doc1 Norman Online Protection - How To Set Up This manual gives step
download 
Report Transcription
1 Norman Online Protection - How To Set Up This manual gives step
Norman Online Protection - How To Set Up STATISTICS This manual gives step-by-step instructions on how to install your Norman Online Protection email service. 1 Norman Online Protection - How To Set Up Norman AS is not liable for any form of loss or damage arising from use of the documentation or from errors or deficiencies therein, including but not limited to loss of earnings. The information in this document is subject to change without notice. No part of this documentation may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording or information storage and retrieval systems, for any purpose other than the purchaser’s personal use, without the explicit written permission of Norman AS. The Norman logo is a registered trademark of Norman AS. Names of products mentioned in this documentation are either trademarks or registered trademarks of their respective owners. They are mentioned for identification purposes only. Copyright © 2010 Norman AS. All rights reserved. 2 Norman Online Protection - How To Set Up Contents How to configure your email system, introduction...................................................4 1. Registration....................................................................................................4 2. Set up inbound email routing .........................................................................5 Modifying DNS records ...........................................................................5 3. Set up outbound email routing (recommended) ............................................5 Setting up outbound email routing for common email systems ...............6 MS Exchange 2007/2010.........................................................................6 MS Exchange 2003..................................................................................6 MS Exchange 2000..................................................................................6 4. Restrict connections to your mail servers.......................................................7 Guidance............................................................................................................7 3 Norman Online Protection - How To Set Up HOW TO CONFIGURE YOUR EMAIL SYSTEM Introduction As a customer, you do not need to make any technical changes in your email infrastructure. The only thing that has to be changed is one pointer (the MX pointer). Norman Online Protection (NOP) is available to companies and organisations that have registered their own domain. The service can be used by everybody, regardless of the email solution or email server in use (Lotus Notes, Exchange, GroupWise etc.). As a customer, you do not need to make any technical changes in your email infrastructure. The only thing that has to be changed is one pointer (the MX pointer). This is the pointer that allows your Internet Service Provider (ISP) to send emails to the correct server. Instead of it pointing at your company’s email server, it has to point to Norman’s email cleaning center (the NOP center). You have to perform the following steps in order to successfully implement NOP service: 1. Registration 2. Setup inbound mail routing 3. Setup outbound mail routing 4. Restrict connections to your mail servers 1. Registration To order the NOP service plaese contact your local reseller to receive an order form. You have to provide the following information: 1) Company information (name, number of email users, address, telephone number and postmaster email address) 2) Technical contact person Administrator details (name, address, telephone number, email address and password for the administrator account) 3) List all of the domains for which the account is to process email 4) Your receiving email server (the email server or servers to which NOP will send email to when received from the Internet) 5) Your outgoing SMTP server (mail server) will need to be changed to point to Norman Online Protection, upon completion of the service. This is optional but will ensure that no infected emails are sent from your domain. The full DNS name of our server is: nop.norman.no A security check will now be carried out by our technical staff. Once completed, your account will be activated and you will receive a confirmation email informing you of the next steps. This will take 4 – 6 hours on a normal work day. 4 Norman Online Protection - How To Set Up 2. Set up inbound email routing Modifying DNS records Your organisation’s DNS MX records must be modified so that all emails are routed through the NOP centre. (Details will be in the confirmation mail you received). This is normally done by Norman based on the information we have received from you. If you prefer to manage the change of the MX records yourself, normally all that is required is to contact the person that controls your DNS (usually this is your ISP) and ask them to make the change. Alternatively your ISP may have given you a web login that allows you to control your own MX record. Propagation of changes to your MX records across the Internet can take up to 5 working days. This is why we recommend that you establish outbound email routing before changing your MX records for inbound email routing. Fallback routes are a bad idea because spammers often deliberately send junk emails through them to try to evade or reduce the effectiveness of any filters on the primary route. Such abuse of fallback routes affects the network performance because the fallback servers are flooded with junk emails. Perhaps most important of all, the benefits of network-related filtering techniques on the primary route are severely reduced or lost all together. You may find that you receive spam or viruses which would otherwise have been blocked by NOP filters. 3. Set up outbound email routing (recommended) In order for NOP to scan your outbound emails, they must be routed through our NOP centre. The way you configure your email system will depend on how the email servers are set up within your organisation. Determine the route that email currently takes when intended for an Internet recipient and identify the last server in your organisation. We call this your Internet mail gateway. This will either route mail directly to the recipient mail system by looking up the destination mail server address using DNS MX records or it will route mail to an SMTP relay at your ISP. The NOP centre will accept emails from the IP address you specified as your outbound route when you have completed the registration. You should use the IP address of the NOP centre as provided in your confirmation email. You will need to change the configuration of your Internet mail gateway so that it sends outbound email to the NOP centre. Before you do this, check that you have connection through any intervening firewalls. You need to make sure that port 25 for SMTP and SMTP verify is open in your firewall and that your firewall accepts traffic from the NOP centre. You are now ready to change the configuration of your Internet mail gateway. For Microsoft Exchange the procedure is explained in more details below. If you require assistance with any other server, please contact the server vendor. Once you have changed your Internet email gateway configuration, you may test the delivery of outbound email via NOP by sending email to an echo address, e.g. [email protected] If your email does not get through contact your local Norman office or Norman partner for support. We strongly recommend that you use SMTP verify to maintain you email accounts at the NOP centre. 5 Norman Online Protection - How To Set Up Setting up outbound email routing for common email systems The NOP centre communicates with your email server through port 25 for SMTP and SMTP verify. You need to make sure this port is open in your firewall and that your firewall accepts traffic from the NOP centre. (We recommend that your firewall is set to only receive email form NOP; this will prevent spammers from sending spam directly to you from other locations). We strongly recommend that you use SMTP verify to maintain you email accounts at the NOP centre. Screenshot from Microsoft Exchange 2007. MS Exchange 2007/2010 Using the Exchange Management Console, select the properties for the Send Connector. Enter nop.norman.no as smart host, click OK. Note: In Exchange 2007 and 2010, Send connectors is located under Organization Configuration -> Hub Transport -> Send connectors MS Exchange 2003 For using the Microsoft Exchange System Manager application, select the properties of the SMTP connector. Enter nop.norman.no, click OK. Note: In Exchange 2003 the SMTP connector is located under: Administrative Groups > First Administrative Group* > Routing Groups > First Routing Group* > Connectors *Name may vary depending on local settings. Screenshot from Microsoft Exchange 2003. Screenshot from Microsoft Exchange 2000. 6 MS Exchange 2000 For using the Microsoft Exchange System Manager application, select the properties of the SMTP connector. Enter nop.norman.no, click OK. Norman Online Protection - How To Set Up 4. Restrict connections to your mail servers We strongly recommend that you prevent servers on the Internet from sending emails directly to your email servers, ignoring your MX records. If this is not prevented emails can be maliciously routed directly to your email servers, bypassing the NOP centre. You may be able to do this at your corporate firewall or on your Internet mail gateway by restricting incoming SMTP traffic from any source other than NOP. We recommend that you block all SMTP traffic except mails from the NOP centre. You should additionally enforce outbound email routing to be via NOP centre to ensure that it is scanned for viruses and other security issues. As a general security measure we also recommend restricting the use of external web-email systems such as Hotmail because they offer another possible vector for virus infection. Where possible you should also block IMAP and POP3 access from your network to external email servers as emails arriving from such servers have not passed through the NOP centre. We strongly recommend that you prevent servers on the Internet from sending emails directly to your email servers, ignoring your MX records. We recommend that you block all SMTP traffic except that from all IP address ranges that the NOP centre uses. We recommend restricting the use of external web-email systems such as Hotmail because they offer another possible vector for virus infection. Guidance If you have any questions during the set up, please contact your Norman reseller or Norman Support. See www.norman.com for contact information. 7 NORWAY DENMARK SWEDEN UNITED KINGDOM NETHERLANDS, BELGIUM, LUXEMBOURG Norman AS Strandvn. 37, Postboks 43 1324 Lysaker, Norway Tel: +47 67 10 97 00 Email: [email protected] Web: www.norman.no Norman Data Defense Systems A/S Blangstedgårdsvej 1 5220 Odense SØ, Denmark Tel: +45 63 11 05 08 Email: [email protected] Web: www.norman.com/dk Norman Data Defense Systems AB Södra Grytsgatan 7, 3tr, Norrköping Science Park 602 33 Norrköping, Sweden Tel: +46 011 - 230 330 Email: [email protected] Web: www.norman.com/se Norman Data Defense Systems (UK) Ltd CBXII, West Wing 382-390 Midsummer Boulevard Central Milton Keynes MK9 2RG, UK Tel: +44-01908 847413 Email: [email protected] Web: www.normanuk.com FRANCE Norman Data Defense Systems B.V Diamantlaan 4 Postbus 159 2130 AD Hoofddorp, The Netherlands Tel: +31-23-7890222 Email: [email protected] Web: www.norman.nl Norman Data Defense Systems Centre NCI 8 rue de Berri 75008 Paris, France Tel: +33 1 42 99 95 09 Email: [email protected] Web: www.norman.fr SPAIN Norman Data Defense Systems Camino Cerro de los Gamos 1, Edif.1 28224 Pozuelo de Alarcón MADRID, Spain Tel: +34 (0)91 790 11 31 Email: [email protected] Web: www.normandata.es ITALY Norman Data Defense Systems Centro Cassina Plaza Via Roma, 108 20060 Cassina de’Pecchi (MI), Italy Tel: +39 02 951 58 952 Email: [email protected] Web: www.normanit.com GERMANY Norman Data Defense Systems GmbH Gladbecker Strasse 3 40472 Düsseldorf, Germany Tel: +49-211 / 5 86 99-0 Email: [email protected] Web: www.norman.de USA Norman Data Defense Systems Inc 9302 Lee Highway, Suite 950A Fairfax, VA 22031, USA Tel: +1 (703) 267 6109 Email: [email protected] Web: www.norman.com GERMANY Norman Data Defense Systems GmbH Niederlassung München Ludwigstr. 47 85399 Hallbergmoos, Germany Tel: +49-811 / 5 41 84-0 Email: [email protected] Web: www.norman.de USA Norman Data Defense Systems, Inc. 2603 Camino Ramon, Suite 200, San Ramon, CA-94582, USA Tel: +1 (703) 279-6668 Email: [email protected] Web: www.norman.com www.malwareanalyzer.com SWITZERLAND Norman Data Defense Systems AG Münchensteinerstrasse 43 4052 Basel, Switzerland Tel: +41-61 317 25 25 Email: [email protected] Web: www.norman.ch STATISTICS www.norman.com
