IronMail 6.5.1 E-Class Setup Guide
Contents
1.2. Port TCP Protocol Description DP Port 25 TCP SMTP Required for mail delivery Port 80 TCP HTTP Optional for WebMail secure HTTPS on port 443 is pre ferred Port 110 TCP POP3 Optional secure POP3 on port 995 is preferred Port 143 TCP IMAP4 Optional secure IMAP4 on port 993 is preferred Port 443 TCP HTTPS Optional for WebMail for secure HTTPS proxying Port 465 TCP SMTPS Optional for secure incoming messages Port 993 TCP IMAP4S Optional this is the preferred port to securely retrieve mail via IMAP4 Port 995 TCP POP3S Optional this is the preferred port to securely retrieve mail via POP3S Port 20022 TCP CipherTrust Required allows CipherTrust to connect to your Iron Mail for technical support TABLE 3 IronMail to Internal Mail Server Port 21 TCP FTP Optional if using FTP Port 22 TCP SCP Optional if using SCP Setup Guide TABLE 3 IronMail to Internal Mail Server Port 25 SMTP Required for mail delivery Port 53 UDP DNS Optional for an IronMail CMC if your DNS is inside the network you must open the port allowing IronMail CMC to connect to it Port 80 TCP HTTP Optional for WebMail you should open secure port 443 for HTTPS instead Port 110 TCP POP3 Optional you should open port 995 for secure POP3S instead Port 143 TCP IMAP4 Option
3. pivot out of the way and then back into place when the studs are fully engaged in the mounting channels Ensure the Component Release Levers are in the locked position Press and hold both the left and right Slide Extension Release Levers and slowly slide the component and Slide Rails into the fully retracted position Uninterruptible Power Supply TronMail should only be used in conjunction with an Uninterruptible Power Supply UPS While many UPS devices are suitable for providing power not all are able to Setup Guide gracefully shut down ronMail in an emergency loss of power Many are incapable of interfacing with IronMail s software And worse some are so incompatible they will shut down IronMail on their own regardless of the presence or absence of ade quate power Therefore CipherTrust encourages you to only connect the data cables for UPS models shown on the table on the following page which have been thoroughly tested for reliability and compatibility Note If you use a UPS other than one shown in the following table do not attach a data cable from the UPS to IronMail s serial port when the serial port is configured as a UPS interface Recommended UPS Hardware IronMail E class APC Matrix UPS MxX3000 Smart UPS 700 700 XL 700 RM 2U 1000 XL 1000 RM 2U 1400 1400 RM 2U 1400 RM 3U XL Please contact CipherTrust product support at
4. 10 50 15 200 GpherTrust Wizard newbox ciphertrust com 192 168 0 254 Mozilla Firefox Cipher rust IronMail GpherTrust Installation Wizard Step 6 of 9 Copyright 2006 GipherTrust Inc All rights reserved Click Next Step 12 Enter the IP address or the fully qualified domain name for up to three Network Time Protocol NTP servers as provided by the Network Administrator 10 50 15 200 CipherTrust Wizard newbox ciphertrust com 192 168 0 254 Mozilla Firefox C Cipher rust IronMail Copyright 2006 GpherTrust Inc All rights reserved en Click Next Step 13 Specify the appliance s time zone by selecting from the pick list your own loca tion or city or a location city that is in the same time zone https 10 50 15 200 GpherTrust Wizard newbox ciphertrust com 192 168 0 254 Mozilla Firefox CCipherlrust IronMail CipherTrust Installation Wizard Step 8 of 9 Copyright 2006 GipherTrust Inc All rights reserved Click Next Step 14 If you are configuring a stand alone IronMail appliance you must enter infor mation about your default email server If you have more than one email server enter only the information about the default server You can configure additional servers after you complete the Installation Wizard Example Mail Server IP Address 10 0 0 15 MailServer IP Address 1050155 Default Emai Domain doctaaned SCS Mail Server Secure P
5. may use and their ability to make changes to the configuration of the IronMail appliance After you have set up the accounts using the screen at the bottom of the SmartStart page use the commands on that screen to record your configuration Then you may proceed to the next screen by clicking that screen s link in the left menu Screen 12 Change the Admin Password This screen allows you to change the password assigned to the Administrator account Setup Guide Change Password This screen allows you to change the password assigned to the Administrator account To protect the Admin account it is critical that the password be changed from the default to a new password This step is strongly recommended Password Information Old Password New Password Confirm Password SmartStart Change Admin Password IMPORTANT To protect the Admin account it is essential that the password be changed from the default to a new password This step is strongly recommended After you have changed the Admin password on the screen at the bottom of the Smart Start page use the commands on that screen to record your configuration Then you may proceed to another screen by clicking that screen s link in the left menu Screen 13 Finishing SmartStart This screen provides information that allows you to exit SmartStart gracefully taking you back to the login screen Finish SmartStart Click the Exit SmartStart button to quit the Smart
6. nally However you implement DNS you must at least do the following The MX record pointing to the IronMail must have a lower preference number i e higher priority than the other MX records for the domain This allows all mail addressed to your domain to be routed to the IronMail appliance and allows all other servers to perform DNS lookups and reverse lookups on IronMail Follow these configuration steps Step 1 Create the A record for the IronMail The A records provide the forward map ping of hostnames to IP addresses Step 2 Create the PTR record for the IronMail PTR records provide the reverse map ping of IP addresses Step 3 Create the MX record for each domain for which the IronMail will relay email Create the MX record number than the existing MX records Note Spammers have begun targeting secondary MXs for delivery of spam because often the anti spam features are not as robust as the primary MX You can check whether reverse lookup is working using the ping command with the a switch Pinging an IP address with that switch will do a reverse lookup and display the resolved name C gt ping a 63 168 166 5 Pinging servername yourdomain com 63 168 166 5 with 32 bytes of data Reply from 63 168 166 5 bytes 32 time 73 lms TTL 242 Reply from 63 168 166 5 bytes 32 time 1081ms TTL 242 Reply from 63 168 166 5 bytes 32 time 1052ms TTL 242 Reply from 63 168 166 5 bytes 32 time 611ms TTL 242 Setup
7. neath aiea 47 Screen 11 Add Accounts 2 acai ieleiint eaer er tebe E a 48 Screen 12 Change the Admin Password ccccesccesseeseeseeteeeteeeseeeees 48 Screen 13 Finishing SmartStart cccccccececssesseceteceeeeeeeeeeeeneeeseeseeeenes 49 TronMail CHAPTER 1 Server Hardware Setup Hardware Physical installation of the IronMail appliance entails installing the device into a rack and providing power and network connectivity IronMail E class is available in three server platforms E 2000 The E 2000 server platform is currently supported for the IronMail E class The E 2000 has a single processor SS IronMail 3 E 3000 and E 5000 The IronMail E 3000 and E 5000 are built upon a dual processor platform Setup Guide PI aa Ciphers IronMail3 Other Configuration Configuration of the Central Managment Console CMC and Secure Web Delivery SWD servers should follow the hardware setup of the IronMail appliance General Safety Notes on IronMail Appliances e There are no user serviceable components inside the appliance Opening IronMail s chassis will void the service agreement e Adequate spacing above below and behind the IronMail appliance should be pro vided to allow proper airflow and to prevent excessive heat build up e Use only the mounting kits provided with IronMail appliances when installing Iron Mail as improper mounting may result in hardware failure and h
8. 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 Have on hand the License Key that was e mailed to you for the IronMail appli ance The License Key contains information that determines whether this appli ance is a Centralized Management Console for enterprise environments or a stand alone IronMail Create a host name for this appliance Determine the domain name to which this appliance belongs Assign an IP address for this appliance Determine the Subnet Mask for this appliance Specify the Default Router the appliance will use Specify the IP Address of at least one of your DNS Servers This appliance must be able to connect to it Provide the fully qualified domain names of up to three Network Time Protocol servers IronMail identifies three servers by default Specify the appliance s time zone by selecting from the pick list the city nearest the appliance The selected city must be in the same time zone as IronMail For stand alone IronMail only Specify the fully qualified domain name of your default mail server If you have dedicated servers handling incoming and outgoing mail or other services select one to enter during the wizard setup the remaining servers will be configured later This information is not necessary for configuring a Centralized Management Console Specify the IP address of the default mail server you identified ab
9. 5 Copy the text file containing the License Key for the appliance and paste the key into the input field on the next screen You must include all of the beginning and ending lines that appear with the License Key as shown Begin CipherTrust License and End Cipher Trust License https 10 50 15 200 GipherTrust Wizard newbox ciphertrust com 192 168 0 254 Mozilla Firefox z CCipherlrust IronMail GipherTrust Installation Wizard Begin CipherTrust License IFiqqgYnBpCbUew 7j7m6C 7ELmLF58Pn75qnUmvz3KwKOADVF ImdTUTjJPADFIFKAKT yP uDOx 1KbKzHgeK SbtoAvS SK 1KqYBdkliOIGgGNQvmwzqfxmot yi3meoQCW UofiliE25kG8ffHboyg End CipherTrust License Klo Copyright 2006 GpherTrust Inc All rights reserved After pasting in the key click Next Step 6 Enter the host name for the appliance created by your Network Administrator The host name is the text preceding the domain name In the example server name yourdomain com servername is the host name and yourdomain com is the domain name https 10 50 15 200 GpherTrust Wizard newbox ciphertrust com 192 168 0 254 Mozilla Firefox 15 xi C Cipher lrust IronMail CipherTrust Installation Wizard Step 1 of 9 Copyright 2006 CipherTrust Inc All rights reserved rt ORG Chieri Sar Click Next Step 7 Enter the domain name for the domain t
10. 678 867 2999 or send an email to sup port ciphertrust com to confirm if your UPS has been tested since the publication of this Setup Guide Setup Guide Attaching Keyboard Mouse and Monitor IronMail accepts the connection of keyboard mouse and monitor allowing you to connect to the appliance directly in addition to or in lieu of connecting through your local area network Attach a monitor to the VGA port on the back of the appliance Attach keyboard to the bottom PS 2 port on the back of the appliance The mouse and keyboard must be connected to the appliance before power is turned on You only have access to the command line interface when connected directly to the appli ance you do not have access to the graphical browser based Web Administration inter face The command line interface allows you to perform some of the functionality available in the Web Administration GUI but more importantly it allows you to restore the appliance to its factory default settings Once the appliance is powered up the monitor will display a logon prompt Enter the same user name and password you use to connect to the Web Administration graphical user interface Refer to the chapter on Command Line Interface in the User Manual for instructions on using the available commands Server Power Controls and Indicators TronMail E class Power Controls and Indicators This section identifies the controls and indicators on the f
11. Connectivity cccccccccescessscsseceseeseeeeceeeecsseeeceseesseecseceseceeseeeeaeeaees 13 Network Firewall Configuration ccccccscssecssceeeceeeeeeceeceneeeeeeeneeanees 13 Internal Mail Server Configuration 0 cccecccssesseceteseeceeeceseeeseeeseeereees 18 DNS Configuration enesis nni issor nr E aaan E raie a 18 Setting Up CipherTrust IronMail ssssessseessssessseesessessseseesresressseseese 21 Configuring TronMall aistri iness isnt n e a a a aha 22 Best Practices Configuration ssssssesssssesesessessessresseesesresseeseesersseesee 35 TANIE CAM EAR EA EEEE E AA AAE EE T 35 Using Smarts tart soea a a a a dosage a a a a a 36 Screen 1 Network Connectivity cccecccccecsseeseceeeceseeeeececeeceseeeneenees 39 Screen 2 Software Updates c ccccccccsccsscceseessesteceeceeeeeeeeseeeecneenseeenes 39 Screen 3 Pre Confi guration cccccccesccesceecceseeseeeeceeeceseecseceecnteeeseeeaes 40 Screen 4 Threat Response Updates cccccccsecsseesceseeeseeesecetecnteeeneenees 41 iii Screen 5 Viras Updates 3 4 veseds ucceacivestesveresachess n e r a teers 42 Screen 6 SMTP Route Setup cee ceesseeeseccseeeceneceeeceseeceaeeceseeeseeeeeas 44 Screen 7 Internal Server Listare reni n a E a 44 Screen 8 ANW Relay irit riren ee e E E E E E 45 Screen 9 Report Setup sssssssssssessssssessseessesssesssesseessesseessesssesssssseeseest 46 Screen 10 Alerts Setup sect vesstiacansveeth teres tenet eastcatesth
12. D IF _ LICENSED IN ADDITION TO THE IRONMAIL SOFTWARE THE CURRENTLY OFFERED ANTI VIRUS SOFTWARE ANTI VIRUS SOFTWARE THE IRONMAIL SOFTWARE AND IF APPLICABLE THE ANTI VIRUS SOFTWARE COLLECTIVELY REFERRED TO AS THE SOFTWARE ON THE COMPUTER HARDWARE APPLIANCE HARDWARE ON WHICH THE SOFTWARE IS INSTALLED AND OPERATES THE IRONMAIL SOFTWARE AND APPLIANCE HARDWARE BEING REFERRED TO HEREIN TOGETHER AS THE ee ne THIS AGREEMENT DOES NOT APPLY TO IRONMAIL S class THE APPLIANCE Step 3 The next screen that opens displays the Support Services Agreement After you have read the agreement click Accept or Decline If you choose to Decline the Setup Guide installation wizard will close and the appliance will not run If you choose Accept the wizard proceeds to the next step https 10 50 15 200 CipherTrust Wizard newbox ciphertrust com 192 168 0 254 Mozilla Firefox CipherIrust lronMail GpherTrust Installation Wizard SUPPORT SERVICES AGREEMENT FOR THE CIPHERTRUST IRONMAIL APPLIANCE IMPORTANT THIS SUPPORT SERVICES AGREEMENT AGREEMENT GOVERNS THE ANNUAL MAINTENANCE AND SUPPORT SERVICES PROVIDED BY CIPHERTRUST INC A GEORGIA CORPORATION CIPHERTRUST AND ITS AUTHORIZED AGENTS TO CUSTOMER FOR THE IRONMAIL SOFTWARE AND IF SO LICENSED BY CUSTOMER THE CURRENTLY OFFERED ANTI VIRUS SOFTWARE LICENSED DIRECTLY FROM CIPHERTRUST ANTI VIRUS SOFTWARE THE IRONMAIL SOFTWARE AND IF APPLICABLE T
13. Guide CHAPTER 3 Setting Up Cipher Trust IronMail The initial setup for IronMail includes at least two major components and possibly a third The Installer or Administrator must set up the basic IronMail appliance to allow its further configuration after the basic initialization is completed they must also perform essential setup for connectivity to the internet and to the mail network The third compo nent is necessary only if the IronMail appliance is being set up as a Centralized Manage ment Console CMC Setup results in only the most basic configuration of IronMail Once all initial setup is complete the Administrator will perform the detailed configuration that prepares Iron Mail to protect the specific network In this chapter In this chapter you will find information about the following topics e Configuring IronMaill e Initial Configuration Wizard Setup Guide Configuring IronMail Preliminary Information IronMail whether intended as a stand alone appliance or as a Centralized Management Console uses a simple wizard to set the initial values required for it to become mini mally functional Before you run the wizard obtain the information requested in the form below Your network administrator should be able to assist you in determining the net work information A copy of this Information Gathering Form appears at the back of the Setup Guide so it may be removed for easy information gathering Step
14. HE ANTI VIRUS SOFTWARE COLLECTIVELY REFERRED TO HEREIN AS THE SOFTWARE AND FOR THE COMPUTER HARDWARE APPLIANCE HARDWARE ON WHICH SUCH SOFTWARE IS INSTALLED AND OPERATES THE IRONMAIL SOFTWARE AND APPLIANCE COLLECTIVELY REFERRED TO HEREIN AS THE APPLIANCE AND IF REQUESTED AND PAID FOR BY CUSTOMER INSTALLATION INTEGRATION AND TRAINING SERVICES RELATED TO THE APPLIANCE THIS AGREEMENT DOES NOT APPLY TO IRONMAIL S class APPLIANCES READ THIS SUPPORT SERVICES AGREEMENT CAREFULLY PRIOR TO USING THE APPLIANCE IN ORDER TO RECEIVE THE APPLIANCE YOU MUST INDICATE ACCEPTANCE BY YOU AND BY THE CORPORATE OR BUSINESS ENTITY CUSTOMER TO THESE TERMS AND CONDITIONS BY CLICKING ON THE Accept BUTTON ON YOUR vill Step 4 Select the language you wish to use for this installation of IronMail by choosing the name of the language from the pick list Select the character set for this Iron Mail from the second list https 10 50 15 200 GpherTrust Wizard newbox ciphertrust com 192 168 0 254 Mozilla Firefox a rm a 5 Cipherlrust tronMait GipherTrust Installation Wizard Select a language in which you want to install this Appliance T The Configuration of the appliance will be in the language you have selected here If you donot make any changes and hit enter then the default language English is taken as the locale Language Example Language English Language English Character Set Jus ascir z Click Next Step
15. OP3 Enabled L Mail Server Secure IMAP Enabled I Oera ot access a CipherTrust Secure Support Port 20022 006 GipherTrust Inc All rights reserved If you are configuring a Centralized Management Console you do not have to pro vide information about internal mail servers Skip this step by clicking Next and proceed to verifying your information Step 15 Verify that the information you have provided is correct You can use the Back buttons to return to previous steps and make corrections should you detect Setup Guide errors You may want to print this screen for your records once you have verified the information https 10 50 15 200 GipherTrust Wizard newbox ciphertrust com 192 168 0 254 Mozilla Firefox GpherTrust Installation Wizard If you wish you may print this page for your records If you need to make any changes please use the back button below Once you have verified that all the information is correct dick on the Finish button below to commit these settings and reboot the CipherTrust Server Attribute Value English US ASCII Default Router DNS 1 DNS 2 DNS 3 NP 1 time nist gov NTP 2 bitsy mit edu NIP 3 dock isc org Time Zone America New_York MailHostname mail do ctqa net MailHostIPAddress 10 50 1 55 DefaultEmail Domain do ctga net Choose SerialPort Usage For CLI Access CipherTrust Secure Support Port 20022 arr C Nae edo If you inadvertently enter the IP addre
16. Reports Email Address 7 Hostname SmartStart Report Setup After you have set up the reports using the screen at the bottom of the SmartStart page use the commands on that screen to record your configuration Then you may proceed to the next screen by clicking that screen s link in the left menu Screen 10 Alerts Setup This screen allows you to configure the alerting features of your IronMail appliance Alerts Setup Here you can configure the alerting Features of the IronMail Appliance Alert Category Extensive Alerts Core Alerts Email Address TO Hostname 7 SmartStart Alerts Setup After you have set up the alerts using the screen at the bottom of the SmartStart page use the commands on that screen to record your configuration Then you may proceed to the next screen by clicking that screen s link in the left menu Screen 11 Add Accounts This screen allows the Administrator to add new user accounts that may access the Iron Mail appliance and to configure the roles permissions assigned to those accounts User Accounts Create User Name Administration New Password Anti Spam Confirm Password a E Anti Virus Appliance Admin y Dashboard Compliance Officer Encryption User Creation Rights WebMail Protection Password Never Expires Mail Firewall Force Password Change afaa a oo oo oe Oo oy oo oa SmartStart Add Accounts The roles govern the functions these users
17. Start mode You will be redirected to the login page To return to the SmartStart mode select the Administration tab left menu option SmartStart Configure If you have finished SmartStart you may proceed from the opening screen the Dash board to monitor IronMail s status and activity Note If you exit SmartStart before completing all the steps be sure to note the steps you have completed and those that still remain It may be to your advantage to complete SmartStart before you exit to ensure nothing is forgotten When You Have Finished SmartStart If you have applied all the steps of SmartStart your IronMail appliance is now configured for deployment using best practices configuration When you have completed all steps of the SmartStart process you may exit SmartStart by clicking the Exit SmartStart button at the bottom of Finish SmartStart screen This will close SmartStart and take you to the IronMail login screen A IronMail CCipher rust ver 6 5 1 Administration Login User Name fifrancis Password eeeeeees IM 6 5 1 Build 5 3 with all Log into IronMail using your user name and password and you will see the IronMail What s New screen IronMail s opening screen for your first login What s New virtual IP innii Enhanced IronMail Localization Advanced C ompliance Features Image Analysis a Pas Compliance Officer UI
18. al you should open secure port 993 for IMAP4S instead Port 162 TCP SNMP Optional if using SNMP Trap Manager Port 389 TCP LDAP Optional if using LDAP Port 514 UDP Optional if using Syslog Server Port 443 TCP HTTPS Optional for WebMail for secure HTTPS proxying Port 993 TCP IMAP4S Optional this is the preferred port to securely retrieve mail via IMAP4S Port 995 TCP POP3S Optional this is the preferred port to securely retrieve mail via POP3S Port 20022 TCP CipherTrust Allows CMC connection to managed IronMail appli ance TABLE 4 Internal Mail Server to IronMail Port 22 TCP Command Line Optional only if you want to access the command line Interface interface from inside the network Port 25 TCP SMTP Required for mail delivery Port 10443 TCP HTTPS Required this is the port used to connect to IronMail s WebAdmin interface Installing IM in a Network with No DMZ If you do not have a DMZ the IronMail may be installed on your internal network If you install IronMail inside the network simply open the necessary ports in the firewall Setup Guide Firewall Routing Rules no DMZ Internet Outgoing to the Internet Incoming from the Internet 25 465 SMTP SMTPS 110 995 POP3 POP3S 143 993 IMAP4 IMAP4S 80 443 HTTP HTTPS 6277 only if you enable SLS lookups 10443 lranMail Administration Mail Server 25 SMTP 53 DNS 123 only if you use NTP 6277 only if
19. azardous conditions e Do not block any air vents usually 15 cm 6 inches of air space provides proper air flow e Plan the device installation starting from the bottom of the rack cabinet and install the heaviest device in the bottom of the rack e Do not extend more than one device out of the rack cabinet at the same time extending two or more devices simultaneously may cause the rack to become unsta ble e Remove the rack doors and side panels to provide easier access during installation e Connect the server to a properly grounded outlet e Do not overload the power outlet when installing multiple devices in the rack cabi net e Follow accepted electrical and general safety precautions when installing any Iron Mail Rack Precautions e Ensure that the leveling jacks on the bottom of the rack are fully extended to the floor with the full weight of the rack resting on them e Ina single rack installation stabilizers should be attached to the rack e In multiple rack installations the racks should be coupled together Setup Guide e Always make sure the rack is stable before extending a component from the rack Server Precautions e Determine the placement of each component in the rack before installing the rails e Install the heaviest server components on the bottom of the rack first and then work up e Use a regulating uninterruptible power supply UPS to protect the server from power surges and voltage
20. ce e Install IronMail in your existing network but set a PC workstation s netmask to match IronMail s default IP address and netmask For either type of connection the client workstation must temporarily change its IP address and netmask to match IronMail s default values IP Address 192 168 0 254 Net mask 255 255 255 0 That is change your workstation IP address to 192 168 0 xxx and the netmask to 255 255 255 0 where xxx is any number between 0 253 1 Launch Internet Explorer on the client workstation and navigate to IronMail s built in default IP address https 192 168 0 254 You must add the letter s after http The opening screen for the Installation Wizard displays Click Next to begin the installation process Copyright 2006 Sone Bane Inc All All ae reserved Step 2 The first screen to appear is the Master Sale and License Agreement After you have read the agreement click Accept or Decline If you choose to Decline the installation wizard will close and the appliance will not run If you choose Accept the wizard proceeds to the next step https 10 50 15 200 GipherTrust Wizard newbox ciphertrust com 192 168 0254 Mozilla Firefox CCipherlrust IronMail GpherTrust Installation Wizard MASTER SALE AND LICENSE AGREEMENT FOR THE CIPHERTRUST IRONMAIL APPLIANCE IMPORTANT THIS MASTER SALE AND LICENSE AGREEMENT AGREEMENT GOVERNS USE OF THE IRONMAIL SOFTWARE AN
21. creen by clicking that screen s link in the left menu Screen 4 Threat Response Updates This screen allows you to access and install the latest Threat Response Update TRU package for your version of the IronMail appliance software ThreatResponse Optimize Updates tr LoadaPackage aoe Upload Copyright 2006 CipherTrust Inc All rights reserved SmartStart Threat Response Updates This package sets optimal configuration parameters for protection from inbound e mail threats Network connectivity is required for this step IMPORTANT You should install the TRU package after upgrading to the most recent version of the IronMail appliance software and after installing the Pre Configuration package that is appropriate for your version of the software After you have set up the installation on the screen at the bottom of the SmartStart page use the commands on that screen to record your configuration Then you may proceed to the next screen by clicking that screen s link in the left menu Screen 5 Virus Updates This screen allows you to access and install the latest Anti Virus engines and virus signa tures for your version of the IronMail appliance software Virus Updates 2006 10 11 Copyright 2006 CipherTrust Inc All rights reserved SmartStart Anti Virus Updates After you deploy the IronMail appliance you will automatically receive new updates as they become available Connec
22. d LANI 4 Out of Band Management Port For out of band management connect to the other Ethernet port labeled LAN2 Power black A black power connection not shown is on the right side of the server CHAPTER 2 Network Configuration Network Connectivity Your network administrator must assign an IP address subnet mask and host name for the IronMail appliance A host name yourname and domain name yourdomain com results in the fully qualified domain name FQDN yourname yourdomain com The first time you connect to IronMail you will be required to enter this and other information into its configuration database Establishing network connectivity may require the assis tance of your network administrator Based on your company s network design IronMail may be connected to the corporate network either in a De Militarized Zone DMZ or on the internal LAN Once the physi cal connection has been established some configuration of the network firewall and Domain Name Service DNS will be required Network Firewall Configuration There are three main styles of firewalls packet filter types routers with ACLs applica tion proxy types e g Raptor and TIS Gauntlet and stateful inspection types e g CheckPoint and Cisco PIX It is important to understand most application proxy fire walls do not support SMTP over SSL i e the SMTPS protocol If your firewall is an application proxy type that does n
23. e left menu Screen 7 Internal Server List This screen allows you to add additional servers to your internal server list Internal Servers Configure SmartStart Internal Server Setup After you have added internal servers on the screen at the bottom of the SmartStart page use the commands on that screen to record your configuration Then you may proceed to the next screen by clicking that screen s link in the left menu Screen 8 Allow Relay This screen allows you to add servers to your Allow Relay List Allow Relay Configure IP Subnet Side Note For IP Add IP Subnets From a file Character Set Copyright 2006 CipherTrust Inc All rights reserved SmartStart Allow Relay Setup Allow Relay is the list of servers that are allowed to send e mail to your IronMail appli ance for any destination domain not just for domains the appliance hosts through the SMTP Routing setup After you have added internal servers to the Allow Relay list on the screen at the bottom of the SmartStart page use the commands on that screen to record your configuration Then you may proceed to the next screen by clicking that screen s link in the left menu Screen 9 Report Setup This screen allows you to configure the reporting features for your IronMail appliance Setup Guide Report Setup Here you can configure the reporting features of the IronMail Appliance Report Category all Reports Core
24. ide Extension Release Lever Component Mounting Channel 3 per rail Rear Multi Pin Adapter and Bracket Anti Sag Bar Slider Do OP SN oF Setting the Multi Pin Adapters for Rack Type The 10 32 threaded hole in the center of the Multi Pin Adapter is for securing the rails during shipping and for the attachment of front panel blanks if desired The Slide rails are shipped with the Multi Pin Adapters set for square holes If your rack has square mounting holes skip this section 1 On each Slide Rail reverse the Multi Pin Adapter position to match the rack mount ing hole type if necessary Remove the Multi Pin Adapter by rotating the Swivel Lock up pressing the mounting pins together and then pulling the adapter from the Multi Pin Bracket 2 Install the Multi Pin Adapter by pressing the pins together while inserting the adapter into the bracket The Multi Pin Adapter must be fully locked in the bracket Ensure both mounting pins on the Multi Pin Adapter are fully engaged in the Multi Pin Bracket then lock the Multi Pin Adapter in place using the Swivel Lock 3 Repeat these steps for both ends of each Slide Rail Installing the Slide Rails into the Rack 1 Atall four rack uprights determine the vertical position in the rack where the Slide Rails are to be installed The top most mounting hole for a particular rack unit RU mounting position is typically indicated by a mark or hole CAUTION If Slide Rails are mounted in h
25. ight 2005 Cipher Trust Inc All rights reserved Once a stand alone IronMail is running it is now acting as a proxy incoming and outgo ing mail will flow through IronMail to the email server you specified and your exposure to the outside world has been hardened However many of IronMail s features have not yet been enabled Additional configuration is required as described in the remainder of the User Manual Setup Guide CHAPTER 4 Best Practices Configuration The concept of Best Practices configuration is derived from CipherTrust s desire to streamline the process of preparing the IronMail appliance for effective operation Smart Start offers the means to do precisely that In this chapter In this chapter you will find information about the following topics e SmartStart e Using SmartStart SmartStart The purpose for SmartStart is to provide the Administrator the ability to install best prac tices IronMail configurations at the time of initial appliance installation and setup It allows the Administrator to install the current software upgrades current Anti Virus upgrades the Pre Configuration package the current Threat Response Update TRU and several other common configuration entries The Administrator will complete the initial IronMail setup and installation as usual applying the standard Installation Wizard as explained in the previous chapter and in the TronMail Setup Guide Then at
26. o which the appliance will belong e g yourdomain com https 10 50 15 200 GpherTrust Wizard newbox ciphertrust com 192 168 0 254 Mozilla Firefox C Cipher trust lronMail GpherTrust Installation Wizard Step 2 of 9 Copyright 2006 GipherTrust Inc All rights reserve Click Next Step 8 Enter the IP address assigned by your Network Administrator for this appliance https 10 50 15 200 GipherTrust Wizard newbox ciphertrust com 192 168 0 254 Mozilla Firefox Copyright 2006 GipherTrust tc Click Next Step 9 Enter the subnet mask for this IronMail as provided by your Network Adminis trator https 10 50 15 200 GpherTrust Wizard newbox ciphertrust com 192 168 0 254 Mozilla Firefox Cipher rust IronMail GpherTrust Installation Wizard Step 4 of 9 Copyright 2006 CipherTrust Inc All rights reserved Click Next Step 10 Enter the IP address for the Default Router for this appliance The router address is provided by the Network Administrator 10 50 15 200 CipherTrust Wizard newbox ciphertrust com 192 168 0 254 Mozilla Firefox EE C Cipher rust IronMail GpherTrust Installation Wizard Step 5 of 9 Copyright 2006 CipherTrust Click Next Step 11 Enter the IP address for at least one of your DNS Servers you may have up to three The DNS server will be used as a client for this IronMail https
27. ocroer 2006 yonMail Setup Guide Product Version E class CS Cipher trust Peace of Mind in Messaging 2006 CipherTrust Inc CipherTrust and the CipherTrust logo are registered trademarks of CipherTrust Inc All other trademarks are the property of their respective owners All rights reserved il TronMail IronMail Setup Guide Product Version E class Table of Contents Server Hardware Setup saan AN seslos Meg dtater sa ssedee se eaacehcededesceduaectegSactesvatdens 1 ard Wale niesienie a a cous deirandtees twedeeskaveceaies 1 E2000 55 van chseate Dasewaveh a uaa anew eae Desa dea eR 1 3000 And E5000 reee a a e ae aSa 1 Other Configuration sepen naan na aT iaaa iaa 2 General Safety Notes on IronMail Appliances cccceeceeseeseeseeeteeeeees 2 TronMail E class Installation ccccccecccecscesseeseceseceeeceeeeeseeesseneenseeeneenses 3 Slide Rail Installation ccccccesccessesseceseceseeeeceeeceseecseecseceseeseeeeeesseenaeens 5 Uninterruptible Power Supply ccccccecssesseceseceeceeseesseceeeeeeseeeeseeesaeceeneenaes 7 Attaching Keyboard Mouse and Monitor cccccccccessecsseceeceeeeeeeeeseeeseeeaeeees 9 Server Power Controls and Indicators ccccccccecessesscesccesessssscssesceesesssseeeees 9 IronMail E class Power Controls and Indicators ccccceccccesseceeeees 9 Network COnTO UP AtiOM Seis sec 2 cs5ycceutaienceatingde netede cues cesmadane eepepeaeenavaniaaes 13 Network
28. oles which are not vertically aligned level from front to back the Slide Rail may be damaged and mounting will not be secure 6 Setup Guide Noting the holes determined in the previous step align the left Slide Rail with its mounting holes Hold the Slide Rail in the desired rack mounting position At the rear of the Slide Rail press the Multi Pin Adapter mounting pins together and insert the Slide Rail into the rack Ensuring you have selected the proper mounting holes on the rack upright repeat the above step at the Slide Rail s front mounting position Ensure the Slide Rail is level Extend the Slide Rail to its fully extended locked position Press the Slide Rail Extension Release Levers to release the lock Move the Slide Rail in and out through its entire range of motion to ensure it does not bind If binding occurs recheck the mounting positions Repeat steps 2 through 5 for the right Slide Rail being certain that it is parallel and level with the left Slide Rail Installing the Component into the Slide Rails 1 2 3 Extend both Slide Rails to into their fully extended locked positions Align the mounting studs withthe Component Mounting Channels on the Slide Rails Carefully place the component s mounting studs in the Component Mounting Chan nels on the Slide Rails Allow the component mounting studs to fully seat in the Component Mounting Channels The Component Release Levers one on each rail
29. ot support SSL IronMail will not be able to encrypt your mail Both packet filter and stateful inspection firewalls however fully support SMTP over SSL if they are configured correctly It is recommended that you place IronMail in a DMZ if your network supports it If so you must create rules to allow the protocols for the following e TronMail to Internet e Internet to IronMail e TronMail to the internal mail server e Internal mail server to Ironmail Installing IronMail in a DMZ De Militarized Zone DMZ Firewall Routing Rules There should be no open protocols from outside to inside bypassing IronMail when using a DMZ configuration Setup Guide The following tables describes the ports you must open in your firewall to allow IronMail to function TABLE 1 IronMail to Internet Port TCP Protocol Description UDP Port 25 TCP SMTP Required for mail delivery Port 53 TCP DNS Optional for an IronMail CMC if your DNS is outside UDP the network you must open the port allowing IronMail CMC to connect to it Port 123 TCP NTP Required if using Network Time Protocol Port 6277 UDP SLS Required if you wish to enable Statistical Lookup Service SLS lookup as part of your anti spam strategy Port 20022 TCP CipherTrust Required in order for IronMail to request software anti virus updates TABLE 2 Internet to IronMail
30. ot that follow SmartStart screens are divided into three sec tions CCipherlrust IronMai 6 1 0 SmartStart Logout Contact Us Check for Network Connectivity Copyright 2005 CipherTrust Inc All rights reserved Left Side Menu The left side of the screen contains the menu listing all 12 screens that may be used in SmartStart You will use this menu to select the portion of the wizard you wish to apply You may click on any SmartStart screen link to open it without regard for the order on the menu How ever some of the steps must be taken in order Read the screen instructions before you apply the screen Screen 1 the Network Connectivity check is the opening screen for SmartStart since connectivity is required to apply some of the other steps Upper Right SmartStart information The upper portion of the screen as seen below extending across the screen except for the left menu area contains informative text about the screen you are currently viewing It may provide instructions and other important information about the step you are about to complete Lower Right Configuration screens The lower portion of all SmartStart screens like the sample below will contain the actual IronMail configuration screens required to complete the specific step you are applying Password Information Old Password New Password Confirm Password IMPORTANT The screen images that populate this
31. ove Specify your default email domain Determine if you want IronMail to use secure POP3 or IMAP 4 with your inter nal server Your internal server must have a Security Certificate installed on it for secure POP3 or IMAP4 to be implemented Verify this information with your Network Administrator prior to running the appliance s Initial Configuration Wizard Setup Guide Initial Configuration Wizard IronMail ships with a pre installed albeit unsigned Security Certificate IronMail only allows administrative sessions with it over a secure SSL https connection for which a Security Certificate is required The default Security Certificate is adequate for creating these secure connections from your browser to the IronMail appliance but is not adequate for providing SSL security for your email infrastructure Until you install a valid Security Certificate from a Certificate Authority your browser will display a Security Alert each time you logon to the appliance Clicking Yes at the prompt allows you to proceed You must connect to the appliance to enter some preliminary values in an Initial Configu ration Wizard in order to make the appliance initially functional Use a client workstation any Windows PC as IronMail s front end There are two ways you can connect to the appliance e Use a network cross over cable to physically connect a PC workstation to Iron Mail The cable plugs into the network port on each devi
32. portion of the SmartStart screen will retain their own instruction text or help text Accessing SmartStart To access SmartStart as part of the initial installation and setup of the IronMail the Administrator Admin user account simply logs into IronMail the first time CipherTrust IronMail ver 6 5 1 Administration Login User Name fifrancis Password eeeeeeee IM 6 5 1 Build 5 3 with all Screen 1 of the SmartStart process opens Setup Guide Screen 1 Network Connectivity The initial screen is designed to welcome the administrator give basic SmartStart instruc tion and test for Network Connectivity Check for Network Connectivity E This step will test the connectivity between your IronMail appliance and the CipherTrust update infrastructure Connectivity is required in order to use the SmartStart Feature to configure your IronMail appliance You will use the update infrastructure in the following steps to update the version of the software installed on your appliance to download the latest best practices Pre Configuration or ThreatResponse update packages and to install the most current Anti Virus engine updates and virus signatures Connectivity check might require a couple of minutes to complete Network Connectivity has successfully been established Check Connectivity SmartStart Network Connectivity Check This step tests the connectivity between your IronMail appliance and the CipherTrust
33. ront and rear of the IronMail E class servers It also describes the power features of the server Control Panel LEDs This section identifies the indicator LEDs on the front of the E class appliance NIC Indicator Indicator lights exist for both NIC1 and NIC2 Flashing LEDs indicate network activity on the respective LANs Power Indicator Indicates power is being supplied to the system s power supply units This LED should normally be illuminated when the system is operating Database Icon This indicator when flashing indicates database activity Caution Icon Indicates problems malfunctions or errors in the appliance Such problems can include overheating etc e IG st F ID Icon This indicator can be turned on steady or flashing to identify a specific unit when you have several appliances in the same rack or loca ID tion This allows the Administrator or any service technician to see which IronMail appliance he is working on E class Rear Panel The illustration above shows he connections available on the rear panel of the E 2000 server 1 Keyboard Port purple Use this port to plug a keyboard into the appliance when configuring the server or using the E 2000 as a console 2 Monitor Port blue Use this connection to plug in a VGA monitor when configurign the E 2000 or using it as a console 3 Mail Traffic Ethernet Port Connect to the network using the port to the left labele
34. spikes and to keep the system operating in case of a power failure e Allow the power supply units to cool before touching them e Always keep the rack s front door and all panels and components on the servers closed when not servicing in order to maintain proper cooling Lifting and Weight Precautions e Use safe practices when lifting 218 kg 39 7 Ib 232 kg 70 5 Ib 255 kg 121 2 Ib e For lifting objects with the following weights use the designated number of people e For objects weighing more than or equal to18 kg 39 7 1b use two people to lift the object e For objects weighing more than or equal to 32 kg 70 5 Ib use three people to lift the object e For objects weighing more than or equal to 55 kg 121 2 Ib use four people to lift the object e Doon place any object weighing more than 50 kg 110 Ib on top of rack mounted devices gt 50 kg 110 Ib TIronMail E class Installation The IronMail E class appliances are designed to mount in a standard 4 post data center rack having a 19 inch opening Tools required A Phillips 2 screwdriver is the only tool required Contents of the E class mounting kit e Power cord e Network Connection cord e Bezel mounts with screws e Mounting screws Slide Rail Installation The Slide Rails consist of individual left and right slide rails Details are shown in the illustration below Front Multi Pin Adapter and Bracket Component Release Lever Sl
35. ss incorrectly and fail to print this page show ing the appliance s dot decimal number you will be unable to log onto IronMail when you later browse to what you thought was the correct address Log onto Iron Mail via attached keyboard and command line interface to reset the appliance to its default factory settings Click Finish after the information has been verified CAUTION Do not press Enter a second time or click the Refresh icon This can cause problems with program integrity IronMail will automatically restart The following message will display The appliance i being restarted This should take about 2 minutes Please wat In some cases E LO return an error If this happens please close the browser and rebum to the epic te DONNEES atten Navigate to Anti virus gt Manual Anti Virus Updates You val also find infcemation in the IronMal User Guide in the section on Anti Virus De When the restart process has had time to finish wait at least three minutes you may log onto the appliance Using your network browser go to the IP address for the appliance and log in ver 6 5 1 CCipherlrust IronMail Administration Login User Name fifrancis Password eeeeeees IM 6 5 1 Build 5 3 with all IronMail s opening SmartStart screen will display allowing you to continue with best practices configuration Cipherlrust lronMail 6 1 0 Network Connectivity has successfully been established R Copyr
36. the Administrator s first login the initial SmartStart screen displays Unless the SmartStart installation is interrupted subsequent logons will bypass Smart Start and take the user directly to the Dashboard as discussed later in this manual Note SmartStart functionality is available only to the Admin user account For any other user the first login will open the Dashboard IronMail s regular opening screen Using SmartStart Complete SmartStart installation requires completing the actions on 12 screens It is important for the Administrator to remember a few basic rules for navigating SmartStart Step 1 You must select the specific SmartStart screen you wish to use by clicking the screen s link in the left menu When you finish one screen you can go to the next by clicking its link Step 2 If you need to leave the SmartStart Wizard before you have completed work with all screens you must leave by clicking Log Out at the top of the screen The next time you log in IronMail will return you to the SmartStart screen from which you logged out Step 3 If you click Quit at the top of the screen you will leave SmartStart and will be taken to the Dashboard screen You will not automatically return to SmartStart when you log in again Step 4 Since some SmartStart steps need to be done in a specific order please read the instructions on each screen before you apply it The SmartStart Screen As illustrated in the screen sh
37. this is the preferred port to securely retrieve mail via POP3 Port 6277 UDP ln Io In Required for IronMail s Statistical Lookup Service spam blocking tool Port 10443 TCP HTTPS Required this is the port used to connect to IronMail s WebAdmin interface Port 20022 TCP CipherTrust Optional allows CipherTrust to connect to your IronMail for Technical Support Most mail servers use only ports 25 110 and 143 for sending and retrieving email How ever messages transmitted through these ports are unencrypted attackers can read or intercept email sent this way We recommend that you open the secure ports instead 995 for POP3S and 993 for IMAP4S to force external users to retrieve their mail via SSL IronMail also provides the ability to send mail encrypted via TLS SGL Transport Layer Security Secure Sockets Layer on port 25 Internal Mail Server Configuration Configuration of your internal mail servers is very simple Make IronMail the only IP address allowed to connect to your mail server and re direct your servers outbound mail flow to IronMail using a static route DNS Configuration DNS is a very complex subject and there is no standard way in which it is implemented In addition to the DNS server s MX Mail Exchange A address PTR pointer and Setup Guide other records some networks use Network Address Tables NAT to map servers inter
38. tivity is required for this step Note Anti Virus protection is a licensed feature for your IronMail appliance If you have not licensed this protection please contact CipherTrust Support IMPORTANT You should update Anti Virus protection only after upgrading to the most recent version of the IronMail appliance software and after installing the Pre Configura tion package that is appropriate to your version After you have set up the updates on the screen at the bottom of the SmartStart page use the commands on that screen to record your configuration Then you may proceed to the next screen by clicking that screen s link in the left menu Screen 6 SMTP Route Setup This screen allows you to configure SMTP routes for any additional internal inbound domains or external outbound domains you will need in order to route mail properly in your environment Domain Based Mapping Manage IMAP4 d ctqa net STATIC POPS d6 ctga net STATIC SMTP d ctqa net STATIC SMTP docs1 ctqa net STATIC d6 ctga net Documentation Testing 1 SMTP docs2 ctqa net STATIC mail d6 ctga net Documentation Testing 2 Upload From File I Browse Character Set isosess 1 z Export SmartStart SMTP Route Setup After you have set up the routes on the screen at the bottom of the SmartStart page use the commands on that screen to record your configuration Then you may proceed to the next screen by clicking that screen s link in th
39. to record your configuration Then you may proceed to the next screen by clicking that screen s link in the left menu Screen 3 Pre Configuration This screen allows you to access and install the Pre Configuration package for your ver sion of the IronMail appliance software Setup Guide Pre Configuration Updates This screen allows you to access and install the Pre Config package for your version of the IronMail appliance software This package sets general configuration parameters representing the current best practices in general administration for your IronMail appliance Connectivity is required for this step Load a Package Browse Upload Date Installed 2006 10 10 2006 10 10 Copyright 2006 CipherTrust Inc All rights reserved SmartStart Pre Configuration Installation This package sets general configuration parameters representing the current best prac tices in general administration for your IronMail appliance Network connectivity is required for this step IMPORTANT You should install the Pre Configuration package after upgrading to the most recent version of the IronMail appliance software and you should only install the Pre Configuration that is appropriate for your version of the software After you have set up the installation on the screen at the bottom of the SmartStart page use the commands on that screen to record your configuration Then you may proceed to the next s
40. update infrastructure Connectivity is required in order to use the SmartStart feature for configuring your IronMail You will use the update infrastructure in some of the follow ing steps to update the version of software installed on your appliance to download the latest best practices Pre Configuration or Threat Response Update packages and to install the most current Anti Virus engine updates and virus signatures When you have tested your network connectivity go to the next screen by clicking that screen s link in the left menu Screen 2 Software Updates This step allows you to update the software on your IronMail appliance to the most cur rent available version Software Updates 2006 10 10 2006 10 10 INSTALLED Copyright 2006 CipherTrust Inc All rights reserved SmartStart Software Updates Network connectivity is required for this step Depending upon the version of the Iron Mail software currently installed this update may require more than one step and may involve rebooting the appliance If you need to install more than one release to get to the most current version use this screen to download and install each upgrade in order one upgrade at a time If the appliance must be rebooted you will be brought back to the SmartStart feature when you log in again After you have set up configuration changes on the screen shown at the bottom of the SmartStart page use the commands on that screen
41. you enable SLS lookups 20022 request software anti virus updates Ensure that your firewall s port settings match the table below TABLE 5 IronMail to Internet Port TCP Protocol Description UDP Port 25 TCP SMTP Required for sending mail Port 123 TCP NTP Required if using Network Time Protocol Port 123 UDP NTP Required if using Network Time Protocol Port 53 UDP DNS Optional for an IronMail CMC if your DNS is outside the network you must open the port allowing IronMail CMC to connect to it Port 20022 TCP CipherTrust Required in order for IronMail to request software anti virus updates Port 6277 UDP SLS Required if you wish to enable Statistical Lookup Service SLS lookup as part of your anti spam strategy Setup Guide TABLE 6 Internet to IronMail Port 25 TCP SMTP Required SMTPS Port 80 TCP HTTP Optional you should open secure port 443 for HTTPS instead Port 110 TCP POP3 Optional you should open port 995 for secure POP3S instead Port 143 TCP IMAP4 Optional you should open secure port 993 for IMAP4S instead Port 443 TCP HTTPS Optional for IronWebMail for secure HTTPS proxying Port 465 TCP SMTPS Optional this is the preferred port to securely send mail Port 993 TCP IMAP4S Optional this is the preferred port to securely retrieve mail via IMAP4 Port 995 TCP POP3S Optional
Download Pdf Manuals
Related Search