1 Norman Online Protection - How To Set Up This manual gives step

Transcription

1 Norman Online Protection - How To Set Up This manual gives step
Norman Online Protection - How To Set Up
STATISTICS
This manual gives step-by-step
instructions on how to install your
Norman Online Protection
email service.
1
Norman Online Protection - How To Set Up
Norman AS is not liable for any form of loss or damage arising from use of the
documentation or from errors or deficiencies therein, including but not limited to
loss of earnings.
The information in this document is subject to change without notice. No part
of this documentation may be reproduced or transmitted in any form or by any
means, electronic or mechanical, including photocopying, recording or information storage and retrieval systems, for any purpose other than the purchaser’s
personal use, without the explicit written permission of Norman AS.
The Norman logo is a registered trademark of Norman AS.
Names of products mentioned in this documentation are either trademarks or
registered trademarks of their respective owners. They are mentioned for
identification purposes only.
Copyright © 2010 Norman AS.
All rights reserved.
2
Norman Online Protection - How To Set Up
Contents
How to configure your email system, introduction...................................................4
1. Registration....................................................................................................4
2. Set up inbound email routing .........................................................................5
Modifying DNS records ...........................................................................5
3. Set up outbound email routing (recommended) ............................................5
Setting up outbound email routing for common email systems ...............6
MS Exchange 2007/2010.........................................................................6
MS Exchange 2003..................................................................................6
MS Exchange 2000..................................................................................6
4. Restrict connections to your mail servers.......................................................7
Guidance............................................................................................................7
3
Norman Online Protection - How To Set Up
HOW TO CONFIGURE YOUR EMAIL SYSTEM
Introduction
As a customer, you do not need to make
any technical changes in your email
infrastructure.
The only thing that has to be changed
is one pointer (the MX pointer).
Norman Online Protection (NOP) is available to companies and organisations that have registered their own domain. The service can be used
by everybody, regardless of the email solution or email server in use
(Lotus Notes, Exchange, GroupWise etc.).
As a customer, you do not need to make any technical changes in your email
infrastructure. The only thing that has to be changed is one pointer (the MX
pointer). This is the pointer that allows your Internet Service Provider (ISP) to
send emails to the correct server. Instead of it pointing at your company’s email
server, it has to point to Norman’s email cleaning center (the NOP center).
You have to perform the following steps in order to successfully implement
NOP service:
1. Registration
2. Setup inbound mail routing
3. Setup outbound mail routing
4. Restrict connections to your mail servers
1. Registration
To order the NOP service plaese contact your local reseller to receive
an order form.
You have to provide the following information:
1) Company information (name, number of email users, address, telephone
number and postmaster email address)
2) Technical contact person Administrator details (name, address, telephone
number, email address and password for the administrator account)
3) List all of the domains for which the account is to process email
4) Your receiving email server (the email server or servers to which NOP will
send email to when received from the Internet)
5) Your outgoing SMTP server (mail server) will need to be changed to point to
Norman Online Protection, upon completion of the service. This is optional
but will ensure that no infected emails are sent from your domain. The full
DNS name of our server is: nop.norman.no
A security check will now be carried out by our technical staff. Once completed,
your account will be activated and you will receive a confirmation email informing you of the next steps. This will take 4 – 6 hours on a normal work day.
4
Norman Online Protection - How To Set Up
2. Set up inbound email routing
Modifying DNS records
Your organisation’s DNS MX records must be modified so that all emails are
routed through the NOP centre. (Details will be in the confirmation mail you
received). This is normally done by Norman based on the information we have
received from you.
If you prefer to manage the change of the MX records yourself, normally all that
is required is to contact the person that controls your DNS (usually this is your
ISP) and ask them to make the change. Alternatively your ISP may have given you
a web login that allows you to control your own MX record.
Propagation of changes to your MX records across the Internet can take up to 5
working days. This is why we recommend that you establish outbound email routing before changing your MX records for inbound email routing.
Fallback routes are a bad idea because spammers often deliberately send junk
emails through them to try to evade or reduce the effectiveness of any filters on
the primary route. Such abuse of fallback routes affects the network performance
because the fallback servers are flooded with junk emails. Perhaps most important
of all, the benefits of network-related filtering techniques on the primary route
are severely reduced or lost all together. You may find that you receive spam or
viruses which would otherwise have been blocked by NOP filters.
3. Set up outbound email routing (recommended)
In order for NOP to scan your outbound emails, they must be routed through
our NOP centre. The way you configure your email system will depend on how
the email servers are set up within your organisation.
Determine the route that email currently takes when intended for an Internet recipient and identify the last server in your organisation. We call this your Internet
mail gateway. This will either route mail directly to the recipient mail system by
looking up the destination mail server address using DNS MX records or it will
route mail to an SMTP relay at your ISP.
The NOP centre will accept emails from the IP address you specified as your
outbound route when you have completed the registration.
You should use the IP address of the NOP centre as provided in your confirmation email. You will need to change the configuration of your Internet mail
gateway so that it sends outbound email to the NOP centre. Before you do this,
check that you have connection through any intervening firewalls.
You need to make sure that port 25 for
SMTP and SMTP verify is open in your
firewall and that your firewall accepts
traffic from the NOP centre.
You are now ready to change the configuration of your Internet mail gateway.
For Microsoft Exchange the procedure is explained in more details below. If you
require assistance with any other server, please contact the server vendor.
Once you have changed your Internet email gateway configuration, you may test
the delivery of outbound email via NOP by sending email to an echo address, e.g.
[email protected]
If your email does not get through contact your local Norman office or Norman
partner for support.
We strongly recommend that you use
SMTP verify to maintain you email
accounts at the NOP centre.
5
Norman Online Protection - How To Set Up
Setting up outbound email routing for common email systems
The NOP centre communicates with your email server through port 25 for
SMTP and SMTP verify. You need to make sure this port is open in your firewall
and that your firewall accepts traffic from the NOP centre. (We recommend that
your firewall is set to only receive email form NOP; this will prevent spammers
from sending spam directly to you from other locations).
We strongly recommend that you use SMTP verify to maintain you email
accounts at the NOP centre.
Screenshot from Microsoft Exchange 2007.
MS Exchange 2007/2010
Using the Exchange Management Console, select the properties for the Send
Connector.
Enter nop.norman.no as smart host, click OK.
Note: In Exchange 2007 and 2010, Send connectors is located under
Organization Configuration -> Hub Transport -> Send connectors
MS Exchange 2003
For using the Microsoft Exchange System Manager application, select the properties of the SMTP connector.
Enter nop.norman.no, click OK.
Note: In Exchange 2003 the SMTP connector is located under: Administrative Groups > First Administrative Group* > Routing Groups > First Routing
Group* > Connectors
*Name may vary depending on local settings.
Screenshot from Microsoft Exchange 2003.
Screenshot from Microsoft Exchange 2000.
6
MS Exchange 2000
For using the Microsoft Exchange System Manager application, select the properties of the SMTP connector. Enter nop.norman.no, click OK.
Norman Online Protection - How To Set Up
4. Restrict connections to your mail servers
We strongly recommend that you prevent servers on the Internet from sending
emails directly to your email servers, ignoring your MX records. If this is not prevented emails can be maliciously routed directly to your email servers, bypassing
the NOP centre. You may be able to do this at your corporate firewall or on your
Internet mail gateway by restricting incoming SMTP traffic from any source other
than NOP. We recommend that you block all SMTP traffic except mails from the
NOP centre.
You should additionally enforce outbound email routing to be via NOP centre to
ensure that it is scanned for viruses and other security issues.
As a general security measure we also recommend restricting the use of external
web-email systems such as Hotmail because they offer another possible vector for
virus infection. Where possible you should also block IMAP and POP3 access
from your network to external email servers as emails arriving from such servers
have not passed through the NOP centre.
We strongly recommend that you
prevent servers on the Internet from
sending emails directly to your email
servers, ignoring your MX records.
We recommend that you block all SMTP
traffic except that from all IP address
ranges that the NOP centre uses.
We recommend restricting the use of
external web-email systems such as
Hotmail because they offer another
possible vector for virus infection.
Guidance
If you have any questions during the set up, please contact your Norman reseller
or Norman ­Support. See www.norman.com for contact information.
7
NORWAY
DENMARK
SWEDEN
UNITED KINGDOM
NETHERLANDS,
BELGIUM,
LUXEMBOURG
Norman AS
Strandvn. 37, Postboks 43
1324 Lysaker, Norway
Tel: +47 67 10 97 00
Email: [email protected]
Web: www.norman.no
Norman Data Defense Systems A/S
Blangstedgårdsvej 1
5220 Odense SØ, Denmark
Tel: +45 63 11 05 08
Email: [email protected]
Web: www.norman.com/dk
Norman Data Defense Systems AB
Södra Grytsgatan 7, 3tr,
Norrköping Science Park
602 33 Norrköping, Sweden
Tel: +46 011 - 230 330
Email: [email protected]
Web: www.norman.com/se
Norman Data Defense Systems (UK) Ltd
CBXII, West Wing
382-390 Midsummer Boulevard
Central Milton Keynes
MK9 2RG, UK
Tel: +44-01908 847413
Email: [email protected]
Web: www.normanuk.com
FRANCE
Norman Data Defense Systems B.V
Diamantlaan 4
Postbus 159
2130 AD Hoofddorp, The Netherlands
Tel: +31-23-7890222
Email: [email protected]
Web: www.norman.nl
Norman Data Defense Systems
Centre NCI
8 rue de Berri
75008 Paris, France
Tel: +33 1 42 99 95 09
Email: [email protected]
Web: www.norman.fr
SPAIN
Norman Data Defense Systems
Camino Cerro de los Gamos 1, Edif.1
28224 Pozuelo de Alarcón MADRID, Spain
Tel: +34 (0)91 790 11 31
Email: [email protected]
Web: www.normandata.es
ITALY
Norman Data Defense Systems
Centro Cassina Plaza
Via Roma, 108
20060 Cassina de’Pecchi (MI), Italy
Tel: +39 02 951 58 952
Email: [email protected]
Web: www.normanit.com
GERMANY
Norman Data Defense Systems GmbH
Gladbecker Strasse 3
40472 Düsseldorf, Germany
Tel: +49-211 / 5 86 99-0
Email: [email protected]
Web: www.norman.de
USA
Norman Data Defense Systems Inc
9302 Lee Highway, Suite 950A
Fairfax, VA 22031, USA
Tel: +1 (703) 267 6109
Email: [email protected]
Web: www.norman.com
GERMANY
Norman Data Defense Systems GmbH
Niederlassung München
Ludwigstr. 47
85399 Hallbergmoos, Germany
Tel: +49-811 / 5 41 84-0
Email: [email protected]
Web: www.norman.de
USA
Norman Data Defense Systems, Inc.
2603 Camino Ramon, Suite 200,
San Ramon, CA-94582, USA
Tel: +1 (703) 279-6668
Email: [email protected]
Web: www.norman.com
www.malwareanalyzer.com
SWITZERLAND
Norman Data Defense Systems AG
Münchensteinerstrasse 43
4052 Basel, Switzerland
Tel: +41-61 317 25 25
Email: [email protected]
Web: www.norman.ch
STATISTICS
www.norman.com