Académique Documents
Professionnel Documents
Culture Documents
Channel Partner
Technical Training
V1.1 21-Jul-04
Course Objectives
Critical SE Skills
Course Agenda
SMTP
TCP/IP
DNS
MIME
CLI and GUI device interfaces
Preview
A Typical New Customer Installation*
Gather customers network information and custom
requirements in advance
30 min
1,000 seats
5
Lets Go!
IronPort C-Series
Channel Partner
Technical Training
IronPort C-Series
Bonded SenderProgram
SenderBase
AFTER IRONPORT
10
2U
Dual processor
4 Drives; RAID 1+0
3 Ethernet Interfaces
Up to: 140 msgs/sec (500,000 msgs/hr)
Protects >> 1,500 Users
IronPort C30
2U
Single processor
2 Drives; RAID 1
3 Ethernet Interfaces
Up to: 40 msgs/sec (144,000 msgs/hr)
Protects 500-1,500 Users
IronPort C10
1U
Single processor
2 Drives; RAID 1
2 Ethernet Interfaces
Up to: 15 msgs/sec (54,000 msgs/hr)
Protects up to 500 Users
11
Optional Components
Brightmail Anti-Spam
Evaluation: 30-day
Subscription: 1-3 years
Sophos Anti-Virus
Evaluation: 30-day
Subscription: 1-3 years
Email is fundamentally
Different from other
enterprise applications
High level of simultaneous
inbound and outbound
connections
High rate of connection
establishment and teardown;
short-lived connections
Massive File System use for
small, short-lived files
13
ip1
data2
ip1
data1
ip2
data1
data1
ip2
ip1
data1
data2
ip2
data1
ip1
ip1
data1
ip2
14
Outside
DMZ
ip1
Inside
data2
ip2
data1
mgmt
15
Outside
DMZ
Inside
ip1
data1
16
4.5.6.7,25
(mx1.to.com)
SMTP Session:
EHLO from.com
MAIL FROM: joe@from.com
RCPT TO: user1@eng.to.com
RCPT TO: user2@to.com
Envelope-From
Envelope-To
Body Headers:
Received: from mail1.from.com (1.2...
Subject: Hello
From: Bob <bob@from.com>
To: User One <user1@eng.to.com>
Header-From
Header-To
Message Body:
Hello,
Display name
Envelope
Body
local-part@domain
The body after the first blank line may contain many MIME parts.
Second and following parts are often called attachments; first is
often called body or text. They are really all just parts.
mailbox
17
18
References
IronPort AsyncOS 3.8 User Guide
Chapter 1: Introduction
White papers
19
IronPort C-Series
Channel Partner
Technical Training
3
Dont let the firewall (or
old mail server) proxy.
IronPort needs to see
the actual sending IP
address
data1
ip1
ip2
21
Reputation
Filtering
Content
Scanning
Spam
Detection
Virus
Protection
22
Listener
Port
IP Interface
Physical Ethernet Interface
An IP interface is the
binding of an IP address
to a Physical Interface
IP address
Relationship Between
Listeners, IP Interfaces, and
Physical Ethernet Interfaces
IronPort
Messaging
Gateway
Physical
Interface
IP
Pub1
IP
Pub2
Data2
Security and IP
profiles are different
SSH, 22
SMTP, 25
SSH, 22
SMTP, 25
SSH, 22
SMTP, 25
IP Private
IP
Mgmt
Data1
Management
24
ip1
data1
data1
ip1
ip2
data2
ip2
Same Network
Different Network
Same Physical
Interface
Allowed
Allowed
Different Physical
Interface
Not Allowed
Allowed
IP Pub1
5.2.3.11
IP Pub2
5.2.3.12
Data2
00:06:5b:3f:1b:94
= Interface
IP Private
IP
10.0.1.22
Data1
Ethernet
00:06:5b:3f:1b:95
SSH, 22
SSH, 22
TCP
FTP, 21
SMTP, 25
HTTP, 80
SMTP, 25
SSH, 22
SMTP, 8025
SMTP, 25
IP Mgmt
192.168.1.123
Management
00:03:47:ad:6b:8a
= Listener
26
27
Welcome to the
Command Line Interface (CLI)
interfaceconfig
NEW
Name:
Address:
Interface:
etc
EDIT
DELETE
Interface:
Name:
Address:
Interface:
etc
Interface:
smtp.scu.com> alertconfig
Please enter the email address(es) to send alerts.
Separate multiple addresses with commas.
Enter the word "DELETE" to clear the default and disable alerts.
[postmaster@scu.com]> helpdesk@scu.com
Debounce timeout (seconds):
[300]> <cr>
Would you like to enable AutoSupport, which sends system alerts and
weekly status reports to IronPort Customer Care? (Enabling AutoSupport is
recommended.) [N]> <cr>
smtp.scu.com> commit
Please enter some comments describing your changes:
[]> change alert address to helpdesk@scu.com
Changes committed: Mon Mar 22 16:19:49 2004
28
smtp.scu.com> inter<tab>faceconfig
or filename completion
Currently configured interfaces:
1. Management (192.168.42.42/24: ironport.example.com)
2. PrivateNet (172.20.0.42/24: smtp-priv.scu.com)
Selection lists are
3. PublicNet (192.35.195.42/24: smtp.scu.com)
Choose the operation you want to perform:
used frequently
- NEW - Create a new interface.
- EDIT - Modify an interface.
- GROUPS - Define interface groups.
- DELETE - Remove an interface.
[]> edit
Subcommand prompt is [ ]>
Enter the number of the interface you wish to edit.
[]> 1
Type ? or help to see commands.
IP interface name (Ex: "InternalNet"):
Get command line history with
[Management]> InternalNet
up arrow, down arrow, ^p or ^n
Defaults are
IP Address (Ex: 192.168.1.2):
[192.168.42.42]> <cr>
given inside [ ]
Ethernet interface:
1. Data 1
2. Data 2
3. Management
^C
[3]> ^C
smtp.scu.com> showchanges
No changes
{}
smtp.scu.com> clear
of prompt string
29
[Y]>
Before you begin, please reset the administrator password to a new value.
Old password: ironport
New password: password
Retype new password: password
The
systemsetup
wizard configures
everything needed
for a basic
configuration
*****
You will now configure the network settings for the IronPort C60.
Please create a fully qualified hostname for the IronPort C60 appliance
(Ex: "ironport-C60.example.com"):
[]> smtp.scu.com
*****
You will now assign an IP address for the "Management Interface". This is
the default interface you will use for connecting to the system to configure
it.
Enter the IP address to use for the management interface. (Ex:
"192.168.1.1")
[]> 192.168.1.1
What is the netmask for this IP address? (Ex: "255.255.255.0" or
"0xffffff00"):
[255.255.255.0]> <cr>
What is the broadcast address for this IP address?
[192.168.1.255]> <cr>
You have successfully configured the Management interface.
*****
You will now assign an IP address for the "Data 1" interface.
Please create a nickname for the "Data 1" interface (Ex: "PrivateNet"):
[]> PrivateNet
Enter the static IP address to use for "PrivateNet" on the "Data 1"
interface: (Ex: "10.1.1.1"):
[]> 172.20.0.11
30
Manual
Setup
[N]> <cr>
[N]> <cr>
Control
FTP,
SSH,
HTTP, and
HTTPS access
on this interface.
Use etherconfig to
set FDX/HDX/Auto
ethernet properties
Dont forget to
commit changes!
Next: Create the
PublicNet interface
32
commit changes!
Manual
Setup
IronPort> routeconfig
Currently configured routes:
1. R&D net Destination: 172.20.2.0/24 Gateway: 172.20.0.254
2. QA net Destination: 172.20.3.0/24 Gateway: 172.20.0.254
33
Manual
Setup
34
listenerconfig Public:
Accept and Route Mail
Enter the domains or specific addresses you want to accept mail for.
Hostnames such as "example.com" are allowed.
Partial hostnames such as ".example.com" are allowed.
Usernames such as "postmaster@" are allowed.
Full email addresses such as "joe@example.com" or "joe@[1.2.3.4]" are
allowed. Separate multiple addresses with commas.
[]> exchange.scu.com
Would you like to configure SMTP routes for
exchange.scu.com? [Y]> y
Enter the destination mail server where you want mail for
exchange.scu.com to be delivered. Separate multiple entries with
commas.
Route all mail to the Exchange system
[]> 172.20.0.30
Do you want to enable rate limiting per host?
[Y]> n
Say no to rate
limiting. You can
always add it later.
35
listenerconfig Private:
Select Relays and Policy Defaults
Please specify the systems allowed to relay email through the IronPort C60.
Hostnames such as "example.com" are allowed.
Partial hostnames such as ".example.com" are allowed.
IP addresses, IP address ranges, and partial IP addresses are allowed.
Separate multiple entries with commas.
[]> 172.20.0.0/24
You must specify
what
hosts in your network will
be allowed to send mail
out through the IronPort.
Otherwise, no mail will
be allowed through.
MX
MX
smtp.scu.com
smtp.scu.com
smtproutes table
bob@scu.com
Domain
Route
scu.com
172.20.0.30
notes.scu.com
172.20.0.20
172.20.0.30
smtp.scu.com
172.20.0.20
carol@notes.scu.com
Domain
Route
scu.com
172.20.0.30
notes.scu.com
172.20.0.20
38
Interfaces
Listeners
HTTP and HTTPS access
Admin password
System alert email destination
Autosupport
Quick
Setup
IronPort> systemsetup
box
You will now configure the network settings for the IronPort C60.
Please create a fully qualified hostname for the IronPort C60 appliance
(Ex: "ironport-C60.example.com"):
[]> smtp.scu.com
C30
System
Setup
ip1
data2
data1
ip2
* Indicates
Required
Information
If yes: HTTP
or HTTPS
DNS
40
C10
System
Setup
data1
Listener for
accepting and
relaying email
* Indicates
Required
Information
Use interfaceconfig
to enable FTP and
SSH access on the
private interface
[N]> y
[N]> <cr>
[N]> y
Dont forget to
commit changes!
42
Protocol
In/Out
Description
20/21
TCP
In or Out
22
TCP
In
22
TCP
Out
23
Telnet
In
23
Telnet
Out
25
TCP
Out
25
TCP
In
80
TCP
In
53
UDP
In & Out
123
UDP
In & Out
389/3268
LDAP
In & Out
443
TCP
In
628
TCP
In
DNS
IP layer: ping,traceroute
SMTP, 25
SSH, 22
SSH, 22
SMTP, 25
IP Public
IP Private
Data2
Data1
44
Youre going to use the CLI whether you like it or not, but you get a
lot of help along the way
You can quickly setup the system using systemsetup, or you can
do it manually with interfaceconfig, setgateway,
routeconfig, listenerconfig, and smtproutes
Make sure you open all of the firewall ports for the services you
configure
45
References
IronPort AsyncOS 3.8 User Guide
Chapter 2: CLI Overview
Chapter 3: Setup and Installation
46
IronPort C-Series
Channel Partner
Technical Training
Access Control
Module 3
Recipient Access
Table
InboundMail listener
TCP Connection
SMTP Session
Body Headers
Message Body
TCP Connection
SMTP Session
Body Headers
Message Body
OutboundMail listener
Recipient Access
Table
What?
192.35.195.42
ACCEPT
216.255.128.0/19
REJECT
.aol.com
THROTTLE
TCP Connection:
1.2.3.4,12345
(mail1.from.com)
4.5.6.7,25
(mx1.to.com)
SMTP Session:
EHLO from.com
MAIL FROM: joe@from.com
RCPT TO: user1@eng.to.com
RCPT TO: user2@to.com
Body Headers:
Received: from mail1.from.com (1.2...
Subject: Hello
From: Joe joe@from.com
To: User One user1@eng.to.com
Message Body:
Hello,
49
Comment
209.237.250.106
216.255.128.0/19
.mx.AOL.COM
209.237.224-255.
WHO?
Meaning
192.35.195.42
Full IP Address
216.255.128.
216.255.128-159.
Range of IP addresses
216.255.128.0/19
mailin-01.mx.AOL.COM
.mx.AOL.COM
SBRS[-10.0:-7.0]
SBO:177
dnslist[domain]
ALL
WHITELIST
$TRUSTED
BLACKLIST
$BLOCKED
SUSPECTLIST
$THROTTLED
UNKNOWNLIST
$ACCEPTED
ALL
$ACCEPTED
RELAYLIST
$RELAYED
ALL
$BLOCKED
RELAYLIST
$RELAYED
WHITELIST
$TRUSTED
BLACKLIST
$BLOCKED
SUSPECTLIST
$THROTTLED
UNKNOWNLIST
$ACCEPTED
ALL
$ACCEPTED
Action
Throttling
Anti-spam
Anti-virus
$RELAYED
RELAY
NO
NO
YES
$TRUSTED
ACCEPT
NO
NO
YES
$BLOCKED
REJECT
N/A
N/A
N/A
$THROTTLED
ACCEPT
YES
YES
YES
$ACCEPTED
ACCEPT
NO
YES
YES
54
Processing Control
Accept connection
Reject SMTP connection
Refuse TCP connection
Relay mail
TCP Connection:
1.2.3.4,12345
(mail1.from.com)
Throttle across
TCP connections
Max recipients
per hour
Max recipients
per hour error
code
Max recipients
per hour text
WHAT?
4.5.6.7,25
(mx1.to.com)
SMTP Session:
RCPT TO: user1@eng.to.com
250 OK
RCPT TO: user2@to.com
452 Too many recipients
RCPT TO: user3@to.com
452 Too many recipients this hour
Throttle within a
TCP connection
Max messages per
connection
Max recipients per
message
Max message size
Max concurrent
connection
Body Headers:
Received: from mail1.from.com (1.2...
Subject: Hello
Message Body:
Hello,
55
WHITELIST
$TRUSTED
BLACKLIST
$BLOCKED
SUSPECTLIST
$THROTTLED
UNKNOWNLIST
$ACCEPTED
ALL
$ACCEPTED
Order matters:
HAT entries are
consulted in
order, and the
first match wins
56
RELAYLIST
$RELAYED
ALL
$BLOCKED
systemsetup or listenerconfig
for a private (or C10) listener asks:
Please specify the systems allowed
to relay email through the IronPort
C60
Policy Name
Action
Inbound
Anti-spam Anti-virus
Throttling
WHITELIST
$TRUSTED
ACCEPT
NO
NO
BLACKLIST
$BLOCKED
REJECT
N/A
N/A
N/A
SUSPECTLIST
$THROTTLED
ACCEPT
YES
YES
YES
UNKNOWNLIST $ACCEPTED
ACCEPT
Moderate
YES
YES
ALL
ACCEPT
Moderate
YES
YES
$ACCEPTED
YES
Policy Name
Action
Inbound
Anti-spam Anti-virus
Throttling
RELAYLIST
$RELAYED
RELAY
NO
NO
YES
ALL
$BLOCKED
REJECT
N/A
N/A
N/A
58
Policy Name
Action
Inbound
Anti-spam Anti-virus
Throttling
WHITELIST
$TRUSTED
ACCEPT
NO
NO
BLACKLIST
$BLOCKED
REJECT
N/A
N/A
N/A
SUSPECTLIST
$THROTTLED
ACCEPT
YES
YES
YES
UNKNOWNLIST $ACCEPTED
ACCEPT
Moderate
YES
YES
RELAYLIST
$RELAYED
RELAY
NO
NO
YES
ALL
$ACCEPTED
ACCEPT
Moderate
YES
YES
YES
59
Each tab
has subtabs
60
Click
Clickon
onany
anyproblem
problemdomain
domainand
and
add
addititto
toone
oneofofthe
theSender
SenderGroups
Groups
63
65
66
Meaning
Division.example.com
.example.com
User@
User@[1.2.3.4]
67
Identify recipients by
domain or local-part:
Complete domain
Partial domain
Local-part (username)
Local-part@domain
RAT Table
to.com
ACCEPT
eng.to.com
ACCEPT
oldname.com
REJECT
4.5.6.7,25
(mx1.to.com)
SMTP Session:
MAIL FROM: is not
EHLO from.com
checked in the RAT;
MAIL FROM: joe@from.com
only recipients
RCPT TO: user1@eng.to.com
RCPT TO: user2@to.com
Body Headers:
Received: from mail1.from.com (1.2...
Subject: Hello
From: Joe joe@from.com
To: User One user1@eng.to.com
Message Body:
Hello,
(with custom
SMTP message)
68
4.5.6.7,25
(mx1.to.com)
SMTP Session:
RCPT TO: user1@eng.to.com
250 OK
RCPT TO: user2@to.com
550 No such user
Reject recipient
Accept recipient and
bypass throttling
Body Headers:
Received: from mail1.from.com (1.2...
Subject: Hello
From: Joe joe@from.com
To: User One user1@eng.to.com
Message Body:
Hello,
69
Use listenerconfig to
View and Edit RAT Settings
smtp.scu.com> listenerconfig
[]> edit
[]> 1
(InboundMail)
scu.com ACCEPT
ALL REJECT
[]> new
[N]>
mycompany.com
ACCEPT
ALL
REJECT
Order does NOT matter
in the RAT - the most
specific entry matches
systemsetup or listenerconfig
for a public listener asks:
Enter the domains or
specific addresses you want
to accept mail for.
[N]>
local-part@domain.com
LDAP
RAT
73
aliasconfig
domainmap
ldapconfig
Jane_Doe@mycompany.com
jdoe@exchange.mycompany.com
Outbound: Envelope-from
Masquerading
listenerconfig
OutBoundMail
jdoe@exchange.mycompany.com
EDIT
MASQUERADE
Jane_Doe@mycompany.com
74
The RAT defines who (as in which domain names) you are willing to
receive mail for
75
References
IronPort AsyncOS 3.8 User Guide
Chapter 4: Configuring the Gateway to Receive Email
Chapter 5: Configuring Email Routing and Delivery
76
IronPort C-Series
Channel Partner
Technical Training
Policy Enforcement,
Anti-Spam, and Anti-Virus
Module 4
1.2TCP C
.3.
on
(ma
il1.4f ,1234necti
rom 5 on:
SM
.co
m) (4.5.6
EH TP S
mx .7,2
1.to 5
MA LO froessio
.co
RC IL FR m.co n:
m)
PT OM m
TO : jo
: us e@
Bo
d
e
f
r1@ rom
Re y H
to.c .com
Fro ceive eader
om
s:
To: m: bod: from
use b@
ma
f
r
r
1
@t om. il1.f
Me
Hel ssag o.comcom rom
lo, e B
ody
:
Message filters
are a script-like
logical syntax
that are applied
to every
message
passed through
the system
79
Destination host
Encryption
Sender
Recipient
Subject
Text in the message or
attachment
Attachment type
SBRS score
Message size
Drop messages
Bounce messages
Insert/Delete headers
Drop attachments
Redirect message
Route to mail host
BCC, copy or archive
Notify someone
Skip spamcheck
Skip viruscheck
Change bounce profile
Stamp footer
80
Anatomy of a Filter
A filters rules appear after the if and before
the opening curly brace {.
Label
drop_all:
Rule
if (true) {
insert-header('X-SBRS', '$Reputation');
}
Action
Final Actions:
Drop, Bounce, and Deliver
drop()
Aborts the incoming message.
The message will not be delivered.
Action
Variable
Action variables contain
information the system knows
about this message that can
be used in rules or actions
81
bounce()
Bounces the incoming message.
The original message will not be delivered to anyone.
deliver()
Short-circuits the filtering system.
The message will go on to Anti-Spam/Anti-Virus processing, if
configured, otherwise it will be enqueued for delivery immediately.
82
Examples
Bounce Messages > 6 MB
BounceOver6MB:
if (body-size > 6M) {
bounce();
}
NotifyAndDropOver6MB:
if (body-size > 6M) {
notify('$EnvelopeFrom');
drop();
}
It would be smarter to not
send the entire huge
message back
More Examples
Drop attachments
drop_all_dangerous:
if (true) {
drop-attachments-by-filename
drop-attachments-by-filename
drop-attachments-by-filename
drop-attachments-by-filename
drop-attachments-by-filetype
}
('(?i)\\.pif$');
('(?i)\\.bat$');
('(?i)\\.scr$');
('(?i)\\.com$');
('Executable');
Anti-Spam Overview
Configurable system-wide
spam thresholds
Decide whether to drop, forward,
tag, archive or quarantine
Handle spam and suspected
spam differently
86
IronPort SenderBase
Reputation Service
Rolls data up into a reputation
score between -10 to +10
-10 is very bad
0 is not enough traffic to be positive
and no bad reports
+10 is very good
www.senderbase.org
Security threats
87
88
-10
An IP on one or more
reliable blacklists or
belonging to a
suspicious new
sender with some
complaints and
spamtrap hits
-5
May be a dynamic IP
(e.g., dialup) sending
direct to Internet or an
email marketer with
poor practices, or a
legitimate enterprise
with an open server
Spam houses
generating complaints
and hitting spam
traps. IP listed on
one or more open
proxy lists. Almost
always spam.
A known enterprise, or
sender who has
undergone third-party
certification, with no
complaints and a long
sending history.
Some
sending
history, low
or moderate
complaints
+5
+10
Long sending
history, few
complaints
89
TCP/IP
Connect
3
64.12.2.8
SenderBase
Affiliate
Network
64.12.2.8
4
SBRS = x.x
SBRS
Database
91
Phase 1
Phase2
$THROTTLED
[ -10.0 : -7.0 ]
$BLOCKED
[-10.0 : -7.0 ]
$ACCEPTED*
[ -7.0 : -2.0 ]
$THROTTLED
[ -7.0 : -2.0 ]
-1, 0, 1, 2, 3, 4, 5
6, 7, 8, 9, 10
$ACCEPTED*
[ -2.0 : 6.0 ]
$TRUSTED
[ 6.0 : 10.0 ]
Probe
Network
Internet
Brightmail Rules
HTTPS
SMT
P
HTTPS
SMTP
Mailbox server
Brightmail Quarantine
(optional)
93
TCP Conn
SMTP
Body Hdrs
Body
Spam
Pick
One
Not Spam or
Reinserted
from
Quarantine
Pick
One
Stop
Drop
Stop
Drop
Deliver
Deliver
Redirect?
Modify Subject?
Add header?
Archive?
Deliver
Redirect?
Modify Subject?
Add header?
Archive?
Bounce
Bounce
Processing
Quarantine
To Quarantine
Host
Bounce
Bounce
Processing
Quarantine
To Quarantine
Host
94
Enable Brightmail
95
96
Redirect,
Redirect,quarantine,
quarantine,
or
orarchive
archivethe
themessage
message
ififyou
want
you wantto
toavoid
avoid
normal
normaldelivery
delivery
97
Anti-Virus Overview
Up to 55 msgs/second at this
point in the funnel
98
IronPort uses
Sophos for Anti-Virus Protection
IronPort
Support Center
Internet
HTTP
Anti-Virus Updates
Sophos Updates
SMTP
SMTP
HTTP
Anti-Virus
Definitions
Mailbox Server
99
Virus
Found
Is Repair
enabled?
Body Hdrs
Body
Yes
No Virus
Found
Attempt
to Clean
Deliver
unscannable
(possible virus)
Encryption
detected
(unscannable
portions)
No
Failure
Pick
One
Success
Drop
No
Is Drop infected
attachments enabled?
Yes
Archive original?
Notify anyone?
Drop
Attachment
Deliver
Modify Subject?
Add header?
Archive original?
Notify anyone?
Deliver
Deliver as
Attachment
Modify Subject?
Add header?
Redirect?
Route to alternate host?
Archive original?
Notify anyone?
100
101
Choose scan
behavior when a
virus is found
102
103
Drop
Deliver as Attachment to New Message
Deliver As Is
Choose
Choose Your
Your
Actions
Actions When
When aa
Virus
Virus Cannot
Cannot be
be
Repaired
Repaired
You get separate configurations for
each case:
Encrypted message
Message unscannable
Virus-infected message
104
105
References
IronPort AsyncOS 3.8 User Guide
Chapter 6: Anti-Spam
Chapter 7: Anti-Virus
Chapter 8: Policy Enforcement
106
IronPort C-Series
Channel Partner
Technical Training
Monitoring,
Logging, and Troubleshooting
Module 5
Reactive
Daily checks
Report status
Is my system
healthy?
Troubleshooting
Configuration changes
I need to make this
change: Will it work?
Does it do what I expect?
Monthly checks
Report details
What happened
last month?
Troubleshooting
Problem / query
What happened to a
particular message?
Is this change I am
making correct?
108
109
111
Recipients Received
% Change Recipients
Rcpts. Blocked by Rate Limit
% Brightmail Positive
% Brightmail Suspect
Virus Positive
Connections Rejected
SBRS
Past Hour
Past Day
Past Week
Past Month
20
50
100
112
113
CLI: tophosts
Concurrent
connections
114
Report Type
Frequency
Send Result
To
Result
Formats
Save
Previous
Reports
Components
to Include
Avaliable
Selections
Incoming
Volume
System
Summary
Daily
Weekly
Monthly
Email
(multiple)
CLI / text
GUI / HTML
Text
HTML
CSV
XML
Specify a
number
Report
specific
Report Type
Available Components
Incoming Volume
Virus Senders
Spam Senders
Unclassified Recipients
Rejected Connections
Recipients Received
Received Bytes
Accepted TLS Connections
Rejected TLS Connections
System Summary
System Statistics
Spam Statistics
Virus Statistics
Message Flow Histogram
116
117
Set Up
Periodic
Reports the
Way You
Want Them
Specify what
data you want
118
119
Reactive
Daily checks
Report status
Is my system
healthy?
Troubleshooting
Configuration changes
I need to make this
change: Will it work?
Does it do what I expect?
Monthly checks
Report details
What happened
last month?
Troubleshooting
Problem / query
What happened to a
particular message?
Is this change I am
making correct?
120
121
Use cases
Track the receipt, processing, and delivery of specific messages
Track Anti-Spam and Anti-Virus checking results
Analyze system performance
ICID
MID
RID
DCID
New
Start
Incoming Connection ID
Message ID
Recipient ID
Delivery Connection ID
New connection initiated; ICID created
New message started; MID created
122
Incoming Connection ID
MID 6 ICID 5
ICID 5 From:<sender@remotehost.com>
ICID 5 RID 0 To:<mary@yourdomain.com>
ready 100 bytes from
Recipient ID
ICID 5 close
New SMTP DCID 8 interface 192.168.42.42
Delivery start DCID 8 MID 6 to [0]
Message done DCID 8 MID 6 to [0]
DCID 8 close
Delivery Connection ID
123
Log level:
1. Error
2. Warning
3. Information
4. Debug
5. Trace
[3]> <cr>
125
Info:
Info:
Info:
Info:
MID
MID
MID
New
Tail runs
continuously until
^C, so start it
before you send
a test message
126
the
smtp.scu.com>
mailconfig
smtp.scu.com> nslookup
Please enter the host or IP to
resolve.
[]> torba.com
Choose the query type:
1. A
2. CNAME
3. MX
Unlike other nslookups,
4. NS
the IronPort nslookup
5. PTR
will
recurse until it gets
6. SOA
a final answer
7. TXT
[1]> 3
MX=torba.com PREF=10 TTL=36m33s
Troubleshooting Clip-n-Save
tail
logconfig
ping
traceroute
telnet
nslookup
mailconfig
rate
topin
hostrate
deleterecipients
bouncerecipients
delivernow
suspendlistener
resumelistener
suspenddel
resumedel
suspend
resume
workqueue
showchanges
clear
Places to Start in the GUI
Outgoing Mail - Overview
System - Overview
130
Use logconfig, tail, and FTP to configure and view log files
Use the trace tool to test how the IronPort will process a test
message, especially after you change the system configuration
131
References
IronPort AsyncOS 3.8 User Guide
132
IronPort C-Series
Channel Partner
Technical Training
System Administration
Module 6
134
Shutdown/reboot
When is a mail appliance
not a mail appliance?
When its a UNIX system.
Avoid power cycles.
Call support if the box
loses power for a health
check
Use suspend to quiesce the
system gracefully
Use shutdown or reboot to
take your IronPort down
Use resume following reboot if
you did a suspend, to
resume normal operations
suspend
Stops accepting all
inbound connections
on all listeners
Stops delivering all
outbound messages
Waits for any current
connections to
complete
Stays suspended
across reboots
TCP Connection
SMTP Session
Body Headers
resume
Resumes all normal
operations
Message Body
OutboundMail listener
135
dnsconfig
Act as a caching nameserver with direct access to the Internet root
nameservers, or configure to forward to your local nameservers
routeconfig
Add static routes
setgateway
Sets the default route
etherconfig
Sets Full / Half Duplex and 10 /100 Mb speed on interfaces
interfaceconfig
Sets basic IP address configuration on interface
resetconfig
Erase all configuration and reset to factory default
136
Description
Administrators
Operators
Guests
Time Remaining
24 weeks 3 days 35 mins
24 weeks 3 days 35 mins
23 weeks 2 days 1 hours
Enter to go to the main
smtp.scu.com> version
Current Version
===============
Model C60
Version: 3.7.2-026
Build Date: 2004-04-02
Serial #: 000D5670320E-89NMS31
55 secs
18 secs
24 mins 26 secs
prompt.
Brightmail Anti-Spam
Evaluation: 30 day*
Purchase: Perpetual
Evaluation: 30-day
Purchase: 1-3 years
Sophos Anti-Virus
Evaluation: 30-day
Purchase: 1-3 years
Performing Upgrades
smtp.scu.com> upgradecheck
All interaction with the upgrade server is done using ssh. By default this
protocol is run over TCP on port 22. If you are behind a firewall you may
want to run this protocol over a non-standard port.
Please choose a port to use:
1. port 22, default SSH
2. port 25, normally SMTP
3. port 53, normally DNS
4. port 80, normally HTTP
5. port 443, normally HTTPS
6. port 4766, IronPort reserved
[1]> <cr>
139
Meaning
The DNS cache initializes at boot time. This failure is not fatal, since the cache initializes
again at a defined interval. If you see this error message only once or twice, the DNS cache
must have initialized successfully at one of the subsequent intervals. If the appliance failed
to finalize the appliance consistently, the appliance would be unable to resolve hostnames
and IP addresses for all messages.
140
[Y]> y
AutoSupport is a
Good Thing and is
highly recommended!
141
smtp.scu.com> alertconfig
smtp.scu.com> supportrequest
(Enabling AutoSupport is
recommended.) [N]> y
FTP
XML
config
data
GUI
updates
XML
DTD
data
143
FTP
XML
config
data
CLI or
GUI
updates
XML
DTD
data
/configuration/config.dtd
145
147
Disaster Recovery
Buy two IronPorts
Call support if one dies
Save the configuration on a regular basis
Write an off-box script (cron job) to login (SSH) and do a
showconfig or saveconfig or mailconfig
148
149
References
IronPort AsyncOS 3.8 User Guide
Chapter 10: System Administration
150
IronPort C-Series
Channel Partner
Technical Training
Course Wrap-Up
Review
Course Objectives
Critical SE Skills
152
Review
A Typical New Customer Installation
Gather customers network information and custom
requirements in advance
30 min
153
154
Where do I go next?
155
156
157
White papers
158
Closing Comments
159