Antispam

Antivirus

Norman SandBox

Quick Install Guideversion 4.6

Limited WarrantyThe content of this manual is for informational use only and is subject to change without notice. Neither Norman nor anyone else who has been involved in the creation or production of this manual assumes any responsibility or liability for any errors or inaccuracies that may occur in this manual, nor for any loss of anticipated profit or benefits, resulting from the use of this manual.

This manual is protected by copyright laws and international treaties. Your right to copy this manual is limited by copyright law and the terms of your software license agreement. As the software licensee, you may make a reasonable number of copies or printouts, provided they are for your own use. Making unauthorized copies, adaptations, compilations or derivative works for any type of distribution is prohibited and constitutes a punishable violation of the law.

Any references to names of actual companies, products, people and/or data used in screenshots are fictitious and are in no way intended to represent any real individual, company, product, event and/or data unless otherwise noted.

Norman, Norman Email Protection, Norman Virus Control and NVC are trademarks of Norman® ASA.

Windows®, Windows® NT, Windows® 2000, Windows® Server 2003, IIS, Internet Information Server and Data Access Components are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Platypus, RODOPI, Emerald, EcoBuilder, Logisense and Worldgroup are trademarks of their respective owners. All other products or services mentioned in this document are identified by the trademarks or service marks of their respective companies or organizations. Portions of this software are based, in part, on ImageMagick, Copyright © 1999-2006, ImageMagick Studio LLC. This software is based on the Professional Internet Mail Services product licensed from the University of Edinburgh. Certain algorithms used in parts of this software are derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm.

Copyright © 1995-2008 Norman ASA.

Norman ASA, POBox 43, N-1324 Lysaker, Norway

For more information, contact your local Norman subsidiary, contact details found at www.norman.com/Partner/Subsidiaries_and_distributors/11229

September 2008

Copyright © 1990-2007 Norman ASA ii

Norman Email ProtectionQuick Install Guide

Table of Contents

Introduction ............................................................1About This Guide ........................................................ 1NEP Basics ................................................................ 2

Administration Console ............................................. 2Override Functionality ............................................... 2

Online Help and Support ........................................... 3Knowledge Base ...................................................... 3

Before You Begin ..................................................4System Requirements ................................................ 4Third-Party Anti-Virus Software .................................. 4Database Formats ...................................................... 5

About Databases ..................................................... 5License Key ................................................................ 6On Your Server ........................................................... 6

NEP Installation .....................................................8Download Your Installation File .................................. 8Installing NEP ............................................................. 8

Basic Installation ...................................................... 8Deployment Strategy 1 ............................................. 8Deployment Strategy 2 ............................................. 9Destination Folders .................................................. 9

Deployment Strategies........................................10Default Configuration ............................................... 10Folder Permissions ................................................... 10Deployment Strategy 1 ............................................. 10Deployment Strategy 2 ..............................................11

Verify the Web Configuration ....................................11

Route Configuration ............................................13Creating Routes ....................................................... 13

Using Multiple Routes ............................................. 13Testing Connections ............................................... 14WebQuarantine Setup ............................................ 14

Administration Console ......................................16Administration Overview ........................................... 16Threats Overview ..................................................... 16Configuration Overview ............................................ 17

Spam Best Practices ...........................................18Security – Properties – Real-Time Blacklists ............ 18Security – Properties – Connection Limits ............... 19Security – Properties – Trusted Address List ........... 19Security – Properties – SMTP Security .................... 19Security – Properties – Block Scan Attack ............... 19Security – Properties – Sender Reputation .............. 20Spam – Preferences – Options ................................ 20Spam – Preferences – SURBL (Spam Links) ........... 20

Copyright © 1990-2007 Norman ASA iii

Norman Email ProtectionQuick Install Guide Table of Contents

1Copyright © 1990-2007 Norman ASA

Norman Email ProtectionQuick Install Guide Introduction > About This Guide

IntroductionNorman Email Protection (NEP) is a comprehensive secure email gateway,designed to fit seamlessly with existing email servers. Its flexible design provides the email assurance capabilities necessary to meet today’s threats as well as the essential flexibility and scalability to meet tomorrow’s.

About This GuideNEP can be implemented as an Internet mail server on Windows 2000 Server and Windows Server 2003. Users access their mail using POP3 and IMAP4 messaging standards. Domains, mailboxes and mailing lists are easy to create and are enhanced by powerful database integration. The integrated mail and web components are managed through the simplified user interface.

This guide provides the basic instructions required to quickly get you up and running. For complete details about all of the features available in NEP, please consult the NEP Administration Guide.

NEP Processes

2Copyright © 1990-2007 Norman ASA

Norman Email ProtectionQuick Install Guide Introduction > NEP Basics

NEP Basics

Administration ConsoleThe NEP Administration Console was designed for maximum flexibility to monitor day-to-day opera-tions and perform system configuration. More information can be found in the Administration Console section of this guide.

Administration Console, NEP ASV

Override FunctionalityFor optimal flexibility, several NEP settings can be configured at three different levels: system-wide, per domain or per user. Referred to as preferences, these settings can be overridden at the domain and user-levels.

Server Level ●

Changes affect all domains and users on the server ◦

Configuration changes made at the server-level are propagated to all domains and users ◦

If no override permissions are granted (using Forced Scanning), changes to the configura- ◦tion at the domain and user levels cannot be made

Domain Level ●

Changes affect all users on a particular domain ◦

Configuring at the domain-level will override the server settings ifpermission to override was ◦granted

Configuration changes made at the domain-level are propagated to all users ◦

User Level ●

Changes affect individual users ◦

Configuring at the user-level will override the server and domain settings if permission to ◦override was granted

Toolbar

Administration Configuration Window Window

Results Window

3Copyright © 1990-2007 Norman ASA

Norman Email ProtectionQuick Install Guide Introduction > Online Help and Support

Delegation in NEP

InfoThese overrides do not apply to an unlimited license as the Domain and User panels in the Administration Console are unavailable with unlimited licenses.

Online Help and Support The NEP Administration Guide is accessible, at all times, from the Console by clicking on Help – Contents or by pressing F1. Acrobat Reader must be installed on the computer to read the guide. To download Acrobat Reader, go to http://www.adobe.com/products/acrobat/readstep2.html.

If the information you are looking for is not in the guide or should you have a question about a particu-lar feature, you may send a report to Norman Support:

Click on Help – Support ●

Enter the required information ●

Click on Send Report ●

An email is automatically forwarded to Customer Support ◦

Customer Support Form

Knowledge BaseFor additional information, you can consult Norman’s Knowledge Base by going to http://www.norman.com/Support/Knowledge_bases/en. In addition to the most recent versions of all NEP documents, the Knowledge Base also includes known issues and configuration information.

4Copyright © 1990-2007 Norman ASA

Norman Email ProtectionQuick Install Guide Before You Begin > System Requirements

Before You Begin For optimal performance, certain hardware and software criteria must be met prior to installing NEP. This chapter discusses these requirements.

System RequirementsSystem requirements vary depending on the number of mailboxes and traffic on the system. These minimum requirements will serve 500 mailboxes with basic traffic of 6 messages per second.

Windows® 2000 or 2003 Server with the most recent Service Packs ●

Windows ® 2003 Web Edition is not supported ◦

2.13 GHz Dual Core with 1024Mb RAM ●

40 GB IDE or SATA, 7200 RPM HD (mirrored is recommended) ●

100 Mbit ethernet connection ●

1024x768 screen resolution (Administration Console requires this) ●

NTFS file system with Indexing disabled ●

MDAC 2.8 SP1 ●

DNS servers accessible through the server ●

IIS 5.0 or higher ●

.NET Framework v2.0 ●

Internet Explorer 5.5 and later, Safari (Mac OS X), Opera 8, Firefox 1.0 and later or Netscape ●7.1

WebMonitor can only operate with Internet Explorer 6 and later with Adobe SVG Viewer ◦

WebAdmin can only operate with Internet Explorer 6 and later ◦

Adobe ® Acrobat Reader 7.0 or higher ●

InfoPerformance varies greatly, depending on the volume of mail transactions your mail server performs. Advanced features, such as spam and sieve scripts, may affect system performance. If you experi-ence poor performance, consider disabling these features until you can upgrade your hardware.

Two critical performance issues for your system are the available RAM on your server and the speed with which data is written to the hard drives

Third-Party Anti-Virus SoftwareIf you are running an anti-virus program on the server where NEP will be installed, you must exclude directories from scanning to ensure that mail processing is not interrupted.

The following directories must be excluded in the third-party AV package:

C:\winnt\temp (verify your system settings to ensure this is the correct path) ●

…\Norman Email Protection\spool ●

…\Norman Email Protection\mailbox\@quarantine ●

Please visit www.norman.com for further information and support.

5Copyright © 1990-2007 Norman ASA

Norman Email ProtectionQuick Install Guide Before You Begin > Database Formats

Database FormatsThe following table provides the recommended database format for NEP:

Database MS SQL Server 2000+ & Express

PostgreSQL 8.0

MS Access & MSDE

Quarantine x x xMonitoring ‡ xAudit x xSieve x x x

Microsoft™ Access and MSDE have a size limitation of 2GB which is acceptable in small envi- ●ronments but not large ones

SQL Server Express has a size limitation of 4GB and is acceptable in medium-sized environ- ●ments

The reporting feature has been designed to store approximately one year of data. For ◦deployments with high traffic, NEP will purge old data from the database to ensure that the size does not approach the 4GB limit.

MySQL can be used for the Quarantine database but is not recommended ●

‡ Note: Small to medium deployments should have at least 15 GB of free hard drive space for the monitoring database. Large deployments should have at least 40 GB.

About DatabasesNEP requires databases for several of its features. Ensure that you have a database manage-ment system installed. If you do not have a system installed, the NEP installation process includes Microsoft® SQL Server Express with advanced services (full text indexing is required for the greylist-ing feature).

Database Panel

NoteThe NEP installer will attempt to create a default database in Access but it is recommended that you select another format. Note that greylisting uses this default database but will not work with Access. It is important that the default database is configured for Microsoft® SQL Server or SQL Server Express to take advantage of greylisting. If you use SQL Server Express, it must be installed with Full Text Indexing.

6Copyright © 1990-2007 Norman ASA

Norman Email ProtectionQuick Install Guide Before You Begin > License Key

License KeyBefore you can proceed with the NEP installation, ensure that you have your license key. Without it, you cannot install the software. Please contact your Sales Representative if you do not have your license key.

NotePort 443 must be open to receive v6 key license updates. See section ‘Outbound Ports’.

On Your ServerBefore installing NEP on your server, ensure that the following are properly configured to prevent installation and operational problems:

Log into your server as Administrator ●

The server must have a static IP address ●

Right-click on My Network Places and select Properties ◦

Right-click your LAN and select Properties ◦

Select Internet Protocol (TCP/IP) and click on Properties ◦

Select Use the following IP address and enter your static IP address ◦

Install Internet Information Services (IIS) Manager ●

Go to Add/Remove Programs and select Add/Remove Windows Components ◦

Select Application Server and click on Details ◦

Select Internet Information Services IIS and click on OK ◦

Install .NET Framework 2.0 ●

Go to Add/Remove Programs and select Add/Remove Windows Components ◦

Select Application Server and click on Details ◦

Select ASP.NET and click on OK ◦

Please consult the Microsoft® website for system requirements before proceeding ◦

Since Microsoft’s built-in SMTP service uses Port 25, it must either be disabled or set to ●manual:

Go to Administrative Tools - Services ◦

Double-click on Simplified Mail Transport Services ◦

At Startup Type, select Manual or Disabled ◦

Reboot the server ●

Outbound PortsThe following outbound ports must be opened to allow for automatic spam, virus and v6 key license updates:

Port 80 for HTTP ●

Port 443 for HTTPS ●

7Copyright © 1990-2007 Norman ASA

Norman Email ProtectionQuick Install Guide NEP Installation > On Your Server

ODBC DriversODBC drivers are required for the filtering and quarantine functions, as well as all database related functions.

NoteThe SQL Native ODBC driver is not supported.

Microsoft Internet Information Server (IIS)NEP has three web applications that can be used via the internet: WebQuarantine, for users to man-age their quarantined mail; WebAdmin, which allows administrators to perform administrative tasks and WebMonitor, which allows administrators to view server activity statistics. Microsoft IIS version 5.5 or later must be installed. This applies to Windows Server 2003.

From Administrative Tools, go to Internet Information Services (IIS) Manager ●

Select Web Service Extensions ●

Set the following to Allowed: ●

Active Server Pages ◦

ASP .NET v2.0 ◦

Server Side Includes ◦

NoteIIS must be installed before WebAdmin and/or WebQuarantine; otherwise, you will not be able to install these components.

8Copyright © 1990-2007 Norman ASA

Norman Email ProtectionQuick Install Guide NEP Installation > Download Your Installation File

NEP InstallationThe NEP installation process is quick and straightforward. This section discusses installation basics, including how to obtain the NEP installation package.

Download Your Installation FileFor a copy of the latest NEP installation file, do the following:

Go to http://www.norman.com/Download/Full_versions/nep ●

Please have your license key available before proceeding. ◦

Download the setup file corresponding to your NEP version: ●

AS equals the Antispam version ◦

ASV equals the Antispam & Antivirus version ◦

Click on Download to save a copy of the installation file on your server. ●

Installing NEPOnce you have saved your NEP installation file, double-click on it to begin the installation process. Accept the license agreement and validate your license key.

Basic InstallationThe components you select for installation will depend on the deployment strategy you choose to use.

NEP Components

Deployment Strategy 1Mail Component

Server and Administration Console: installs the basic NEP program and the configuration con- ●sole

Web ComponentInstalls the WebQuarantine, WebAdmin and WebMonitor programs ●

Both components must be installed together, on the same machine ●

9Copyright © 1990-2007 Norman ASA

Norman Email ProtectionQuick Install Guide Deployment Strategies > Installing NEP

InfoFor more information about the Web components, please consult Appendix A: Web Applications in the NEP Administration Guide.

Deployment Strategy 2Mail Component on Server 1

Server and Administration Console: installs the basic NEP program and the configuration con- ●sole

Web Components on Server 2If you do not select this option during the initial installation, it can be installed at a later time, on ●a separate server

InfoIt is recommended that you use the automatic configuration for the Web components. Should you choose to install them manually, please refer to the Installing NEP section of the NEP Administration Guide for complete instructions.

Destination FoldersSelect the location for your NEP program files.

Destination Folder for the Mail ComponentKeep the default location (C:\Program Files\Norman\Norman Email Protection) or specify your ●own

Destination Folder for the Web ComponentKeep the default location (C:\Program Files\Norman\Norman Email Protection\Web) or specify ●your own

InfoEnvironment Variables

Ensure that the system PATH variable is listed:

Go to Control Panel > System ●

From the Advanced tab, click on Environment Variables ◦

Under System Variables, select Path and click on Edit ◦

Locate ...\Program Files\Norman\Norman Email Protection\ ◦If this value is not present, enter it. Be careful not to delete any other entries.

10Copyright © 1990-2007 Norman ASA

Norman Email ProtectionQuick Install Guide Deployment Strategies > Default Configuration

Deployment StrategiesThis section discusses the two deployment strategies for NEP. One strategy has the Mail and Web components of NEP on the same server while the other has the two components on separate servers.

Default Configuration The following default (out-of-the-box) NEP parameters will automatically be configured:

Creating Domains and UsersIf, during the installation process, you opted to create mailboxes automatically, the domains ●and users will be populated in the Administration Console

Folder PermissionsModify permissions should be given to the local machine’s IUSR, ASPNET and Network Service accounts on the root Web folder (...\Norman\Web). Replace permission entries on all child objects. For complete details, consult the Websection of the NEP Administration Guide.

Deployment Strategy 1This installation strategy assumes that you are installing NEP on the same subnet as your mail server.

Single Server Configuration

Proceed with the following:

Ensure that the Web server has the necessary prerequisites configured before installing NEP ●

See section ‘On Your Server’ for more information ◦

Ensure that the following ports are open on your firewall: ● Ports Purpose 25 and 587 SMTPRS 80, 31804, 31805 Web components

Install NEP ●

Create your route(s) using the Route Wizard or through the Administration Console ●

If you selected to automatically create mailboxes, your users will be added to the Console ●when mail is sent to them

NoteFor network configurations other than the one suggested here, please consult the Appendix ‘Deployment with Microsoft® Exchange Server’ in the NEP Administration Guide.

11Copyright © 1990-2007 Norman ASA

Norman Email ProtectionQuick Install Guide Deployment Strategies > Deployment Strategy 2

Deployment Strategy 2This installation scenario assumes that you have a dedicated computer for your mail server and that the Web components will be installed on a separate Web server. Note that the WebQuarantine Connections in the System Activity panel of WebMonitor will not be available.

Dual Server Configuration

Proceed with the following:

Ensure that the computer has the necessary pre-requisites installed before installing NEP ●

See section ‘On Your Server’ for more information ◦

Ensure that the following ports are open on your firewall: ● Ports Purpose 25 and 587 SMTPRS 80, 31804, 31805 Web components

Configure your domain and user authentication options ●

Install NEP Web components on your Web server ●

Edit your web.config and WebMailSvr.ini files to point to your NEP server ●

Verify the Web ConfigurationAfter the components have been installed, you must manually set some preferences before using the Web components. Communication between the programs will occur as long as the web.config and the WebMailSvr.ini files are both properly configured.

WebQuarantineIn Windows Explorer, go to the ...\Norman\Norman Email Protection\Web\Quarantine directory. Locate the WebMailSvr.ini file and edit it in Notepad.

Host IP Address Locate host=xxx.xxx.x.xxx and enter the IP address of the Web server ●

SMTP Server Addresses Locate: smtpServer=xxx.x.x.x ●

Change the SMTP server’s address to point to the NEP server’s IP address ●

The POP3 and IMAP addresses will default the local host address and you must leave them as ●is (even though POP3 and IMAP are not used by NEP)

Default Domain NameThis must match the name you plan to use as your default mail domain ●

Go to DomainName=machine_name.mydomain.com and change it to match the primary ●domain in the NEP Console

12Copyright © 1990-2007 Norman ASA

Norman Email ProtectionQuick Install Guide Route Configuration > Deployment Strategy 2

NoteIf in doubt about what to enter for the URL, locate the WebAdmin site in IIS. Right-click on the site name and select Browse. Copy and paste this URL address to the WebMailSvr.inifile. The path must end with a forward slash ( / ).

WebMonitor

Before using WebMonitor, open Windows Explorer and go to the ...\Norman\Norman Email Protection\Web\WebMonitor directory. Locate the custom.config file and edit it in Notepad.

Locate: ●<!-- Servers to monitor, delimited with comma, first server is the default --> <add key=”Servers” value=”localhost”></add>

Replace localhost with the IP address of the NEP server ◦

WebAdmin

Before using WebAdmin, open Windows Explorer go to the ...\Norman\Norman Email Protection\Web\WebAdmin\Root directory. Locate the Web.config file and edit it in Notepad.

Look for the line: ●

<add key=”Site” value=”” /> ◦

Enter enter the NEP server’s IP address between the two quotation marks (“ “) ◦

WebAdmin URL

The WebAdmin URL will depend on your setup:

If you had selected the default installation, a virtual directory, called WebAdmin, is created in ●the Default Web Site setting in IIS. Leave the default path, /WebAdmin/, as the URL

If you had selected another site during the installation or created it manually, enter the com- ●plete URL for the program:

e.g. http://www.mywebsite.com/webadmin/ ◦

e.g. http://[IP of the Web server]/webadmin/ ◦

InfoNote the following for this strategy:

The WEBMAILSVR service cannot be started from the NEP Administration Console ●

The Web settings in the Console are not accessible ●

NoteRestart the WEBMAILSVR and IIS services after making the above changes.

13Copyright © 1990-2007 Norman ASA

Norman Email ProtectionQuick Install Guide Route Configuration > Creating Routes

Route ConfigurationA static route must be established, for each domain, between NEP and your mail server before you can take advantage of the various features of NEP.

Creating RoutesRoutes can be created using the Route Wizard during installation or manually from the Connection panel. The Route Wizard is also available from the main panel.

From the Console, click on Add Domain ●

There are two options available to create a route: manually or the Route Wizard ●

Click on Switch to Manual or Switch to Wizard to make your selection ●

Manually creating a route: ●

Enter the Domain Mask (e.g. domain.com) ◦

Select Route for Incoming Mail (Internal Domain) or Route for Outgoing Mail (External ◦Domain)

Click OK ◦

Once the domain has been added to the Results window, select it and click on Add Route ◦

Enter the Host name or IP of the mail server and define the Port(usually 25) ◦

In the General tab view, the following information will be propagated: ◦

Route Configuration

InfoFor complete information, please consult the ‘Connections’ section of the NEP Administration Guide.

Using Multiple RoutesNEP supports multiple routes. The order in which the routes are displayed represents the order in which they are used. If the primary route fails to answer, the next route on the list is used. The pro-cess continues until all routes have been used.

Click on Up or Down to change the priority of the routes.

14Copyright © 1990-2007 Norman ASA

Norman Email ProtectionQuick Install Guide Route Configuration > Creating Routes

Testing ConnectionsAfter configuring a domain and route, perform a telnet test to confirm that the connection works. The following explains how to send an email to an end-user using the HELO command:

On the NEP server, go to a Command Prompt (Start – Run, type cmd <enter>) ●

At the command prompt, type telnet xxx.xxx.xxx.x 25 <enter>, where xxx = the NEP IP address ●

Type helo x <enter> ●

Type mail from: xxx@xxx.com <enter>, where xxx = a legitimate sender’s email address ●

Type rcpt to: yyy@yourdomain.com <enter>, where yyy = an email address on your domain ●

Type data <enter> ●

Type subject: this is a test <enter> ●

Type from: xxx@@xxx.com <enter>, where xxx = the same email address previously entered ●

Type to: yyy@yourdomain.com <enter>, where yyy = the same email address previously ●entered

Type testing 1 2 3 <enter> ●

Type . <enter> ●

Type quit <enter> ●

WebQuarantine SetupIf Automatic Setup was chosen during the Web Components portion of the installation (or if the Web Components were installed separately), the WebQuarantine application is one of three virtual sites created in IIS under the Default Web Site, along with WebAdmin and WebMonitor.

WebQuarantine User AuthenticationIn order for users to be able to log into the WebQuarantine application, they must be authenticated against the mail server or authentication server (such as LDAP or Active Directories) to ensure that a valid email account exists on the system.

Testing WebQuarantineUse the following to test if an account can successfully access WebQuarantine:

Open a browser (e.g. Internet Explorer) ●

In the Address field, type http://localhost/quarantine <enter>, where localhost = the server’s IP ●address

Login using the full email address ●

orGo to the Internet Information Services (IIS) Manager ●

Find the WebQuarantine site ●

Right-click and select Browse ●

Login using the full email address ●

If you are unable to log in, ensure that the connection information in the configuration files is correct.

15Copyright © 1990-2007 Norman ASA

Norman Email ProtectionQuick Install Guide Administration Console > Creating Routes

MX Records and PropagationIf NEP is located in front of a firewall (in the DMZ), the DNS server must be configured to direct all incoming SMTP mail to NEP. NEP sends legitimate mail to the mail server through the firewall.

On your DNS server:

Create a mail exchange (MX) record that maps your mail domain to the NEP server ●

Give it a lower preference number than the mail server ◦

E.g. if the mail server’s MX has a preference of 10, give NEP a preference of 5 (the lower ◦the number, the higher the priority)

Create an A or Host record that maps the new NEP MX to the NEP server’s IP address ●

Open port 25 on your firewall so that NEP and the mail server can communicate ●

If using LDAP for Microsoft Exchange 2000/2003, open port 389 or port 3268 if using the ●Global Catalog

If using Microsoft® Exchange 5.5, open port 389 for an LDAP connection ●

Open port 25 if using an SMTP or SMTP_VRFY connection ◦

NoteSince new MX records can take anywhere from 12 to 48 hours to propagate, only remove the mail server’s MX after NEP’s MX has been propagated. Do this to hide your server from public view.

16Copyright © 1990-2007 Norman ASA

Norman Email ProtectionQuick Install Guide Administration Console > Administration Overview

Administration ConsoleAll of NEP’s powerful security features are configured through the Administration Console. Designed for maximum flexibility the Console is easy to use and intuitively designed.

Administration OverviewThis section covers the day-to-day administration features of NEP.

There are four sections in the Administration Console which are used for administrative purposes:

FindSearch for users on your system ●

Useful for searching through multiple domains or a large user list ●

Search the quarantine (NEP AS, AV and ASV versions) ●

DomainsSet the domain-level parameters ●

Add, modify and remove domains ●

Set domain-level properties for the various scanning options ●

UsersSet user-specific parameters such as scanning options, reporting and language filtering ●

Add, modify and remove the users ●

Threats OverviewSecurity is an important concern for any business. You can rely on NEP to provide you with superior technology to address all of your security concerns.

The following panels of the NEP Administration Console are covered in this section:

SecuritySet server-level restrictions such as Blocked and Trusted senders, DKIM and Reverse DNS ●

Virus (NEP ASV only)Set virus scanning options ●

Configure the virus engine auto-update ●

PhishingSet phishing scanning options ●

The functionality of the phishing feature mimics that of spam so its auto-cleanup and perfor- ●mance (caching) settings are configured in the Spam tab

SpamSet spam scanning options ●

Set the system Blocked and Trusted lists and SURBL lists ●

17Copyright © 1990-2007 Norman ASA

Norman Email ProtectionQuick Install Guide Spam Best Practices > Configuration Overview

Forbidden Attachments (F.A.)Set Forbidden Attachment settings ●

Add and modify attachment types ●

RulesSet custom policies (sieve scripts) and foreign language filtering ●

Configuration OverviewNEP provides superior control over the configuration of your server. This section details the system-wide preferences available in NEP.

The following panels of the NEP Administration Console are covered in this section:

SystemSet all of the system-wide settings such as delivery schedules, license key information and the ●message audit log

ConnectionCreate and configure static routes between NEP and your mail server for each domain ●

WebConfigure the WebAdmin and WebQuarantine components ●

Assign Web application privileges ●

LogsConfigure what will be logged and where the logs will be located ●

18Copyright © 1990-2007 Norman ASA

Norman Email ProtectionQuick Install Guide Spam Best Practices > Security – Properties – Real-Time Blacklists

Spam Best PracticesThis section provides the most effective NEP configuration options to lessen the amount of spam that enters your system.

Security – Properties – Real-Time BlacklistsThis feature allows you to connect to a Real-Time Blacklist (RBL) to verify if mail senders are black-listed.

Enable Perform a lookup for the SMTP host in the Real-Time Blacklist ●

Click on RBL Servers and enter the following: ●

See below for a list of the most commonly used RBLs, according to their level of aggression ◦

Ensure that Reject connection immediately if the host is blacklisted is not enabled ●

Enable Perform RBL check after mailbox authentication ●

Set the Cache values to 600 (lookup results) and 60 (minutes) ●

Click on IP Exclusion and enter the IP addresses for all of your IP blocks ●

E.g. 10.10.10.0/24, 10.10.20.0/20, 10.10.30.25, etc. ◦

Click on Apply ●

Note: combined.njabl.org blocks dynamic IP ranges used by ISPs ●

If you are an ISP and this occurs, make sure that your users are using SMTP_AUTH to ◦relay mail or they may be blacklisted

Least Aggressive RBLs

sbl.spamhaus.org: known spam sources only

dnsbl.njabl.org: known spam sources only

cbl.abuseat.org: composite block list

Moderately Aggressive RBLs

zen.spamhaus.org*: known spam sources, open proxies and dynamic ranges

dul.dnsbl.sorbs.net: dynamic ranges

* includes sbl, xbl + pbl

Very Aggressive RBLs

combined.njabl.org: known spam sources and dynamic ranges

dnsbl.sorbs.net: all sorbs zones

dhcp.tqmcube.com: dynamic ranges

spam.tqmcube.com: known spam sources

Extremely Aggressive RBLs

dnsbl.tqmcube.com: all tqmcubed zones

19Copyright © 1990-2007 Norman ASA

Norman Email ProtectionQuick Install Guide Spam Best Practices > Security – Properties – Connection Limits

CautionUsing the Perform RBL Check after mailbox authentication function keeps the connection open longer

If you are not an ISP/xSP or you do not have dynamic IP range provisioning for your users, it ●may be better to reject the connection immediately

Security – Properties – Connection LimitsUnder SMTP Connection Limits, at Maximum simultaneous connection rate allowed for the ●same IP, enter 10

Click on Apply ●

Security – Properties – Trusted Address ListUnder SMTP Security Trusted Address, click on IP Address ●

Enter the enter the IP addresses for all of your IP blocks ●

E.g. 10.10.10.0/24, 10.10.20.0/20, 10.10.30.25, etc. ◦

Click on Apply ◦

Security – Properties – SMTP SecurityCheck Enable SMTP Authentication ●

Enable the following: ●

Force usage of fully qualified addresses in SMTP commands ◦

Reject malformed addresses ◦

Validate sender addresses ◦

Set the Cache Size to 600 entries•

Set Keep in cache for 20 minutes•

Click on Apply ●

Security – Properties – Block Scan AttackEnsure that Enable Scan Attack Blocking is checked ●

Click on Slowdown the IP Connections ●

Disable Force a slowdown on IP connections and click on Close ●

Click on Block IP Addresses ●

Block IP for 60 minutes ●

Check After the number of invalid recipients reaches and set the value to 3 ●

Click on Close ●

Set the Cache values to 600 (lookup results) and 60 (minutes) ●

Click on Apply ●

20Copyright © 1990-2007 Norman ASA

Norman Email ProtectionQuick Install Guide Spam Best Practices > Security – Properties – Sender Reputation

Security – Properties – Sender ReputationEnable SPF Support ●

Click on Apply ●

An SPF record is not required for this feature ●

Optionally, you could enable Perform a look up for the SMTP host in DNS ●

This is a reverse DNS lookup on the IP address of the sending server to check if it has a ◦reverse PTR record

Historically, enabling this option caused more false-positives because many legitimate mail ◦servers did not have reverse zones. However, as spam increases, more companies are turning this feature on, despite the risk.

Most spam originates from IP addresses that are used for dynamic IP allocation which ◦do not have a reverse PTR record (i.e. DSL or cable modem users with infected zombie machines)

Enabling this can be risky but will alleviate spam problems considerably – use with caution ◦

Spam – Preferences – OptionsSet the Spam Scanning Level to Extreme ●

Click on Apply ●

Spam – Preferences – SURBL (Spam Links)Check Enable SURBL ●

Under SURBL Servers, click on multi.surbl.org to highlight it ●

Click on Enable ●

Click on Apply ●

NoteYou must restart the SMTPRS and MODUSCAN services after making any of the above changes. Go to System - Properties - Services to do so.

Norman ASA is a world leading company within the field of data security, internet protection and analysis tools. Through its SandBox technology Norman offers a unique and pro active protection unlike any other competitor. While focusing on its proactive antivirus technology, the company has formed alliances which enable Norman to offer a complete range of data security services.

Norman was established in 1984 and is headquartered in Norway with continental Europe, UK and US as its main markets.

Copyright © 1990-2007 Norman ASA

SpainNorman Data Defense SystemsCamino Cerro de los Gamos 1, Edif.1E - 28224 Pozuelo de Alarcón MADRIDTel: +34 91 790 11 31Fax: +34 91 790 11 12Email: norman@normandata.es Web: www.normandata.es

SwedenNorman Data Defense Systems ABKorsgatan 2, 602 33 NorrköpingTel: +46 11 230 330Fax: +46 11 230 349Email: sales.se@norman.no Web: www.norman.com/se

SwitzerlandNorman Data Defense Systems AGMünchensteinerstrasse 43, CH- 4052 BaselTel: +41 61 317 25 25Fax: +41 61 317 25 26Email: norman@norman.ch Web: www.norman.ch

United KingdomNorman Data Defense Systems (UK) LtdExchange House, 494 Midsummer BoulevardCentral Milton Keynes, MK9 2EATel: +44 08 707 448 044 / +44 01 908 255 990Fax: +44 08 701 202 901Email: norman@normanuk.com Web: www.normanuk.com

United StatesNorman Data Defense Systems Inc.9302 Lee Highway, Suite 950A, Fairfax, VA 22031Tel: +1 703 267 6109Fax: +1 703 934 6367Email: norman@norman.com Web: www.norman.com

DenmarkNorman Data Defense Systems ASBlangstedgårdsvej 1, DK-Odense SØTel: +45 63 11 05 08Fax: +45 63 13 39 01Email: normandk@normandk.com Web: www.norman.no/dk

FranceNorman France8 Rue de Berri, 75008 ParisTel: +33 1 42 99 94 14Fax: +33 1 42 99 95 01Email: info@norman.fr Web: www.norman.fr

GermanyNorman Data Defense Systems GmbHZentrale, Gladbecker Str. 3, 40472 DüsseldorfTel: +49 0211 5 86 99 0Fax: +49 0211 5 86 99 150Email: info@norman.de Web: www.norman.de

ItalyNorman Data Defense SystemsCentro Direzionale Lombardo, Via Roma, 10820060 Cassina de’Pecchi (MI)Tel: +39 02 951 58 952Fax: +39 02 951 38 270Email: info@normanit.com Web: www.normanit.com

NetherlandsNorman/SHARK BVPostbus 159, 2130 AD, HoofddorpTel: +31 23 789 02 22Fax: +31 23 561 31 65Email: support@norman.nl Web: www.norman.nl

NorwayNorman ASA(Headquarter / hovedkontor og salg Norge)Visit: Strandveien 37, LysakerPO Box 43, N-1324 LysakerTel: +47 67 10 97 00 Fax: +47 67 58 99 40E-mail: norman@norman.noWeb: www.norman.com/no

Norman offices