive Report is not yet generated d S DEE LE ES E In No Action Action Servlet xception in dachboardjlayouts dashboardCell ayout jsp D log Seow ere SO gears T Takan eege for exception
71. Domain Based Routing screen An edit screen will open as shown below Protection Man agement gt Mail Firewall gt Mail Edit Domain Routing m Routing gt Domain Protocol SMTP Based gt Domain Domain Name ctdev net Routing Type STATIC Machine Name DNS Domain jame hyperlink 10 65 1 30 TP Side Note 78 CipherTrust Inc Mail Firewall This screen allows you to view the existing information about the domain you selected and to edit some of the fields Editing a Routing Domain Field Description Protocol This field contains the protocol for this domain This field is not editable Domain Name Routing Type Machine Name DNS Domain Name IP Side Note This field contains the domain name or subdomain for this routing configuration This field is not editable This field shows the routing type for the domain The field is not editable Enter the IP address of the mail server responsible for the domain s mail Unless Alternate MX has been selected as the routing type more than one IP address may be added to pro vide better routing Separate the machine names or IP addresses with commas and without spaces between the commas and the subsequent name or IP address Fail over occurs in the order in which the machines are listed in this field If Alternate MX is selected only one IP address may be added Enter any explanatory
72. ERVICE gt is one of the services displayed by the show log command Appending a after lt SERVICE gt displays the dates for previous days logs Appending the date after lt SER VICE gt displays the log for that day Examples show log smtpproxy Show today s smtpproxy log show log smtpproxy Show dates for previous days logs available show log smtpproxy 20040101 Show the smtpproxy log from 1 1 2004 ironmail ironmail show log 200 CipherTrust Inc Using the Command Line show log adeladminlalertlavqicfqicleanuplct_adminIct_auditlct_euserleus rquarant inelimap4proxylimap4sproxylironwebmailljoinglida psynclmmqa lpop3proxylpop3sproxylreportslripqlisched schedftplsmtpolsmtpproxylsmtpsproxylspamqlsshdctllsum marylsuperqlivfqlwatch lt Date for list Enter for today gt The show mailroute command displays information about the config ured routing for various email protocols ironmail show mailroute Invalid command Usage show mailroute lt IMAP4IPOP3ISMTP gt ironmail show mailroute IMAP4 Protocol Routing Domain Routing Host IMAP4 DEFAULT mail x3 ctqa net IMAP4 x3 ctqa net mail x3 ctqa net ironmail The show network command shows details about network configura tion ironmail help show network The show network command is used to view network related information show network connections interface route ironmail show network connections Active Internet con
73. Failure 550 reply If enabled IronMail allows UUCP Unix to Unix CoPy addressing UUCP is a computer program and proto col allowing remote execution of commands and transfer of files email and netnews between Unix computers If disabled IronMail rejects the recipient CipherTrust Inc Mail Firewall SMTPI Service Properties Field Description Reject Invalid MailFrom Enforce Com mand Line Length Maximum Mes sages per Con nection Block TS Range Greylist TS Range Send Messages to lronMail If enabled as part of spoofed message protection IronMail will reject mail from an address that is part of a routing domain but is not in the Allow Relay IP addresses IronMail will enforce RFC restrictions on the length of an SMTP command line to 512 characters including carriage returns and line feeds Enter a number 0 50 to represent the maximum number of messages allowed per connection Entering zero 0 enables an unlimited number of messages The limit applies only to connections that do NOT have relay permission through lronMail Enter a number between 15 and 150 to represent the TrustedSource threshold at which Edge will block an incoming connection Enter a number between 1 and 80 to represent the TrustedSource threshold at which Edge will greylist an incoming connection If enabled this parameter will allow Edge to send the IP address of each message
74. MPO M RIP E Jong Ee Queue Action Messages Queue Action Statistics Last 1 Ho 1 0 0 87 0 6 s 0 4 n 0 0 te 07 20 07 40 08 00 Mavgtotal MCQ MMR RIP JON WSPA vF t ae a jaiai iei e CipherTrust Inc The Dashboard Executive The Executive Graphs are intended to provide quick and accurate Graphs overviews of current system performance and activity to allow the executive to spot trends and facilitate actions The time periods avail able on the Executive Graphs are 1 week 1 month 3 months or 1 year Logon gt Config ure gt Graphs gt Executive Graphs Graphs jound Last 30 Days 07 24 05 08 22 05 Message Count Message Count nal SE elen o 0o Week 30 Week 31 Week 32 Week 33 Week 30 Week 34 Week 32 E ALLOWED W SPAM MM VIRUS W POLICY E ALLOWED Beran W VIRUS W POLICY week 33 When you have completed all settings click Finish to record your changes The Dashboard screen now displays the graphs you have selected as well as the other portlets Special Naviga If you wish to isolate any graph from the Dashboard simply click on tion the graph you want to see An enlarged copy of that graph will pop up allowing you a better view of the data represented CPU Utilization Last 1 Hours x of CPU Ecru sys x M CcPU user x W cPu Idle x Saving the Configuration IMPORTANT When you have configured the layout of the Dashboar
75. MZ Internet i Firewall i Most mail servers use only ports 25 110 and 143 for sending and retrieving email However email transmitted through these ports is unsecured attackers can read or intercept email sent this way We recommend that you open the secure ports instead 995 for POP3S and 993 for IMAP4S to force external users to retrieve their mail via SSL IronMail provides the ability to send mail securely on port 25 IronMail has a standard configuration for Maximum Transmission Unit the maximum size for a single packet that may be transferred by the email system of 1 500 bytes If your system requires a maximum other than the standard MTU configuration a custom configuration can be accomplished by CipherTrust s Customer Service group 20 CipherTrust Inc Best Practices Configuration Best Practices Configuration The concept of Best Practices configuration is derived from Cipher Trust s desire to streamline the process of preparing the IronMail appliance for effective operation SmartStart offers the means to do precisely that In this chapter In this chapter you will find information about the following topics e SmartStart e Using SmartStart SmartStart The purpose for SmartStart is to provide the Administrator the ability to install best practices IronMail configurations at the time of initial appliance installation and setup It allows the Administrator to install the current software upgrade
76. Mail Edge 1 0 IronMail CipherTrust Installation Wizard Step 5 of 9 Enter the Default Router for this IronMail This should be obtained from your network administrator A Default Router also known as a Default Gateway is used to determine how to send network traffic beyond your local network Example Default Router 10 0 0 1 Default Router 10 65 1 1 Cag Gack Click Next 11 Enter the IP address for at least one of your DNS Servers you may have up to three The DNS server will be used as a client for this IronMail EE lronMail CipherTrust Installation Wizard Step 6 of 9 Enter the IP Address of one or more Domain Name System Servers to be used as a client by this IronMail This should be obtained from your network administrator Each DNS Server identifies a computer on the Internet that is responsible for providing name resolution A DNS Server s IP Address is four 8 bit decimal numbers octets each from O to 255 separated by periods Example DNS 10 0 0 11 DNS 1 10 65 1 11 DNS 2 DNS 3 Click Next 12 Enter the IP address or the fully qualified domain name for up to three Network Time Protocol NTP servers as provided by the Network Administrator IronMail CipherTrust Installation Wizard Step 7 of 9 Enter the IP Address or Fully Qualified Domain Name for up to three Network Time Protocol NTP Servers This should be obtained from your network administrator An NTP server is a machin
77. P address or subnet to be added to the table Netmask Select the netmask from the drop down list Gateway Enter the gateway IP address Adding a new IP address or subnet requires entering or selecting the necessary information When the information is correctly entered click Submit The new entity will be added 162 CipherTrust Inc System Configuration The Serial Port IronMail s serial port may be configured for either one of two possible uses e as the connection port for an uninterruptable power supply or e as the access port for command line interface access using a key board and monitor connected directly to the IronMail appliance System gt Configu ration gt Serial Port Serial Port Choose Serial Port Usage for CLI Access To configure the serial port the Administrator must select the desired use from the pick list then click Submit to record the selection CipherTrust Inc 163 TronMail Edge 1 0 SSH Configuration Accessibility to IronMail s command line interface is controlled by the CLI Access Service If this subsystem is not running administrators will be unable to log onto IronMail via their favorite SSH client System gt Configu ration gt SSH Con figuration SSH Configuration ei Service CLI Access CipherTrust Support Access Service Uptime Days Hours Mins Secs v 0002 18 24 57 d 0002 18 25 20 This page is refreshed every 4
78. P addresses 0 e Dest IP addresses 0 Portscan Traffic 0 list s Alert List e Most frequent 5 Alerts e Most frequent 15 addresses source destination Most recent 15 Alerts any protocol TCP UDP ICMP e Graph alert detection time v Copyright 2005 Cipher Trust Inc All rights reserved Any text appearing in blue is a hyperlink that reveals additional infor mation about the events For example clicking the link for Today s Unique Alerts or Alert List will open an Alert Listing screen Clicking CipherTrust Inc 85 TronMail Edge 1 0 the Search hyperlink allows you to construct detailed queries against the information stored in the Analysis Console Network Level Analysis Console Query by Packet Meta Criteria Sensor any sensor Signature signature e Alert Time _ time zl month zl Lues zl l _ _ ei apn Time IP Criteria Address Fe address I m sc ADD Addr Misc elle m ell m a00 r Fica Payload Criteria Input Criteria Encoding Type Encoding Convert To when searching Convert To M payload zl _ sl m ADD Payload Sort order O none O timestamp ascend O timestamp descend O signature Query DB Copyright 2005 Cipher Trust Inc All rights reserved Configuring Network Level Protection To configure network l
79. Protection screen Each service label is a hyper link that will take you to the associated service proper ties screen Anomaly Detec tion Engine This field will report any violations of anomaly detec tion rules The name is also a hyperlink that opens the Show Anomaly Detection Rules screen Network Level This area reports the results from Network Level Pro tection tools Any of the field labels is a hyperlink that will take you to the Analysis Console screen Total Number of Alerts This field displays the total number of alerts sent since midnight Source IP Addresses The source IP addresses for the emails that generated alerts display in this list Destination IP Addresses This list shows the destination IP addresses to which the offending emails were addressed System Level This area reports the results from System Level Pro tection tools 57 TronMail 6 0 Mail IDS Status Field Description Total Programs This field contains the results of the last Program Monitored Failed Integrity check in terms of the number of programs checked and the number that failed the check Total System This field contains the results of the last File System Files Monitored Integrity check in terms of number of files checked Failed and the number that failed 58 CipherTrust Inc Mail Firewall Mail Firewall As a proxy IronMail scrutinizes every
80. Service Running Uptime 0005 16 48 46 Auto Start SMTPI Service v Update Status y System Utilization Alert Type RESTART SHUTDOWN CRITICAL ERROR WARNING NOTIFICATION INFORMATION o cH U ao 8 8 DN x Configure B Save Configuration This page is refreshed every 4 minute s Last refreshed Tue 27 December 2005 at 10 40 39 EST CipherTrust Inc The Dashboard SMTPI Service 0005 16 48 46 Update Status P Mail IDS Status 10 65 1 66 10 65 1 252 jem NJA During the same login session the Dashboard summaries will remain expanded or collapsed as you last left them If you log out without sav ing the current configuration the Dashboard will return to the config uration you found at login If you do save the configuration before you log out the Dashboard will remain as you last saw it before logout Configuring the Graphs One of the portlets that appear on the Configure screen is labeled Graphs This selection allows you to move a series of graphs onto the Dashboard and to determine which of three possible sets of graphs you want to display Dashboard Configuration Preferences Executive Summary Tron Web Mail Service Status Queue Status Update Status Connection Blocking Status System Utilization Status Mail IDS Status i d Alert Viewer EES cancel Ise Ire Place the Graphs portlet in one of the display panels just as you would any other portlet When
81. USTOMER AND THAT YOU HAVE THE RIGHT AND AUTHORITY TO ENTER INTO THIS AGREEMENT ON ITS BEHALF BY USING THE APPLIANCE AND BY REQUESTING AND RECEIVING SUPPORT SERVICES FOR THE APPLIANCE CUSTOMER EXPRESSLY AGREES WITH CIPHERTRUST TO BE BOUND BY ALL OF THE TERMS AND CONDITIONS OF THIS AGREEMENT IF CUSTOMER DOES NOT AGREE WITH ANY OF THE TERMS OR CONDITIONS OF THIS AGREEMENT CUSTOMER IS NOT AUTHORIZED TO REQUEST OR RECEIVE SUPPORT SERVICES FOR THE APPLIANCE PLEASE IMMEDIATELY CEASE USE OF CIPHERTRUST SUPPORT SERVICES AND CONTACT CIPHERTRUST IMMEDIATELY Please print a copy of this Agreement for Customer s records 1 Support Services CipherTrust shall provide Customer telephone technical consultation Updates as defined herein and Error correction as defined herein as software maintenance and support services related to the Software Software Support and telephone technical consultation and onsite hardware repair services as maintenance and support services related to the Appliance Hardware Appliance Hardware Support during periods of contracted Support the Software Support and Appliance Hardware Support hereinafter referred to together as the Support Services or Support 6 Notice Dispute Resolution Any notices to be given under this Agreement shall be i sent to the address of the party s United States corporate headquarters to the attention of its CEO and copied to its Legal Counsel ii delivered by hand via US Ma
82. Updates 1 2 2 0 ccccccccccecceeeeeeeeeeeceeaeeceeeeeeeeeeesceaaaaeaeeeeeeeeeeeeeeseccecccecaeseeeeeeeeeeeeseesneeees 179 Configuring Auto Updates ui eEEeERSEREEEEEEREEEEKSNEE REENEN an a E 181 License Mamgper siciscacticviseeccetuvvanccectuvnaderdiveccceden aE A snndaaeevannes 182 Chapter 14 General System Functions ccccccceeeeeeeeneeeeeeeeeeeeeeeeeeseeeeeeeseeneees 185 WW TI Ee EE srini a aea inaha pira a OnE Gap EEEs 185 UPS Ee 185 Powering Down and Restarting ccccccecceceeeeeeeeeeecenaeceeeeeeeeeeesecaaaaecaecaeeeeeeeeseteessnsaeeaeeess 186 setting the Date and TIME seinri iea Aaa aA EARE AAA EA ANANE ERRANA 187 Storing CMC KeyS ssssessssserrrsstrrnsttttttsttttn tnnt At tn eee eaeee eset eaaeee eee saaaeeeeeeeaaeeeeseeaaeeeeeeenaeeeeeeaaes 189 Resetting Keys a cicicciicineetctadensenccia EES A dane 190 VIII Additional FUNCtIONS seeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeaneeeeeeseeeseeeeeeeeeees 191 Introduction eee eres 191 r VE EE 191 Chapter 15 Using the Command Line cccccecceeeeeeeneeeeeeeeeeeeeeeneeeeeeeeeeeeeeenenes 193 br Ee 193 The Command Line eege us eh sun aggee Seefe gege a Vales av eviideniee Acdece evened 193 The Commandes 200 0020 cccec cece eee eeeeece cae ceeeeeeeeeeeee ce caaaaaeceeeeeeeeeeeececaaaaaaeaeeeeeeeeeeeeeesececesinceeeeees 194 ThesHELP Command eegene 195 The EDIT Command sscccecssccssccdesscteascaenecdd fenduadhoneedeanchcncchepbanseidd ewaumncadnenm
83. a hyperlink that allows configuration of that service Auto Start A red X or green check icon indicates whether or not the service is set to start automatically when the Iron Mail appliance is rebooted If an icon is green the ser vice will begin running when lronMail restarts In addition if the icon is green lronMail s Health Monitor will restart any service except SMTPO that has stopped for any reason when it performs its tests on all appliance subsystems If an icon is red the service will not start on reboot nor when Health Monitor runs its system tests Note that a service can continue to run after its auto start setting is turned off The red and green light icons are hyperlinks Clicking the icon hyperlink toggles the auto start option on and off Running A red or green light icon indicates whether or not the service is currently running Note that in some situa tions the Running icon may not refresh when clicked i e change from green to red If the icon does not tog gle as expected click the Configure Mail Services hyperlink in the left navigation frame of the Web Administration interface to refresh the page rather than clicking the Running icon a second time CipherTrust Inc SMTPI Service Protection Man agement gt Mail Firewall gt Config ure Mail Services gt SMTPI Mail Firewall Configure Mail Services Field Description Service Uptime
84. ach block contains the name of the report being configured See the list of report descrip tions included below Options Some reports have an associated Options list It this list is present select the option you prefer for this report e Details this option specifies that the report will show details of activity but will not include the records that triggered activity e Details and Records this option configures the report to include both the details and the associated records Action The Action pick list offers three options e Disable When disabled the report is not generated e Create When selected IronMail generates the report but does not automatically send it by email The report may be viewed in the Web Administration interface and may automatically and or manually be transferred to an archive server via the SCP or FTP protocols e Create and Email When selected lronMail generates the report and emails it to specified users The report may also be viewed within the Web Administration inter face and may automatically and or manually be trans ferred to an archive server via the SCP or FTP protocols Transfer FTP SCP Delete If the report is to be transferred archived select the check box Clicking the check box and subsequently clicking Sub mit will cause the report to be deleted Hostname Email Address es Run Now Enter the host name or the IP address of the se
85. alert is even more serious IronMail generates this alert when an error affects the entire appliance It reports for example when IronMail cannot reach a DNS server Shutdown This alert is reserved for future functionality Restart This alert is reserved for future functionality 98 CipherTrust Inc Alert Class Reporting gt Alert Manager gt Alert Class Adding an Alert Class Reporting gt Alert Manager gt Alert Class gt Add New Alert Class Alert Manager The Alert Class screen allows the Administrator to define groups of related ser vices Groups may be added edited and deleted and services may be assigned and reassigned to groups through this functionality Alert Class Common Software Update Mail SMTPI Service SMTPO Service Monitor Int Health Monitor Check Tool Add New Alert Class By default IronMail starts with one logical grouping or class of subsystems SNMP Administrators may create any logical grouping of services that serves their needs Individual subsystems may be moved from one grouping or class to another or deleted altogether The purpose of creating classes of subsystems is to be granular in terms of which alert notifications are received as will be explained below When the classes have been added Alert Levels may be configured for them using the Alert Mechanism function If a subsystem is deleted from a group and not added to another Iron Mai
86. an Administrator for a new certificate Open the CSR List to see existing CSRs and to request new ones Encryption gt Advanced gt Certif icate Management CSR List gt X509 Certs gt pes cs R L ist Canonical Name Organization Organizational Installed mol Test im bigiron ctga net CipherTrust Inc Quality Assurance N oO Add New Install Submit The CSR List Field Description Name This column shows the digital name for each CSR that has been processed and is awaiting installation CipherTrust Inc 43 TronMail 6 0 The CSR List Field Description Canonical Name This column displays the canonical name for the server where the certificate will be installed Example mail marketing myplace com Organization The name of the organization eg CipherTrust Inc that requested the CSR shows in this column Organizational This column lists the department or unit within the Unit organization to which the certificate will be assigned e g Development Installed This column contains an N for not installed until the certificate is installed Delete Clicking the delete checkbox associated with any CSR and clicking Submit will delete that CSR Clicking the Delete hyperlink will delete all CSRs Adding a CSR Clicking the Add New button at the bottom of the CSR List screen opens the Add CSR screen This screen allows you to generate a Certif icate Signing Reques
87. and outgoing mail or other services select one to enter during the wizard setup the remaining servers will be configured later This information is not necessary for con figuring a Centralized Management Console 11 Specify the IP address of the default mail server you identified above 12 Specify your default email domain 13 Determine if you want IronMail to use secure POP3 or IMAP 4 with your internal server Your internal server must have a Secu rity Certificate installed on it for secure POP3 or IMAP4 to be implemented Verify this information with your Network Administrator prior to run ning the appliance s Initial Configuration Wizard IronMail ships with a pre installed albeit unsigned Security Certifi cate IronMail only allows administrative sessions with it over a secure SSL https connection for which a Security Certificate is required The default Security Certificate is adequate for creating these secure con nections from your browser to the IronMail appliance but is not ade quate for providing SSL security for your email infrastructure Until you install a valid Security Certificate from a Certificate Authority your browser will display a Security Alert each time you logon to the appliance Clicking Yes at the prompt allows you to proceed You must connect to the appliance to enter some preliminary values in an Initial Configuration Wizard in order to make the appliance ini tially functional Use a c
88. ary Logs Reports Configuration IronMail generates a variety of reports informing the Administrator of all of IronMail s activity The reports cover two broad categories the email that IronMail processes and IronMail s internal activity Email activity can be viewed either as summaries or as detailed reports The summaries show the top senders and receivers during a 24 hours period who sent or received the most mail by volume in megabytes who sent or received the most encrypted messages etc Of particular interest to administrators is the summary report that pro vides spam statistics needed for decisions in a concise and easily understandable form All reports will be automatically sent to the recipient or recipients whose email addresses are specified if IronMail is configured to do so In addition IronMail will generate on demand a report detailing every email policy that has been created That is you can view which Content Compliance dictionaries have been created and are in use to whom Envelope Compliance policies have been applied etc You can configure the reports that IronMail will generate and the dis position of the reports on the Reports Configuration screen CipherTrust Inc 119 TronMail Edge 1 0 Reporting gt Advanced gt Reports Configu Reports Configuration ration Compress at Size Top N users to be displayed Treat action LOG as Transfer l
89. b Interface after completing the wizard Also enter the Default E Mail Domain for the internal mail server All incoming email addressed to this domain will be forwarded to the internal server All outgoing email should be relayed from this server to your IronMail appliance Example Mail Server Host Name mailserver ciphertrust com Default Mail Server FQDN chang2k3 w2k3 ctdev com Example Mail Server IP Address 10 0 0 15 Mail Server IP Address 10 65 1 19 Example E Mail Domain ciphertrust com Default E Mail Domain w2k ctdev com Mail Server Secure POP3 Enabled v Mail Server Secure IMAP Enabled v If you are configuring a Centralized Management Console you do not have to provide information about internal mail servers Skip this step by clicking Next and proceed to verifying your informa tion 15 Verify that the information you have provided is correct You can use the Back buttons to return to previous steps and make correc tions should you detect errors You may want to print this screen for your records once you have verified the information CipherTrust Inc 13 TronMail Edge 1 0 E IronMail CipherTrust Installation Wizard Please examine all information carefully before proceeding If you wish you may print this page for your records If you need to make any changes please use the back button below Once you have verified that all the information is correct click on the Fin
90. be Shared Enable sub domain routing Per Message Logging Fail Open Action Enable High Performance ctdev net Quarantine wi Global Properties Field Description Default Domain By default the domain name provided as the Default Email Domain during Step 9 of the Installation Wizard is displayed in this input field You can edit the field by entering the domain name of the server to which Iron Mail s administrative messages are to be delivered Internal Inactivity External Inactiv ity Timeout secs Timeout secs Default Charac ter Set Enter a value representing the maximum number of seconds IronMail may wait for external servers whether inside or outside the network to respond before closing a connection It is strongly recom mended that the default value of 600 seconds not be changed Enter a value representing the maximum number of seconds IronMail may wait for its own internal services and subsystems to respond before closing a connec tion It is strongly recommended that the default value of 610 not be changed In any case this value should be at least 10 seconds greater than the External Inac tivity Timeout above Select from the pick list the character set to be used when the character set of a message is unknown This character set will be used to convert the text to uni code 73 Tro
91. bmit the main Alert Mechanism screen refreshes ce u u Mk 104 CipherTrust Inc Alert Manager Alert Mechanism The data has been updated successfully Alert Class Alert Type Alert Mode emm Updates INFORMATION EMAIL EMAIL Alert Class Alert Type Server User Address Mail RESTART ctqa net admin ctqga net EI Updates INFORMATION ctga net docs ctga net o Adding a Pager The following screen is used for Pager alert mechanisms Alert Mecha nism Alert Mechanism Alert Class Secure Services Alert Type NOTIFICATION 4lert Mode PAGER Server Name docs ctqa net User Address user1 docs ctga net As with the Email alert mechanisms you must supply the server name and the user address Adding an The following screen is used to configure an SNMP alert mechanism SNMP Alert Mechanism CipherTrust Inc 105 TronMail Edge 1 0 Alert Mechanism Alert Class Alert Type Alert Mode Server Name Version Port Monitor WARNING SNMP doctest ctga net 2 389 For this mechanism you must supply the server name as before plus the SNMP version to be used and the port over which the alert will be transmitted When you click Submit the screen will refresh Ge u uMi 106 CipherTrust Inc Alert Manager The Alert Viewer The Alert Viewer screen presents an on screen view of all the alerts
92. cccceseeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeneeeeeeees 21 Win THIS Chapter e cates ceees bones eege gek deeg aie ENEE EES 21 SmartStart ccccecc cesses eeeeee aii E EEEE AREE AEE EE 21 Using SmartStart 00 eee eee irinn iaa kaiina ae seco eeeae ENEN EEE TANER AEEA AEREA EANAN KEE AEAEE KE AENEA 21 TMe SmartStart SChECN deaminase nan oai en eae airea p E aai paea aieiaiei 22 Accessing KEE ln dE 23 When You Have Finished SmartStart AA 30 ll Monitoring the System icc ce cca ences SEENEN 31 Using the Dashboard cece eter erent eee eee eee e EEEN aaeee eee eieeeeeeeeeeeeseeneeeeeeenneeeeee 31 REE e AE EN Chapter 3 The Dashboard 2 20s eogeegeeeegeeggegegee erger getE NEE Dee Ge 33 Jor this Chapter siise er EE dE EES geed OEA ENEE TENE E 33 The Dashboard Screen ic cccen ccccceehaceecce stanenceet ante EENS Hin ceeees suis deneey sanacevevbsansdeebevsianceeevianae 33 Configuring the Dashboard ceeeceeeeeeeeenee eee ee eecneee eee eaaeeeeeesaaeeeeseesaeeeeeeeaaeeeeeeeiaeeeeeeeaas 34 CipherTrust Inc ili TronMail Edge 1 0 Special De Le 36 CO Quritig the Ee 37 E EE EE 38 GU GUS ET EE 38 Executive Graphs scc eneee aeiae r Ee ear aa ro Pare Eaa EEE eane a ia a a aE ea Eada oaiit 39 e Elle LTE 39 Saving the Configuration EE 39 UI PE e EE 41 Introduchon MEn aA a ATE T 41 MAUS SECUON AE EEE A E AT E TE 42 Chapter 4 Managing Certificates aasessssennnnnnnnennnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn 43 07 Ta ti i0 CC
93. change settings related to the IronMail appliance itself In this chapter In this chapter you will find information about the following topics Appliance Configuration Out of Band Management Routing The Serial Port SSH Configuration Backup Restore The Check Tool Appliance Configuration Initially the Appliance Configuration screen displays information that was entered during the Initial Configuration Wizard when IronMail was first installed At any time afterward these settings may be changed as required System gt Configu ration gt Appliance Configuration Appliance Configuration D Attribute Current Pending Hostname im252 j Domain Name ctdev net IP Address 10 65 1 252 IP Netmask 255 255 255 0 M Default Router 10 65 1 1 mei 10 65 111 DNS 2 DNS 3 NTP 1 time nist gov NTP 2 bitsy mt echt NTP 3 clock isc org Time Zone America New_York KA Ethernet Setting autoselect v submit Reset Il Clear Pending _ CipherTrust Inc 157 TronMail Edge 1 0 Appliance Configuration Field Description Hostname Enter a host name for the lronMail appliance The host name must be entered in all lower case letters for lronMail s Backup and Restore utilities to function cor rectly This name must be resolved in DNS Domain Name Enter the domain name to which IronMail belongs IP Address Enter lronMail s IP address The host name and IP address must be reso
94. changed by more than one minute always stop and restart each of the queues and services to reset their wake up times Force IronMail to immediately synchronize with an Internet Time NTP Server by clicking Sync with NTP Server Note that the name of a valid time server must have entered in the System gt Configuration gt IronMail page to do this Note that IronMail writes a timestamp in its database noting when each message enters the Outbound Queue for delivery IronMail uses this timestamp as a reference for when it may pick up messages for delivery Therefore if the clock is set backward and there are currently messages in the outbound queue those messages delivery will be delayed until IronMail s internal clock catches up to the time stamp originally entered in the database Daylight Sav IronMail automatically adjusts for Daylight Savings Time DST at 2 ings Time A M on the first Sunday of April and reverts to Standard Time at 2 A M on the last Sunday of October KH 188 CipherTrust Inc General System Functions Storing CMC Keys System gt Store CMC Key CipherTrust Inc The Centralized Management option allows administrators to config ure an IronMail appliance as a slave to another IronMail configured as a Centralized Management Console CMC master In enterprise environments with multiple IronMails protecting multiple domains and mail servers centralized management allows
95. chanism Configured alert The table in the lower part of the screen contains infor mechanisms mation about all the existing alert mechanisms Alert Class This column shows by name all alert classes for which alert mechanisms have been defined Alert Type This column lists the alert type associated with each class Server This column is populated with the server names where the recipient type resides User Address The user address that is to receive the alert shows here Delete Clicking the check box and then clicking Submit will cause the alert mechanism to be deleted from the list Adding an Alert To add anew alert mechanism use the pick lists at the top of the Mechanism screen Select the class the type of alert and the alert mode CipherTrust Inc 103 TronMail Edge 1 0 Reporting gt Alert Manager gt Alert Mechanism gt Add Alert Mechanism Jemen Updates INFORMATION wi v EMAIL Server Mail RESTART ctga net admin ctga net o When you click add the appropriate secondary screen will open Addingan The screen below appears if you selected Email as your Alert Mode Email Mecha nism Alert Mechanism Alert Class Updates Alert Type INFORMATION Alert Mode EMAIL Server Name ctga net User Address docs ctga net For an Email notification you must supply the server name where the pager address is located and you must enter the user address When you click Su
96. ciphertrust com December 2005 JronMail Edge Users Guide Product Version 1 0 CS Cipher Irust Peace of Mind in Messaging 2005 CipherTrust Inc CipherTrust and the CipherTrust logo are registered trademarks of CipherTrust Inc All other trademarks are the property of their respective owners All rights reserved fron Mod Edge User s Guide Product Verison 1 0 Table of Contents Beiore You Be inN sivciccisiiesesissicccsusceiesevesessssdeiventebsiedbvesesvissdacseidvestensesebotucwiteecencisectens ix HOw THIS BOOK 1S Eu ME ix Flow to USe This BOOK EE D CONVENTIONS gryka kesa Een ORA Errai OO aeei a aeea OA o EEAO i arara D Contacting Cipher TEE x l Getting SACS E 1 KEIER e EE 1 ht e EE 2 PFOGESS EE 3 Chapter 1 Setting Up lromMaill ccceccceeeeeeeeeeeeeeeeeeeeeeeeeseeeseseeseeeeeeeeeseeseeeeseeseeees 5 hrer 5 ComigurnngronM EE 5 Preliminary Information 0 cece eecceeeeeeeeeeeee scene cesses sees eeeneeeeeaeeeseeaeeesneeeenaeeseeaeesieeeeeeaeseeaeessneeeeed 5 Initial CONMOUPATION Wizard E 6 Network Connectivity ege OEB eee A 16 Blees UL WEE 16 Internal Mail Server Configuration c ee eeceeeeeeeeeeeeeeneeeceeeeeeeaeeeeeaaeeseeeeeesaeeeseaaeeeeeeeeesneeeeenaeennaees 17 Network Firewall Comfiguration icccsccsccscceecsecccecsentsctaesssbossadaeasauedunevaveeeasvenseucccevssdowsaniee sbseecuvescneessnees 17 Configuring the ee 17 Chapter 2 Best Practices Configuration c
97. ctional Before you run the wizard obtain the information requested in the form below Your network administrator should be able to assist you in determining the network information A copy of this Information Gathering Form appears at the back of the Setup Guide so it may be removed for easy information gathering 1 Have on hand the License Key that was e mailed to you for the IronMail appliance The License Key contains information that determines whether this appliance is a Centralized Management Console for enterprise environments or a stand alone IronMail Create a host name for this appliance Determine the domain name to which this appliance belongs Assign an IP address for this appliance Determine the Subnet Mask for this appliance o oa fF a H Specify the Default Router the appliance will use TronMail Edge 1 0 Initial Configu ration Wizard 7 Specify the IP Address of at least one of your DNS Servers This appliance must be able to connect to it 8 Provide the fully qualified domain names of up to three Network Time Protocol servers IronMail identifies three servers by default 9 Specify the appliance s time zone by selecting from the pick list the city nearest the appliance The selected city must be in the same time zone as IronMail 10 For stand alone IronMail only Specify the fully qualified domain name of your default mail server If you have dedicated servers handling incoming
98. cutive Summary Web Mail Service Status Queue Status tion Blocking Status tus Connect Mail IDS Stat System Graphs BA 1 Hou si Place the Graphs portlet in one of the display panels just as you would any other portlet When you click the arrow to move the portlet the lower portion of the Configure screen displays two dropdown lists The first list allows you to select which of the three types of graphs you want to display by default e System Graphs e Queue Graphs or e Executive Graphs The second list offers selections for the time period you want to repre sent with the selected graphs The available periods vary with the type of graph you select so choose the type first For more information about the reports and graphs on the Dashboard go to Chapter 3 of this User s Guide CipherTrust Inc 147 TronMail Edge 1 0 148 CipherTrust Inc General Administration Functions General Administration Func tions In this chapter In this chapter you will find information about the following topics e The Cleanup Schedule e Configuring Appliance Certificates e Changing the Admin Password e SmartStart Configuration The Cleanup Schedule IronMail accumulates many files and much data over time Cipher Trust recommends that you allow IronMail to regularly purge the sys tem of unnecessary files and data That is the function of the Cleanup Schedule Administration gt Cleanup Schedule Cleanup Sched
99. d as you want it to appear you must save that configuration At the lower right of the screen click the Save Configuration icon X Configure B Save Configuration CipherTrust Inc 39 TronMail Edge 1 0 40 CipherTrust Inc Introduction CipherTrust Inc II Encryption Current protocols governing email dictate that all messages transmit ted over the internet be sent in plain ASCII text characters The prob lem caused by this requirement is that anyone with the right tools can read a message sent by anyone else The tools such as TCP or packet sniffers may be freely downloaded from the internet The tools not only allow hackers to read anyone s email but also allow them to intercept and alter the messages before they are delivered to the recip ient The easiest and most popular way for enterprises to secure their email is by using Digital Certificates These certificates allow two essential strategies for message encryption client to client and server to server encryption El Certificate Management El x509 Certs CSR List In client to client encryption Certs Store Security Certificates are installed on individual workstations The dominant benefit of this method is that the message is encrypted before it leaves the originator s computer and remains encrypted until it is received protection from end to end Server to server encryption on the other hand requires Security Cer tificates be ins
100. d shows a real time view of all IronMail logs begin mand ning with the 10 most recent entries The command accepts the param eter log The tail command accepts no additional switches The tail log command accepts the additional parameters of the names of IronMail logs Typing tail log will reveal a list of all available logs Command Summary tail log lt SERVICE gt ironmail tail log tail log adeladminlalertlavqicfqicleanuplct_adminIct_auditlct_euserleus rquarantinelimap4 proxylimap4sproxylironwebmaill joingllda psynclmma lpop3proxylpop3sproxylreportslripqischedisched ftplsmtpolsmtpproxylsmtpsproxylspama sshdctllsummarylsuperqlvfqlwatch lt Date for list Enter for today gt CipherTrust Inc 205 TronMail Edge 1 0 ironmail ironmail tail log cfq Channel2 6 10122004 15 14 50 LOG_STAT_FINALI6IPUSHED TO NEXT Q Channel3 7 10122004 15 15 20 LOG_STAT_ATT_FIL Channel3 7 10122004 15 15 20 LOG_STAT_CONT_FIL Channel3 7 10122004 15 15 20 LOG_STAT_FINALI7IPUSHED TO NEXT Q Channel4 8 10122004 16 48 25 LOG_STAT_ATT_FIL Channel4 8 10122004 16 48 25 LOG_STAT_CONT_FIL Channel4 8 10122004 16 48 25 LOG_STAT_FINALI8IPUSHED TO NEXT Q Channel5 9 10122004 17 05 07 LOG_STAT_ATT_FIL Channel5 9 10122004 17 05 07 LOG_STAT_CONT_FIL Channel5 9 10122004 17 05 07 LOG_STAT_FINALISIPUSHED TO NEXT Q The TEST Com The test command is used to test network connections by using differ mand ent m
101. d with other domains to provide for mes sage encryption e P12 This file contains both the private key and public key of the Certificate in a format required for installing on another IronMail appliance Never distribute this file to another domain Password Enter the password used to request the certificate This password will also be used to import the certifi cate if that becomes necessary To import an X 509 certificate click the Import button at the bottom of the X509 List screen The Import Security Certificate screen displays The specific screen to use will depend upon what type of X509 certifi cate you want to import The P7C PEM and P12 screens appear below Note P7C and PEM Certificates involve public keys only No pass word is required Simply enter the information required browse to the file location where the certificate is stored for P7C and click Submit Import Security Certificate P7C Certificate O PEM Certificate O P12 Certificate Name of Certificate Fie Eroe oA 50 CipherTrust Inc Managing Certificates Importing a P7C Certificate Field Description Certificate Type Select the correct radio button to identify the certificate type in this case P7C The screen will refresh to pro vide the correct data fields Name of Certifi Enter the display name of the certificate cate File Enter the path to the stored certificate or brows
102. dates 10 9 30 Configuring Auto Updates Field Description Service The list of updatable services displays in this column Automatically For each service you want to configure for automatic Update updates click the checkbox in this column Interval minutes For each updated service specify the interval in min utes at which you want to query the update server for new updates The default is 30 minutes When the services are configured appropriately click Submit to record the configuration CipherTrust Inc 181 TronMail Edge 1 0 License Manager The License Manager table shows all Product Licenses that have been installed on IronMail Some of the Licenses correspond to the tabbed program areas in the IronMail interface e g Mail Firewall Mail VPN etc where others refer to subscription services e g Anti Virus Threat Response Updates etc System gt Updates gt License Manager License Manager Mail Firewall Mail IDS Base Product Mail Firewall Mail IDS Base Product Mail Firewall Mail IDS Base Product Update Services Update Services Update Services Update Services Update Services Update Services Update Services Update Services Update Services 2 e All NJA All Ha All NJA All Ha All NJA All NJA All Ha All Ha All Ha Software Updates 01 01 2020 Pre configuration Updates 01 01 2020 Hotfix Update 01 01 2020 Compliance Rules Updates
103. devoted to the Inodes Used appliance s operating system all of lronMail s program Alert files email Message Store and temporary files reside on one separate partition The number entered in this input field represents how full the partition may become before generating an alarm If Notification is enabled below and IronMail s Alert Manager is config ured for it lronMail will send an email pager or SNMP alert to the administrator when this threshold is reached It is recommended that the default threshold 75 be accepted in the beginning After IronMail is fully in line in the mail flow and its logs and reports have accumulated on disk for several days administrators can use IronMail s System Graphs to view actual disk utilization lronMail s disk utilization may also be seen using the Command Line Interface Notification If this option is enabled Health Monitor will send alerts Enabled for any errors it detects to IronMail s Alert Manager Though the Alert Manager may receive the alerts from the Health Monitor the alerts are not delivered to the administrator unless the Alert Manager has been con figured to do so CipherTrust Inc 113 TronMail Edge 1 0 Health Monitor Properties Field Description Notification Schedule secs Deny Connec tions at Disk Inodes Usage Queue Inactivity Timeout Health Monitor runs its tests on co
104. e domain name is combined with the host name to create your Internet Address also called the Fully Qualified Domain Name The domain name can be any combination of A Z letters 0 9 numbers the hyphen and the period Example Domain Name ciphertrust com Domain Name jnf ctqa net Click Next 8 Enter the IP address assigned by your Network Administrator for this appliance IronMail CipherTrust Installation Wizard Step 3 of 9 Enter the Internet Protocol IP Address for this Iron ail This should be obtained from your network administrator The IP Address is four 8 bit decimal numbers octets each from O to 255 separated by periods Example IP Address 10 0 0 15 IP Address 10 65 1 103 exe Click Next 9 Enter the subnet mask for this IronMail as provided by your Net work Administrator lronMail CipherTrust Installation Wizard Step 4 of 9 Enter the Subnet Mask for this IronMail This should be obtained from your network administrator The subnet mask or NetMask is four 8 bit decimal numbers octets each from O to 255 Typically subnet maskes are all binary one s from the most significant bit down to some intermediate bit position e g 255 0 0 0 255 255 252 0 Example NetMask 255 0 0 0 NetMask 255 255 255 0 M Click Next 10 Enter the IP address for the Default Router for this appliance The router address is provided by the Network Administrator CipherTrust Inc 11 Tron
105. e Y Y 0000 22 51 42 ironmail The show system command string displays critical information about the IronMail system including disk status and process statistics Command Summary show system disk process support ironmail show system disk Mounted Size Used Avail Capacity iused ifree iused ct 34G 1 3G 30G 4 12129 8191645 0 ironmail ironmail show system process Time User Sys Nice Intrpt Idle 00 00 5 0 0 U 95 00 01 6 0 U 0 94 00 04 3 2 0 0 95 00 05 3 2 0 U 95 00 06 4 0 0 0 96 00 06 4 2 0 0 94 204 CipherTrust Inc Using the Command Line 00 07 4 1 O 1 95 00 08 5 1 O O 94 00 09 7 O O O 93 ironmail ironmail show system support Support access is enabled Support access listen port has set to port 20022 ironmail The SYSTEM The SYSTEM command is used to reboot shutdown IronMail and Command restore IronMail s factory settings You may restore either the security certificate network settings or disable ACL on the WebAdmin Restoring factory settings can be used to recover when the Graphical User Interface of IronMail s Web Administration has become unavail able due to misconfiguration The system command accepts the following parameters shutdown reboot restart restore Command Summary To Reboot Shutdown system system reboot shutdown To Restart Webadmin system restart webadmin To Restore Factory Settings system restore acl certificate network The TAIL Com The tail comman
106. e on the Internet that can provide time synchronization using the Network Time Protocol Three Internet standard time servers have been provided ect NTP 1 kime nist gov NTP 2 bitsy mitedu NTP 3 clock isc org Click Next 12 CipherTrust Inc Setting Up Iron Mod 13 Specify the appliance s time zone by selecting from the pick list your own location or city or a location city that is in the same time zone lronMail CipherTrust Installation Wizard Step 8 of 9 Enter the Time Zone Location for this IronMail This information is used with the NTP servers entered previously to automatically maintain the time on this mail server You should select your location city or a location city that is in your time zone Not all cities are listed Time Zone America New_York EX Hee Back Click Next 14 If you are configuring a stand alone IronMail appliance you must enter information about your default email server If you have more than one email server enter only the information about the default server You can configure additional servers after you com plete the Installation Wizard lronMail CipherTrust Installation Wizard Step 9 of 9 Enter the fully qualified domain name FQDN and IP address for the default internal mail server This server should be the first internal mail server that you are configuring to work with IronMail Other internal mail servers can be configured via the Admin We
107. e the commands on that screen to record your con figuration Then you may proceed to the next screen by clicking that screen s link in the left menu Screen 4 SMTP This screen allows you to configure SMTP routes for any additional Route Setup internal inbound domains or external outbound domains you will need in order to route mail properly in your environment Domain Based Mapping Table This screen allows you to configure additional SMTP routes for any additional internal inbound domains or external outbound domains you will need to use in order to route mail properly in your environment Machine Protocol Domain Name Routing Type Name DNS Domain IP Side Note Name SMTP DEFAULT STATIC 10 65 1 30 ctdev net STATIC 10 65 1 30 submit Reset _Add new Copyright 2005 CipherTrust Inc All rights reserved SmartStart SMTP Route Setup 26 CipherTrust Inc Screen 5 Report Setup Screen 6 Alerts Setup CipherTrust Inc Best Practices Configuration After you have set up the routes on the screen at the bottom of the SmartStart page use the commands on that screen to record your con figuration Then you may proceed to the next screen by clicking that screen s link in the left menu This screen allows you to configure the reporting features for your IronMail appliance Report Setup Here you can configure the reporting features of the IronMail Appliance Report Category O Al Re
108. e to it Import Security Certificate P7C Certificate PEM Certificate O P12 Certificate Name of Certificate Certificate Submit Importing a PEM Certificate Field Description Certificate Type Select the correct radio button to identify the certifi cate type in this case PEM The screen will refresh to provide the correct data fields Name of Certifi Enter the display name of the certificate cate Certificate Paste in the certificate information as it came from the Certificate Authority For the P12 Certificates a password is required since the certificate contains both public and private keys Enter the certificate name browse to the file storage location and enter the password that was associated with the certificate at the time it was exported Click Sub mit The imported certificate will appear on the X 509 List CipherTrust Inc 51 TronMail 6 0 Import Security Certificate O PEM Certificate pizce UN UI Submit J Reset ose Importing a P12 Certificate Field Description Certificate Type Select the correct radio button to identify the certificate type in this case P12 The screen will refresh to pro vide the correct data fields Name of Certifi Enter the display name of the certificate cate File Enter the path to the stored certificate or browse to it Password Enter the password associated with the certi
109. e user access to this role If only the Enable box is checked for the role the user will have full Read Write permissions to that Read Only If a role is enabled you can check this box to restrict permission to Read Only access For some users such as new trainees you may wish to assign Read Only access to IronMail roles until the user has gained familiarity with IronMail and its features Other users by the nature of their positions may require Read and Write access only to specific portions of the sys tem The Create Edit User Account screen allows the Administrator to assign and change permissions as required Create Edit User Account ei New Password at least 8 characters Confirm Password User Name trainee New User Assign Role Permission Roles Enable Read Only Administration Anti Spam Anti irus Dashboard Secure Delivery TronWebMail Mail Firewall Mail IDS Mail PN Policy Manager D lt RRE S D GG a YVR KIK RR RR EK E When the account is properly configured click Submit The new account will be added to the Manage User Account list Managing User Accounts The Manage User Accounts link on the main IronMail page opens a screen that displays all existing user accounts for the specific appli ance CipherTrust Inc 139 TronMail Edge 1
110. eadeaadeedesachorstbasduedecedebstecis 196 The RUN Commande 197 HINTER Re du E WEE 198 The SHOW Commande 200 The SYSTEM Commande 205 The TAIL Commande 205 vi CipherTrust Inc HRC NEE 206 The History COMMANA AAA 208 CipherTrust Inc vii TronMail Edge 1 0 viii CipherTrust Inc How This Book is Organized Section I Get ting Started Section Il Moni toring the Sys tem Section IlI Encryption Section IV Pro tection Manager Section V Reporting Section VI Administration Before You Begin This manual is comprised of sections that correspond to the major pro gram areas of IronMail as identified by the tabs at the top of Iron Mail s main screen The chapters within a section are intended to follow the organization of each area s navigation menus which will appear to the left of the IronMail screen Here is a brief summary of what you will find in the manual Getting Started will briefly introduce IronMail and help you perform the basic setup and configuration necessary to get the appliance deployed The section contains the following chapters e Chapter 1 Setting Up IronMail e Chapter 2 Best Practices Configuration Monitoring the System will introduce you to the IronMail Dashboard where you can capture information at a glance regarding your Iron Mail s operation The section contains this chapter e Chapter 3 The Dashboard This section is concerned with the applicati
111. ed an outgoing message with a footer or deleted a file attach ment etc See Action Codes for a list of all IronMail actions The sixth field displays textual information returned by the process For example process 21 the SMTPI Service will return the Mail From Mail To and Message ID number of a message and the 200 process the Virus Scan Queue will report No virus found in this message CipherTrust Inc 129 TronMail Edge 1 0 The seventh field displays any details about the action as applicable For example a Mail Monitoring rule based on a particular Subject will have the text of the rule s Subject displayed here IronMail can transfer Summary Log files to an archive server either manually or automatically Reporting gt Advanced gt Sum mary Logs Summary Logs FTP SCP Configuration Archive Method FTP zl User Name a Confirm Password Path Schedule Time File Information click on file name to view the detail of this service A Transfer View Download FTP SCP Delete File Name View Log Download Summary Log Show all files Gje Summary Logs Field Description FTP SCP Config The upper portion of the screen is used to configure uration archiving of the summary logs Archive Method Select an archive method IronMail should use when transferring the Logs e SCP Select SCP to transfer the file securely using the SCP protocol An S
112. ed in this Agreement which supersede any different terms and conditions contained in Customer s purchase order s or any other Customer document that may be accepted by CipherTrust for Customer s convenience CipherTrust hereby objects to the terms and conditions of such Customer documents to the extent they conflict herewith This Agreement shall be governed by the laws of the State of Georgia and of the United States of America excluding i their respective conflicts of law principles and ii the United Nations Convention on Contracts for the International Sale of Goods Do you agree to the terms and conditions set forth in this Support Services Agreement el Decline 4 Select the language you wish to use for this installation of IronMail by choosing the name of the language from the pick list G Cipher ENTERPRISE EMAIL SECUH Select a language in which you want to install this Appliance The Configuration ofthe appliance will be in the language you have selected here If you donot make any changes and hit enter then the default language English is taken as the locale Language Example Language English Language English English Japanese Korean SimplifiedChinese Traditional Chinese Portuquese Click Next CipherTrust Inc 9 TronMail Edge 1 0 5 Copy the text file containing the License Key for the appliance and paste the key into the input field on the next screen You must include all of
113. ed to disk and sent to CipherTrust engineers for troubleshooting purposes The Log Level set here determines the type and amount of detail written to the log Select the proper log level from the drop down list The options are Critical Error Information e Detailed Note that in high email volume environments 50 000 messages per day the SMTPI Service s log can eas ily grow to 100 MB or more per day If IronMail is not configured to delete these logs after 3 7 days there is a danger that IronMail s hard disk can quickly become full Secure Client Select this checkbox to enable secure communication Communication between IronMail and the client servers SSL Valid only for SMTPI not for SMTPIS which is already secure SIZE Extension Enter a number in megabytes representing the maxi MB External mum email size IronMail will accept from users outside the domain s it hosts If the message exceeds this size lronMail will not accept it A zero in this input field represents unlimited there is no size limit Banner In order to hide information about your email infra structure that might be exploited by hackers IronMail allows you to provide an alternate Welcome Banner The banner is limited to 80 characters and may not contain new line characters Insert Received With this option enabled IronMail will add to every Headers email s header an RFC822 compliant reference to its own role in
114. edly or restart ing after it was stopped There are a finite number of anomalies that IronMail can report on see the table of alerts Each anomaly may be assigned one of seven alert levels according to the degree of criticality of the problem IronMail administrators will create an alert mechanism email pager SNMP trap for any or all of the alert levels for each grouping of subsystem they have created In this chapter you will find information about the following topics e Alert Levels e Alert Classes e Alert Mechanisms e The Alert Viewer The possible alerts IronMail can send are as follows e Information This alert is for information only No problem exists It reports for example that an SNMP heartbeat has been sent e Notification This alert is slightly more important than informa tion It reports information about an IronMail process or service For example it reports that an anti virus update has been received 97 TronMail Edge 1 0 Warning A warning should get your attention It implies that administrative action is warranted For example IronMail gener ates a warning when a Denial of Service attack has been detected Error An error is serious IronMail generates error messages when a single process is not performing as intended For example it gen erates an error alert if it detects that IronMail s Content Filtering Queue stops processing messages Critical A critical
115. ending column to the right of the input fields The data does not take effect until the appliance is rebooted Click Clear Pending to reset the input fields to their previous values Note The IP address will be removed when Out of Band Management is disabled in order to prevent it from remaining assigned and there fore unavailable for reassignment CipherTrust Inc 161 TronMail Edge 1 0 Routing When messages are addressed to mail servers that IronMail cannot directly reach because IronMail is in a DMZ or for other reasons a static route must be created so the mail IronMail proxies can be deliv ered to the internal mail servers The Routing screen allows the Administrator to create this route System gt Configu ration gt Routing Routing ei iP Address Network leet bets 255 128 0 0 I Add Routing Field Description IP Address Sub Enter the IP address of the machine that IronMail must net deliver its mail to Netmask Select from the NetMask pick list the subnet mask used by the machine Gateway Enter the IP address of the gateway that knows how to reach the machine IronMail needs to deliver its mail to Delete Select a machine s Delete check box and click Sub mit to delete a route from this table Adding new IPs The data fields at the bottom of the screen permit the or networks addition of new IP addresses or subnets IP or Subnet Enter a new I
116. ent Version STENTS Version Status Connection Blocking Status Status Total Connections Accepted Total Connections Blocked Total TLS Connections Total Grevlist Rejections Total TrustedSource Rejections Mail IDS Status 10 65 1 66 t NOTIFICATION INFORMATION Count H H H H H H 33 x Configure O save Configuration This page is refreshed every 4 minute s Last refreshed Tue 27 December 2005 at 10 40 39 EST Copyright 2005 CipherTrust Inc All rights reserved 30 CipherTrust Inc IT Monitoring the System Any Administrator will tell you that one very important feature to any network protection solution is the provision of ways to monitor it IronMail meets this requirement with the Dashboard a one page sum mary that allows the Administrator to easily review not only the status of the appliance and its components but also its performance against all manner of attacks against the email network Using the Dashboard In this section IronMail s opening screen is the Dashboard a customizable presenta tion of summaries and graphs that are intended to inform the user about IronMail s operation and performance This section will explain how to set up the Dashboard as you want it to be and inform you about each of the available summaries and graphs In this section you will find the following chapter e Chapter 3 The Dashboard CipherTrust Inc 31 TronMail 6 0 32 CipherTrust
117. ethods as well as to check specific server connections The test command accepts the following parameters dns mail ping port route server Examples are shown below Command Summary test dns forward lt DNS SERVER IP gt lt HOSTNAME gt mx lt DNS SERVER IP gt lt DOMAIN NAME gt reverse lt DNS SERVER IP gt lt IP ADDRESS gt mail MAIL SERVER IP gt lt SENDER gt lt RECIPIENT gt ping lt HOST gt port lt IP ADDRESS gt lt PORT gt route lt DOMAIN NAME gt server rlb lt IP ADDRESS gt lt RBL SERVER gt lt DNS SERVER IP gt lt QUEUE TYPE gt sls update ironmail ironmail test server sls 10 13 04 11 42 01 EDT ct apps sls client conf map Re resolve names after 13 41 56 Check RTTs after 11 57 01 8000 00 ms threshold 8000 00 ms average 1 total 1 work ing addresses ee 206 CipherTrust Inc Using the Command Line IPv6 off slsl ciphertrust net 123789 client LO 10 50 1 16 qa1 DCC ciphertrust ID 1040 100 of 32 requests ok 10 85 ms RTT 6 ms queue wait CipherTrust Inc 207 TronMail Edge 1 0 The History The history command will display a list of previously run commands Command You can execute a previous command listed in the history by prefixing the number from the list with an exclamation point Examples are shown below ironmail ironmail history 1 history show network interface history history show log show log admin history show queue quarantine history DO OO JO
118. evel protection navigate to the Configure Net work Services Protection Man ager gt Mail IDS gt Network Level gt Configure Network Services Con fi igur e Service Auto Start DE E Network IDS v 0002 17 26 20 This page is refreshed every 4 minute s Last refreshed Thu 06 October 2005 at 10 03 46 EDT The screen displays the current status of Network IDS services Configuring Network Services Field Description Service The first column contains the service name which is Network IDS Auto Start A check mark in this column indicates the service is configured to be restarted automatically if Health Mon itor finds it has stopped A red X indicates the service will not be restarted Clicking the icon toggles auto start on and off 86 CipherTrust Inc Mail Intrusion Detection Service Configuring Network Services Field Description Running A green light icon in this column indicates the service is currently running A red icon indicates it is not run ning Clicking the icon will start or stop the service Service Uptime This column shows the elapsed time in days hours minutes and seconds the service has been running since it was last started The service name is a hyperlink that opens the Network IDS Properties screen Network IDS Properties SNMP Enable SNMP Host Port Scan Count Port Scan Window secs Igno
119. f service protection program and filesystem integrity etc Shows the results of a Vulnerability Assessment defining vulnerabilities to intrusion Vulnerability Assessment etc for a single IP address Vulnerability Assessments may be run at the user s discretion The report lists are scrollable allowing you to see a complete listing of all IronMail reports Clicking any report hyperlink reveals details Reports Viewer File Information Mail IDS Report HTML Reports Transfer FTP SCP Email 96 CipherTrust Inc Alert Manager In this chapter Alert Levels CipherTrust Inc Alert Manager IronMail continuously monitors its core subsystems as well as its abil ity to communicate with internal mail servers If any part of IronMail s functionality fails to perform as designed IronMail will generate an alert The alerts by themselves don t do anything Rather the Alert Manager which processes all IronMail generated alerts must be configured to send them to an administrator IronMail s alert management is configured on the basis of two groups e IronMail subsystems The IronMail application is comprised of core subsystems Each one is designed to generate alerts when anomalous conditions are experienced Administrators will create logical groupings of these subsystems e Alert Levels IronMail is designed to look for specific types of problems such as a subsystem stopping unexpect
120. f the Web Administration interface The details of the file are shown and a Change State pick list allows the administrator to download or install the file After clicking Change State IronMail refreshes the previous Virus Updates table and the file s new status is displayed in the Pend ing Column The new status does not take effect until Commit Sched uled Changes is clicked 177 TronMail Edge 1 0 Configuration Updates Proper protection for your email network requires keeping IronMail s configuration up to date CipherTrust provides a variety of update packages to help Administrators maintain the latest most effective configurations Two of those update packages are available within the Compliance program area e Compliance Updates intended to provide optimum configuration parameters for the Compliance functions and e Pre configuration Updates providing the most effective initial configuration for newly deployed appliances 178 CipherTrust Inc System Updates Mail IDS Updates The Mail IDS Updates table empty until the CipherTrust Update Server has been queried displays information about installed software and file updates available for installation System gt Updates gt Mail IDS Updates Mail IDS Updates 2 Load a Package L Browse Upload Product Version Date Downloaded Date Installed State Pending State I Refresh List H Commit Scheduled Changes Copyrigh
121. ficate 52 CipherTrust Inc IV Protection Manager The network perimeter is for most corporations relatively secure Firewalls combined with a handful of other tools such as intrusion detection systems IDS have established a solid line of defense for corporate networks In fact firewalls have been so successful that most attackers have ceased trying to attack them Instead hackers are shift ing their attacks to areas unprotected by traditional network security tools to applications such as mail server and web server software Hackers have learned to use actual email and email protocols as the carriers of or vehicles for their attacks Email systems are being widely exploited in order to disrupt and violate corporate networks CipherTrust has taken a comprehensive approach to protecting corpo rations from email risks by providing an integrated solution deployed at the gateway which secures every aspect of the email system It cre ated IronMail the secure email gateway appliance Controlling the The first step to achieving email security is control of the gateway Gateway Control the gateway and you protect the entire email infrastructure sit ting behind it But the range of threats targeted at email systems makes control of the gateway difficult A comprehensive gateway security system must be capable of scrutinizing every attempted Internet con nection to your internal servers as well as the email mes
122. figuring lIronMail Alerts You can configure the type of Alert that will be generated by each of Health Monitor s tests by clicking Configure Alerts The following configuration screen opens Administration gt Health Monitor gt Configure Alerts Configure Alerts f Test Name Select a Test si Select J Error Alert Type NOALERT ei Success Alert Type NOALERT I Restart Failure Alert Type NOALERT Configuring Health Monitor Alerts Field Description Test Name From the pick list select the test for which you want to configure alerts See Health Monitor Tests in the table above Error Alert Type From the list select the specific type of alert to be gen erated when Health Monitors detects an error from the specified test Success Alert From the pick list select the type of alert to be gener Type ated when the test runs successfully Restart Failure Select the specific type of alert to be generated when Alert Type Health Monitor cannot restart the feature or function being tested When you have finished click Submit to record your choices If you want to generate alerts for every test you must configure the alerts for each test individually CipherTrust Inc 117 TronMail Edge 1 0 118 CipherTrust Inc Advanced Reporting Advanced Reporting In this chapter In this chapter you will find information about the following topics e Reports Configuration e Detailed Logs e Summ
123. future use When IronMail saves a backup configuration to disk it uses an auto matic naming scheme identifying the appliance s name version num ber latest release number and date e g im 4 5 1 1098287820 31 zip The backup information is encrypted stored in a proprietary file for mat that only IronMail can read and cannot be viewed in Plain Text The encryption method is one way even CipherTrust Technical Support cannot decrypt this file The zip file extension has been sup plied to the backup file name solely for the purpose of tricking a browser into downloading the file rather than trying to open it Do not forget the password 167 TronMail Edge 1 0 system Restore System gt Configu ration gt Restore 168 Use the Restore function to restore data only to the same IronMail appliance Software feature licenses e g for IronWebMail Secure Web Delivery Anti Virus etc cannot be pushed to other appliances via this restore method Restore eh Restore Information File C IronMail 6 0 Resourcd Browse Password DOE Restore With Certificates v Restore All or Mail Firewall A Mail VPN Si Granular Policy rire ep Content erin Ci t Filtering Off Hour Delivery Message Stamping Mail Notification Restore Field Description File Enter the file name and its complete path or browse to the backup file s loca
124. g that backup configuration to another IronMail appliance will not over write the second box s host name IP address and subnet However the User Accounts will be restored potentially creating a security risk If the backup file from one IronMail is restored onto another Iron Mail ensure that the User Accounts are carefully reviewed and modi fied as required CipherTrust Inc 169 TronMail Edge 1 0 The Check Tool System gt Configu ration gt Check Tool IronMail can test a variety of Network and Internet connections to ensure that the infrastructure supporting the internal email system is intact and fully functioning Specifically it ensures that connections to internal POP IMAP and SMTP servers can be opened and that the DNS server is reporting the correct MX and A record data Other net work connections such as network time alerts SLS sync and LDAP servers are also tested Check Tool 23 Click Run Now to run the test The screen will display a message acknowledging the job When the job is finished you can click View Log File to view a detailed log of the results of the test 170 CipherTrust Inc System Updates System Updates Keeping IronMail current requires the Administrator to find and install the latest updates for a variety of services The System program areal provides the necessary means for maintaining IronMail s effec tiveness In this chapter In this chapter you w
125. g servers may have Security Certificates installed on them and support TLS Yet the presence of a Security Certificate does not guarantee authentic ity Therefore in accordance with the values entered in this input field lronMail may refuse to deliver a mes sage to any server that cannot strongly authenticate itself with a valid Security Certificate There are three possible values for this option e 0 disabled i e no authentication required s 4 require a Security Certificate perform a TLS Hand Shake and verify that the receiving server s host name the common name host name on the its secu rity certificate e 2 require a Security Certificate perform a TLS Hand Shake and verify that the receiving server s domain name matches the domain name on its security certifi cate Note If a 1 or 2 is entered in this input field and the receiving server does not have a valid Security Certifi cate the email will not be delivered unless the very next option immediately below is enabled It is impor tant to state very plainly as long as there are few serv ers with installed Security Certificates the chance that this option will cause valid email to be undeliverable will be very high This option only becomes useful as increasing numbers of servers install valid Security Certificates Therefore IronMail administrators are cautioned to be judicious in their implementation of this option If
126. go to the Config Services Status Auto Service Running Uptime SMTPI Service v 0001 20 02 20 ServletException in fdashboardlayouts dashboardCellLayout jsp 116N log jessage for exception had been turned System Utilization Component Total det 11724 0 tmp 18 0 ivar 110 0 User Wa 5 System Nfa 1 Ide NA 94 fet 765 6MB 1 itmp 46 6MB 10 Ivar 2 2MB 1 Free aen Wa Active 220M wa Inactive 364M Wa Swap 1 023 9MB 0 Alert Status R deg NOTIFICATION INFORMATION x Configure ka D 8 Save Configuration This page is refreshed every 4 minute s Last refreshed Fri 07 October 2005 at 12 37 35 EDT Copyright 2005 CipherTrust Inc All rights reserved ure screen highlight the portlet and click the arrow pointing to the Available Portlets panel When you click Finish the portlet will be removed from its display panel and added to the Available Portlets list Special Naviga tion You can expand or collapse any of the summaries that appear on the Dashboard to allow focussing upon just the data you want to see At the top right of each header you will see double arrows pointing either upward when the summary is expanded or downward when the summary is collapsed Executive Summary Connection Blocking Status Mail IDS Status Clicking the double arrow icon toggles the summary between its col lapsed and expanded states 36 10 65 1 66
127. had been tumad off ee Internal Queue Quarantine NjA NjA o NjA NJA gt Used Component mg LS a ee Total Connections Accepted O Total Connections Blocked Do 5 SE Total TLS Connections o Total Grevlist Rejections o ta TIER Dial frei a c Mail IDS Status amp User NA 5 System NA 1 Ide NA 94 dl e 765 6MB 1 bp 46 6MB 10 Aer 2 2MB 1 o Free Ven Wa Active 220m We Inactive 364M Wa Swap 1 023 9MB o gt Alert Type Count Health Monitor Summary RESTART o Name Test Time Test Result Se o 4 CRITICAL EE H ERROR 0 P wem o a NOTIFICATION 2 4 AC INFORMATION 20 x Configure B Save Configuration This page is refreshed every 4 minute s Last refreshed Fri 07 October 2005 at 12 37 35 EDT I Copyright 2005 CipherTrust Inc All rights reserved The Dashboard is now updated to include the Health Monitor Sum mary If you want to remove a portlet from the Dashboard go to the Config ure screen highlight the portlet and click the arrow pointing to the Available Portlets panel When you click Finish the portlet will be removed from its display panel and added to the Available Portlets list One of the portlets that appear on the Configure screen is labeled Graphs This selection allows you to move a series of graphs onto the Dashboard and to determine which of three possible sets of graphs you want to display 146 CipherTrust Inc Configuring Web Administration Dashboard Configuration Preferences Exe
128. he Evaluation Period The terms stated in Sections 2 5 and 16 of this Agreement shall not apply during the Evaluation Period 18 General This Agreement is the complete and exclusive statement of the agreement between Customer and CipherTrust concerning the subject matter covered hereby this Agreement supersedes any prior proposal agreement or communication oral or written pertaining to the such subject matter and there are no inducements to enter into this Agreement which are not set forth herein All products and services provided hereunder are provided per the terms and conditions stated in this Agreement which supersede any different terms and conditions contained in Customer s purchase order s or any other Customer document that may be accepted by CipherTrust for Customer s convenience CipherTrust hereby objects to the terms and conditions of such Customer documents to the extent they conflict herewith This Agreement shall be governed by the laws of the State of Georgia and of the United States of America excluding i their respective conflicts of law principles and ii the United Nations Convention on Contracts for the International Sale of Goods Do you agree to the terms and conditions set forth in this Master Sale and License Agreement ci 3 The next screen that opens displays the Support Services Agree ment After you have read the agreement click Accept or Decline If you choose to Decline the installation wizard
129. he following topics e Configuring Health Monitor e Configuring Alerts Configuring the Health Monitor The Health Monitor screen provides access to the latest log detailing Health Monitor s activity It also offers links that allow you to run a Health Monitor cycle on demand Run Now or access the properties screen where you may configure Health Monitor Configure Administration gt Health Monitor gt Configuration Health Monitor Health Monitor Monitor On Demand Run Now Configure Health Monitor options may be configured by clicking the Configure hyperlink on the page The Int Health Monitor Service Properties win dow opens displaying Health Monitor s configuration options CipherTrust Inc 111 TronMail Edge 1 0 Administration gt Health Monitor gt Configuration gt Configure Int Health Monitor Properties Log Level Run Interval secs Failure Count Disk Space Inodes Used Alert Notification Enabled Notification Schedule secs Deny Connections at Disk Inodes Usage Queue Inactivity Timeout secs Restart SMTPO Unprocessed message threshold for Outbound Queue Unprocessed message threshold for all Queues DETAILED K 300 10 75 v 900 1800 2700 3600 90 KC 600 errr rae Health Monitor Properties Field Description Log Level lronMail offers 4 levels of logging primarily to assist
130. he new class click OK The screen will refresh Alert Class The data has been updated successfully Mail SMTPI Service SMTPO Service Monitor Int Health Monitor Check Tool Updates Software Update Add New Alert Class You can repeat the process until you have the set of classes necessary for your system Editing an Alert You may also edit an existing class Begin by clicking class name Class hyperlink The following screen displays 100 CipherTrust Inc Alert Manager Alert Class The screen allows you to add services to an existing class or delete services from it The label at the lower right indicates the Alert Class SMTPI Service SMTPO Service Assign Service s keem Software Upda Alert Class Mail Submit Reset Editing an Alert Class Field Description Service This column shows the current list of subsystems assigned to this class Delete Checking the Delete check box for any subsystem will delete it from the class The subsystem will go back to the default Common class Assign Services The column displays all services select one or more of them to be added to the class Alert Class The name of the Alert Class being edited appears at the bottom of the screen The name is not editable When you have completed the desired changes click Submit The Alert Class screen will refresh showing your new configuration
131. his column displays any notes an administrator may have provided to identify to whom or where the IP address belongs Delete Select an IP address Delete check box and click Submit to delete an address from this table Adding new IP The data fields allow you to add new IP addresses to addresses the permission list Add an IP Enter an IP address Subnets are not allowed Address Side Note for IP Provide any text that may help identify or describe the IP address Add IP Address If a list of IP addresses already exists in a text file from a File they may be imported in one step rather than being entered individually The addresses must reside in a plain ASCII text file Each address must appear on a separate line Browse to the text file and click Submit Export If you wish to store the current Allowed IPs list as a backup text file click the Export hyperlink When the information is correctly entered click Submit to implement the changes CipherTrust Inc 143 TronMail Edge 1 0 Web Admin Settings The Settings screen allows the Administrator to configure specific behaviors for the Web Admin interface Administration gt Web Admin Con figuration gt Set Settings tings yaa E Log Level ERROR v Administration Inactivity Timeout minutes s Auto Refresh in every minutes 4 Web Administration Settings Field Description Log Leve
132. icked The Refresh List button sends a request directly to CipherTrust s update server which will populate your IronMail Software Updates page with its list of available file updates Hotfix Updates Hotfix updates are shown on a separate screen System gt Updates gt Software Updates gt Hotfix Hotfix Updates U D d la te e Load a Package Boss J Upload load Product Version Date Downloaded Date Installed State Pending State Refresh List H Commit Scheduled Changes Copyright 2005 CipherTrust Inc All rights reserved CipherTrust Inc 173 TronMail Edge 1 0 Hotfix Updates Field Description Load a Package If the update package you need resides in a file that may be downloaded rather than on the update server you can enter the complete path to the file or browse to it When you click Submit the package will appear on the update screen Available Hot fixes Product Version Date Down loaded Date Installed State Pending State The table lists available Hotfixes To ensure the list is current click Refresh List at the bottom of the screen This column displays the name of the CipherTrust product e g lronMail or Centralized Management Console This column displays the version number of the soft ware The version of software this document describes is version 6 0 This column displays the date when the s
133. il Email addressed to a specific domain may be mapped to a specific internal mail server An LDAP directory s information may also be used to specify how mail is routed IronMail will look up the LDAP server information and route the message accordingly Plus administrators must explicitly specify which of their internal servers may send mes sages through IronMail to the outside world Unless internal mail servers are identified in the Internal Routing list IronMail will not deliver their mail to external recipients Domain Based Routing Specific domains or sub domains may be mapped to specific internal mail servers All messages to that domain or sub domain will be deliv ered to the specified machine name internal mail server CipherTrust recommends you limit each single IronMail appliance to routing mail to a maximum of 100 internal domains To change the default mail server enter a list of host names or IP addresses separated by commas in the Machine Name column for the Default entries for the SMTP protocol Additional internal mail servers may be added to this list as the number of internal mail servers which IronMail protects increases Protection Man agement gt Mail Firewall gt Mail Domain Based Mapping Table Routing gt Domain Protocol Domain Name Routing Type eS IP Side Note Name Based SMTP DEFAULT STATIC 10 65 1 30 SMTP ctdev net STATIC 10 65 1 30 Domain Based Routing
134. il postage prepaid certified or registered or via a document delivery service and iii deemed given upon receipt All disputes arising out of or relating to this Agreement shall be finally settled by arbitration conducted in Atlanta Georgia United States under the Rules of Commercial Arbitration of the American Arbitration Association The parties shall bear equally the cost of the arbitration exclusive of legal fees and expenses all of which each party shall bear separately All decisions of the arbitrator s shall be final and binding on both parties and enforceable in any court of competent jurisdiction Notwithstanding the foregoing in the event of breach by a party of its obligations hereunder the non breaching party may seek injunctive or other equitable relief in any court of competent jurisdiction without necessity of posting bond Customer acknowledges that infringement of intellectual property of CipherTrust or unauthorized copying would cause irreparable harm to CipherTrust 7 General This Agreement is the complete and exclusive statement of the agreement between Customer and CipherTrust pertaining to the subject matter of this Agreement and this Agreement supersedes any prior proposal agreement or communication oral or written pertaining thereto and there are no inducements to enter into this Agreement which are not set forth herein All Support and other services provided hereunder are provided per the terms and conditions stat
135. ill find information about the following topics Software Updates e Product Updates e Hotfix Updates TRU TrustedSource Updates Configuration Updates e Compliance Rules Updates Mail IDS Updates Configuring Auto Updates License Manager Software Updates Two kinds of software updates are available Product Updates Product updates which are new versions of the IronMail software or service releases containing new features and improvements and Hotfix updates which contain solutions to problems that have been discovered in existing releases The Software Updates table empty until the CipherTrust Update Server has been queried displays information about installed software and file updates available for installation CipherTrust Inc 171 TronMail Edge 1 0 System gt Updates gt Software Updates gt Prod Software Updates eh uct Updates Load a Package _ Browse Upload a Product Name Product Version ServiceRelease Pate Date Installed Current State Pending State _ Refresh List Commit Scheduled Changes View Log Copyright 2005 CipherTrust Inc All rights reserved Product Updates Field Description Load a Package If the update package you need resides in a file that may be downloaded rather than on the update server you can enter the complete path to the file or browse to it When you click Submit the package will appear on the update screen
136. in If this option is not enabled IronMail will only deliver messages to sub domains if the sub domains have been specifically added to the routing table Click the checkbox to cause lronMail to log message details for each message processed If this function is enabled the user can view details of messages in lronMail s queues If it is not enabled details are not available Select an action from the drop down list for the action to be taken on fail open when a message fails to open in ST mode The options are e Drop message deletes the message from processing e Quarantine places the failed message in the Failures Queue e Pass Through sends the message on through Iron Mail s processing CipherTrust Inc Mail Firewall Global Properties Field Description Enable High Per formance This option enables or disables IronMail s High Perfor mance capability Enabling High Performance will improve message processing speed by allowing mes sages to bypass the MIME Ripper Queue and the Content Extraction Queue However this causes the messages to bypass Content Filtering Attachment Fil tering Whitelisting Message Stamping and other lronMail features High Performance is off by default Consider the potential ramifications before enabling High Perfor mance CipherTrust Inc 75 TronMail Edge 1 0 Mail Routing IronMail provides several capabilities for routing ema
137. ings e User Preferences e Dashboard User Accounts The IronMail administrator may create user accounts for additional personnel who are granted permission to perform specific duties in administering the IronMail appliance The administrator can select which program areas users are allowed to access and whether their access is read only or read write There is one super user account for the IronMail administrator This super user account name is admin Only the admin user account has access to this User Accounts window This allows the Administra tor secure control over access to IronMail IronMail generates a daily log showing each user s login and the Iron Mail windows accessed Creating User Accounts Only the Administrator using the Admin super user account can cre ate or edit user accounts You can add or edit accounts using the Cre ate Edit User Account screen CipherTrust Inc 137 TronMail Edge 1 0 Administration gt Web Admin Con figuration gt User Account gt Create Account Create Edit User Account e New User Assign Role Permission User Name techwriter New Password at least 8 characters Confirm Password ee gege Read Only Administration A Anti Spam Anti Yirus Dashboard Secure Delivery IronWebMail Mail Firewall Mail IDS
138. ion should be used whenever manually changing the internal IronMail time and date more than one minute from what the NTP time server is reporting If NTP server informa tion was provided in IronMail s Configuration window IronMail auto matically synchronizes with the server once every minute Within the next minute after the time is manually changed the automatic time server synchronization will reset IronMail s clock again Manually changing the internal clock more than one minute ahead or back will also affect IronMail s queues e g Outbound Queue Con tent Filtering Queue etc and mail services e g SMTPI Service SMTPO Service etc These processes all run on a cycle time on average several times a minute After processing messages and before going to sleep they calculate the time stamp for when they will next wake up to process new messages If the internal clock is moved for ward one whole day for example the queues and services will instruct IronMail that their next wake up time is going to be tomorrow plus nnn seconds where nnn the real cycle time However one minute later the time servers will re sync IronMail s clock back to today with out resetting IronMail s queues and mail services wake up time The queues and services will wait until tomorrow to wake up and begin processing messages again Therefore if the clock is ever manu 187 TronMail Edge 1 0 ally
139. ipients submitted by the sending server The SMTPI Service will not deliver the message to the 51st recipient and beyond If the email is received from a non lronMail server the behavior can differ and lronMail may reject the entire message where the number of addresses exceeds the SMTP limit Enter the text that is to be part of the SMTP Failure 550 response indicating that the Mailbox is unavail able when an inbound recipient address does not match the specified patterns Enter the pattern or patterns that a recipient s email address is allowed to have Either or both of the two patterns and _ are permitted Patterns must be separated by a comma with no space separation between the comma and the pattern This option enables pattern checking Only two pat terns are currently supported The configured pat tern s are used to inspect the unique message identifier UID part of the recipient email address e eg firstname_lastname The UID has at least one underscore _ as in the recipient email address james_smith earthlink com e eg firstname lastname The UID has at least one period as in the recipient email address account manager ciphertrust com By default this option is disabled If this option is enabled a pattern match check is performed using the patterns in the Patterns to Match field If a pattern match occurs lronMail returns an OK 250 reply response Otherwise lronMail returns a
140. iption Ethernet Setting Ethernet Settings was not part of the Initial Configu ration Wizard Use this setting to resolve network diffi culty that may be experienced when IronMail is physically connected to a network router or switch While most hardware is designed to automatically negotiate an Ethernet handshake and agree ona speed and duplex mode auto negotiation is not always successful Administrators must know the spe cific Ethernet settings of the hardware to which Iron Mail is physically connected Select from IronMail s Ethernet Settings pick list a matching configuration The Ethernet setting by default is Autoselect You may set it for the other available settings as required However should IronMail display erratic behavior with large files gt 100kB return the Ethernet Setting to Autoselect To change the configuration of the appliance make changes to any the fields on the screen When the changes have been made click Submit The screen will refresh as shown below Appliance Configuration D Attribute Hostname Domain Name IP Address IP Netmask Default Router DNS 1 DNS 2 DNS 3 NTP 1 NTP 2 NTP 3 Time Zone Ethernet Setting Current Pending im252 im252 ctdev net 10 65 1 252 2 255 255 255 0 10 65 1 1 10 65 1 1 10 65 1 11 10 65 1 13 10 65 1 11 time nist gov bitsy mit edu clock isc org America Denver autoselect Sub
141. ish button below to commit these settings and reboot the CipherTrust Server Attribure Value Host Name im Domain Name Int Clos net Fully Qualified Domain Name im jnf ctqa net IP Address 10 65 1103 IP NetMask 255 255 255 0 Default Router 10 65 11 DNS 1 10 65 1 11 DNS 2 DNS 3 NTP 1 time nist gov NTP 2 bitsy mt eu NTP 3 clock isc org Time Zone AmericaNew_York Mail Host Name exchang2k3 w2k3 ctdev com Mail Host IP Address 10 65 1 18 Default E Mail Domain w2k3 ctdev com Copyright 2003 CipherTrust Inc All rights reserved If you inadvertently enter the IP address incorrectly and fail to print this page showing the appliance s dot decimal number you will be unable to log onto IronMail when you later browse to what you thought was the correct address Log onto IronMail via attached keyboard and command line interface to reset the appli ance to its default factory settings Click Finish after the information has been verified CAUTION Do not press Enter a second time or click the Refresh icon This can cause problems with program integrity IronMail will automatically restart The following message will dis play Microsoft Internet Explorer A The appliance is being restarted This should take 2 minutes Please wait In some cases your browser may return an error If this happens please close the browser and return to IronMail login screen When the restart process has had time to finish wait at least three min ute
142. ist screen The Install Security Certif icate window opens 47 TronMail 6 0 Encryption gt Advanced gt Certif icate Management gt X509 Certs gt CSR List gt Install Install Security Certificate Certificate Information Select CSR Docs_Test v Password eeeeeses Note Paste the information received from your selected Certificate Authority CA Certificate From the picklist populated from the CSR List select the certificate that is to be installed Enter the password that was used to request the CSR from the Certificate Authority CA Then copy and paste into the Certificate input field the Security Certificate text string provided by the CA Click Submit The certificate will be installed and the CSR will disappear from the CSR List Note Installed Security Certificates cannot be uninstalled Storing X509 When a certificate is installed it is added to the X509 List Storing the Certificates available certificates allows them to be archived for backup purposes X 509 Certificates are added from the CSR list when they are installed 48 CipherTrust Inc Managing Certificates Encryption gt Advanced gt Certif icate Management X509 List gt X509 Certs Internal gt Certs Store The X509 List Field Description Certificate The name of each installed certificate will appear in this column Internal For each certificate on the list an Export
143. it has received the mes sage In this section In this section you will find the following chapters e Chapter 1 Setting Up IronMail e Chapter 2 Best Practices Configuration 2 CipherTrust Inc Process Overview The flow chart above illustrates the IronMail Edge process The steps in the process are as follows IronMail Edge Processing Step Action Description 1 Edge receives a A connection is attempted for incoming new connection mail via SMTPI CipherTrust Inc Iron Mod 6 0 IronMail Edge Processing Step Action Description Edge checks the Greylist If the sender is not on the Greylist Edge proceeds to the next step If the sender is on the Greylist Edge accepts the connection Edge checks the sender using TrustedSource If the sender s TrustedSource score is above the rejection threshold Edge rejects the connection If the score is above the Greylist threshold Edge Greylists the sender requiring the sender to try again for connection If the score is below the thresholds Edge accepts the connection Create the host list When a connection is accepted Edge cre ates a load balanced host list from the Domain Routing table Create thread and connect Determine host Edge creates a process thread for the message and attempts to connect to a host If the selected host is available Edge passes the message to that hos
144. k If the user account has been designated a Help Desk account via IronMail Secure Web Delivery that fact will be indicated in this column These accounts must go through a Help Desk function to change or restore their passwords etc Edit For all accounts other than the Admin account an Edit icon appears in this column Clicking the icon opens the Create Edit User Account screen see previous discussion for that account allowing the Administra tor to make changes 140 CipherTrust Inc CipherTrust Inc Configuring Web Administration Web Admin User Accounts Field Description Locked If the account is locked for reasons such as exceeding the maximum number of unsuccessful login attempts this box will be checked The Administrator can unlock the account by clicking the box again de selecting it or lock the account by checking it if circumstances warrant Delete Clicking the check box and then clicking Submit will cause the account to be deleted from the user list If you have made any changes to accounts on this list click Submit The changes will be implemented 141 TronMail Edge 1 0 Allowed IPs If the Allowed IPs option is enabled IronMail will only accept browser connections for Web Administration from workstations or laptops with the IP addresses specified in the table on this page If this option is not enabled IronMail administrators ma
145. l display one of two values e New This is a new alert for which delivery has not been attempted e Delivered IronMail successfully delivered the alert e Not Delivered IronMail has not yet delivered the alert The Status column heading is also a hyperlink allow ing the administrator to sort the contents of the Alert Viewer table by Status in ascending and descending order Navigation At the lower right of the screen you will find data fields and navigation arrows that will help you move through multiple pages of alerts When the alert ID hyperlink in the Alert Viewer table is clicked the message line on the screen expands displaying information about the alert An example is included below 108 CipherTrust Inc Alert Manager Alert Viewer Received Date Sent Date Status Monitor INFORMATION 10 06 2005 10 26 17 10 06 2005 10 26 21 Updates NOTIFICATION 10 06 2005 10 21 38 10 06 2005 10 21 40 Monitor INFORMATION 10 06 2005 10 21 13 10 06 2005 10 21 15 Monitor INFORMATION 10 06 2005 10 16 09 10 06 2005 10 16 09 Monitor INFORMATION 10 06 2005 10 11 05 10 06 2005 10 11 08 Monitor INFORMATION 10 06 2005 10 06 01 10 06 2005 10 06 02 Monitor INFORMATION 10 06 2005 10 00 57 10 06 2005 10 01 01 Monitor INFORMATION 10 06 2005 09 55 52 10 06 2005 09 55 54 Updates NOTIFICATION 10 06 2005 09 51 18 10 06 2005 09 51 23 Generated By UPDATE Applicable To SELF Cause FAILED Details UPDATE TRUSTEDSOURCE Download fai
146. l Select the log level from the drop down list This set ting determine the amount of detail entered into the logs regarding WebAdmin activity Administration Enter a time in minutes at the expiration of which Web Inactivity Time Admin will time out the user s login session due to out minutes inactivity forcing a new login Auto Refresh in Enter an interval in minutes to determine the refresh every minutes rate for Web Admin screens When the information is correctly entered click Submit to implement the configuration 144 CipherTrust Inc Configuring Web Administration User Preferences The Web Administration functions include configuration of the appearance of the Dashboard based on user preferences Dashboard Preferences You can configure what reports tables or graph appear on the Dash board and their location using the screen below The screen is also accessed from the Dashboard itself by clicking the Configure icon at the lower right corner of the Dashboard screen Administration gt Web Admin Con figuration gt User Preference gt D Dashboard Dashboard User Preferences Executive Summary IronWwebMail Service Status Queue Status Health Monitor Status Update Status Connection Blocking Status Spam Policy Status System Utilization Status Mail IDS Status raphs Alert Viewer Secure Delivery Executive Summary Inbound Trend The center column of the
147. l duplex 1000baseTX 1000baseTX full duplex Media Type 0 7 0 Warning The setting will affect the way IronMail works with cli ents Are you sure Y N n GY GP Re ee SO Change has been discarded The RUN Com The run command allows the Administrator to execute specific com mand mands at will The two commands permitted are run clean to clean expired or deleted messages in a quarantine queue to clean expired mes sages in other queues and run reports for a specified date These com mands may be configured within the GUI to execute on a daily basis without intervention but the run command allows on command exe cution Because it executes a complex SQL query of the IM database the run command whether for cleaning or reporting functions will have a sig nificant impact on overall performance Therefore this command should always be scheduled to run at a non peak utilization period The simulated screen below shows the parameters and syntax for the run clean command string The run clean quarantine command will clear or delete messages in the quarantine queue that have reached the time limit specified when the queues are configured The run clean message command will clear or clean messages in other queues that have met the configured time limit Command Summary run clean quarantine message reports lt MM DD YYYY gt ironmail run clean quarantine Forcing immediate clean up will highly impact the performance of
148. l will automatically create a class named Common and place the unused subsystem there Alerts that might be generated by a sub system in the Common class are not delivered to an administrator unless an alert mechanism for the Common class is created Adding a new class begins when the Administrator clicks the Add New Alert Class button and the bottom of the Alert Class Screen The following screen opens Alert Class Enter a name For the new Alert Class you wish to add the select one or more services From the list to add to that class Click Add to record your selections and add the new class Dm RN SMTPI Service New Alert Class Updates CipherTrust Inc 99 TronMail Edge 1 0 To add the new class enter the name for the class in the New Alert Class data field then select from the scrolling list one or more services to be included in the class Click Add when the selection is finished The following warning screen will appear Alert Class Enter a name for the new Alert Class you wish to add the select one or more services from the list to add to that class Click Add to record your selections and add the new class Assign Servi o ees Microsoft Internet Explorer H Software Upde dA A A The class for this pracess es will change Do you want to continue Cancel New Alert Class Updates add Reset J cancel If you want to assign the relevant service or services to t
149. led 793 Monitor INFORMATION 10 06 2005 09 50 48 10 06 2005 09 50 48 792 Monitor INFORMATION 10 06 2005 09 45 44 10 06 2005 09 45 47 791 Monitor INFORMATION 10 06 2005 09 40 40 10 06 2005 09 40 41 790 Updates NOTIFICATION 10 06 2005 09 39 58 10 06 2005 09 40 01 789 Updates NOTIFICATION 10 06 2005 09 39 03 10 06 2005 09 39 05 788 Updates NOTIFICATION 10 06 2005 09 37 53 10 06 2005 09 37 55 787 Monitor INFORMATION 10 06 2005 09 35 36 10 06 2005 09 35 40 4 Page Jof 1 Gol gt Copyright 2005 Cipher Trust Inc All rights reserved CipherTrust Inc 109 TronMail Edge 1 0 110 CipherTrust Inc The Health Monitor The Health Monitor Health Monitor is an IronMail subsystem that examines the appli ance s overall performance running a series of tests to ensure that all services and processes are performing as designed Health Monitor wakes up at a user defined interval and runs automatically in the background to test its many subsystems IronMail will also monitor the status of any internal servers that are in line with IronMail Health Monitor will send the mail server a connection request to ensure that it is responsive Note If an intermediary device is between IronMail and the mail server Health Monitor will incorrectly infer from the intermediary device s response that the internal server is functioning normally In this chapter In this chapter you will find information about t
150. lient workstation any Windows PC as Iron Mail s front end There are two ways you can connect to the appliance e Use a network cross over cable to physically connect a PC worksta tion to IronMail The cable plugs into the network port on each device e Install IronMail in your existing network but set a PC workstation s netmask to match lronMail s default IP address and netmask For either type of connection the client workstation must temporarily change its IP address and netmask to match IronMail s default values CipherTrust Inc Setting Up Iron Mod IP Address 192 168 0 254 Netmask 255 255 255 0 That is change your workstation IP address to 192 168 0 xxx and the netmask to 255 255 255 0 where xxx is any number between 0 253 1 Launch Internet Explorer on the client workstation and navigate to lronMail s built in default IP address https 192 168 0 254 You must add the letter s after http The opening screen for the Installation Wizard displays Click Next to begin the installation process Cipherlrust ENTERPRISE EMAIL SECURITY IronMail CipherTrust Installation Wizard This wizard will take you step by step through the network configuration of e you have ents y s the IronMail Once yo H system will reboot and the Web Admi Next 2 The first screen to appear is the Master Sale and License Agree ment After you have read the agreemen
151. lved in DNS IP Netmask Enter the subnet mask required by the IP address Default Router Enter the IP address of the default router DNS 1 Enter the IP address of the primary DNS server At least one DNS server must be provided DNS 2 Enter the IP address of a secondary DNS server A second DNS server is optional DNS 3 Enter the IP address of a tertiary DNS server A ter tiary DNS server is optional NTP 1 Enter the fully qualified domain name of a Network Time Protocol time server lronMail will synchronize its internal system clock with this server IronMail will query the NTP server once every minute It the NTP server is unavailable lronMail will query a secondary and tertiary NTP server if their names are provided immediately below NTP 2 Enter the fully qualified name of a secondary NTP server lronMail uses this only as a backup if the first NTP server cannot be reached IronMail does not average the time between multiple time servers NTP 3 Enter the fully qualified name of a tertiary NTP server lronMail uses this only as a backup if the first and sec ond NTP servers cannot be reached IronMail does not average the time among multiple time servers Time Zone Select from the Time Zone pick list a city that belongs to the same time zone where IronMail is located 158 CipherTrust Inc CipherTrust Inc System Configuration Appliance Configuration Field Descr
152. m Integrity e File System Integrity Application Level Protection IronMail offers tools designed to protect against attacks directed at email applications Denial of Service Protection IronMail automatically monitors and logs repeated connections to a specific port from the same IP address If an administrator defined number of connections to a single port are attempted within a speci fied period of time IronMail assumes that it is a Denial of Service DoS attack and will drop all incoming connections to that port from that address for a user specified amount of time The Denial of Service CipherTrust Inc 81 TronMail Edge 1 0 threshold a specified number of connections within a defined length of time is set in Protection Manager gt Mail IDS gt Application Level gt Con figure with the Denial of Service Count and Denial of Service Win dow parameters Protection Man ager gt Mail IDS gt Application Level Denial of Service Protection gt DoS Protection eren Source IP Date Connections The Denial of Service Protection table lists a summary of all DoS attacks recorded since IronMail s cleanup process deleted the DoS data each time this page is refreshed the data is updated with the most recent attacks The information here may also be viewed in the daily Mail IDS Report created at approximately midnight each day Note however that whereas IronMail s Denial of Service window may sho
153. m number of unprocessed messages that should be in the queue If the threshold is met or exceeded Health Monitor will generate an Alert Enter a number of messages to serve as the threshold for all queues This integer represents the maximum number of unprocessed messages that should be in any one of the other queues at any time If the thresh old is met or exceeded Health Monitor generates an Alert When the information has been entered correctly click Submit to save the configuration Clicking the View Log button opens the log file for Health Monitor Detailed results of its tests appear in the log Health Monitor s Tests CipherTrust Inc Health Monitor Tests Test Test Name httpd Web Administration Test sys crypto System Status Test Crypto sys disk System Status Test Disk sys inode System Status Test Inode sshd_maint SSHD Command Line Interface CLI Test tomcat Web Administration JSP Test sys cmcsq System Status Test CMC IronMail SQL Connection Test sys cmcadmin System Status Test CMC IronMail Admin Connection Test reports Reports Test admin Admin Server Test 115 TronMail Edge 1 0 Health Monitor Tests Test Test Name smtpo count SMTP Outbound Queue Count Test smtpo SMTP Outbound Queue Test smtpproxy SMTP Inbound Proxy Test urq tomcat URQ Web Admin JSP Test 116 CipherTrust Inc The Health Monitor Con
154. minute s Last refreshed Thu 06 October 2005 at 11 02 25 EDT Auto Start Running SSH Configuration Field Description Service This column identifies the CLI Access Service Two services are configurable e CLI Access allows the Administrator to use the com mand line to control the IronMail appliance e CipherTrust Support Access gives the Support Engi neers remote access to the customer s IronMail to enable Support to assist help solve problems etc The service names are hyperlinks allowing the Admin istrator to configure available details about each ser vice Auto Start A red X or green check icon indicates whether or not the service is set to start automatically when the Iron Mail appliance is rebooted If the icon is green the service will begin running when IronMail restarts In addition if the icon is green lronMail s Health Monitor will restart a Service that has stopped for any reason when it performs its tests on all appliance subsystems If an icon is red the service will not start on reboot or when Health Monitor runs its system tests Note that a service can continue to run after its auto start setting is turned off A service cannot start running however until its auto start setting is turned on The red and green icons are hyperlinks Clicking the icon hyperlink toggles the auto start option on and off 164 CipherTrust Inc System Configuration
155. mit Reset _ Clear Pending Now all the configuration parameters as they will appear if you con tinue with the changes are visible in the Pending column This gives you a chance to do a final review before the changes are actually implemented If you want to implement the changes click Submit again If not click Clear Pending The former configuration remains unchanged 159 TronMail Edge 1 0 Out of Band Management Only configurable and visible in IronMail appliances containing two network interface cards this window allows administrators to use sep arate NICs and IP addresses for IronMail administration and mail pro cessing Email will flow through the first NIC while Web Administration and Command Line management of the appliance occur on the second NIC This allows management of the IronMail through a connection out of band that is not accessible to anyone using the normal email flow channels in band After the Initial Configuration Wizard reboots the IronMail appliance after the initial network settings are entered at the time of installation the presence of a second NIC will be auto detected and the administra tor will be prompted to enter the network parameters of the additional card To ensure maximum security the second NIC should not be placed on the same network segment as the internal mail server Use the input fields on this page to make subsequent changes to the second NICs network values System
156. mn The new status does not take effect until Commit Scheduled Changes is clicked Clicking the View Log File button opens a new browser window showing the status of the update process 175 TronMail Edge 1 0 Threat Response Updates IronMail s Threat Response Updates make changes to specific configu ration parameters within your system These updates result from extensive research using the experiences and shared information from real customers The intent is to keep your IronMail operating at peak effectiveness in light of current threats For IronMail Edge TRU updates for TrustedSource are offered TrustedSource Updates Navigate to the TrustedSource Updates screen to begin System gt Updates gt Threat Response Updates TrustedSource Updates et Load a Package L Browse Upload Product Version Date Downloaded Date Installed State Pending State 2005100 20051005 19 00 AVAILABLE DOWNLOAD 2005100 20051005 07 00 AVAILABLE Refresh List Commit Scheduled Changes EEN Copyright 2005 CipherTrust Inc All rights reserved TrustedSource Updates Field Description Load a Package If the update package you need resides in a file that may be downloaded rather than on the update server you can enter the complete path to the file or browse to it When you click Submit the package will appear on the update screen Available The table lists available upda
157. n IronMail s database can begin to adversely affect overall IronMail performance If more than 100 000 IDS events are recorded and stored to disk before Iron CipherTrust Inc Mail Intrusion Detection Service Mail s Cleanup Schedule deletes old Mail IDS data files lower the age at which IronMail should delete data That is if IronMail s Cleanup Schedule is configured to wake up every 24 hours and delete files that are 48 hours old consider re configuring it to wake up every 12 hours and delete data that is 24 hours old Signature Manager Protection Man ager gt Mail IDS gt Network Level gt Signature Manager The Network IDS Service compares packet information against over 1300 known attack signatures The Signature Manager table displays a list of broad categories of attack threats Signature Manager attack responses backdoor bad traffic ddos RR UR dns Signature Manager Field Description This column indicates the ID number used internally by IronMail of the category of attack signatures CipherTrust Inc 89 TronMail Edge 1 0 Signature Manager Field Description Name This column displays the category name of a set of attack signatures The category name is indicative of the type of attacks they identify For example ddos is a category containing signatures that identify a variety of distributed denial of service attacks and
158. n the functions these users may use and their ability to make changes to the configuration of the jance New User Assign Role Permission New Password Administration CT a at least 8 Dashboard characters S 0 m Confirm RS 4 Mail Firewall Password o m Mail IDS o o System o o Copyright 2005 Cipher Trust Inc All rights reserved SmartStart Add Accounts 28 CipherTrust Inc Best Practices Configuration The roles govern the functions these users may use and their ability to make changes to the configuration of the IronMail appliance After you have set up the accounts using the screen at the bottom of the SmartStart page use the commands on that screen to record your configuration Then you may proceed to the next screen by clicking that screen s link in the left menu Screen 8 This screen allows you to change the password assigned to the Admin Change the istrator account Admin Pass word Change Password This screen allows you to change the password assigned to the Administrator account To protect the Admin account it is critical that the password be changed from the default to a new password This step is strongly recommended Password Information Old Password New Password Confirm Password Copyright 2005 CipherTrust Inc All rights reserved SmartStart Change Admin Password IMPORTANT To protect the Admin account it is essential that the password be changed from the
159. nMail Edge 1 0 74 Global Properties Field Description Archive Mes If enabled IronMail will save all incoming and outgoing sages messages to disk At approximately midnight each Enable Statisti cal Information to be Shared Enable Spam and Other Mes sage Information to be Shared Enable Sub Domain Routing Per Message Logging Fail Open Action day when IronMail generates its Reports and Log Files it will create a zipped tar archive of the mes sages and if configured transport them to an archive server Note that messages deleted due to an IronMail pro cess such as enforcement of a Mail Monitoring or Content Filtering policy are not archived lronMail will securely transfer statistical information about spam and other trends to be used by Cipher Trust Research for research purposes only and to contribute toward increased effectiveness lronMail will securely transfer spam and other mes sage information to be used by CipherTrust Research for research purposes only and to contribute toward increased effectiveness If enabled IronMail will try to resolve sub domains to a top level domain identified in the Domain based rout ing table Mail Firewall gt Mail Routing gt Domain based That is if messages are addressed to subdo main domain com and domain com is in the routing table IronMail will deliver it to the internal mail server mapped to that doma
160. ncoming connec tions allowed when Load Throttling is enabled Message Limit Enter a number 500 50 000 representing lronMail s maximum message load A zero is not allowed in this field When this number of not yet processed and in process but not yet delivered messages is present in IronMail s Message Store the SMTP Ger vice will drop to its lowest connection acceptance rate of three simultaneous connections Load throttling gracefully slows the number of accepted simultaneous connections from the number established as the Connection Limit down to a default low of three simultaneous connections depending on how closely the number of messages in the Message Store approaches the Message Limit specified here CipherTrust Inc 63 TronMail Edge 1 0 SMTPI Service Properties Field Description Maximum Recipi ent per Message Pattern Rejec tion Message Patterns to Match Enable Recipient Pattern Match Enable UUCP Addressing 64 Enter a number 25 500 representing the maximum number of recipients to which an email may be addressed The SMTPI Service totals the sum of all recipients regardless of whether they are contained in the TO COPY or BLIND COPY fields For IronMail to lronMail communications if an email is addressed to 200 addresses and the SMTPI recipient limit is set to 50 IronMail will accept the message and deliver it to the first 50 rec
161. nections Proto Recv Q Send Q Local Address Foreign Address state tcp4 0 O localhost 22502 localhost 1212 ESTABLISHED tcp4 0 O localhost 1212 localhost 22502 ESTABLISHED tcp4 0 O localhost 3306 localhost 3218 ESTABLISHED tcp4 0 O localhost 3218 localhost 3306 ESTABLISHED tcp4 0 O localhost 3659 localhost 30340 TIME_WAIT CipherTrust Inc 201 TronMail Edge 1 0 tcp4 0 O im 1174 upd ctqa net 20022 TIME_WAIT tcp4 0 O localhost 22502 localhost 4192 TIME_WAIT tcp4 U O localhost 2769 localhost 3306 TIME_WAIT tcp4 OU O localhost 22502 localhost 2688 TIME_WAIT tcp4 O 0 localhost 2973 localhost 3306 TIME_WAIT tcp4 74 O im 4447 im 10443 CLOSE_WAIT tcp4 0 O localhost 8009 localhost 3337 ESTABLISHED tcp4 0 O localhost 3337 localhost 8009 ESTABLISHED tcp4 0 O localhost 8009 ae LISTEN tcp4 O O im https ZC LISTEN tcp4 O O im 10443 xx LISTEN ironmail ironmail show network interface lt PRIMARY gt interface Attribute Current Pending IP Address 10 50 1 234 None Netmasks 255 255 255 0 None Media Type None None Status active None lt OOB gt interface DISABLED Attribute Current Pending IP Address None None Netmasks None None Media Type None None Status no carrier None ironmail ironmail show network route No static route record ironmail 202 CipherTrust Inc Using the Command Line The show queue command displays configuration information about processing order ir
162. ng configu ration of alerts notifications and displays a table of all configured alerts Alert Mechanism Field Description Alert Class The Alert Class pick list contains the names of all classes of subsystems that have been created lron Mail creates a default Common class to contain unused subsystems Select a class from the list and then select related val ues in the Alert Type and Notification Type pick lists 102 CipherTrust Inc Alert Manager Alert Mechanism Field Description Alert Type The pick list contains the seven Alert Levels that Iron Mail can generate Select an alert level from the list Options are e Information e Notification e Warning e Error e Critical e Shutdown e Restart For each class select a level or type of alert as well as an Alert Mode Alert Mode The pick list offers three choices for alert delivery e Email one or more email addresses will be required s Pager requires the host name of the server that pro cesses pager messaging plus one or more pager addresses Multiple pager addresses must be sepa rated from each other with commas Do not enter spaces between commas and subsequent addresses e SNMP requires the host name of the SNMP server the port number through which communication with it occurs and the version number of the SNMP applica tion Add Click this button to set up a new Alert Me
163. nly accessed Additional Func functions of IronMail The following chapters are included dons Chapter 15 Using the Command Line How to Use This manual should have been delivered to you in two formats PDF This Book and Compiled HTML You can navigate through the manual by click ing a line in the Table of Contents each line is a hyperlink to the page it references The same is true of the items in the Index Conventions Names of command buttons or other items you may access from the screen will appear in boldface type Examples Submit Next Reset Navigation that will take you to the screens you see in this manual is shown in the left margin The navigation text appears in a Boldface Blue Italic font Example Queue Manager gt Outbound Queues gt Current Messages Contacting If you have questions or need assistance you may contact CipherTrust CipherTrust using the following information Phone 1 877 448 8625 Website www ciphertrust com nnn nnn nnn ee Ff x CipherTrust Inc I Getting Started What is lronMail Edge CipherTrust Inc The IronMail Edge e mail security appliance was designed specifically to address the issue of rising e mail volume IronMail Edge is posi tioned at the perimeter of the mail system controlling traffic at the net work border rather than at the mail server or desktop CipherTrust has designed IronMail Edge with a hardened operating system a proprietary MTA and a Mail IDS
164. nn aveant the right to iic am in accardance with thic Aqraamant COStofner romte possession and use of the Appliance during the En Sarge treated ae connidential per the terms of Section 14 herein Upon Customer s payment for the Appliance and the license fee for the Software the temporary License granted per this Section shall automatically become perpetual subject to Section 2 herein In the event Customer decides not to purchase the Appliance and a license for the Software the temporary License granted per this Section will be automatically revoked at the end of the Evaluation Period and Customer at its expense shall promptly return the Appliance to CipherTrust properly packaged for commercial shipment to ensure no physical damage during transit Customer will be invoiced by CipherTrust for an amount equal to the replacement cost of the Appliance should the returned Appliance be delivered to CipherTrust damaged due to insufficient and improper packaging by Customer Upon Customer s failure to timely return the Appliance per the foregoing sentence CipherTrust shall issue an invoice to Customer for the purchase at list price of the Appliance and a Software license under the terms of this Agreement The terms of this Section shall apply only i to Customer s use and possession of the Appliance for Evaluation purposes and ii in the absence of a written evaluation agreement signed by both parties which if executed shall prevail and control during t
165. nnot dis able the encryption Scanability Messages are Messages may be scanned for viruses spam and email policy enforcement Establishes a secure tunnel between the sending and receiving email servers Routing and encryption infor mation is hidden IronMail s strategy provides the benefits of server to server encryption without permitting its drawbacks In this section you will find the following chapter e Chapter 4 Managing Certificates 42 CipherTrust Inc Managing Certificates Managing Certificates Certificates IronMail provides an interface for requesting and installing a Security Certificate from a Certificate Authority When a certificate is installed on the IronMail appliance it is not necessary to install additional cer tificates on internal servers unless the Administrator wants to protect the connection between IronMail and the internal servers and provide security for internal users sending or retrieving messages directly to or from the server IronMail requires the installation of a Security Certifi cate so that administrative sessions with it via the Web Administration browser interface can be conducted securely X509 Certificates IronMail requires the use of Security Certificates to provide secure ser vices much like banks or e commerce web sites use them to provide secure connections for their web customers The Certificate Signing Request CSR is actually the request made by
166. of days of the week Select the day during which the cleanup cycle is to run You may select only one day at a time However after you submit the detailed schedule for one day you can do it again for another day and the system will accu mulate the daily schedules It is therefore possible to create individual detailed schedules for all seven days per week e The right side of the screen contains check boxes for each of the 24 hours in a day Clicking a check box enables the CQS to run Auto Cleanup at that time on the designated day You may select from 0 to 24 notifi cation times per day To configure the schedule first choose a file type Click select to popu late the screen with the current configuration if one exists If the file type has not been configured for cleanup the screen is ready to accept the configuration Select an interval and decide which cycle type you will use 150 CipherTrust Inc General Administration Functions Cleanup Schedule Spam Notification IronMail will delete the data from spam notification table W Select J e If you choose a Frequency Schedule click the appropriate radio button and select a frequency in hours Cleanup Schedule Spam Notification IronMail will delete the data from spam notification table Select e If you prefer a Detailed Schedule click that radio button The select a day from the menu on the left side of the screen On the right side
167. oftware file was downloaded to IronMail s disk This column displays the date when the software file was installed on the appliance This column displays the software file current state The state can be one of four values e Available The file is available and ready to be down loaded from CipherTrust s Update Server e Downloaded The file has been downloaded to disk but has not yet been installed It may be deleted or installed Installed The file has been installed If a file s status has changed see immediately below the new status is displayed in this Pending column The new status does not take effect until Commit Scheduled Changes is clicked As is true with software updates the Refresh List button queries the CipherTrust Updates Server to ensure the latest available packages appear on the list Applying the Updates The process for downloading and installing updates is identical for both types Any value in each row of the table of software files is a hyperlink that opens a details screen The details of the particular file are shown and if the update is either Available or Downloaded a Change State pick list allows the administrator to download or install the file After clicking Change State IronMail refreshes the previous 174 CipherTrust Inc CipherTrust Inc System Updates Software Update Management table and the file s new status is dis played in the Pending Colu
168. ollowing topics UPS Statistics System gt UPS Sta tistics CipherTrust Inc UPS Statistics Powering Down and Restarting Setting Date and Time Storing CMC Keys Resetting Keys If IronMail is connected to a supported Uninterruptable Power Supply UPS it will display useful information about the status of the UPS If IronMail is not connected to a supported UPS this page will say that a UPS is not present UPS Statistics UPS is currently not connected to this server 185 TronMail Edge 1 0 Powering Down and Restarting System gt Power Down Restart On occasion it may be necessary to shut down the IronMail appliance or some portion of its processes The Power Down Restart screen allows you to do this gracefully with minimal risk of damage to files Power Down Restart ENN Restart Mail Routing Services Restart Mail Routing Services and Web Server Web Server Restart Mail Routing Services Database Web Des Restart OS and init scripts All Services Power Down System Halt System Restart System As is indicated on the screen you have the option of gracefully shut ting down only as much as necessary The options on the screen define those features and functions that will be impacted by the restart pro cess After IronMail is running never press the reset switch on the front of the appliance until IronMail has been gracefully shut down from within either the graphical Web Administration o
169. on and management of encryption methods to provide secure mail flow The following chap ters are in this section e Chapter 4 Managing Encryption Protection Manager includes discussions of network security and intrusion detection and prevention The following chapters are included e Chapter 5 Mail Firewall e Chapter 6 Mail Intrusion Detection Service Tracking the operation of the IronMail system and accessing necessary levels of detail regarding its performance are essential The Reporting section discusses means for monitoring whatever detail is required The following chapters are included e Chapter 7 Alerts Manager e Chapter 8 Health Monitor e Chapter 9 Advanced Reporting The Administration section discusses the methods for configuring access to the IronMail appliance as well as the routine self monitoring by the system and the alerts that may result The section contains the following chapters CipherTrust Inc ix TronMail Edge 1 0 e Chapter 10 Configuring Web Administration e Chapter 11 General Administrative Functions Section VII Sys The System section is concerned with the functions necessary to set up tem and maintain the IronMail system keeping it up to date and effective The following chapters appear in this section e Chapter 12 System Configuration e Chapter 13 System Updates e Chapter 14 General System Functions Section VIII This section provides information regarding less commo
170. onmail show queue Queue Position and Name Internal Queues MIME Ripper Internal Queue Content Extraction Super Queue Queue Anti Spam Queue Virus Scan Queue Mail Monitoring Queue Content Filtering ON DO A WY r Internal Queue MIME Joining 9 SMTPO Service ironmail The show services command displays the current status of IronMail s services ironmail show services Mail Processes Service Auto Start Running Uptime D H M S lronWebMail Y Y 0000 00 02 17 SMTPI Service Y Y 0000 22 51 44 SMTPIS Service Y Y 0000 22 51 44 SMTPO Service Y Y 0000 22 51 44 POP3 Service Y Y 0000 22 51 44 POP3S Service Y Y 0000 22 51 44 IMAP4 Service Y Y 0000 22 51 44 IMAPA4S Service Y Y 0000 22 51 43 Queue Processes Service Auto Start Running Uptime D H M S Super Queue Y Y 0000 00 00 31 Misc Processes Service Auto Start Running Uptime D H M S CipherTrust Inc 203 TronMail Edge 1 0 CLI Access Y Y 0000 22 51 44 CipherTrust Support Ac Y Y 0000 04 56 10 Alert Manager Y Y 0000 22 51 42 Network IDS Y Y 0000 22 51 43 Anomaly Detection Engi Y Y 0000 22 51 40 Internal Processes Service Auto Start Running Uptime D H M S Int Webadmin Y Y 0000 00 02 17 Int Tomcat Y Y 0000 22 51 37 Int Health Monitor Y Y 0000 22 51 39 Int Reports Y Y 0000 12 27 05 Int Scheduler Y Y 0000 22 51 42 Internal Queues MIME Y Y 0000 22 51 42 Internal Queue MIME Y Y 0000 22 51 42 Internal Queue Cont
171. onnectivity tivity This step will test the connectivity between your IronMail appliance and the CipherTrust update infrastructure Connectivity is required in order to use the SmartStart feature to configure your IronMail appliance You will use the update infrastructure in the following steps to update the version of the software installed on your appliance to download the latest best practices Pre configuration or Threat Response update packages and to install the most current Anti Virus engine updates and virus signatures Network Connectivity has successfully Len established Check Connectivity Copyright 2004 2005 CipherTrust Inc All rights reserved SmartStart Network Connectivity Check This step tests the connectivity between your IronMail appliance and the CipherTrust update infrastructure Connectivity is required in order to use the SmartStart feature for configuring your IronMail You will use the update infrastructure in some of the following steps to update the version of software installed on your appliance to down load the latest best practices Pre Configuration or Threat Response Update packages and to install the most current Anti Virus engine updates and virus signatures 24 CipherTrust Inc Screen 2 Soft ware Updates Screen 3 Trust edSource Updates Best Practices Configuration When you have tested your network connectivity go to the next screen by clicking that screen s link
172. ons which lronMail may interpret as a Denial of Service attack Consult with the network administrator before setting this value Denial of Service Enter a number from 1 to 65 535 representing the Window secs length of time in seconds in which connections from a single IP address will be accepted after which a Denial of Service attack is assumed The default value of 100 is generally acceptable If IronMail receives the number of connections specified in the Count field above within this window further connections from the source IP address will be dropped IronMail also uses this value as the length of time lronMail rejects further connections Once the time has lapsed Iron Mail again begins accepting connections from the source IP address Denial of Service Enter a number from 1 to 65 535 representing the Count maximum number of allowed connections to a single port before which a Denial of Service attack is assumed The default value of 100 is generally an acceptable value When a single IP address gener ates the specified number of connections within the time frame indicated below a Denial of Service attack is assumed and further connections from that source will be dropped 84 CipherTrust Inc Mail Intrusion Detection Service Network Level Protection IronMail provides a Network IDS engine that examines in real time all network traffic flowing through email ports p
173. or descriptive notes that should appear in the mapping table When you click Submit the edited domain information will appear in the Domain Based Routing screen CipherTrust Inc 79 TronMail Edge 1 0 80 CipherTrust Inc Mail Intrusion Detection Service Mail Intrusion Detection Service The Mail IDS Intrusion Detection System program area provides a variety of tools designed to detect network attacks against the email gateway as well as a tool to test for weaknesses or vulnerabilities in specific internal mail servers IronMail will automatically generate alerts for certain types of network attacks notifying administrators immediately by email pager or SNMP that an event has occurred For all attack events IronMail will log their occurrence so they may be viewed in IronMail s log files and daily reports and in IronMail s Dashboard Administrators therefore should configure IronMail s Alert Manager to send to them alerts that the Mail IDS services gener ate And administrators should routinely monitor IronMail s Dash board and Mail IDS Report throughout each day In this chapter In this chapter you will find information about the following topics e Application Level Protection e Denial of Service Protection e Configuring Application Level Protection e Network Level Protection e The Analysis Console e Configuring Network Level Protection e Signature Manager e System Level Protection e Progra
174. or recon naissance activity prior to an attack A single instance of a NULL FIN SYNFIN or XMAS type stealth scan will be logged as an Analysis Console event Enter a number of seconds from 1 to 65 535 in the Port Scan Window field indicating the window in which connections may occur When a single IP address generates the specified number of connec tions within the time frame indicated here the connec tion will be logged as an Analysis Console event Enter the IP address for any host IronMail should ignore These hosts are allowed to scan IronMail as much and as often as they like Use commas to sepa rate multiple IP addresses from each other Enter the SNMP version number Note that IronMail only supports SNMP version 2c When entering the SNMP version number in this input field however only enter the numeral 2 By default when SNMP is installed two default com munities are created Private and Public The SNMP administrators should have created one or more idiosyncratic community names for the services SNMP is monitoring Enter that community name in this input field Enter a unique ID number for the sensor When the information is correctly entered click Submit to save the configuration If the Analysis Console is enabled administrators should monitor the number of generated events on a regular basis one or more times a day if necessary High numbers of events stored i
175. ords in its Detailed Logs all the actions it takes as it pro cesses messages The amount of detail recorded in these logs is con trolled by the Logging Level configured for each of IronMail s Queue Services and Mail Services For example navigate to Mail Firewall gt Configure Mail Services gt SMTPI Service gt Log Level in the second ary properties window for the SMTPI Service Ordinarily a log level of Information is adequate for day to day monitoring and will provide enough information to indicate that a Ser vice is running properly and at that level will not bloat in size to an unmanageable level It is recommended however that the logging level for Mail services e g SMTPI SMTPIS POP3 POP3S etc be set to Detailed for the first several weeks after IronMail is placed in the mail flow of the network This will ensure that adequate information is available if troubleshooting mail flow problems is required Once IronMail is processing messages without incident the logging level should be changed Similarly the logging level for the Queue services e g Content Filter ing Queue Anti Spam Queue etc should be raised to Detailed dur ing the period that policy testing is underway That level will be required to see the specific reasons a message was detected and acted upon by one of IronMail s spam or email policies Once the policy test ing is complete these log levels may be changed
176. ormation The lower portion of the screen shows available logs of the type selected in date order Download Click the hyperlink for any log file to download that file Transfer FTP If the file is to be archived click the check box SCP File Name This column lists the available versions of the specific log file in ascending date order CipherTrust Inc 133 TronMail Edge 1 0 134 CipherTrust Inc Introduction In this section CipherTrust Inc X Administration The Administration program area provides the Administrator the means to manage user accounts on IronMail to assist in maintaining the system and to configure user preferences regarding the appear ance and the behavior of specific screens and features In this section you will find the following chapters e Chapter 10 Web Administra tion e Chapter 11 General Adminis tration 135 TronMail 6 0 136 CipherTrust Inc Configuring Web Administration Configuring Web Administration Web Administration is the functional area within Administration that includes allowing and controlling access to IronMail and the specific program areas within it It also permits the Administrator to configure the specific appearance and content of certain screens In this chapter In this chapter you will find information about the following topics e User Accounts e Creating Accounts e Managing Accounts e Allowed IPs e Sett
177. orts 25 110 465 etc Viewable through IronMail s Analysis Console it begins creating a log whenever data or network packets match known signatures for attempts at hacking Once detected the entire stream of packets is cap tured for analysis For those administrators who actively respond to network attacks and create rules to block future occurrences the Analysis Console provides visibility into network traffic at the TCP level It is assumed that users taking advantage of this tool are already experienced and knowledge able in its use Analysis Console The Analysis Console displays a static report information captured up to the moment the Analysis Console was opened Re clicking the Analysis Console hyperlink in the left navigation frame refreshes the report with the latest information The Analysis Console reports Alerts instances of TCP UDP and IMCP traffic that matched an attack signature for which Network IDS was scanning Network IDS uses the attack signatures specified in Pro tection Manager gt Mail IDS gt Network Level gt Signature Manager to iden tify these attacks Protection Man ager gt Mail IDS gt Network Level gt Network Level Analysis Console Analysis Console Analysis Console Queried on Thu October 06 2005 09 51 49 Time window no alerts detected Traffic Profile by Protocol of Sensors 1 TCP 0 Unique Alerts 0 UDP 0 Total Number of Alerts 0 ICMP 0 e Source I
178. ports O Core Reports Email Address Hostname Copyright 2005 CipherTrust Inc All rights reserved SmartStart Report Setup After you have set up the reports using the screen at the bottom of the SmartStart page use the commands on that screen to record your con figuration Then you may proceed to the next screen by clicking that screen s link in the left menu This screen allows you to configure the alerting features of your Iron Mail appliance 27 TronMail 6 0 Alerts Setup Here you can configure the alerting features of the IronMail Appliance Alert Category O Extensive Alerts O Core Alerts Email Address Hostname Copyright 2005 Cipher Trust Inc All rights reserved SmartStart Alerts Setup After you have set up the alerts using the screen at the bottom of the SmartStart page use the commands on that screen to record your con figuration Then you may proceed to the next screen by clicking that screen s link in the left menu Screen 7 Add This screen allows the Administrator to add new user accounts that Accounts may access the IronMail appliance and to configure the roles permis sions assigned to those accounts Create Edit User Account This screen allows the Administrator to add new user accounts that may access the IronMail appliance and to configure the roles assigned FE Se accounts The roles gover
179. ption should be disabled CipherTrust Inc 69 TronMail Edge 1 0 SMTPO Service Properties Field Description Messages per Connection Retry Schedule secs Enable Warn ing Delivery Sta tus Notifications Enable DSN to Server Specify the maximum number of messages IronMail will deliver to a single domain over one connection For example if this value is set to 10 and there are 25 messages addressed to Yahoo com IronMail will open three connections with Yahoo and send 10 mes sages in two of the connections and 5 messages in the third Note that many servers interpret high numbers of mes sages on a single connection as Spam and may be configured to drop the connection The default value of 10 messages per connection is generally acceptable for most environments If the receiving server cannot accept a message the first time it is delivered IronMail can make four addi tional attempts to deliver it Enter four numbers in ascending order separated by commas lronMail requires four values Each value represents the num ber of seconds after the first failed delivery that Iron Mail should wait before attempting another delivery lronMail s default values mean it will make its second attempt 15 minutes after the first failure its third attempt 4 hours after the original failure its fourth attempt 24 hours after the original failure and its final attemp
180. r Command Line interface Pressing the reset switch while IronMail is currently running forces IronMail to hard boot a process that will corrupt its internal databases and render it inoperable Damage to IronMail s database will require CipherTrust s Technical Support engineers to manually repair and rebuild the corrupted files 186 CipherTrust Inc General System Functions Setting the Date and Time System gt Date Time CipherTrust Inc The displayed date and time reflects IronMail s internal date and time at the moment this page is opened or the Refresh Time button is clicked If NTP time servers are entered in System gt Configuration gt Appliances IronMail syncs itself with one of the servers once every minute Date Time D Date October wl 06 wll 2006 Time 11 12 sl Refresh Time Set Date Time Reset Manually adjust the time or date by specifying date and time values from the pick lists After manually entering new values click Set Date Time to update IronMail If a time or date is entered further ahead than the administrative inactivity time out interval IronMail will log out all administrators currently logged onto the graphical user interface Simply log back in and con tinue the administrative session as usual If the time is reset backward administrators will be prompted to reboot the appliance in order for the setting to take effect WARNING Extreme caut
181. r name and password the command functions may be accessed by typing simple commands The user name and password should generally be the same as those used for GUI access It is important to remember that unlike using GUI functions the Administrator will NOT be logged off after a pre configured period of time the log in remains active until the Adminis trator logs out For security reasons one should not walk away from the console without first logging out by typing exit at the command prompt The Administrator may also access the command line from a worksta tion that uses a Secure Shell application via port 22 The Administra tor logs in by entering a valid GUI user name and password If the appliance is an IronMail 210 or 345 model each of which con tains two Network Interface Cards NICs and if Out of Band Man agement is enabled the hostname of the Out of Band NIC will be required to allow connection to the CLI The IronMail 305 also has two NICs but it does not support Out of Band Management 193 TronMail Edge 1 0 SSH clients vary widely and keyboard mapping is different from cli ent to client Depending upon which client you are using you may be required to re map the backspace key Once logged in the Administrator is able to enter commands as neces sary The Commands Commands consist of a command word followed by one or more param eters Separate the command word and the parameters from each other wi
182. r tele ie e Lu DEE 135 ube EE 135 Chapter 10 Configuring Web Administration ccccccsseseeeeeeeeeeeeeeseeeeeeeeeeenenee 137 MiS chapten cot sees cated es Adsereicces re eier Eeer ee oa aaa a aaraa aeaa aeia Earr aeaea aro a aeniea 137 User Accounts 0000 00 ccc ceceeeeceeeeeee eee eee ee eee ee teeta aa eaaeeeeeeeeeeeeeeeeceacaaeaecaeeeeeeeeeeeeeseceeescaceeeeeeeeeeees 137 Creating Eet EE 137 Managing User Accounts ccceceecceeceeeeettee eee ee etce ee eee taaeeeeeetaeeeeeeeeaeeeeeeeaaeeeeseenaeeeeseenaaes 139 Allowed IPS EE 142 Web Admin E ue EE 144 User Preferentes s sccsscaccasechasnadenvsaba nas iccesddune EENS EES ESA 145 Dashboard Preferences oe EESCeEEEEKRNEEEEENEE a aiai ia AE i a A 145 Chapter 11 General Administration Functions sssssssssssssssnsnnnnnnunnnnnnnnnnnnnnnnnnnnnn 149 Ubu Reine 149 The Cleanup Schedule vz cz sduts secidecaeees ia i a E nee oer E iai 149 Configuring Appliance Certificates 0 eee cceceneeeeeeeenne eee eeeaeeeeeeeeaaeeeeeeeiaaeeeeeeeaeeeeeneeaees 152 Changing the Admin Password sesch EEREE EEN Hadenvies eaten ENEE EES REE EEN EEN 153 SmartStart Configuration cccceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeceeeeeeeeeseneaeeeeeseeeeeeeeseeeeeeeeseeaeeeeseeenaes 154 CipherTrust Inc TronMail Edge 1 0 MIE E 155 MTHS SECHON EE 155 Chapter 12 System Configuration ccccceseeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeneeeens 157 Inthis hapt n scriniis e dese seed eege
183. r you specified and your exposure to the outside world has been hardened However many of IronMail s features have not yet been enabled Additional configuration is required as described in the remainder of the User Manual CipherTrust Inc 15 TronMail Edge 1 0 Network Connectivity DNS Configuration Domain Name Service DNS is an exceedingly complex subject and there is no standard way in which it is implemented In simple terms DNS allows multiple servers to appear as if the have the same host name In addition to the DNS server s MX A PTR and other records some networks use Network Address Tables NAT to map servers internally However you implement DNS you must at least do the fol lowing e You must create MX A and PTR records for the IronMail appli ance and e You must give IronMail a lower preference number than your mail server s MX record This will allow all mail addressed to your domain to be routed to the IronMail appliance and allow all other servers to perform DNS look ups and reverse lookups on IronMail The Administrator or Installer names the DNS Server during the initial configuration of IronMail The preference or priority is set after the initial setup as a System function for configuring IronMail The most common use of DNS is to perform forward lookup resolv ing a fully qualified domain name such as servername yourdo main com with a valid IP address such as 63 168
184. rather than to the Static Host identified here To ensure that a host processes all messages IronMail has to deliver either remove all SMTP entries in the Domain based routing table or rename the machine name entries for the SMTP pro tocol in that table to the machine name or IP address of the Static Host identified here The DNS MX Lookup and Static Host options are only valid for messages that are delivered to external domains Static Port If lronMail is configured to deliver all its messages to a Static Host immediately above provide in this input field the port number on which IronMail must make the connection Highest SMTPO lronMail maintains a log saved to disk recording the Logging for Trou actions of the SMTPO subsystem By default the log bleshooting ging level is set to Medium recording useful infor mation but not detailed information During times when maximum information describing how the SMTPO Service processes messages is required enable this option Note that logging at this level provides highly detailed information about every email that is processed In high volume mail environments 50 000 messages a day the daily SMTPO log file can easily grow to 100 MB or more raising the risk that hard disk space may quickly become consumed This option should only be enabled for the period of time during which trouble shooting is occurring Once the need for detailed log ging has concluded this o
185. rchive Method Select an archive method IronMail should use when transferring the Logs e SCP Select SCP to transfer the file securely using the SCP protocol An SCP server must be configured and running on the archive machine s FTP Select FTP to transfer the file in plain text non securely using the FTP protocol The FTP server must be configured and running on the archive server Note that IronMail issues a passive FTP command Note that if multiple IronMail appliances are configured to transfer files the hostname is appended to the file name Hostname User Name Password Confirm Pass word Enter the host name of the archive server Enter a valid username with SCP or FTP privileges Enter a valid password Confirm the password by entering it again 132 CipherTrust Inc Advanced Reporting Summary Logs Show All Files Field Description Path Enter the path string to the location on the archive server where lronMail should transfer the logs Note the relative path must be entered that is the starting point or subsequent directory below which the user account has access privileges Examples are fironmail or ironmail the two are functionally iden tical Bear in mind that some Windows FTP servers may not translate on the fly forward slashes to back slashes In those cases back slashes are required as path delimiters File Inf
186. re subsystems and hardware every user defined number of seconds see Run Interval above Rather than repeatedly generat ing alerts every time it detects the same error in suc cessive tests it will only generate alerts according to this notification schedule After the fourth notification Health Monitor will continue sending alerts if the con dition persists every nnn minutes where nnn is the interval between the third and fourth notification E g if the notification schedule is 1 minute 20 minutes 1 hour and 4 hours subsequent notifications will be sent thereafter every three hours Enter four values separated by commas representing the number of seconds Health Monitor should wait before sending the same alert to IronMail s Alert Man ager if on a successive test the condition still exists Values must integers and entered in increasing order Enter a value from 1 to 90 representing the maximum percentage of disk space utilization after which Iron Mail will stop accepting new messages IronMail s SMTPI Service will stop accepting new SMTP connec tion requests when this threshold is reached This value must be higher than the Disk Space Used Alert value above During Health Monitor s many tests it looks at the time stamp when a message entered one of IronMail s queues then compares it to the current system time Taking into account how many messages are in the queue and IronMail s current mes
187. record the specific actions Iron Mail takes when pro cessing mes sages the information is spread across multiple files The Summary Log consolidates all message processing data into one file and dis plays the information in a slightly different way If IronMail does not accept a message e g the sending IP address is on IronMail s Local Deny List and the message is dropped by the SMTPI Service the only line in the Summary Log for that message will look like the example above If IronMail accepted and pro cessed the mes sage the first line of the Summary 128 CipherTrust Inc Advanced Reporting Log for that message will look like the example at the left For each message that IronMail processed each IronMail Queue process will write a separate line indicating what action it took To view all the lines in the Summary Log for a single message use the grep com mand on the message ID The Summary Log displays seven pipe separated fields of data Each line in the Summary Log displays information about each Iron Mail process that examined or processed a message Note that the descriptions of IronMail processes are not grouped together by mes sage The processes of multiple messages are commingled As with the Detailed Logs administrators must follow the trail of bread crumbs using the Message Identifier to trace a single message in this log The Summary Log may be viewed in real
188. red Hosts SNMP Version SNMP Community Sensor ID Network IDS Properties Field Description SNMP Enable Select the SNMP Enable check box to allow Iron Mail s Analysis Console to deliver its network events as traps to a network SNMP console Note that enabling SNMP here is independent of enabling SNMP in IronMail s Alert Manager That is enabling SNMP traps as an alert mechanism for lron Mail s alerts does not automatically allow the delivery of Analysis Console traps SNMP Host Enter the hostname of the SNMP server CipherTrust Inc 87 TronMail Edge 1 0 88 Network IDS Properties Field Description Port Scan Count Port Scan Win dow secs Ignored Hosts SNMP Version SNMP Commu nity Sensor ID While the Denial of Service configuration establishes a threshold for connections from a single IP address that threshold is specific to TCP connections to a sin gle port This Port Scan threshold counts any TCP connection to any port that originates from the same IP address Enter a maximum number of allowed connections from 1 to 65 535 in the Count field When a single IP address generates the specified number of connec tions within the time frame indicated below the con nection will be logged as an Analysis Console event In addition to detecting TCP connections Analysis Console detects stealth scans precursor
189. rk see SMTPO Service Invisible to the IronMail administrator is the SMTPI and SMTPIS Ser vices enforcement of the SMTP protocol Before these services will accept the data or payload of an email they inspect the requested email connection at the application level to ensure that it is legitimate Connection requests that do not conform to the SMTP protocol are dropped If the connection is accepted then IronMail processes the message like a full featured mail server application Accordingly the CipherTrust Inc 59 TronMail Edge 1 0 SMTPI S Services have many configuration options that affect how they process and deliver messages Configure Mail Services Protection Man agement gt Mail Firewall gt Config ure Mail Services 60 The Configure Mail Services table contains four columns Service Auto Start Running and Service Uptime Configure Mail Services Service Uptime Service Auto Start Days Hours Mins Secs SMTPI Service v 0000 17 00 03 SMTPO Service v 0002 165750 Global This page is refreshed every 4 minute s Last refreshed Thu 06 October 2005 at 09 35 18 EDT Configure Mail Services Field Description Service This column contains the names of the IronMail ser vices or subsystems that process SMTP email deliv ery An entry in this column named Global allows configuration options that do not strictly fall under the SMTPI or SMTPO Services Each service name is
190. rver to which the reports are to be sent The Email Address es input field is disabled unless Create and Email was selected in the Action column Multiple email addresses may be entered with each address separated by a comma Do not enter spaces between commas and subsequent email addresses The four policy configuration reports shown in the top section of the reports list may be run on demand These reports show the current configuration of the specified policies in lronMail When the information has been properly entered click Submit to implement the configuration CipherTrust Inc Advanced Reporting Report Descrip IronMail can produce the following reports if configured to do so tions Report Descriptions Report Name Description Executive Report Summarizes total messages inbound and out bound plus blocked messages inbound and out bound for the day week month quarter and year Useful in identifying trends Incoming Report Provides totals and averages of inbound mes sages for one day plus Top Ten statistics for key concepts Mail IDS Report Shows the results of IronMail s intrusion monitor ing and activity password strength denial of ser vice protection program and filesystem integrity etc Outgoing Report Provides totals and averages of outbound mes sages for one day plus Top Ten statistics for key concepts Detailed Logs IronMail rec
191. rvers outbound mail flow to IronMail using a static route Network Fire Your network administrator must assign an IP address subnet mask wall Configura and host name for the IronMail appliance A host name yourname tion and domain name yourdomain com results in the fully qualified domain name FQDN yourname yourdomain com The first time you connect to IronMail you will be required to enter this and other information into its installation wizard Establishing network connec tivity may require the assistance of your network administrator Based on your company s network design IronMail may be connected to the corporate network either in a De Militarized Zone DMZ or on the internal LAN Once the physical connection has been established some configuration of the network firewall and Domain Name Service DNS will be required Configuring the Firewall There are three main styles of firewalls packet filter types routers with ACLs application proxy types e g Raptor and TIS Gauntlet and stateful inspection types e g CheckPoint and Cisco PIX It is important to understand most application proxy firewalls do not sup port SMTP over SSL i e the SMTPS protocol If your firewall is an application proxy type that does not support SSL IronMail will not be able to encrypt your mail Both packet filter and stateful inspection firewalls however fully support SMTP over SSL if they are configured correctly
192. s to back slashes In those cases back slashes are required as path delimiters Schedule Time Select from the Hour and Minute pick lists a time when lronMail should automatically transfer the Logs It is recommended that administrators choose a transfer time after 4 AM to allow enough time for the reports to run and rollover the previous days logs File Information The lower portion of the screen is a table that shows information about all the detailed logs View Click the hyperlink for any individual log file to open that file for viewing Download Click the hyperlink for any log file to download that file Transfer FTP If the file is to be archived click the check box SCP Delete Click the check box and then click Submit to delete the log File Name This column lists by feature or function name the logs that IronMail generates Show all files Clicking this hyperlink opens a screen that lists all available versions of the specific log Log files remain available until they are deleted by the Cleanup pro cess Clicking show all files opens a screen like the example shown below 125 TronMail Edge 1 0 Reporting gt Advanced gt Detailed Logs gt Detail d Logs Show All Files Archive Method FTP Hostname User Name Password Confirm Password d Path File Information Alert Manager Download Transfer FTP SCP File Name
193. s you may log onto the appliance Using your network browser go to the IP address for the appliance and log in 14 CipherTrust Inc Setting Up IronMail CCipherlrust Edge ver 1 0 0 Administration Login User Name user Password ee IronMail s opening SmartStart screen will display allowing you to continue with best practices configuration Cipherlrust tronmait 0001 SmartStart Logout Quit Contact Us This step will test the connectivity between your IronMail appliance and the CipherTrust update infrastructure Connectivity is required in order to use the SmartStart feature to configure your IronMail appliance You will use the update infrastructure in the Following steps to update the version of the software installed on your appliance to download the latest best practices Pre configuration or Threat Response update packages and to install the most current Anti Virus engine updates and virus signatures E Pre Config Install D Threat Response Updates Network Connectivity has successfully been established E Virus Updates D SMTP Route Setup Internal Server List Check Connectivity E Allow Relay Setup E Reports Configuration E Alerts Setup E Add Accounts E Change Admin Password Copyright 2004 2005 Cipher Trust Inc All rights reserved Once a stand alone IronMail is running it is now acting as a proxy incoming and outgoing mail will flow through IronMail to the email serve
194. s current Anti Virus upgrades the Pre Configuration package the current Threat Response Update TRU and several other common configuration entries The Administrator will complete the initial IronMail setup and instal lation as usual applying the standard Installation Wizard as explained in the previous chapter and in the IronMail Setup Guide Then at the Administrator s first login the initial SmartStart screen displays Unless the SmartStart installation is interrupted subsequent logons will bypass SmartStart and take the user directly to the Dashboard as discussed later in this manual Note SmartStart functionality is available only to the Admin user account For any other user the first login will open the Dashboard IronMail s regular opening screen Using SmartStart Complete SmartStart installation requires completing the actions on 12 screens It is important for the Administrator to remember a few basic rules for navigating SmartStart 1 You must select the specific SmartStart screen you wish to use by clicking the screen s link in the left menu When you finish one screen you can go to the next by clicking its link 2 If you need to leave the SmartStart Wizard before you have com pleted work with all screens you must leave by clicking Log Out CipherTrust Inc 21 TronMail 6 0 The SmartStart Screen Left Side Menu Upper Right SmartStart infor mation at the top of the screen The
195. s Web Administration in order for the Secure Delivery program tab to display in the top navigation bar of the Web Admin interface Also when an anti virus licenses expires it disappears from the Web Administration interface and its functionality ceases on the midnight before the date of expiration Anti virus license renewals should be installed prior to license expiration If a renewal license is installed after license expiration administrators will have to manually re con figure anti virus settings and place the Virus Scan Queue back into the Queue Order In enterprise environments where Centralized Management Consoles CMC are managing multiple IronMail slaves the CMC is responsi ble for acquiring and renewing all licenses The CMC will automati cally push product feature or service licenses to its IronMails While administrators were prompted to install a License Key when first running the IronMail Initial Configuration Wizard they may install additional Licenses within this License Manager window Paste in the License Number input field the key that CipherTrust Techni cal Support issued and click Submit That program area that key enables is immediately available after logging out of the Web Adminis tration interface and logging back in 183 TronMail Edge 1 0 184 CipherTrust Inc In this chapter General System Functions General System Functions In this chapter you will find information about the f
196. s when logging into Iron Mail CipherTrust Inc 33 TronMail Edge 1 0 Configuring the Dashboard You can determine what summaries or graphs appear on your Dash board and where they are located using the configuration screen Click Configure at the lower right corner of the Dashboard screen Fe Configure A Save Configuration Logon gt Dash board gt Configure Executive Summary TronWebMail Queue Status Health Monitor Status Connection Blocking Status Spam Policy Status Mail IDS Status Graphs Secure Delivery Executive Summary Inbound Trend Executive Summary Outbound Trend Dashboard Configuration Preferences Executive Summary Iron Web Mail Queue Status Health Monitor Status Connection Blocking Status Spam Policy Status Mail IDS Status Graphs Secure Executive Summary Inbound Histori Executive Summary Outbound Histc Service Status Update Status System Utilization Status Alert Viewer Service Status Update Status System Utilization Status Alert Viewer The center column of the Configure screen lists all portlets each one representing a reporting mechanism that have not been configured to appear on the existing Dashboard To add a portlet to the Dashboard click the portlet to highlight it 34 CipherTrust Inc The Dashboard Dashboard Configuration Preferences Executive Summary Service Status Update Status System Utilization Status Mail IDS Sta
197. sage load if a message has remained in a queue more seconds than the number entered in this input field Health Monitor will assume that particular Queue Service experienced a program error and will stop and restart the service If a Queue Inactivity Time out is set to 0 with the expectation that email should be processed by the queues immediately Health Monitor may inaccurately report in its Detailed Log that a problem has occurred That is if there exists a slow pipeline to the internal mail server and or high email volume Health Monitor will report queue inactivity errors even though mes sages might be processed and flowing as expected Initially it is recommended that administrators accept the default period of inactivity of ten minutes 600 sec onds If the IronMail is processing large amounts of messages in a high email volume environment the number of seconds may be increased 114 CipherTrust Inc The Health Monitor Health Monitor Properties Field Description Restart SMTPO Unprocessed Message Thresh old for Outbound Queue Unprocessed Message Thresh old for All Queues If during its process Health Monitor finds that SMTPO is not running you have the option of restarting If you want Health Monitor to restart SMTPO select this checkbox Enter a number of messages to serve as the threshold for the Outbound Queue This integer represents the maximu
198. sages them selves ensuring that nothing harmful gets through Such security must be able to stop a hacker s malicious code a self propagating worm or even a dirty joke If the gateway is secure attacks never reach the mail servers IronMail provides this security by fortifying the gate way and scrutinizing everything that attempts to pass through it Gateway Three primary threats plague enterprises if they are allowed to enter Threats through the network gateway e Denial of service attacks e Intrusions and e Web mail attacks IronMail provides state of the art solutions for each Denial of Service Hackers may launch denial of service attacks against e mail systems in an attempt to bring those systems to a halt Many techniques are capable of accomplishing this disruption but hackers typically exploit vulnerabilities in a mail server such as the inability to process a mal formed MIME message or buffer overflow constraints Or the attackers CipherTrust Inc 53 TronMail 6 0 can simply flood a mail server with more SMTP connections or instructions than the server can handle Intrusions Intrusions occur when unauthorized users gain access to the organiza tion s infrastructure For spammers this typically means breaking into a mail server to send spam mail relay or to harvest e mail addresses Spammers can also plant computer code on the organization s per sonal computers which then become spam machines or drones
199. t 44 CipherTrust Inc CipherTrust Inc Add CSR Managing Certificates Certificate Subject Information Digital Name for the Certificate Country e g US State e g Georgia Locality e g Norcross Organization e g CipherTrust Inc Organization Unit e g Development Common Name e g mail ciphertrust com Key Size Email Address Password at least 8 characters Confirm Password Docs_Test US Georgia Alpharetta CipherTrust Documentation docs ctga net 1024 bits 512 bits jfrancis ciphertrust com Adding a CSR Field Description Digital Name for Enter the digital displayed name for the new certifi cate being requested Note In order for the CSR to be generated this name cannot contain spaces the Certificate Country Enter the name or abbreviation for the country where the certificate is to apply State Enter the state name Locality Enter the name of the locality Organization tificate Enter the name of the organization requesting the cer 45 TronMail 6 0 Adding a CSR Field Description Organization Unit If applicable enter the name of the unit within the organization to which the certificate will be assigned Common Name Enter the server name where the certificate will be installed Key Size
200. t 2005 Cipher Trust Inc All rights reserved Mail IDS Updates Field Description Load a Package If the update package you need resides in a file that may be downloaded rather than on the update server you can enter the complete path to the file or browse to it When you click Submit the package will appear on the update screen Available The table lists available updates To ensure the list is current updates click Refresh List at the bottom of the screen Product This column lists the product name for each update Version The version number for the update displays in this col umn Date Down This column displays the date when the software file loaded was downloaded to IronMail s disk Date Installed This column displays the date when the software file was installed on the appliance CipherTrust Inc 179 TronMail Edge 1 0 Mail IDS Updates Field Description State This column displays the software file current state The state can be one of four values e Available The file is available and ready to be down loaded from CipherTrust s Update Server Downloaded The file has been downloaded to disk but has not yet been installed It may be deleted or installed Installed The file has been installed Pending State If a file s status has changed see immediately below the new status is displayed in this Pending column The new stat
201. t If the host is not available Edge will try the next host If and only if no host is available Edge will fall back to writing messages to disk and passing them to SMTPO to be sent to a host when one is available CipherTrust Inc Setting Up Iron Mod In this chapter Setting Up fron Mod The initial setup for IronMail includes at least two major components and possibly a third The Installer or Administrator must set up the basic IronMail appliance to allow its further configuration after the basic initialization is completed they must also perform essential setup for connectivity to the internet and to the mail network The third component is necessary only if the IronMail appliance is being set up as a Centralized Management Console CMC Setup results in only the most basic configuration of IronMail Once all initial setup is complete the Administrator will perform the detailed configuration that prepares IronMail to protect the specific network In this chapter you will find information about the following topics e Configuring IronMail e Running the Installation Wizard e Configuring IronMail asa CMC e Network Connectivity e Configuring the Firewall Configuring lronMail Preliminary Information CipherTrust Inc IronMail whether intended as a stand alone appliance or as a Cen tralized Management Console uses a simple wizard to set the initial values required for it to become minimally fun
202. t IronMail gt DNS 1 DNS 2 and DNS 3 f disabled IronMail will deliver all email to the address in the Static Host field identified immediately below The DNS MX Lookup and Static Host options are only valid for messages that are delivered to external domains Note To prevent potential looping and blocking condi tions IronMail does not attempt delivery of email if the MX lookup returns the reserved IP address 0 0 0 0 or 127 0 0 1 68 CipherTrust Inc Mail Firewall SMTPO Service Properties Field Description Static Outbound Instead of performing a DNS lookup and delivering Host messages accordingly lronMail can send all mes sages to a specific host that may perform special pro cessing or routing functions The host then becomes responsible for the delivery of messages Enter either the host name e g hostname domainname com or IP address of the server where IronMail should deliver all its messages If entering a host name lronMail must be able to resolve the name to the machine s IP address i e DNS records must exist for it Note that domains and machine names in lIronMail s routing table Mail Firewall gt Mail Routing gt Domain based take precedence over the route that is speci fied here in the SMTPO properties window Any mes sages addressed to a domain listed in the Domain based routing table will be delivered directly to that domain s mail server
203. t click Accept or Decline If you choose to Decline the installation wizard will close and the appliance will not run If you choose Accept the wizard proceeds to the next step CipherTrust Inc 7 TronMail Edge 1 0 IronMail CipherTrust Installation Wizard MASTER SALE AND LICENSE AGREEMENT FOR THE CIPHERTRUST IRONMAIL APPLIANCE IMPORTANT THIS MASTER SALE AND LICENSE AGREEMENT GOVERNS USE OF THE IRONMAIL SOFTWARE AND IF LICENSED IN ADDITION TO THE IRONMAIL SOFTWARE THE ANTI VIRUS SOFTWARE THE IRONMAIL SOFTWARE AND IF APPLICABLE THE ANTI VIRUS SOFTWARE COLLECTIVELY REFERRED TO AS THE SOFTWARE ON THE APPLIANCE HARDWARE ON WHICH THE SOFTWARE IS INSTALLED AND OPERATES THE IRONMAIL SOFTWARE AND APPLIANCE HARDWARE BEING REFERRED TO HEREIN TOGETHER AS THE APPLIANCE READ THIS MASTER SALE AND LICENSE AGREEMENT CAREFULLY PRIOR TO USING THE APPLIANCE IN ORDER TO USE THIS APPLIANCE YOU MUST INDICATE ACCEPTANCE BY YOU AND BY THE CORPORATE OR BUSINESS ENTITY WHICH IS USING THE APPLIANCE CUSTOMER TO THESE TERMS AND CONDITIONS BY CLICKING ON THE Accept BUTTON ON YOUR SCREEN BY INDICATING YOUR AGREEMENT YOU ALSO REPRESENT AND WARRANT THAT YOU ARE A DULY AUTHORIZED REPRESENTATIVE OF THE CUSTOMER AND THAT YOU HAVE THE RIGHT AND AUTHORITY TO ENTER INTO THIS AGREEMENT ON ITS BEHALF BY USING THE APPLIANCE CUSTOMER EXPRESSLY AGREES WITH CIPHERTRUST INC A GEORGIA CORPORATION CIPHERTRUST TO BE
204. t 48 hours after the original failure After the final failed delivery lronMail will drop the message Note however that if Quarantine Undeliv erable Messages is enabled below IronMail will quar antine undeliverable messages Administrators have the opportunity to resend the quarantined undeliver able messages with five attempted deliveries each as many times as they want If this option is enabled IronMail will send a Delivery Status Notification DSN message each time it is unsuccessful in delivering a message If this option is not enabled IronMail will only send a DSN after its final delivery attempt was unsuccessful Enable DSN to Sender must be enabled immediately below in order for these warning DSN messages to be gener ated If this option is enabled lronMail will generate a Deliv ery Status Notification DSN message if it is unable to deliver a message If enabled and Enable Warning Delivery Status Notifications is disabled the DSN will be generated after the final delivery attempt If enabled and Enable Warning Delivery Status Notifications immediately above was also enabled DSNs will be generated after each failed delivery attempt 70 CipherTrust Inc Mail Firewall SMTPO Service Properties Field Description Enable DSN to Forwarded Addresses DSN Forwarded Address Enable DNS Caching DNS Cache Limit TTL for A records secs
205. talled on the mail servers Messages are protected only from server to server not from the client to the server The following comparison illustrates the differences Comparing Strategies Problem Area Client to Client Server to Server Expense Certificates must be purchased for and installed on every indi vidual computer that will send and receive encrypted mail Only one certificate must be installed on the server one server can encrypt and pro tect all email for client PCs in the domain Al TronMail 6 0 In this section Comparing Strategies Problem Area Client to Client Server to Server Administrative Work load All certificates must be updated regularly and may need to be unin stalled or transferred from one computer to another Administrators must manage only one cer tificate per gateway Encryption Security encrypted before they reach the gateway Therefore they can not be scanned for viruses malicious con tent or confidential information nor can the be scanned at the receiving gateway Message body is encrypted but header and routing information is not Hackers have the opportunity to gain helpful information and may be attracted by the encryption of the message body User Workload Each user must tell all Encryption is transpar mail clients to user the ent to the end user certificates and users ca
206. te clean message Queue Manager Read Write reports Reporting Read Only set serial System Read Write enable service System Read Write disable service System Read Write stop service System Read Write start service System Read Write user unlock System Read Write show log Reporting Read Only mapping Reporting Read Only network System Read Only queue Reporting Read Only services Reporting Read Only system System Read Only system reboot System Read Write restart System Read Write restore System Read Write shutdown System Read Write tail log Reporting Read Only test dns System Read Only mail System Read Only ping System Read Only port System Read Only route System Read Only server System Read Only On screen help may be accessed by typing help If one types help at the IronMail command prompt the screen will display the top level commands that may be used along with any associated help text Typing help before any allowed command word edit run set show system tail or test or command string command word plus parame ters displays help for that subset of the CLI ironmail help Command Summary The words appearing on the line below are the top level com mands Type an individual word to see the parameters for that command Type help lt word gt to see help for that command 195 TronMail Edge 1 0 help edit run set show system tail test Commands are composed of a command word followed by one
207. tes To ensure the list is cur updates rent click Refresh List at the bottom of the screen Product This column lists the product name for each update Version The version number for the update displays in this col umn 176 CipherTrust Inc CipherTrust Inc System Updates TrustedSource Updates Field Description Date Down This column displays the date when the software file loaded was downloaded to IronMail s disk Date Installed State Pending State This column displays the date when the software file was installed on the appliance This column displays the software file current state The state can be one of four values e Available The file is available and ready to be down loaded from CipherTrust s Update Server e Downloaded The file has been downloaded to disk but has not yet been installed It may be deleted or installed e Installed The file has been installed If a file s status has changed see immediately below the new status is displayed in this Pending column The new status does not take effect until Commit Scheduled Changes is clicked The Refresh List button sends a request directly to CipherTrust s update server which will populate your updates page with its list of available file updates Any value in each row of the table of software files is a hyperlink that opens a Change State page in the main content page o
208. th a single space Press Enter after the last parameter to execute the command The information that appears in the CLI complies with any restrictions or parameters that have been configured in the GUI Any restrictions or permissions applicable in the GUI also apply to the CLI Furthermore the amount of information in the IronMail s detailed logs viewed in the GUI is controlled by the logging level set in the IronMail GUI CipherTrust does not provide customers root access to the appliance therefore the CLI has limited shell capabilities Many of the com mands found in a UNIX environment are not available Only the fol lowing commands may be executed help edit run set show system tail and test The table below provides more information Command Overview First Level Equivalent GUI Command Access Parameter Role help edit run set Typing help at show system the prompt dis tail test plus plays com additional param mands and eters associated text Typing help before any com mand word or command string displays help for that subset of the command line edit interface System Read Write route System Read Write support System Read Write 194 CipherTrust Inc The HELP Com mand CipherTrust Inc Using the Command Line Command Overview Command FirstLevel Equivalent GUI Access run clean quarantine Queue Manager Read Wri
209. that passes through to the IronMail appliance The IP addresses will be stored in the database so they may be viewed in the logs etc The only IP address the IronMail normally receives if this parameter is turned off is the IP for the Edge appliance Enter a 1 to enable sending the addresses enter a 0 to disable it The default is 0 Note This feature may require modification on the lronMail appliance in the form of a software patch to allow the IP addresses to be stored etc SMTPO Service Whereas the SMTPI Service is responsible for processing messages entering the IronMail appliance whether originating from inside or outside the hosted domain the SMTPO Service is responsible for delivering the messages out of the appliance Clicking the SMTPO Ser vice hyperlink in the Configure Mail Services window opens a second ary screen where the following configuration options are available CipherTrust Inc 65 TronMail Edge 1 0 Protection Man agement gt Mail Firewall gt Config ure Mail Services gt SMTPO 66 SMTPO Service Properties Log Level Strong Server Authentication Deliver mail if Strong Server Authentication Fails Recipient Server Certificate Verification DNS MX Lookup Static Outbound Host Static Port Highest SMTPO Logging for Troubleshooting Messages per Connection Retry Schedule secs Enable Warning Delivery Status Notifications Enable DSN to Sender Enable DSN to
210. tion using the browse button Password Enter the password associated with the backup file when it was created Restore with Cer Click the checkbox if you want to restore the security tificates certificates that were in use by this IronMail when the backup was done Restore All If you want to restore the complete database file click the check box Granular Policy If you prefer you can click this check box and select the group or groups of policies to be restored Click Submit to execute the restoration IronMail reads all the configu ration data and enters it into the appliance The IronMail appliance will automatically reboot whenever a backup configuration is restored Clicking the View Log button will open a log screen that provides details about the restoration When IronMail saves a backup configuration to disk it uses an auto matic naming scheme identifying the appliance s name version num ber latest release number and date e g im 4 5 1 1098287820 31 zip CipherTrust Inc System Configuration The name of the IronMail is stored within the backup file that is cre ated Therefore under no circumstances rename or edit this file Changing the file s name will cause the Restore function to fail and may produce other unintended consequences Note When an IronMail configuration is backed up that appliance s host name IP address subnet and User Accounts are saved Restorin
211. ts cleanup process deletes old records Note SMTPO caches its own DNS records indepen dently It will continue to draw from its own cache even after DNS changes until SMTPO is restarted Restart ing flushes out the cache While the TTL for MX records is defined by the DNS server the TTL for A records is administrator defined Enter a number in seconds representing how long the A records should live in lronMail s cache 3600 or one hour is a recommended setting IronMail will delete A records whose TTL has expired 71 TronMail Edge 1 0 Global Proper 72 ties SMTPO Service Properties Field Description Domain Connec tion Timeout secs Quarantine Undeliverable Messages Attach Original Message for DSN Send FQDN on Helo Ehlo Enter a number between 300 and 900 representing the maximum number of seconds IronMail may wait for a domain to accept a connection If a connection cannot be established within this time lronMail will fall back to the Retry Schedule above for additional delivery attempts Timeouts may occur if domains are very busy or a DNS server is unable to respond with the necessary information If a retry schedule was configured above IronMail will make up to five attempts to deliver a message If this option is not enabled lronMail drops the message after the fifth attempt If this option is enabled IronMail will quarantine undeliverable
212. tus d Alert Viewer Then click the arrow pointing to the panel Left Panel or Right Panel where you want the new information to appear The portlet will be moved to that panel as shown below Dashboard Configuration Preferences Executive Summary Tron Web Mail Spam Policy Status Graphs System Utilization Status Mail IDS Status Executive Summary Inbound Histori Alert Viewer Executive Summary Outbound Histc Secure Delivery The new portlet is set to appear at the bottom of the panel by default If you want to change the placement of any portlet highlight it and use the Up or Down button beside the panel Click Finish to record the change CipherTrust Inc 35 TronMail Edge 1 0 Encryption Protection Manager Reporting Administration System Executive Report is not yet generated Queue Status R Queue Name SMTPO Service Number of Domains in SMTPO Internal Queue Quarantine Enabled Running D v a NIA Nja No Action Action Taken Taken om NjA NIA o Nja NIA Connection Blocking Status R Status Total Connections Accepted Total TLS Connections Total TrustedSource Rejections Mail IDS Status Count Status Count H Total Connections Blocked H H Total Greylist Rejections o H Health Monitor Summary P Name Test Time Test Result The Dashboard is now updated to include the Health Monitor Sum mary If you want to remove a portlet from the Dashboard
213. ule aT 1 mm res You must specify three options in order to configure the schedule e The files to be cleaned e The cleanup interval how long a file may remain on the disk before it is cleaned from the disk and e The cleanup cycle how often or when the cleanup cycle will run CipherTrust Inc 149 TronMail Edge 1 0 Cleanup Schedule Field Description File Type From the pick list select the type of file for which you are configuring a cleanup schedule Options are e Database e Statistics e Log Files e Temporary Files e IDS Statistics Quarantine Data e Spam Notification e SWD Viewed e SWD Non Viewed Highlight the type and click the Select button Cleanup Interval Frequency Schedule Detailed Sched ule Specify the number of hours or days by entering the number and selecting from the pick list that this partic ular kind of file should remain in the database IronMail converts day entries into hours internally Clicking this button enables creation of a fixed interval schedule for the Cleanup cycle The Administrator may select an interval in hours 1 hour to 72 hours between cycles You must choose either Frequency Schedule or Detailed Schedule Enabling one disables the other This option allows creation of a specifically detailed schedule for the Cleanup cycle The schedule is con figured in two steps s The left side of the screen displays a list
214. us does not take effect until Commit Scheduled Changes is clicked The Refresh List button sends a request directly to CipherTrust s update server which will populate your updates page with its list of available file updates Any value in each row of the table of software files is a hyperlink that opens a Change State page in the main content page of the Web Administration interface The details of the file are shown and a Change State pick list allows the administrator to download or install the file After clicking Change State IronMail refreshes the previous Virus Updates table and the file s new status is displayed in the Pend ing Column The new status does not take effect until Commit Sched uled Changes is clicked 180 CipherTrust Inc System Updates Configuring Auto Updates The Configure Auto Updates sub menu displays the licensed Sub scription Services installed on the appliance Each Service may be con figured to query CipherTrust s update server for newly available files IronMail will automatically download and install any files that become available System gt Updates gt Configure Auto Configure Auto Updates D Updates service S Automatically Update Interval minutes O IDS Updates 30 Threat Optimize Updates Bo Statistics Collector o Threat Response Updates 30 Compliance Rules Updates 30 77en_US field up
215. version of the IronMail software currently installed this update may require more than one step and may involve rebooting the appliance If you need to install more than one release to get to the most current version use this screen to download and install each upgrade in order one upgrade at a time If the appliance must be rebooted you will be brought back to the SmartStart feature when you log in again After you have set up configuration changes on the screen shown at the bottom of the SmartStart page use the commands on that screen to record your configuration Then you may proceed to the next screen by clicking that screen s link in the left menu For Edge TRU updates take the form of TrustedSource updates This screen allows you to access and install the latest TrustedSource Update package for your version of the IronMail Edge software CipherTrust Inc 25 TronMail 6 0 TrustedSource Updates Load a Package Browse Upload Version Date Downloaded Date Installed State 2005100 20051007 17 39 2005 10 07 s 2005 10 07 u INSTALLED Refresh List Commit Scheduled Changes 7 View Log Copyright 2005 CipherTrust Inc All rights reserved SmartStart TrustedSource Updates IMPORTANT You should install the TrustedSource package after upgrading to the most recent version of the IronMail Edge software After you have set up the installation on the screen at the bottom of the SmartStart page us
216. vice start lt SERVICE gt ironmail set service stop Invalid command Usage server service stop lt SERVICE gt The set user unlock lt username gt command is used by the Administra tor to unlock an appliance that has been locked due to circumstances like failed login attempts exceeding the maximum allowed A valid username is required ironmail set user CipherTrust Inc 199 TronMail Edge 1 0 Invalid command Usage set user unlock ironmail set user unlock Invalid command Usage set user unlock lt USER ID gt ironmail The SHOW The show command displays information about IronMail s system Command services network and logs After the user types the command and the first parameter the screen displays available sub parameters Command Summary show log lt SERVICE gt mailroute network connections interface route queue system lt SERVICE gt services system disk process support To get more information on each of these commands type help show log help show services or help show system The show log command allows the Administrator to view today s logs or those from a previous day ironmail help show log The show log command is used to view today s or previous days logs To see the list of services whose logs are available type show log To view today s logs for an individual service type show log lt SER VICE gt where lt S
217. w several days or more worth of information the daily Mail IDS report will only show 24 hours worth of data Denial of Service Protection Field Description Service This column reports which of the lronMail services encoun tered the Denial of Service DoS attack POP3 POP3S IMAP4 IMAP4S or SMTPI SMTPIS Source IP This column reports the IP address from which the DoS attack originated Consider adding the IP address to IronMail s Local Deny List to block all further SMTP connections from that source Date This column reports the timestamp when the DoS threshold was reached If the same IP address gener ates another DoS later in the day the previous times tamp is updated to reflect the time of the new attack 82 CipherTrust Inc Mail Intrusion Detection Service Denial of Service Protection Field Description Connections This column reports the number of connections that were dropped after the DoS threshold was reached Remember that lronMail will drop further connections only for the length of time specified as the Denial of Service Window If multiple DoS attacks from the same IP address are detected throughout the day lronMail will display in this column a running total of dropped connections that occurred during the sepa rate drop windows that follow each time a threshold was reached Configuring Application Level Protection Protection
218. will close and the appliance will not run If you choose Accept the wizard proceeds to the next step 8 CipherTrust Inc Setting Up Iron Mod IronMail CipherTrust Installation Wizard SUPPORT SERVICES AGREEMENT FOR THE a CIPHERTRUST IRONMAIL APPLIANCE IMPORTANT THIS SUPPORT SERVICES AGREEMENT GOVERNS THE ANNUAL MAINTENANCE AND SUPPORT SERVICES PROVIDED BY CIPHERTRUST INC A GEORGIA CORPORATION CIPHERTRUST AND ITS AUTHORIZED _ AGENTS TO CUSTOMER FOR THE IRONMAIL SOFTWARE AND IF SO LICENSED BY CUSTOMER ANTI VIRUS SOFTWARE LICENSED DIRECTLY FROM CIPHERTRUST THE IRONMAIL SOFTWARE AND ANY ANTI VIRUS SOFTWARE COLLECTIVELY REFERRED TO HEREIN AS THE SOFTWARE AND FOR THE COMPUTER HARDWARE APPLIANCE HARDWARE ON WHICH SUCH SOFTWARE IS INSTALLED AND OPERATES THE IRONMAIL SOFTWARE AND APPLIANCE HARDWARE COLLECTIVELY REFERRED TO HEREIN AS THE APPLIANCE AND IF REQUESTED AND PAID FOR BY CUSTOMER INSTALLATION INTEGRATION AND TRAINING SERVICES RELATED TO THE APPLIANCE READ THIS SUPPORT SERVICES AGREEMENT CAREFULLY PRIOR TO USING THE APPLIANCE IN ORDER TO RECEIVE SUPPORT SERVICES FOR THE APPLIANCE YOU MUST INDICATE ACCEPTANCE BY YOU AND BY THE CORPORATE OR BUSINESS ENTITY USING THE APPLIANCE CUSTOMER TO THESE TERMS AND CONDITIONS BY CLICKING ON THE Accept BUTTON ON YOUR SCREEN BY INDICATING YOUR AGREEMENT YOU ALSO REPRESENT AND WARRANT THAT YOU ARE A DULY AUTHORIZED REPRESENTATIVE OF THE C
219. wing steps to update the version of the software installed on your appliance to download the latest best practices Pre configuration or Threat Response update packages and to install the most current Anti Virus engine updates and virus signatures Connectivity check might require a couple of minutes to complete Using the SmartStart feature will allow you to configure your IronMail easily and effectively When you have tested network connectivity go to the next screen by clicking the links in the left menu Network Connectivity has successfully been established Check Connectivity For complete information about using the SmartStart Configuration Process see Chapter 2 of this User s Guide 154 CipherTrust Inc In this section VII System The System program area in IronMail is particularly useful to Admin istrators who must configure system behavior as it will be encountered by the end users This area allows configuration of the IronMail appli ance itself with regard to basic parameters It also permits the Admin istrator to make updates available to users and to perform general system maintenance In this section you will find the following chapters e Chapter 12 Configuration e Chapter 13 Updates e Chapter 14 Other System Functions CipherTrust Inc 155 TronMail 6 0 156 CipherTrust Inc System Configuration System Configuration The Configuration program area is used to
220. y logon from any workstation WARNING If IP based access control ACL is enabled without entering valid IP addresses i e addresses from which administrators may connect to IronMail all IronMail administrators will be immedi ately locked out of the Web Administration interface Administrators must logon to IronMail s Command Line Interface either from an SSH client or via a keyboard and monitor attached to the appliance and disable this setting The CLI command to disable IP based access con trol is system restore acl see the System commands in Command Line Interface chapter of this User s Guide Administration gt Web Admin Con figuration gt Allowed IPs et Allowed IPs setting Enable IP based access control IP Address Side Note Delete Add an IP address 10 20 30 40 Side Note for IP Gseradain Add IP Address from a file Browse Export Allowed IPs Field Description Enable IP based access control Currently allowed The table near the top of the screen lists all the IP IPs addresses that are currently allowed to access Iron Mail if IP based access is enabled Other user accounts will be blocked IP Address This column displays IP addresses allowed to access lronMail s Web Administration interface 142 CipherTrust Inc Configuring Web Administration Allowed IPs Field Description Side Note T
221. you click the arrow to move the portlet the lower portion of the Configure screen displays two dropdown lists The first list allows you to select which of the three types of graphs you want to display by default e System Graphs e Queue Graphs or e Executive Graphs CipherTrust Inc 37 TronMail Edge 1 0 System Graphs Logon gt Config ure gt Graphs gt System Graphs Queue Graphs Logon gt Config ure gt Graphs gt Queue Graphs 38 The second list offers selections for the time period you want to repre sent with the selected graphs The available periods vary with the type of graph you select so choose the type first More information about the information contained in each graph will be provided later in this chapter The System Graphs may be configured to capture system performance information for periods from 1 hour to 1 year Graphs Filesystem Utilization Last 12 Hours 600 m d The Queue Graphs may be configured to capture queue loads and per formance information for periods from 1 hour to 1 year Queue Load Statistics Last 1 Hours 5 0 ao EE Queue Load Messages Cit 07 20 E SMPO MRIPQ HM JOINQ Duo W SUPERQ Queue Load Messages Mave MCR Bu Sang oe aoe 0 6 77 E 0 27 0 0 Queue Load Statistics Last 1 Hours 07 20 07 40 Queue Process Statistics Last 1 Hours Queue Total Messages 07 20 07 40 08 00 MA MCR EMR MSA Duo S
Download Pdf Manuals
Related Search