SurfControl E-mail Filter Installation Guide

Transcription

E-mail Filter
SurfControl E-mail Filter 5.0 for SMTP
Getting Started Guide
www.surfcontrol.com
The World’s #1 Web & E-mail Filtering Company
CONTENTS
CONTENTS
INTRODUCTION
About This Document ...........................................................................................................................................................2
Product Overview ...................................................................................................................................................................2
What’s New in Version 5.0 ....................................................................................................................................................3
How SurfControl E-mail Filter Works ................................................................................................................................5
BEFORE YOU BEGIN
System Requirements .............................................................................................................................................................8
Minimum Requirements .........................................................................................................................................8
Other Requirements................................................................................................................................................11
Installation Decisions .............................................................................................................................................................12
Location of E-mail Filter on the Network ..........................................................................................................13
Database Size and Location ...................................................................................................................................13
Load Balancing Methods........................................................................................................................................14
Server Size.................................................................................................................................................................15
INSTALLATION
In This Chapter .......................................................................................................................................................................18
Running the Setup Wizard .....................................................................................................................................................19
E-mail Filter Components......................................................................................................................................20
Typical Installation ..................................................................................................................................................21
Custom Installation - Administration Client .......................................................................................................27
Custom Installation - Report Central ...................................................................................................................31
CONFIGURATION WIZARD
In This Chapter .......................................................................................................................................................................36
Running the Configuration Wizard ......................................................................................................................................37
Next Steps ................................................................................................................................................................................46
Launching E-mail Filter..........................................................................................................................................46
Launching Report Central ......................................................................................................................................46
Upgrading from a Previous Release......................................................................................................................47
DEPLOYMENT
In This Chapter .......................................................................................................................................................................50
Deployment Options ..............................................................................................................................................................51
Deployment Option 1: E-mail Filter Installed on the Mail Server ..................................................................51
Deployment Option 2: Simple Dedicated Server ...............................................................................................53
Deployment Option 3: In a DMZ ........................................................................................................................55
Deployment Option 4: A Protected Network ....................................................................................................57
Deployment Option 5: Multiple Sites...................................................................................................................59
SurfControl E-mail Filter for SMTP 5.0
ii
CONTENTS
iii
SurfControl E-mail Filter for SMTP 5.0
Chapter 1
Introduction
About This Document
Product Overview
What’s New in Version 5.0
How SurfControl E-mail Filter Works
page 2
page 2
page 3
page 5
1
INTRODUCTION
About This Document
About This Document
This document explains how to install and configure SurfControl E-mail Filter so that you can protect your
system against e-mail threats as quickly as possible.
Product Overview
SurfControl E-mail Filter is a comprehensive filtering solution that deals with current and evolving threats:
Table 1
Enterprise Threat Protection
Threat
How You’re Protected
Phishing and Fraud
The E-mail Filter Threat Database contains the digital signatures of
thousands of known phishing e-mails and fraudulent URLs.
Because E-mail Filter uses Adaptive Threat Intelligence, it can also
detect when an e-mail has phishing characteristics - protecting you
against new and emerging threats.
2
Spam
The Anti-Spam Agent comprises four separate tools that work
independently to offer a complete solution. As well as a
comprehensive database of known spam, E-mail Filter’s advanced
heuristics tools can detect new outbreaks of spam and stop them
before they reach your inbox.
Corporate Confidentiality
Regulations such as Sarbanes-Oxley, Gramm-Leach-Bliley and HIPAA
demand absolute protection of network data. The Virtual Learning
Agent is a powerful tool that you can train to recognize and protect
your organization’s specific confidential data.
Viruses and Malware
E-mail Filter works with your resident Anti-Virus Solution to prevent
transmission of viruses, spyware and other malware through your email system. The Adaptive Threat Intelligence suite can also determine
the likelihood that any e-mail is infected, offering you advanced
protection against new outbreaks.
SurfControl E-mail Filter 5.0
INTRODUCTION
1
Table 2 explains the new features in version 5.0
Table 2
New Features in Version 5.0
Feature
What It Does
Qu icker Setup
New Setup Wizard
The new Setup Wizard makes E-mail Filter quicker to download and
install.
Configuration Wizard
After the Setup Wizard has installed E-mail Filter, the Configuration
Wizard will guide you through the configuration process step by step
so that you can begin filtering e-mail as quickly as possible.
Adva nced An ti- Spa m Protecti on
Enhanced Anti-Spam Agent
Digital Fingerprinting, Heuristics, LexiRules, and Neural Net tools
provide industry-leading anti-spam effectiveness with zero
administration cost.
Directory Harvest attack detection
Prevents spammers stealing your e-mail addresses by brute-force
attacks.
Web Th rea t Pr otecti on
URL Category List
Protects against inappropriate and fraudulent Web links in e-mails.
Con fi dent ia l D at a Pro tect io n
Expanded Dictionaries support
10 pre-packaged language packs, including: English, French, Spanish,
Dutch, Italian, German, Portuguese, Japanese, Traditional Chinese and
Simplified Chinese.
Easier Virtual Learning Agent
Uses Real-time Threat Intelligence to understand and protect your
confidential data.
Improved Secur ity
Denial of Service protection
Detects and manages suspicious SMTP connections and offers
fine-tuning of all SMTP connections, internal and external.
Secure Remote Access
Locks down remote administration by user logon.
Expanded Scalability
Unlimited Connection Threads
Supports unlimited simultaneous connections, scaling up to meet
requirements of the most demanding mail gateways.
Pipelining and Chunking (eSMTP)
Significantly improves mail throughput between mail servers that
support these commands, such as MS Exchange and Lotus Domino.
LDAP Organizational Units
Tailors message-processing rules based on organizational structures
already defined in LDAP.
3
1
INTRODUCTION
Table 2
New Features in Version 5.0
Feature
What It Does
Ea si er Admi ni st rati on
4
Grouping of Rules
Organizes your rules by the type of e-mail threats being managed. The
default rule set includes anti-spam, network security, and other useful
groupings.
Expanded Filtering in Rules
Supports inbound/outbound “Who” functionality, filtering of PDF,
TNEF, and RTF, and supports Office 2003 and Web Archive formats.
Redesigned Server Configuration
Offers a more powerful way to configure any server and view settings
by service.
E-mail notifications of failed events
Instant awareness that any scheduled event has not been successful.
Report Central
Provides web-based reporting of filtering activity, with ability to lock
down reporting access by user.
Single Management Console
Allows easy administrative access to each SurfControl server within
the organization, providing a single portal view of multiple
SurfControl E-mail & Web Filter deployments.
INTRODUCTION
1
Figure 1 explains how E-mail Filter processes messages:
Figure 1
5
1
INTRODUCTION
SurfControl E-mail Filter’s functionality is managed by four software services:
•
Receive Service
•
Rules Service
•
Send Service
•
Administration Service
The services fit together like this
Figure 2
E-mail Filter Services
During the installation and configuration process you will:
•
Install the services to your server or servers.
•
Install the SQL databases
•
Specify where the queue folders will be located.
6
Chapter 2
Before You Begin
System Requirements
Minimum Requirements
Other Requirements
Installation Decisions
Location of E-mail Filter on the Network
Database Size and Location
Load Balancing Methods
Server Size
page 8
page 8
page 11
page 12
page 13
page 13
page 14
page 15
2
BEFORE YOU BEGIN
System Requirements
System Requirements
MINIMUM REQUIREMENTS
During installation, the System Checker will check your system to see if it meets the minimum requirements
for SurfControl E-mail Filter to be installed correctly. Tables 1 to 3 show the Minimum Requirements
Table 1
SurfControl E-mail Filter SMTP
Processor
Intel Pentium III processor 600MHz or higher
Memory
512MB RAM minimum, 1024MB recommended
Operating
System
Windows 2000 Server with Service Pack 4
Windows 2000 Advanced Server with Service Pack 4
Windows Server 2003 with Service Pack 1
Disk Space
200MB Minimum Disk Space
500MB is recommended.
Display
Super VGA (800 x 600) or higher resolution video adaptor and monitor
Web Browser
Microsoft Internet Explorer 5.0 or later
Networking
TCP/IP installed and configured with an Internet connection
DNS
Internal or External DNS configured
E-mail
E-mail system with SMTP gateway or MTA installed
MDAC
Microsoft Data Access Components MDAC 2.7 (Service Pack 2) or later
Database
Microsoft SQL Server 2000. If this is not installed on your system, SurfControl E-mail Filter
can install MSDE 2000 Service Pack 3.
SQL Server is recommended for larger sites, as it handles large volumes of data more easily
8
BEFORE YOU BEGIN
System Requirements
Table 2
2
SurfControl E-mail Filter for SMTP Admin Client
Processor
Intel Pentium III processor 600MHz or higher.
Operating
System
Windows 2000 Server with Service Pack 4
Windows 2000 Advanced Server with Service Pack 4
Windows Server 2003 with Service Pack 1
Windows 2000 Professional with Service Pack 4
Windows XP
Display
Super VGA (800 x 600) or higher resolution video adaptor
and monitor.
Web Browser
Microsoft Internet Explorer 5.0 or later.
MDAC
Microsoft Data Access Components MDAC 2.7 (Service Pack
2) or later.
9
2
BEFORE YOU BEGIN
System Requirements
Report Central Minimum Requirements
The computer where you are installing Report Central must meet the requirements listed in Table 3. The
computer must be part of a network that meets the requirements listed in Table 4.
Table 3
Basic requirements
Operating
System
Windows 2000 Server Service Pack 4
Windows 2000 Advanced Server Service Pack 4
Windows Server 2003 Standard Edition
Windows Server 2003 Enterprise Edition
Processor
Pentium III or higher
Memory
512 MB
Disk space
1GB
Applications
Internet Explorer 5.0 or higher
Adobe Reader 6.0 or later to read reports in PDF format
Other
Table 4
The SQL Server tembDB transaction log file should have a
capacity of more than 5MB. 15MB is recommended. To
allocate more memory to this file, consult the E-mail Filter
Administrator’s Guide. You can do this after you have installed
Report Central.
Network requirements
Operating
System
Windows 2000 Server SP4
Windows 2000 Advanced Server SP4
Windows Server 2003 Standard Edition
Windows Server 2003 Enterprise Edition
Database
Microsoft MSDE Service Pack 3
Microsoft SQL Server 2000
Applications
Microsoft Internet Explorer 5.0 or higher
Adobe Reader 6.0 or later to read reports in PDF format
10
BEFORE YOU BEGIN
System Requirements
2
OTHER REQUIREMENTS
Please note the following:
•
None of the E-mail Filter components can be installed via a terminal server client.
•
You must have full administrative rights to install E-mail Filter.
You will also need the following information:
•
Your mail system’s pre-registered domain name.
•
The IP address or host name of your e-mail system’s SMTP gateway or MTA.
•
The e-mail address of your e-mail system security administrator.
•
Your Activation Key as supplied by SurfControl.
•
The HTTP port number (default 8181) to install and start the Administration Service.
•
The IP address of the relay host (for example your ISP) if you use a relay host to send mail to the Internet.
11
2
BEFORE YOU BEGIN
Before you begin installing SurfControl E-mail Filter you need to make decisions about the following:
•
Location of SurfControl E-mail Filter on your network.
•
Database size and location.
•
Load balancing method.
12
BEFORE YOU BEGIN
2
LOCATION OF E-MAIL FILTER ON THE NETWORK
Before you install E-mail Filter on your network, consider
•
Whether you will install E-mail Filter on the mail server / MTA or on a dedicated server.
•
Whether the mail server uses MX records for domain name resolution, or whether the mail server passes
this task to a relay host.
•
Where the E-mail Filter server will be located in relation to your firewall or DMZ.
Chapter 5 describes a range of deployment options for different sized enterprises.
DATABASE SIZE AND LOCATION
SurfControl E-mail Filter stores all configuration data and filtering policies in a SQL database called
STEMConfig. All logging data is stored in a SQL database called STEMLog.
SQL Server vs. MSDE
MSDE, included with the SurfControl E-mail Filter download, is the run-time version of SQL. MSDE
databases have a 2 GB size limit and few management tools, but it is an effective database for small
environments.
Although you can install a SQL database onto the SurfControl server, SurfControl recommends that large
environments install a fully licensed version of SQL onto a separate, dedicated server.
Dedicated vs. Centralized
If your network requires multiple SurfControl servers, you have two database options: dedicated or centralized.
A dedicated database stores data for a single SurfControl server in a single database; a centralized database
stores the data for multiple SurfControl servers in a single database.
Many customers choose to use the centralized database option, which provides the advantages of centralized
policy management and message administration, plus the ability to run reports from a single repository.
However, the size of a centralized database grows in direct relation to the number of SurfControl servers that
write to it. Depending on the size of your environment and the number of e-mails that pass through your
network, a centralized database can require additional administration. In this case, you may choose to use a
dedicated database for each SurfControl server.
Database Size
The size of the database depends on the number of e-mails your organization receives per day, and the length
of time you plan to retain the logged data for message administration and reporting purposes. To size your
database appropriately, SurfControl estimates that each e-mail generates approximately 1KB of log data stored
in the database. (This calculation can also be helpful when determining whether MSDE is sufficient for your
environment.)
No matter where you store the SurfControl E-mail Filter data, make sure the server has as much RAM as the
anticipated size of the database (for example, a one GB database requires one GB of RAM. (This is in
accordance with Microsoft’s recommendations for optimal performance.)
13
2
BEFORE YOU BEGIN
LOAD BALANCING METHODS
You can load balance SurfControl E-mail Filter using MX records. On the DNS server hosting your domain,
create an MX record for each primary SurfControl server using the same MX preference, while giving the
failover server a higher number (which gives it a lower preference). Table 5 provides an example of MX
preference assignments for load-balancing and failover using MX records. Figure 1 further shows this method.
Table 5
MX Records for Load Balancing.
Mail Exchanger
IP Address
MX Preference
mx1.siteA.com
208.126.216.20
5
mx2.siteA.com
208.126.216.21
5
mx3.siteA.com
208.126.216.22
5
mx4.siteA.com
197.201.56.201
10
mx1.siteB.com
197.201.56.201
5
mx2.siteB.com
197.201.56.202
5
mx3.siteB.com
197.201.56.203
5
mx4.siteB.com
208.126.216.20
10
Site A
Site B
Figure 1
14
Using MX records for load balancing.
BEFORE YOU BEGIN
2
In Figure 1, e-mail sent to siteA.com round-robins between mail exchangers 1, 2, and 3, because each
SurfControl server has the same MX preference of 5. (A lower MX preference number means that it has a
higher priority -- 5 having a higher priority than 10.) The same thing happens for e-mails sent to siteB.com. If
site A is down (e.g., with a network failure), the sending mail server will route e-mail to the fourth (failover)
MX record, which is the address of a server in a different physical location.
For the described failover to work properly, SurfControl servers in site A are configured to accept messages for
site B, and SurfControl servers in site B are configured to accept messages for site A. The failover servers also
have static routes configured so that SurfControl knows where to route the e-mails.
In addition to load balancing and failover using MX records, there are also sophisticated load balancing
switches that can be used for these purposes. These switches offer a variety of load balancing algorithms, in
addition to round-robin delivery, which provide efficient load distribution and timely failover. Although this is
not a required component for a SurfControl implementation, the use of load balancing switches may improve
the overall efficiency of your SMTP infrastructure.
SERVER SIZE
Table 2 shows SurfControl’s server recommendations, depending on how many e-mails per hour your
organization typically handles.
Table 6
Server Recommendations.
E-mails Per Hour
Server Recommendations
< 10K e-mails
PIII 1Ghz + 1 GB RAM.
< 25K e-mails
Dual Xeon 2GB RAM.
<40K e-mails
Quad Xeon, 2GB RAM, 3 or more HDDs (10,000 + RPM) for e-mail
processing.
< 120K e-mails
3-Quad Xeon, 2GB RAM, 3 or more HDDs (10,000 + RPM) for e-mail
processing.
< 240K e-mails
6-Quad Xeon, 2GB RAM, 3 or more HDDs (10,000 + RPM) for e-mail
processing.
Actual processing speeds are dependent on several factors: number of rules processing threads, number
of enabled rules, size of e-mails, and complexity of the e-mails (e.g., attachments, embedded files, etc.).
15
2
BEFORE YOU BEGIN
Partitioning the Server
You can optimize E-mail Filter’s performance by installing onto a server capable of fast disk I/O and
configured to support multiple HDDs. Figure 2 shows the optimal HDD and partitioning configuration for
SurfControl. Because SurfControl frequently reads from and writes to disk as it processes e-mail, SurfControl
recommends that you have a server capable of fast disk I/O.
Figure 2 shows a server with five SCSI HDDs. Two of the HDDs are in a RAID1 configuration and are
divided into three partitions: a partition for the operating system, a partition for the page file, and a partition
for the SurfControl application.
The other three HDDs each have a single partition and are capable of fast disk I/O. The first drive contains
the In folder where SurfControl stores the received e-mails. The second drive contains the Work folder.
SurfControl retrieves e-mails from the In folder and moves them to the Work folder, where the e-mails are
processed against the configured rule set. SurfControl then moves the e-mail to a quarantine folder for review
or to the Out folder for delivery. The third drive contains the Out folder where SurfControl relays processed
messages to the intended recipient.
Figure 2
Partitioning the SurfControl server.
Now turn to the next chapter to begin the installation process.
16
Chapter 3
Installation
In This Chapter
Running the Setup Wizard
E-mail Filter Components
Typical Installation
Custom Installation - Administration Client
Custom Installation - Report Central
page 18
page 19
page 20
page 21
page 27
page 31
3
INSTALLATION
In This Chapter
In This Chapter
Once you have made the installation decisions discussed in the previous chapter, you are ready to begin
installing SurfControl E-mail Filter. There are two stages to complete before SurfControl E-mail Filter can
begin filtering e-mail:
•
The Setup Wizard will install the files on your computer.
•
The Configuration Wizard will guide you through the basic configuration process and download the latest
Threat Databases. The Configuration Wizard will begin automatically once the Setup Wizard is finished.
This chapter explains how to install the E-mail Filter files on your computer using the Setup Wizard.
18
INSTALLATION
3
There are two ways to install SurfControl E-mail Filter:
•
Typical Installation
A typical installation will install all the SurfControl E-mail Filter Core Components. If you run a typical
installation, everything that SurfControl E-mail Filter needs to begin filtering e-mail will be installed on the
same server.
•
Custom Installation
You can select which e-mail filter components you want to install. This is useful if you want to access the
E-mail Filter server from a remote location. Figure 1 shows the Monitor installed as an Administration
Client on the administrator’s workstation, which enables the administrator to view e-mail traffic passing
through the E-mail Filter server in real time.
Figure 1
Using the Administration Client for remote access
You can also use the custom installation to install Report Central.
19
3
INSTALLATION
E-MAIL FILTER COMPONENTS
Table 1 describes the E-mail Filter Components.
Table 1
E-mail Filter Components
Component
Description
Server Components
E-mail Filter services
Manages the processing of e-mail. See “E-mail Filter
Services” on page 6.
Scheduler
Schedules the updating of the Threat Management
Database and other management tasks.
Administration client
Manages communication between the components.
E-mail Monitor
Displays the progress of e-mails through E-mail Filter in real
time.
Rules Administrator
Displays and manages the rules you set up to enforce your
organization’s Acceptable Use Policy.
Message
Administrator
Displays information about e-mails that have triggered
rules, and enables you to act on them.
Administration
Clients
Report Central
Creates reports on e-mail use in your organization.
If you install the Server Components, the Administration Clients are also installed automatically. You can
install the Administration Clients without the Server Components and specify the remote location of the
Server Components so that the Administration Clients can connect to them.
20
INSTALLATION
3
TYPICAL INSTALLATION
A typical installation will install all of the E-mail Filter components on your computer. Follow Procedure 1.
Procedu re 1: Ty pical Inst alla tion
Step
Action
1
Double click the setup.exe icon to start the Setup Wizard.
2
Specify where you want the Setup Wizard to
copy the SurfControl installation files.
Click Next to continue.
3
The Welcome page will display. Click Next to
continue.
4
You will be asked to agree to the SurfControl
License Agreement.
Select I accept the terms of the license
agreement and click Next.
21
3
INSTALLATION
Step
Action
5
You will be asked to accept the GNU public
license agreement.
6
You will be asked to select a Setup Type. Choose
Typical.
Click Next.
7
You will see that the core components are
selected by default.
By default, Report Central is also selected. You
need Report Central to create reports on e-mail
use in your organization.
You cannot deselect any of the core components
but you can choose not to install Report Central.
To change which core components are installed,
click Back to return to step 6, and select a
Custom installation.
22
INSTALLATION
3
Step
Action
8
The System Checker will check that your
computer meets the recommended
requirements.
If your computer meets the minimum
requirements but not the recommended
requirements, the system checker will display a
warning, but you can continue the installation
process. If your computer does not have MDAC
the Setup Wizard will install it automatically
when you click Next.
If your computer does not meet the minimum
requirements you will be asked to abort the
installation.
To continue installing, click Next.
If you plan to create the E-mail Filter databases
on the local computer, proceed to step 9.
If you plan to create the E-mail Filter databases
on a remote computer, proceed to step 15.
Creating local E-mail Filt er dat abases
9
10
The Setup Wizard will check whether a valid SQL Server is installed on your computer:
•
If a SQL Server is present, you can use it to create the E-mail Filter databases on the local
computer. See step 10.
•
If SQL Server is not present, you can install MSDE and use it to create the E-mail Filter databases
on the local computer. See steps 11- 14.
To create the databases on an existing SQL
Server, select Create SurfControl E-mail Filter
databases on this computer.
Click Next. Proceed to step 17
23
3
INSTALLATION
Step
Action
11
To install MSDE select Install MSDE and create
SurfControl E-mail Filter databases on this
computer.
12
Specify the location of the MSDE database. By
default this is
C:\Program files\Microsoft SQL Server
Click Browse… to change the path.
Click Next to proceed.
13
Specify a password for the SQL Server
administrator account SA
Enter a password for the SA account, then enter
it again to confirm.
Click Next
24
INSTALLATION
3
Step
Action
14
When the MSDE setup program has finished,
you will be asked to restart your computer.
When the computer has restarted the Setup
Wizard will resume where it left off.
Select Create SurfControl E-mail Filter
databases on this computer and click Next.
Creating the E-mail Filter databas es on a Remo te SQL Server
15
Select Create SurfControl E-mail Filter
databases on another computer.
16
Specify the server name of the SQL Server where
you want to install the E-mail Filter databases.
Choose how the SurfControl E-mail Filter server
will connect to the SQL Server:
•
•
Windows NT Authentication
SQL Authentication
Enter a user name and password to log into
the SQL Server.
Click Next.
25
3
INSTALLATION
Step
Action
17
The summary screen will now display, showing
the options you have chosen.
To proceed with the installation, click Next. Click
Back to amend your settings.
18
When the installation is complete, you will see
the final screen of the Setup Wizard.
Click Finish.
Once you have finished installing SurfControl E-mail Filter the Configuration Wizard will begin immediately.
See “Configuration Wizard” on page 35
26
INSTALLATION
3
CUSTOM INSTALLATION - ADMINISTRATION CLIENT
Procedure 2 describes how to use a Custom Installation to install the Administration Client components of
your choice. See “E-mail Filter Components” on page 20 for a description of each component.
Procedure 2: Installing the Admi nistration Client
Step
Action
1
Double click the setup.exe icon to start the Setup Wizard.
2
Specify where you want the Setup Wizard to
copy the SurfControl installation files.
3
The Welcome page will display. Click Next to
continue.
4
License Agreement.
27
3
INSTALLATION
Step
Action
5
You will be asked to accept the GNU public
license agreement.
6
Select the Custom setup type.
7
Select the components you want to install.
Note:
28
You can install the E-mail Filter Client
without the E-mail Filter Server, but
you cannot install the E-mail Filter
Server without the E-mail Filter
Client.
INSTALLATION
3
Step
Action
8
The System Checker will check that your
computer meets the recommended
requirements.
If your computer meets the minimum
requirements but not the recommended
requirements, the system checker will display a
warning, but you can continue the installation
process. If your computer does not have MDAC
the Setup Wizard will install it automatically
when you click Next.
If your computer does not meet the minimum
requirements you will be asked to abort the
installation.
To continue installing, click Next.
9
Specify the location of the E-mail Filter server.
Enter:
•
The server name or IP address of the
computer where the E-mail Filter Server
Component is installed.
•
The port number that the E-mail Filter client
will use to communicate with the server.
•
A user name and password that the E-mail
Filter client will use to log in to the E-mail
Filter Server.
Click Next to continue
10
The summary screen will show the installation
choices you have made. Click Next to proceed.
29
3
INSTALLATION
Step
Action
11
The Installation Complete screen will display.
Click Next to launch SurfControl E-mail Filter.
If you selected to install Report Central, the
Report Central installation process will now
begin.
30
INSTALLATION
3
CUSTOM INSTALLATION - REPORT CENTRAL
If you install Report Central as part of a full installation, the Setup Wizard will install all the files you need
automatically. If you install Report Central as part of a custom installation, you will need to follow further steps
in the setup wizard that are specific to Report Central.
Procedure 3: Installing Report Central
Step
Action
1
If you have already installed any E-mail Filter
Components, you will be asked whether you
want to
•
Install Report Central v1.5
•
Uninstall SurfControl E-mail Filter
Select Install Report Central v1.5 and click Next.
2
If you are installing Report Central without any
SurfControl E-mail Filter components, select
Custom from the Setup Type screen.
3
You will see the Report Central welcome screen.
31
3
INSTALLATION
Step
Action
4
License Agreement.
5
Specify the folder where you want to install
Report Central.
6
Select the server where the SurfControl E-mail
Filter logging database is installed.
7
Specify how Report Central will authenticate
itself to the E-mail Filter logging database.
Choose one of the following:
•
•
Windows Authentication
SQL Authentication
Enter the user name and password of an
account to log into the SQL Server.
32
INSTALLATION
3
Step
Action
8
Create a username and password for the Report
Central administrator account. When you run
Report Central for the first time, you will need
this account to log in.
9
Select the database that Report Central will
connect to. Report Central will use this database
to generate reports.
If you want to choose a database later, leave the
Database field blank.
10
The Setup Wizard is now ready to begin
installing.
Click Install to continue.
33
3
INSTALLATION
Step
Action
11
When the Setup Wizard has finished copying the
files, you will see the Installation Complete
screen.
Click Finish to launch Report Central.
34
Chapter 4
Configuration Wizard
In This Chapter
Running the Configuration Wizard
Next Steps
Launching E-mail Filter
Launching Report Central
Upgrading from a Previous Release
page 36
page 37
page 46
page 46
page 46
page 47
4
In This Chapter
In This Chapter
This chapter explains how to use the Configuration Wizard to set up SurfControl E-mail Filter and begin
filtering e-mail.
Once you have finished installing E-mail Filter the Configuration Wizard will begin immediately. It will guide
you through a basic configuration process that will protect your primary domain against common threats.
Once the Configuration Wizard has finished, E-mail Filter will be up and running, and you can fine-tune the
configuration to suit your needs.
The Configuration Wizard has four stages.
•
Your Organization
•
System Details
•
Mail Routing
•
Filtering Options
36
4
The Configuration Wizard will launch automatically after you finish the installation process. Follow Procedure
1:
Procedure 1: Configuration Wizard
Step
Action
1
As soon as you have finished installing
SurfControl E-mail Filter, the Configuration
Wizard will launch.
Yo ur Orga ni za tio n
2
Enter your contact information to register with
SurfControl.
(Sheet 1 of 9)
37
4
Procedure 1: Configuration Wizard (Cont inued)
Step
Action
3
If you are evaluating E-mail Filter, select I am
evaluating SurfControl E-mail Filter.
If you have purchased SurfControl E-mail Filter,
select I have purchased a license and enter your
license key.
4
If you have entered a license key, you will be
asked if you have license keys for any of the
Adaptive Threat Intelligence components. If you
have license keys, enter them here.
Syst em In fo rmat io n
5
The System Details introduction screen will
display. Click Next.
(Sheet 2 of 9)
38
4
Step
Action
6
Enter the following:
•
User name and password of a Windows user
account with administrative privileges.
E-mail Filter will use this account to log its
services on to Windows.
•
The domain or machine name of the server
where the Windows user account is defined.
7
If you have not yet installed Report Central, you
can opt to install it now.
Alternatively, if you want have installed Report
Central on another server and want to use it for
reporting on e-mail activity, enter the machine
name and port number of the server where
Report Central is running.
Note:
8
If you are running SurfControl Report
Central for Web Filter on the remote
server, you need to install Report
Central for E-mail Filter there as well.
If you installed Report Central during the
Installation process, or if you opted to install
Report Central in step 7, create a username and
password for the Report Central administrator
account. When you run Report Central for the
first time, you will need this account to log in.
(Sheet 3 of 9)
39
4
Step
Action
Ma i l R o uti ng
9
The Mail Routing introduction will display. Click
Next.
10
Specify the SMTP port that SurfControl E-mail
Filter will use to receive inbound e-mail. This is
usually port 25.
The Configuration Wizard will check that the
port you specify is available. If it is being used,
either disable the service using it, or choose
another port.
(Sheet 4 of 9)
40
4
Step
Action
11
Enter the following information about your
primary local domain:
•
Local domain name
The domain for which you want to filter email. If you have more than one domain in
your organization, you can add others once
E-mail Filter is up and running.
•
Postmaster e-mail address
The e-mail address of the postmaster for
your primary local domain.
•
Name or IP address of mail server
The machine name or IP address of your
mail server.
•
Mail Server SMTP Port
The port that the E-mail Filter server will use
to communicate with the domain’s mail
server.
To test the connectivity between the E-mail
Filter server and the mail server, click Test.
12
Specify how you want E-mail Filter to route
outbound mail. E-mail Filter can route e-mail in
two ways:
•
By sending it directly to the internet. E-mail
Filter will perform a DNS lookup to resolve
the e-mail address.
•
By sending it to another mail server. The
mail server will handle domain name
resolution and any further routing.
Select how you want outbound messages to be
routed. If you want to route outbound mail via a
mail server, fill in the fields as follows:
•
Host Name or IP
Enter the host name or IP address of the
mail server to which you want to forward emails.
•
Port
Enter the port that SurfControl E-mail Filter
will use to communicate with the mail
server.
Once E-mail Filter is up and running you can add
further mail servers.
(Sheet 5 of 9)
41
4
Step
Action
13
The Filtering Options introduction screen will
display. Click Next.
14
SurfControl E-mail Filter has a set of standard
rules so that you can begin filtering e-mail as
soon as possible. Select which rule groups you
want to activate. You can choose one or all of
the following:
•
Spam Filtering rules.
•
Virus protection rules.
•
Network security rules.
When you have chosen which rule groups to
activate, click Next.
15
Specify where the queue folders that hold
isolated e-mail will be located. The Configuration
Wizard will automatically select the drive with
the most disk space as the default.
Click Next.
(Sheet 6 of 9)
42
4
Step
Action
16
If messages build up in the Isolate queues it can
impair E-mail Filter’s performance. You can
automatically delete each e-mail from the Virus
or Spam queues once it has been held there for a
set number of days.
You can delete:
•
E-mails over 7 days old from the Virus
queue.
•
E-mails over 14 days old from the Spam
queue.
Once E-mail Filter is up and running you can set
up automatic management for other queues,
and change the number of days after which
e-mails are deleted.
17
E-mail activity is recorded in the STEMLog
database. If this database becomes too large, it
can slow down the processing and delivery of
e-mail.
To maintain efficiency, you should schedule
regular database updates. Select Purge
database once a month to set up a regular
database purge.
Once E-mail Filter is up and running, you can use
the Scheduler to specify when database purges
take place.
18
E-mail Filter can send notifications via e-mail to
your domain’s systems administrator to notify
them of system events.
Enter the e-mail address of a system
administrator for your protected domain who
you want to be notified of system events.
Click Next.
(Sheet 7 of 9)
43
4
Step
Action
19
The Configuration Wizard is now ready to
complete the configuration tasks.
Click Start to begin configuring.
20
The Configuration Wizard will work through the
list of tasks. When a task is complete it will be
marked with a green check.
If there is a problem with the configuration
process, you will see a red exclamation point
next to the task. If this happens the Back button
will become enabled so that you can amend your
settings if necessary.
21
SurfControl strongly recommends that you
exclude the E-mail Filter work folder and its
subfolders from scanning by your resident antivirus solution.
Click Check folders to check that the correct
folders are excluded from anti-virus scanning.
The Configuration Wizard uses the Eicar test
pattern to test the response of your anti-virus
software. The Eicar test pattern is not a virus and
will not damage your system in any way.
(Sheet 8 of 9)
44
4
Step
Action
22
The Configuration Wizard is now complete. The
Monitor will launch automatically. Use the Server
Configuration Console to fine-tune your
configuration to suit your needs.
(Sheet 9 of 9)
45
4
Next Steps
Next Steps
SurfControl E-mail Filter is now protecting your primary e-mail domain using the standard rules you specified.
You now need to launch E-mail Filter and fine-tune the configuration settings. You can:
•
Add other protected domains: if you have an additional e-mail domain, it will not receive any e-mail until
you add it to the protected domains list in the Server Configuration Console.
•
Change the timing of scheduled events: use the Scheduler to change how frequently database purges and
other events take place.
•
Create additional rules: use the Rules Administrator to create, amend and group rules to suit your
Acceptable Use Policy.
Consult the Administrator’s Guide for more information.
LAUNCHING E-MAIL FILTER
When the Configuration Wizard is finished, the Monitor will start automatically.
At other times, you can launch E-mail Filter from the Start menu.
Now consult the E-mail Filter Administrator’s Guide for more information.
LAUNCHING REPORT CENTRAL
From the Start menu, select Programs > E-mail Filter 5.0 Reports.
Log in using the Admin account that you created when you were installing and configuring Report Central.
Consult the E-mail Filter Administrator’s Guide for more information about Report Central.
46
Next Steps
4
UPGRADING FROM A PREVIOUS RELEASE
If you have upgraded from a previous release of E-mail Filter, your existing rule set will be preserved. The
standard rules shipped with Version 5.0 will be saved to the root of the SurfControl E-mail Filter folder. To
import the new rules, follow Procedure 2:
Procedure 2: Upgrading the Rule Set
Step
Action
1
Launch the Rules Administrator
2
From the File menu, select Import Rules... The
Open dialog will display.
3
Select Default.rul and click Open. A list of rules
in the file will display
4
Select the ones you want and click Import to
transfer them into the Rules Administrator.
5
You will see the rules you selected in the Rules Administrator. Imported rules are initially disabled.
Check the boxes of the rules you want to enable.
6
If any of the imported rules, need to be re-configured, the Rules Wizard will start when you enable
them. Skipping this configuration may cause the rule to behave incorrectly.
Action
47
4
Next Steps
Dictionary Upgrades
When you upgrade to version 5.0, the new dictionaries are automatically installed. However, only new words
are added to your existing dictionaries, so any dictionary scores you have changed or words you have added will
be preserved.
Retraining the Virtual Learning Agent
When you have installed version 5.0 you will also need to re-train the Virtual Learning Agent. For instructions
on how to do this, consult the Administrator’s Guide.
48
Chapter 5
Deployment
In This Chapter
Deployment Options
page 50
page 51
5
DEPLOYMENT
In This Chapter
In This Chapter
This chapter offers five sample deployment options for enterprises of differing size and complexity:
Table 1
50
Deployment Options
Option
Description
Find out more
1
E-mail Filter installed on the mail server
page 51
2
Simple dedicated server
page 53
3
In a DMZ
page 55
4
On the protected network
page 57
5
Multiple site installation
page 59
DEPLOYMENT
Deployment Options
5
Deployment Options
DEPLOYMENT OPTION 1: E-MAIL FILTER INSTALLED ON THE MAIL SERVER
SurfControl recommends that you install E-mail Filter on a dedicated server for optimum performance.
However, in small environments where cost is a consideration, you can install SurfControl E-mail Filter on a
Windows-based mail server.
This deployment is not recommended for large environments. In this scenario, SurfControl E-mail Filter is
installed on the mail server. The E-mail Filter server accepts traffic from the firewall on port 25. It filters the
e-mail and relays it to itself on port 26. The mail server then delivers the e-mail to the e-mail users.
Figure 1
Installing E-mail Filter on a Windows-based mail server
51
5
DEPLOYMENT
Deployment Options
To perform this installation, follow Procedure 1:
Procedure 1: Installing E-mail Filter on the Mail Server
Step
Action
1
On the mail server, run the SurfControl E-mail Filter Setup Wizard, selecting typical install. See
“Typical Installation” on page 21.
2
When you have finished installing the product, the Configuration Wizard will run. It will ask you to
enter:
•
The IP address of your mail server: enter the IP or machine name of the mail server where E-mail
Filter is installed.
•
The SMTP Port of the mail server: change the port number from 25 to a different number, e.g. 26.
3
Configure your firewall to accept internal SMTP connections only from the SurfControl E-mail Filter
server.
4
Configure the inbound port 25 tunnel on your firewall to the SurfControl E-mail Filter server.
P OP 3 C li e nts usi n g Ext e rn al Ma i l S e rve r s
5
52
If you have any POP3 clients that use external mail servers, set their SMTP host to be the SurfControl
E-mail Filter server. Some POP configurations require that the mail server is placed in the DMZ or
Packet Switching Network, SurfControl do not recommend this because of the data security risk.
DEPLOYMENT
Deployment Options
5
DEPLOYMENT OPTION 2: SIMPLE DEDICATED SERVER
This deployment is a simple, low cost solution, suitable for a small to medium sized environment. All E-mail
Filter components (including the SQL database) are installed on a single server. E-mail Filter is filtering all
inbound and outbound SMTP traffic.
Figure 2
Simple installation for small and medium sized environments.
Inbound e-mail travels from the Internet to E-mail Filter for filtering. E-mail Filter then routes the e-mail to
the next host, which is typically the SMTP service or the daemon of the internal mail server.
Outbound e-mail flows from the SMTP service/daemon of the internal mail server to E-mail Filter for
filtering. E-mail Filter uses available DNS to resolve MX records and route the SMTP traffic.
53
5
DEPLOYMENT
Deployment Options
Follow Procedure 2
Procedure 2: Si ngle Server Installation
Step
Action
1
Run the SurfControl E-mail Filter Setup Wizard on the server where you want to install SurfControl
E-mail Filter, selecting Typical Installation.
Make sure that the SurfControl E-mail Filter databases are installed on the same server.
2
3
54
After you have finished the Setup Wizard, the Configuration Wizard will run. It will ask you to enter:
•
The IP address of your mail server: enter the IP or machine name of the mail server where E-mail
Filter is installed.
•
The SMTP Port of the mail server: this should be the default port 25.
The Configuration Wizard will ask if you want to route outbound e-mails directly to the Internet. If the
answer is yes, you will also need to configure your firewall to allow the E-mail Filter server to access the
Internet directly. Make sure both port 25 and port 53 are allowed and support SMTP and DNS
requests.
DEPLOYMENT
Deployment Options
5
DEPLOYMENT OPTION 3: IN A DMZ
Many large organizations deploy SurfControl E-mail Filter in the DMZ, as shown in Figure 3
Figure 3
SurfControl E-mail Filter in a DMZ.
Figure 3 shows SurfControl E-mail Filter installed on hardened servers in the DMZ. In this scenario, the
E-mail Filter servers receive SMTP traffic for the organization, filter the e-mail accordingly, then route it to the
next host, which is typically a mail server, gateway, or bridgehead on the protected network..
Many deployment scenarios include two or more SurfControl servers, with no single point of failure. In these
scenarios, load balancing is typically achieved using DNS MX records with the same preference.
There are several different ways that SurfControl routes SMTP traffic in this type of deployment:
•
SurfControl filters both inbound and outbound traffic. In this configuration, E-mail Filter Server 2 or
E-mail Filter Server 2 receives inbound SMTP traffic, depending on the MX record. It then statically
delivers all “allowed” messages to the internal mail server. When the mail server receives outbound e-mail,
it routes the e-mail to either E-mail Filter Server 1 or E-mail Filter Server 2 for outbound DNS name
resolution and delivery.
•
E-mail Filter Server 1 primarily filters inbound traffic; E-mail Filter Server 2 primarily filters
outbound traffic. In this configuration, the E-mail Filter Server 1 acts as a back-up for outbound traffic
(based on internal configuration). E-mail Filter Server 2 acts as a back-up for inbound traffic (based on
higher MX preference).
55
5
•
DEPLOYMENT
Deployment Options
E-mail Filter Server 1 and 2 for inbound filtering only. In this configuration, load balance E-mail Filter
using MX records. Outbound mail is completely separate and can be routed through additional
SurfControl servers, or through any existing outbound mail gateways. This configuration is typically used
when there is a high requirement to filter inbound e-mail (e.g. spam), but little or no requirement to filter
outbound e-mail.
SQL Placement
In Figure 3, the SQL Server is placed inside the protected network. Firewall rules permit E-mail Filter Server 1
and E-mail Filter Server 2 to communicate with the SQL Server over port 1433. Both E-mail Filter servers
share a single SQL database for policy management and logging, allowing E-mail Filter to be managed as a
single entity.
Alternatively, you could install SQL or MSDE directly onto each SurfControl server, though policy
management and message administration would not be centralized with this configuration. However, you can
easily export policies from one SurfControl server and import them to any other SurfControl servers. This
configuration is commonly used when SurfControl’s main objective is to discard spam, and you have no need
for centralized reporting.
Security Considerations
Because of its placement in a DMZ, install SurfControl E-mail Filter onto a hardened Windows 2000 or
Windows 2003 server, following Microsoft's OS hardening recommendations for a stand-alone server.
SurfControl servers are stand-alone servers (not part of a domain or AD) and use local accounts for services.
When communicating with the SQL database, SurfControl uses SQL authentication.
To implement this deployment option, follow Procedure 3
Procedure 3: Deploying SurfControl E-mail Filter in the DMZ
Step
Action
1
Configure the external firewall to allow the following ports:
2
3
•
Port 53 to accept E-mail Filter’s DNS requests.
•
Port 25 to allow SMTP traffic.
•
Port 80 to allow Threat Database updates from the Internet.
Configure the internal firewall to allow the following ports:
•
Port 25 to allow traffic from the mail server.
•
Port 8181 (or the alternative port of your choosing) for the administration service and remote
access.
•
Port 1443 if you want E-mail Filter to connect to a remote SQL database using SQL
authentication.
•
Port 389 if you want E-mail Filter to perform LDAP lookups for user and group information.
Run typical installations on SurfControl E-mail Filter Servers 1 and 2. See “Typical Installation” on
page 21
For both installations, choose a remote SQL Server. Enter the name of the SQL Server when prompted.
56
DEPLOYMENT
Deployment Options
5
DEPLOYMENT OPTION 4: A PROTECTED NETWORK
Depending on your environment, there can be specific advantages to installing SurfControl E-mail Filter on
your protected network, such as enabling E-mail Filter to interact with existing user directories and filter
outbound e-mail. Figure 4 depicts this deployment, where an organization’s e-mail is routed to a mail relay or
anti-virus gateway and then routed to E-mail Filter servers on the protected network for additional filtering.
Figure 4
SurfControl E-mail Filter on the protected network.
This example includes an optional load balancing switch to help distribute the SMTP traffic evenly across the
E-mail Filter servers. These servers share a centralized policy database and log database. The E-mail Filter
servers deliver any “allowed” messages to the next host.
57
5
DEPLOYMENT
Deployment Options
As with installing in the DMZ, there are numerous ways that SMTP traffic is routed in this type of deployment:
•
The gateway in the DMZ receives inbound e-mail and routes the e-mail to SEF1 or SEF2 using a
load balancer. SurfControl servers filter the content according to policy, then route any “allowed” e-mails
to the next internal mail host. Mail servers route outbound mail to SEF1 or SEF2 for filtering. SEF1 or
SEF2 can either resolve DNS to route outbound traffic, or route messages to the DMZ for any additional
filtering and delivery.
For inbound traffic, designate one (or more) SurfControl servers to primarily filter inbound e-mail. For
outbound traffic, designate one (or more) SurfControl servers to primarily filter outbound e-mail. When
receiving an increased volume of traffic, the load balancing hardware/software dynamically utilizes any
other available resources. In addition, you can use the load balancer to dynamically route outbound e-mail
to SurfControl depending on server availability, or other load balancing algorithms specific to the device.
•
Inbound e-mail is the same as above. Outbound SMTP traffic can bypass SurfControl. Internal mail
servers may route mail directly to the Internet, or relay to the mail server/AV gateway for outbound
delivery.
SQL Placement
The database can be installed on a separate server or server cluster, on one of the SurfControl servers, or on
each of the SurfControl servers. Once again, server requirements depend entirely on message volume and
reporting requirements.
To implement this deployment option, follow Procedure 4
Procedure 4: Deploying E-mail Filter on a Protected Network
Step
Action
1
Configure the external firewall to allow the following ports:
2
3
•
•
•
Configure the internal firewall to allow the following ports:
•
Port 25 to allow traffic from the mail server.
•
Port 8181 (or the alternative port of your choosing) for the administration service and remote
access.
•
Port 1443 if you want E-mail Filter to connect to a remote SQL database using SQL
authentication.
•
Port 389 if you want E-mail Filter to perform LDAP lookups for user and group information.
Run typical installations on SurfControl E-mail Filter Servers 1 and 2. See “Typical Installation” on
page 21
For both installations, choose a remote SQL Server. Enter the name of the SQL Server when prompted.
58
DEPLOYMENT
Deployment Options
5
DEPLOYMENT OPTION 5: MULTIPLE SITES
Some larger organizations may have more than one geographic location with multiple E-mail Filter servers on
each site. If one site is unavailable or is seeing an increased volume of traffic, you can route overflow to a
different site for processing. You can accomplish this with MX records of different preferences, as shown in
Figure 5:
.
Figure 5
SurfControl E-mail Filter at multiple sites.
In Figure 5, e-mail intended for Site A is primarily delivered to the SurfControl servers physically residing at
Site A. However, in the unlikely event that Site A is unavailable, messages intended for Site A will be delivered
to Site B, because of the failover configuration (specified by the lower MX preference).
E-mail Filter servers at both sites need to have static routes that identify where to route e-mail intended for
both Site A and Site B.
59
5
DEPLOYMENT
Deployment Options
To implement this deployment option, follow Procedure 5.
Procedure 5: Deploying E-mail Filter Across Multiple Sites
Step
Action
1
On each site, allow the following ports on the firewall:
2
•
•
•
On each site, complete a full SurfControl E-mail Filter install on the E-mail Filter servers.
Configurin g st atic routes
1
On the E-mail Filter server in site A, launch the Monitor.
2
From the File menu select Server configuration.
3
In the left hand pane, select Send Service > Routing.
4
You will see that the mail server for your primary e-mail domain has already been added in the right
hand pane.
5
Click Add… The Domain Route Properties dialog will display.
6
In the Domain Name for Static Route field, enter the name of the e-mail domain where the mail
servers on site B are located.
7
In the Route Host for this Domain field, enter the IP address of one mail server on Site B.
8
In the IP Port to use for this SMTP Host, enter the port that the E-mail Filter Server will use to
communicate with the mail server. This is usually port 25.
9
Repeat steps 5–8 until you have added all the mail servers on Site B.
10
Now configure the static routes for Site B, specifying mail servers on Site A.
For more detailed information about the Server Configuration Console and Routing, read the E-mail Filter
Administrator’s Guide.
60

SurfControl E-mail Filter Installation Guide

Transcription

Similar documents

vortronic

FleetValue ™ Oil Filters

Floran Filter Fit

Greater Cincinnati Water Works Filter Distribution

Filtration units tailored to your needs

Extend Lube Filter life and reduce operating cost

PREPERATION AREAS

SEMView – An 8K SEM Image Control System

HYDROCYCLE AQUAPONICS SYSTEMS PRODUCE