MSG2024 - Netscape Messaging Services Analysis - Oh - 1298

Course Introduction
Messaging Deployment Process

Migration
Migration&&
Analysis
Analysis&& Design
Design&& Operations
Coexistence
Coexistence Pilot Deployment Operations&&
Planning Development
Development Pilot Deployment Maintenance
Planning Planning Maintenance
Planning
Business Scalability
Businessand
and Scalability
Technical &&Fault
Technical Fault
Analysis Tolerance
Tolerance
Analysis
Secure
SecureYour
Your
Design Your
Design Your Messaging
Messaging
Topology
Topology System
System Netscape Messaging Services:
Analysis and Planning
Plan
PlanYour
Your Specify
Specify
Directory Message
Directory Message
Services Routing
Services Routing
Welcome
Netscape Messaging Services:
IfIfyou
youhave
havenot
notyet
yetdone
doneso,
so,
please
pleaseread
readthe
thecase
casestudy
study
ininAppendix
AppendixAAof ofthe
the
student
studentguide
guide. .
2
Course Audience
u Consultants, System engineers, and other

technical personnel responsible for designing
and implementing messaging services using
Netscape Messaging Server 4.x
u Bestsuited to those with minimal experience

deploying Netscape Messaging Server
3
Course Prerequisites
u Working familiarity with the operating system used

for labs
u Familiarity with Netscape Server products
u Successful completion of Netscape Learning’s
Directory Services: Analysis and Planning or
equivalent experience
4
What is a Messaging Service
POP/IMAP
Internet
SMTP
Messaging Communicator
LDAP POP/IMAP
Directory Messaging Text Communicator

Video
Sound
Graphics
Spreadsheet
5
How Do You Plan a Messaging Service?
Initial
InitialAnalysis
Analysis
High
HighLevel
LevelSolution
SolutionProposal
Proposal
Directory
Messaging
Messaging Publishing
Publishing ??
Services
Directory
Directory Messaging
Messaging Publishing
Publishing ??
Deployment
Deployment Deployment
Deployment
Process
Process Process
Process Process
Process Process
Process
6
Messaging Services Analysis and Planning
Migration
Migration&&
Analysis
Analysis&& Design
Design&& Operations
Coexistence
Planning
Businessand
and Scalability
Technical &&Fault
Technical Fault
Analysis Tolerance
Tolerance
Analysis
Secure
SecureYour
Your
Design Your
Messaging
Topology
Topology System
Plan
PlanYour
Your Specify
Specify
Directory Message
Directory Message
Services Routing
Services Routing
7
Course Objectives
u Design a messaging topology

u Design a directory service for messaging
u Design a routing topology
u Design a security strategy
u Design for scalability and fault tolerance
8
Course Schedule
Day 1 Day 2 Day 3

Intro Module 3 - Routing Module 5 -
Scalability & Fault
Module 1 – Topology Exercise – Routing Tolerance
Exercise - Topology
Lab 2 Lab 4
Lunch Lunch Lunch
Module 2 - Directory Module 4 - Security Open Lab
Exercise - Directory Exercise - Security
Lab 1 Lab 3
9
Exercise
u Reviewquiz on some of the key messaging

concepts and terminology
u Take five to ten minutes to complete the quiz
10
Design Your Topology
Migration
Migration&&
Analysis
Analysis&& Design
Design&& Operations
Coexistence
Planning
Businessand
and Scalability
Technical &&Fault
Technical Fault
Analysis Tolerance
Tolerance
Analysis
Secure
SecureYour
Your
Design Your
Messaging
Topology
Topology System
Plan
PlanYour
Your Specify
Specify
Directory Message
Directory Message
Services Routing
Services Routing
Module Objectives
Design and Document a Messaging Topology

u Identify messaging topology design goals
u Select a topology design strategy
u Describe a basic messaging topology
u Create an initial messaging topology
2
Messaging Design Goals
u Highly Available and Reliable (7x24)

u Fast
u Secure
u Scalable
u Easy to Manage
u Never Lose Messages
3
What is a Topology?
uA topology is a graphical representation of a

network’s physical or logical configuration
4
Select a Topology Strategy
u Central
t All messaging servers at one site
u Distributed
t Some or all the messaging servers at remote sites
5
Central Strategy
1000 1000
Chicago Paris
2500
FR
San FR 6000 T1 56K 100
Francisco
FR Atlanta Tokyo
56K
MS MS MS …n
6
Distributed Strategy
1000 1000
Chicago Paris
MS MS
2500 6000
San FR
FR 100
Francisco Atlanta T1
56K
FR
Tokyo
56K
MS
MS MS
MS
7
Reasons for Central or Distributed
u Business
t User Behavior
t Site Distribution and Mission Critical Sites
t Political Issues
u Technical
t Existing Infrastructure
t Support Personnel
u Financial
t Cost of Additional Hardware and Software
t Cost of Additional Support Personnel
8
Selecting Central or Distributed
Architecture Factors & Strategies
Factor Central Distributed
Business Messaging at remote sites not Messaging at remote sites is

Environment mission critical mission critical
Messages with large

User Behavior Small text messages
attachments
One site, or many sites with Large user populations at

Site Distribution
small user populations remote sites
IS Support No remote IS support Good remote IS support
Good bandwidth to remote Poor bandwidth to remote

Bandwidth
sites (ISDN or better) sites (56K or less)
9
Basic Messaging Topology
Internet
Mail Relay Internet
SMTP
Firewall
SMTP
Intranet
Mail Hub
DNS
SMTP LDAP
SMTP
Directory
Server
LDAP LDAP
Messaging Messaging
Server LDAP Server
POP3/IMAP4 POP3/IMAP4
Mail
Mail
Multiplexor
Multiplexor
POP3/IMAP4
SMTP
Clients
10
Basic Intranet Messaging Components
DNS
Directory
Server
LDAP LDAP
Messaging Messaging
Server Server
SMTP
POP3/IMAP4 SMTP SMTP POP3/IMAP4
Clients Clients
11
Internal Messages
DNS
Directory
2 Server
LDAP
Messaging Messaging
Server Server
SMTP
3
1 SMTP POP3/IMAP4 4
Clients Clients
12
Other Intranet Messaging Components
Intranet
Mail Hub
DNS
SMTP LDAP
SMTP
Directory
Server
Messaging Messaging
Server LDAP LDAP
Server
Mail
Multiplexor
POP3/IMAP4
SMTP
Clients
13
Internal Messages with MMP and Hub
Intranet
Mail Hub
3 DNS
SMTP LDAP 2
SMTP
Directory
Server
Messaging Messaging
Server LDAP LDAP
Server
Mail
4 Multiplexor
POP3/IMAP4
1 SMTP
Clients
14
Intranet Topology Decision Guidelines
u How many Messaging Servers?

t Number of users? Usage patterns? Server function?
u Directory Servers
t 1 dedicated server can support 3-5 messaging servers
u DNS
t Use DNS for IP address resolution, use LDAP for
intranet message routing
u Clients
t POP3 or IMAP4?
15
Intranet Topology Guidelines (Cont.)
u Use Mail Hub(s)?

t Need to offload servers from routing? Support
custom mailing lists?
u Use Mail Multiplexor(s)?

t Many clients to manage? Using many small message
store machines rather than a few large ones?
16
Internet Connectivity Components
Internet
Mail Relay Internet
SMTP
Firewall
SMTP
Intranet
Mail Hub
DNS
SMTP LDAP
SMTP
Directory
Server
Messaging Messaging
Server LDAP LDAP
Server
Mail
Multiplexor
POP3/IMAP4
SMTP
Clients
17
Incoming Messages
Internet
Mail Relay Internet
1 SMTP
Firewall
SMTP
Intranet
Mail Hub
3 DNS
SMTP LDAP 2
SMTP
Directory
Server
Messaging Messaging
Server LDAP LDAP
Server
Mail
4 Multiplexor
POP3/IMAP4
SMTP
Clients
18
Outgoing Messages
Internet
Mail Relay Internet
SMTP
Firewall
SMTP
Intranet
3
Mail Hub
DNS
SMTP 2 LDAP
SMTP
Directory
Server
Messaging Messaging
Server LDAP LDAP
Server
Mail
Multiplexor
POP3/IMAP4
1 SMTP
Clients
19
Other Internet Components
Internet
Mail Relay Internet
SMTP
Firewall
SMTP
SMTP
Inbound Outbound
Mail Hub Mail Hub
DNS
SMTP LDAP LDAP
SMTP
Directory
Server
Messaging Messaging
Server LDAP LDAP
Server
Mail
Multiplexor
POP3/IMAP4
SMTP
Clients
20
High Availability Messaging Topology
Internet
Internet Internet
Relay X Relay Y
SMTP SMTP
Firewall
Intranet Intranet Outbound Outbound

Mail Hub A Mail Hub B Mail Hub C Mail Hub D
SMTP
Messaging Messaging Messaging Messaging

Server Server Server Server
IMAP/POP, SMTP
Clients Clients Clients Clients
21
Internet Connectivity Decision
Guidelines
u Firewall
t Required component, best to limit SMTP traffic to
single sender (relay) and receiver (hub)
u Internet relay?
t Need to limit traffic sent through firewall? Hide IP
addresses and hostnames? Filter unwanted mail?
u Intranet hub (inbound)?

t Need to limit incoming traffic through firewall? Hide
hostnames? Filter unwanted mail?
22
Internet Connectivity Decision
Guidelines (Cont.)
u Mail hub (outbound)?
t Need address rewriting? Offload intranet servers
from routing and queuing mail sent to internet?
23
Other Topology Components
Internet
Mail Relay Internet
SMTP
Firewall
SMTP
SMTP
Inbound
Mail Hub
DNS
LDAP
Voice/Fax
SMTP
Paging SMTP Directory
Server
SMTP Messaging Messaging

Server LDAP LDAP
Gateway Server
Legacy
Server Mail
Multiplexor
POP3/IMAP4
SMTP
Clients
24
Create an Initial Messaging Topology
u Review your constraints

t Business
t Technical
t Financial
u Based on the constraints, choose a Central or

Distributed strategy
u Basedon your strategy, draw your initial
topology
25
Messaging Topology Diagram
Internet
Atlanta
Internet
Mail Relay
(irmail)
Firewall
Intranet
Chicago Mail Hub
(mhmail)
DNS
(dns)
Directory
Server
(atlds)
Messaging
Server
(atlantis)
Clients
26
Exercise 1: Design Your Topology
27
Exercise 1: Atlanta
Atlanta Internet
Internet
Mail Relay
(irmail)
SMTP
Firewall
Chicago
FR SMTP T1
Paris
Intranet
Mail Hub
(mhmail) 56K
San FR
LDAP Tokyo
Francisco Directory
DNS
SMTP (dns)
Server
(atlds)
SMTP
LDAP LDAP
SMTP Gateway Messaging Messaging
Legacy Exchange Server Server
(sleepy) (atlantis1) (atlantis2)
LDAP
Mail
Multiplexor
(bunny)
POP3/IMAP4
SMTP
Clients
28
Exercise 1: Chicago
Chicago
San FR FR
Atlanta
Francisco
LDAP
SMTP Directory SMTP

Server
(ordds)
LDAP
SMTP Gateway Messaging

SMTP
Legacy Exchange Server
(dopey) (chicagomsg)
POP3/IMAP4/SMTP
Clients
29
Exercise 1: San Francisco
San Francisco
Chicago FR FR
Atlanta
LDAP
SMTP Directory SMTP

Server
(sfods)
LDAP

SMTP
(sneezy) (sfmsg)
POP3/IMAP4/SMTP
Clients
30
Exercise 1: Paris
Paris
Atlanta T1 56K
Tokyo
LDAP
SMTP Directory SMTP

Server
(cdgds)
LDAP

SMTP
Legacy cc:Mail Server
(grumpy) (cdgmsg)
POP3/IMAP4/SMTP
Clients
31
Exercise 1: Tokyo
Tokyo
Atlanta 56K 56K

Paris
LDAP
Directory SMTP
Server
(nrtds)
LDAP
Messaging SMTP SMTP Gateway

SMTP
Server Legacy cc:Mail
(nrtmsg) (bashfull)
POP3/IMAP4/SMTP
Clients
32
Discussion
u What are the significant differences between

each group’s topology?
u What’s the best topology solution for the case
study?
33
Plan Your Directory Services
Migration
Migration&&
Analysis
Analysis&& Design
Design&& Operations
Coexistence
Planning
Businessand
and Scalability
Technical &&Fault
Technical Fault
Analysis Tolerance
Tolerance
Analysis
Secure
SecureYour
Your
Design Your
Messaging
Topology
Topology System
Plan
PlanYour
Your Specify
Specify
Directory Message
Directory Message
Services Routing
Services Routing
1
Module Objectives
u Identify Messaging needs for Directory services

u Plan the directory tree
u Plan the security policies
u Plan replication
2
Specific Messaging Needs for
Directory Services
What do we need to complete the DSAP process for
Messaging?
u Understand how the Messaging Server uses the
Directory Server
u Define Messaging Specific Access Control Rules
for the Directory Tree
u Determine the needs for additional Directory
Servers dedicated to Messaging
u ReviewMessaging Deployment
Recommendations
3
Identify Applications for Directory
Services
Directory
Applications LDAP
Directory
Service
Messaging Server
Communicator
Address Book
Netscape dB
Console
Directory Server
Gateway
4
Using Netscape Messaging Server
The Messaging Server uses the Directory Server to:

u Map addresses
u Route messages
u Store and retrieve server configuration files
u Authenticate users
5
Mapping Addresses - Schema &
Attributes
Object Class Attribute
mailRecipient objectclass
cn
mail
mailAlternateAddress
mailQuota
mailgroup objectclass
cn
mail
mgrpAllowedBroadcasters
mgrpDeliverTo
6
Routing Messages - Schema &
Attributes
Object Class Attribute

mailRecipient objectclass
mail
mailHost
mailRoutingAddress
mailgroup objectclass
mail
mailHost
mailRoutingAddress
7
Configuration Information - Schema &
Attributes
/<server-root>/slapd-airius/config/ns-schema.conf
include files
ns-schema.conf
ns-schema.conf ns-admin-schema.conf
ns-admin-schema.conf
ns-common-schema.conf
ns-common-schema.conf
ns-mail-schema.conf
ns-mail-schema.conf
ns-msg-schema.conf
ns-msg-schema.conf
ns-mlm-schema.conf
ns-mlm-schema.conf
8
Authenticate Users - Schema &
Attributes
Directory Server Schema General User Access Special User/Group Access Groups
Help HR
Object Class Attribute Anonymous Authenticated Dir Admin Desk Managers
Person Object Classes
person (top) sn s,r,c w
cn s,r,c w
userPassword w w
organizationalPerson
(person) destinationIndicator
inetOrgPerson
(organizationalPerson) mail s,r,c w
uid s,r,c w w
userSMimeCertificate;binary
Messaging Server Object Classes
mailRecipient objectClass
mail
mailAlternateAddress
mailHost
mailRoutingAddress
mailGroup objectClass
mgrpAddHeader
mgrpAllowedBroadcaster
mgrpAllowedDomain
mgrpApprovedPassword
mgrpBroadcasterPolicy
mgrpDeliverTo
mgrpErrorsTo
mgrpModerator
mgrpMsgMaxSize 9
mgrpMsgRejectAction
Creating Mail Account
10
Plan Your Directory Tree
Add Server Select a suffix 1

5
entries
b1 2 Select branch points
b2
Select unique relative
distinguished names 4
dn: attribute=value, b2,

objectclass: value
b1, suffix
objectclass: value
attribute: value
objectclass: value attribute: value
objectclass: value 3
attribute: value Create sample entries
attribute: value
11
Postmaster Account
ou=Special Groups dn:
dn:cn=Postmaster,
cn=Postmaster,ou=Special
ou=SpecialGroups,
Groups,o=Airius.com
o=Airius.com
cn=Postmaster objectclass:
objectclass:top
top
objectclass:
objectclass:groupOfUniqueNames
groupOfUniqueNames
objectclass:
objectclass:mailGroup
mailGroup
objectclass:
objectclass:mailGroupManagement
mailGroupManagement
cn:
cn:Postmaster
Postmaster
mail:
mail:postmaster@airius.com
postmaster@airius.com
mailAlternateAddress:
mailAlternateAddress:postmaster@ms1.airius.com
postmaster@ms1.airius.com
mgrprfc822mailmember:
mgrprfc822mailmember:airiusda@airius.com
airiusda@airius.com
description:
description:mail
mailgroup
groupfor
forall
allpostmaster
postmastermail
mailrecipients
recipients
ms1.airius.com ms2.airius.com ms3.airius.com
filter=“(&(|(objectclass=mailrecipient)(objectclass=mailgroup))(|(mail=postmaster@ms1.airius.com)
(mailalternateaddress=postmaster@ms1.airius.com)))”
12
Define Access Control Rules
Define and create access control rules for your

directory tree
u Define
general user access control rules for
anonymous and authenticated users
u Defineaccess control rules for administrators
and special users and/or groups
u Create Access Control Information (ACI)
statements
13
Define General User Access
Directory Applications Directory Server Schema General User Access

Address AirChoc
Object Class Attribute Anonymous Authenticated
Book Phone Book
Person Object Classes
Last Name person (top) sn s,r,c
Name Full Name cn s,r,c
Description description s,r,c w
See Also seeAlso s,r,c w
Phone
Number Phone telephoneNumber s,r,c
userPassword
facsimileTelephoneN
Fax umber s,r,c w
14
Define Access for Administrators and
Special Users/Groups
Directory Applications Directory Server Schema Special User/Group Access Groups

Address AirChoc
Object Class Attribute Dir Admin Help Desk HR Managers
Book Phone Book
Person Object Classe s
Last Name person (top) sn w
Name Full Name cn w
Description description w w
See Also seeAlso w w
Phone
Number Phone telephoneNumber w w
userPassword w w
facsimileTelephoneN
Fax umber w w
15
Create ACI Statements
ou=People ou=Groups
uid=scarter,ou=People,o=airchoc.com cn=Accounting,ou=Groups,o=airchoc.com
mail:
mail:scarter@airius.com
scarter@airius.com objectclass:
objectclass:mailgroup
mailgroup
mailalternateaddress:sam@airius.com
mailalternateaddress:sam@airius.com cn: Accounting
cn: Accounting
mailhost:
mailhost:mailserver1.airius.com
mailserver1.airius.com owner:
owner:uid=scarter,
uid=scarter,ou=people,
ou=people,o=airius.com
o=airius.com
Step
3 w here (target = "ldap:///ou=Groups, o=airius.com)
2 w hat (targetattr = "*")
aci name: (version 3.0; acl "Mailing List Ow ner";
4 how allow (all)
1 w ho/w hen (userdnattr="ow ner");)
16
Plan Replication
u Determine need for additional Directory Servers

u Map directory tree to Directory Servers
u Identify replication paths
17
Determine Need for Additional
Directory Servers
10000 users x 10 lookups per day = 100000 queries per day / 12 hours / 60 minutes / 60 seconds = 2.31 queries per second
2.31 queries per second
u Fault u Load Balancing

Tolerance
u Performance
u Cost
14 queries per second
600000 messages per day x 1 lookup per message = 600000 queries per day / 12 hours / 60 minutes / 60 seconds = 14 queries per second
18
Map Directory Tree to Directory
Servers
Atlanta
North America
People Groups Conference Rooms
u Replicate only
needed branches
t People and
Groups
North America
Suffix People Groups

Branch Point
Directory Entry 19
Identify Replication Paths
Atlanta
o=airchoc.com
ou=north america ou=europe ou=asia
San Francisco Chicago Paris Tokyo

Suffix
Branch Point
Directory Entry Supplier Initiated
Referral or Consumer Branch 20
Messaging Deployment
Recommendations: Small Sized Company
Messaging statistics
Messages/day 40,000
Recipients/message 2
Average message size 30 KB
Median message size 3 KB
Number of accounts 2,500
21
Recommendations: Mid Sized Company
Messages/day 300,000
22
Recommendations: Large Sized Company
Messages/day 1,000,000
23
Exercise 2: Plan Your Directory
Services
24
Exercise 2: Atlanta
Atlanta Internet
Internet
Mail Relay
(irmail)
SMTP
Firewall
Chicago
FR SMTP T1
Paris
Intranet
Mail Hub
(mhmail) 56K
San FR
Tokyo
Francisco Directory
LDAP
Directory
DNS
SMTP (dns)
Server Server
(atlds) (atlmsgds)
SMTP
SMTP Gateway Messaging Messaging

LDAP
(sleepy) (atlantis1) (atlantis2)
Mail
Multiplexor
Replication: (bunny)
ou=Groups POP3/IMAP4
ou=People SMTP
Clients
Failover
25
Exercise 2: Chicago
Chicago
San FR FR
Atlanta
Francisco
LDAP
SMTP Directory Directory SMTP

Server Server
(ordds) (ordmsgds)
LDAP

SMTP
POP3/IMAP4/SMTP
Replication:
ou=Groups
ou=People
Clients
Failover
26
San Francisco
Chicago FR FR
Atlanta
LDAP

Server Server
(sfods) (sfomsgds)
LDAP

SMTP
(sneezy) (sfmsg)
POP3/IMAP4/SMTP
Replication:
ou=Groups
ou=People
Clients
Failover
27
Exercise 2: Paris
Paris
Atlanta T1 56K
Tokyo
LDAP

Server Server
(cdgds) (cdgmsgds)
LDAP

SMTP
Legacy cc:Mail Server
(grumpy) (cdgmsg)
POP3/IMAP4/SMTP
Replication:
ou=Groups
ou=People
Clients
Failover
28
Exercise 2: Tokyo
Tokyo
Atlanta 56K 56K

Paris
LDAP
LDAP
Directory SMTP
Server
(nrtds)
LDAP
SMTP
Server Legacy cc:Mail
(nrtmsg) (bashfull)
POP3/IMAP4/SMTP
Clients
Failover
29
Lab 1: Intranet Messaging
Atlanta
1
DS
Paris
San Francisco 2
MS
FR
4 3
MS
MS
30
Specify Message Routing
Migration
Migration&&
Analysis
Analysis&& Design
Design&& Operations
Coexistence
Planning
Businessand
and Scalability
Technical &&Fault
Technical Fault
Analysis Tolerance
Tolerance
Analysis
Secure
SecureYour
Your
Design Your
Messaging
Topology
Topology System
Plan
PlanYour
Your Specify
Specify
Directory Message
Directory Message
Services Routing
Services Routing
1
Module Objectives
u Design a routing architecture based on your messaging

topology
u Identify where routing information is stored
u Identify the LDAP entry attributes relating to message
routing
u Explain how a message is routed
u Configure the servers with routing information
2
System Routing Goals
u Accuracy
u Efficiency
3
System Routing Goals - Accuracy
Accuracy
u Avoid circular mail routing
u Avoid misdelivered mail
4
System Routing Goals - Efficiency
Efficiency
u Minimize number of hops
u Optimize server usage
5
Routing Information
u LDAP User and Group Entries

u SMTP Routing Table
u Domain Name System (DNS)
6
Routing Information - LDAP
An LDAP mail recipient entry

u mailRecipient object class
t Address attributes attribute value
t mail cn Mary Kay
mail maryk@airius.com
mkay@airius.com
t mailAlternateAddress mailAlternateAddress
mary_kay@airius.com
mailHost mail3.airius.com
t Routing attributes uid
mailRoutingAddress
maryk
t mailHost
t mailRoutingAddress
7
LDAP Entry Attributes
u mail- identifies the recipient’s primary email

address: maryk@airius.com
u mailAlternateAddress - the user’s alternate
email address(es): mkay@airius.com
u mailHost - the host or MTA where the user is
local
u mailRoutingAddress - the routing address
for the recipient
8
Routing Information - SMTP
SMTP Routing Table

server SMTP routing table
mail *.airius.com:hub.airius.com
*.airchoc.com:hub.airius.com
*:<provider>.net
mail1 *.airius.com:*
*:hub.airius.com
mail3 sales.airius.com:*
*.airius.com:*
*:hub.airius.com
*.airius.com:* - destination for messages of any subdomain

inside of the top-level domain airius.com do not change
*:hub.airius.com - all messages are to be routed to hub
regardless of whether mail is local or remote
9
Routing Information - DNS
DNS - the DNS server responds to requests from

the messaging server such as:
u Get MX hostname for a given domain
u Get IP address for a given hostname
u Get hostname for a given IP address
10
Routing Information - DNS (cont.)
DNS Records
u ‘A’ record
External DNS configuration
u ‘MX’
airius.com. IN MX 10 mail.airius.com.
record *.airius.com. IN MX 10 mail.airius.com.
mail.airius.com. IN A 123.4.0.1
hub.airius.com. IN A 123.4.1.100
Internal DNS configuration
airius.com. IN MX 10 hub.airius.com.
mail1.airius.com. IN A 123.4.1.101
11
Messaging Topology
Internet
1 Internet
Mail Relay
Firewall
2 Intranet 4
Mail Hub
3 Messaging Messaging Messaging

Server Server Server
Clients Clients Clients
12
Message Headers and Envelopes
u Message Header
t RFC 822
u SMTP Envelope
t RFC 821
13
Message Header
u Defined by RFC 822 From: Dean Martin <dean_martin@bar.com>

To: Sammy Davis <sammy_davis@foo.com>,
u Message contains a Frank Sinatra <franksinatra@foo.com>

Subject: Happy Hour
header
Date: January 10, 1987

header and a body Hello Gang,
How about we meet at the old hangout
u not
body
used in message for a few drinks?
routing
14
SMTP Envelope
Mail From: dean_martin@bar.com
u RFC 821 Rcpt To: sammy_davis@foo.com
envelope Rcpt To: franksinatra@foo.com
u usedin message
routing From: Dean Martin <dean_martin@bar.com>
To: Sammy Davis <sammy_davis@foo.com,
Frank Sinatra <franksinatra@foo.com>
Subject: Happy Hour
message Date: January 10, 1987
Hello Gang,
How about we meet at the old hangout
for a few drinks?
15
Message Routing
handle locally
local
mail
user
group
acct
MTA MTA MTA
mailHost 1 Bounce mailHost 3
mailHost 2
16
Message Routing (cont.)
handle locally
MTA local
LDAP
Message
search
SMTP
Routing Table
Address
Other
DNS
Record found MTA
no match
Bounce
17
LDAP Search (A)
Is there a
matching Multiple
Bounce
LDAP
entry
None 1 match
Is domain
Can handle
local or
locally?
remote?
(B)
(C)
18
LDAP Search (B)
1 match
Yes Handle
Can handle
locally? locally
Determine if
No recipient is local
Routing No
information Bounce
present?
Yes
Rewrite
Address Determine if
address rewrite
is necessary
Proceed
to SMTP
routing table
19
LDAP Search (A)
Is there a
matching Multiple
Bounce
LDAP
entry
None 1 match
Is domain
Can handle
local or
locally?
remote?
(B)
(C)
20
LDAP Search (C)
No matches
Is Domain Remote
local or
remote?
Local
Back to
LDAP search
(A)
Check for No
routed Bounce
address
Yes
Proceed
Rewrite to SMTP
address routing table
21
Message Routing - SMTP
Message
MTA
Message local LDAP
Store search
SMTP
Routing Table
DNS Address Other

Record found
MTA
no match
Bounce
22
SMTP Routing
Check SMTP
routing table
Destination
rewrite?
Proceed
to DNS
23
Check DNS
IP Address Yes
known?
No
Check DNS
Records
IP address Yes Deliver to

for destination
next MTA
host found?
Bounce No
message
24
Plan Message Routing Topology
Internet
Internet mail
Mail Relay
Firewall
Intranet
hub
Mail Hub
Messaging mail1 mail2 mail3

Servers
Clients Clients Clients
25
Plan Message Routing Topology (cont.)
u Configure LDAP entry attributes

u Configure SMTP Routing Tables
u Configure DNS Records
26
Plan Message Routing Topology - LDAP
Configure a user’s uid and LDAP schema. User resides on

a server within the topology.
attribute value
cn Mary Kay
mail maryk@airius.com
mailAlternateAddress mkay@airius.com
mary_kay@airius.com
mailHost mail3.airius.com
uid maryk
mailRoutingAddress
Fill in attributes: cn, mail, mailAlternateAddress, mailHost,
27
Plan Message Routing Topology - SMTP
Configure SMTP routing tables for servers in the topology
field value
SMTP Mail Routing Table *.airius.com:hub.airius.com
*.airchoc.com:hub.airius.com
*:<provider>.net
Address Completion Domain airius.com
Local Mail Domains airius.com
airchoc.com
Alternate Search Method - Search using truncated domain

- Search by user ID ( uid)
Envelope Rewrite Method Combine uid with mailHost attribute
28
Plan Message Routing Topology - DNS
Configure DNS Records
External DNS configuration

airius.com. IN MX 10 mail.airius.com.
*.airius.com. IN MX 10 mail.airius.com.
Internal DNS configuration
airius.com. IN MX 10 hub.airius.com.
29
Exercise 3
u Determinethe route of messages using the

information contained in the following tables:
t LDAP entry attributes
t SMTP routing tables
t DNS records
u Determine the SMTP routing table entry

required for specific mail routing
30
Routing Worksheet
1. Server hostname _____________________________
2. Original envelope address _____________________________
LDAP (A) 3. LDAP DN

- if not in LDAP, go to (6) _____________________________
4. LDAP entry’s mailHost
LDAP (B) - if local or LIMG, Stop, handle locally _____________________________

5. Envelope rewrite, if any,
Go to (7) _____________________________
LDAP (C) 6. Right-part of (2)

- if local domain, Bounce _____________________________
(exception: %-hack)
7. Destination
a. use (4), else right-part
of (5), else (6) _____________________________
SMTP b. Check routing table
- if IP addr, Done _____________________________
c. DNS MX record _____________________________
DNS
d. DNS A record _____________________________
Route to IP addr in (7). Envelope contains (2) unless rewritten in (5).

31
Exercise 4
Internet
Internet
Atlanta Mail Relay
Firewall
San Francisco
Hub-West Hub-East
Mail4 Mail5 Mail6 Mail1 Mail2 Mail3
Clients Clients Clients Clients Clients Clients
32
Module Summary
In designing a routing architecture, consider the

following:
u where routing information is stored
u information in LDAP entry attributes
u SMTP and DNS configuration
33
Lab 2: Internet Messaging - Outgoing
Internet
1
FR MS Hub
3 2
MS MS
DS
Atlanta
San Francisco Paris
34
Lab 2: Internet Messaging - Incoming
Internet
1
MS Relay
MS Hub
MS
DS
Paris
Atlanta 35
Secure Your Messaging System
Migration
Migration&&
Analysis
Analysis&& Design
Design&& Operations
Coexistence
Planning
Businessand
and Scalability
Technical &&Fault
Technical Fault
Analysis Tolerance
Tolerance
Analysis
Secure
SecureYour
Your
Design Your
Messaging
Topology
Topology System
Plan
PlanYour
Your Specify
Specify
Directory Message
Directory Message
Services Routing
Services Routing
1
Module Objectives
Design a Secure Messaging System

u Identify security risks at each level of your
topology
u Select appropriate security safeguards
2
Why Plan for Messaging Security?
3
Messaging Security Levels
Internet
Mail Relay Internet
SMTP
MTA
3 Firewall
Level
SMTP
Intranet
Mail Hub
SMTP
LDAP
SMTP
Data Storage Directory
2 Server
Level
Messaging Messaging
Server LDAP LDAP
Server
Mail
Multiplexor
Client Access and
1 Authentication POP3/IMAP4
SMTP
Level
Clients
4
Secure Messaging at the Client Access
and Authentication Level
u Authentication
t User Password
t Authenticated SMTP
t Certificates
u Encryption
t SSL
t S/MIME
u Access
t Client Access: TCP Wrapper
t User Access Controls
5
Use Passwords For Authentication
u Prevents
t Unauthorized access to message stores
t Message spoofing if used with Authenticated SMTP
u Can use for IMAP4, POP3, and SMTP services

u IMAP4, POP3 passwords needed by default
u Passwords stored in LDAP
u Password submission in clear text or encrypted
if the client is capable.
6
Send Messages with Authenticated SMTP
7
Use Certificates to Authenticate and Encrypt
u Prevents
t Unauthorized access to message stores
t Message spoofing (if using digital signatures)
t Eavesdropping on the line (SSL) or in storage
(S/MIME)
u Client Certificates
t Authenticates user to server (and other users)
t Encrypts messages to other users (S/MIME)
u Server Certificates
t Authenticates server to clients and other servers
t Encrypts messages to other servers (SMTP/SSL)
8
Use SSL for Authentication, Encryption,
and Message Integrity
u SSL ensures safe and secure transactions

u Datagoing over the network is point-to-point
encrypted
Application
(SMTP, IMAP4)
• Authentication
Secure Sockets Layer (SSL) • Encryption
• Message Integrity
TCP/IP Network
9
Use S/MIME for Encryption
Secure Multipurpose Internet Mail Extensions

u Prevents eavesdropping on messages
u Encrypts messages before sending them
u Stores messages encrypted after receipt
t Decrypt only to read
u Client functionality only

t Requires no special server configuration or tasks
10
Control Client Access with TCP Wrapper
u Prevents unauthorized access to messaging

services (IMAP4, POP3, SMTP).
u Listens on same port as service
u Verifies client identity
t Reverse DNS Lookups (name-based access control)
t Forward DNS Lookups (fights DNS spoofing)
t Identd callback (client user is known to client host)
u Gives client access to the service is client passes

a filtering process
11
Control User Access with LDAP attributes
u Preventsusers from accessing messages from

inappropriate domains
u Configured in user’s messaging profile in the
Directory Server
u Specifiesfrom which domains the user can
access messaging services
12
Messaging Security: Data Storage Level
Internet
Mail Relay Internet
SMTP
MTA
3 Firewall
Level
SMTP
Intranet
Mail Hub
SMTP
LDAP
SMTP
Data Storage Directory
2 Server
Level
Messaging Messaging
Server LDAP LDAP
Server
User Password POP3/IMAP4 POP3/IMAP4

Authenticated SMTP Mail
Certificates Multiplexor
Client Access and
SSL
S/MIME
SMTP
Level TCP Wrapper Clients
User Access Controls
13
Secure Messaging at the Data Storage
Level
u Access
t Message Store Access (Administrative)
t Server Configuration Access (Administrative)
t User Account Data Access (Administrative and
User)
u Message Store
t Quotas
t Program Delivery restrictions
14
Set Up Administrative Information Access
u Prevents unauthorized access to administrative

data
u Defines who has access to view and modify
t User Information
t Server Information
t Message Store
u Uses a Hierarchy of Delegated Administration

t Configuration Administrator
t Domain Administrator
t Server Administrator
t Task Administrator
15
Set Up User Information Access
u Prevents unauthorized access to user data

u Restricts access to Personal Information
t Change Passwords
t Change Personal Information
t Vacation message
t Home phone number, and so on
u Restricts access to Messaging Information
t Messaging Account Configuration
t Folder Access Permissions
t Sharing Folders
16
Restrict the Message Store: Quotas and
Program Delivery
u Prevents damage to the message store

Quotas
u Limit users to fixed mailbox size
t Prevents message stores from filling up
Program Delivery
u Allows users to automatically execute programs
in response to incoming messages
u For Security, need Trusted Programs and
Directory
17
Messaging Security: MTA Level
Internet
Mail Relay Internet
SMTP
MTA
3 Firewall
Level
SMTP
Intranet
Mail Hub
SMTP
Message Store Access
LDAP
Server Configuration Access
SMTP
Data Storage User Data Access Directory
2 Quotas Server
Level
Program Delivery
Messaging Messaging
Server LDAP LDAP
Server

Client Access and
SSL
S/MIME
SMTP
18
Secure Messaging at the MTA Level
u Access
t TCP Wrapper
t Anti-Relay Plug-In
u Message Filtering
t UBE Filtering
t Virus Scanning
t Large Message Filtering
u Encryption
t SMTP/SSL
19
Decide How to Filter Messages
u Protocol Level
t Pre-SMTP Accept
t Preferred for saving queue space
u Post SMTP Accept Level

t Post-SMTP Accept
t Pre-SMTP Deliver
20
Set Up Anti-Relay Plug-In on the Relay
Anti-Relay Plug-In
u Prevents unauthorized users from using your
relay to send messages to other sites.
u Protocol level filter (pre-SMTP Accept)
t Anti-relay plug-in
t Delivery - what domains can be delivered to
t Submission - what domains can use relay services
21
Filter Unsolicited Bulk Email - “Spam”
Unsolicited Bulk Email (UBE) or “Spam”

u Preventsunsolicited messages from consuming
messaging and people resources
u Filters on Envelope and/or Header information
t Protocol Level filter
t Preferred for saving queue space
t Post SMTP Accept filter
t UBE Filter plug-in, available through the console
22
Filter for Viruses and Large Messages
Virus Filtering
u Prevents viruses from damaging your resources
u Usea protocol level plug-in, or you can try
UBE filters with RUN command.
Large Message Filtering
u Prevents attacks that try to overload your
system
u Limits the size of messages your system will
accept.
23
Messaging Security: Summary
Internet
TCP Wrapper Mail Relay Internet
Anti-Relay
SMTP
MTA UBE Filtering
3 Firewall
Level Virus Scanning
Large Messages SMTP
SMTP/SSL Intranet
Mail Hub
SMTP
LDAP
Server Configuration Access
SMTP
Data Storage User Data Access Directory
2 Quotas Server
Level
Program Delivery
Messaging Messaging
Server LDAP LDAP
Server

Client Access and
SSL
S/MIME
SMTP
24
Exercise 5: Add Security Safeguards To
Your Topology
u From the case study, determine what security

safeguards you need and why.
u Add the security safeguards to your topology.
25
Exercise 5: Atlanta
Atlanta Internet
Internet
Mail Relay
(irmail)
Anti-Relay SMTP
Firewall
Chicago
FR UBE Filtering SMTP T1
Paris
SMTP/SSL Intranet
Mail Hub
(mhmail) 56K
San FR
Tokyo
Francisco Directory
LDAP
Directory
DNS
SMTP (dns)
Server Server
(atlds) (atlmsgds)
SMTP
SMTP Gateway Messaging Messaging Server Configuration Access
LDAP
(sleepy) (atlantis1) (atlantis2) User Data Access
Mail
Multiplexor Certificates
(bunny)
Replication: SSL
ou=Groups POP3/IMAP4 S/MIME
ou=People SMTP
Clients
Failover
26
Exercise 5: Chicago
Chicago
San FR FR
Atlanta
Francisco
LDAP

Server Server
(ordds) (ordmsgds)
LDAP

SMTP
Legacy Exchange Server Server Configuration Access
User Data Access
POP3/IMAP4/SMTP
Certificates
Replication:
SSL
ou=Groups S/MIME
ou=People
Clients
Failover
27
San Francisco
Chicago FR FR
Atlanta
LDAP

Server Server
(sfods) (sfomsgds)
LDAP

SMTP
Legacy Exchange Server Server Configuration Access
(sneezy) (sfmsg)
User Data Access
POP3/IMAP4/SMTP
Replication:
Certificates
SSL
ou=Groups
S/MIME
ou=People
Clients
Failover
28
Exercise 5: Paris
Paris
Atlanta T1 56K
Tokyo
LDAP

Server Server
(cdgds) (cdgmsgds)
LDAP

SMTP
Legacy cc:Mail Server Server Configuration Access
(grumpy) (cdgmsg)
User Data Access
POP3/IMAP4/SMTP
Replication:
Certificates
ou=Groups
ou=People
Clients
Failover
29
Exercise 5: Tokyo
Tokyo
Atlanta 56K 56K

Paris
LDAP
LDAP
Directory SMTP
Server
(nrtds)
LDAP
Server Configuration Access Server
SMTP
Legacy cc:Mail
User Data Access (nrtmsg) (bashfull)
TCP Wrapper
Certificates POP3/IMAP4/SMTP
SSL
S/MIME
Clients
Failover
30
Lab 3: Secure Your Messaging System
Internet
2
MS Relay
1
MS Hub
MS
DS
Paris
Atlanta 31
Scalability and Fault Tolerance
Migration
Migration&&
Analysis
Analysis&& Design
Design&& Operations
Coexistence
Planning
Businessand
and Scalability
and
Technical
Technical andFault
Fault
Analysis Tolerance
Tolerance
Analysis
Secure
SecureYour
Your
Design Your
Messaging
Topology
Topology System
Plan
PlanYour
Your Specify
Specify
Directory Message
Directory Message
Services Routing
Services Routing
Module Objectives
u Identify some methods to scale your messaging

system
u Use the Sizing Spreadsheet to determine system
requirements
u Identify some methods for making a fault
tolerant messaging system
2
Scalability
u Vertical
u Horizontal
3
Vertical Scalability
u Have sufficient resources per machine

t Sizing spreadsheet
t Load testing using Mailstone
u Monitor Load
t Add resources as demand increases
4
Sizing Spreadsheet
u Javascript Application
u Review Qualifying Assumptions
u Enter Customer Data
u Review Results
5
Sizing Spreadsheet - Data Inputs
u For both POP3 and IMAP4 user populations

t Number of users
t Peak % users on simultaneously
u For a typical user

t Messages out per day
t Messages in per day
t Number of days messages are stored, or average size
of mailbox on server
t Average message size
6
Sizing Spreadsheet - Example
7
Sizing Spreadsheet - Results
8
Horizontal Scalability
u Spread users across servers

t Mail Multiplexor
u Redundant servers
9
Spread users across servers
10
Mail Multiplexor
11
Mail Multiplexor (cont.)
u Simplified user management

u Better scalability
12
Redundant Servers
u Load Balancers
u MX records
u DNS round-robin
13
Load Balancer
14
Redundant Hubs/External Mail Relays
Internet
Internet Internet
Relay X Relay Y
SMTP SMTP
Firewall
Intranet Intranet Outbound Outbound

Mail Hub A Mail Hub B Mail Hub C Mail Hub D
SMTP
Messaging Messaging Messaging Messaging

Server Server Server Server
IMAP/POP, SMTP
Clients Clients Clients Clients
15
Network Bandwidth
u LAN analyzers
u Network topology
16
Fault Tolerance
u High Availability Hardware

u Redundancy
u Protecting your data
17
High Availability Hardware
18
Redundancy
u Redundant hubs and mail relays

u Redundant network connections
19
Protecting Your Data
u Backup
u Message Store
u RAID
20
Exercise 6
u Review case study

u Gather necessary data
u Use Sizing Spreadsheet
21
Module Summary
u Scalability
u Sizing Spreadsheet
u Fault Tolerance
22
Lab 4: Mail Multiplexor
Internet
FR
DS MS Hub
(LDAP:389) (SMTP:25)
MS MMP MS
(POP3:110) 1
3 (IMAP4:143) 2
Paris
San Francisco Atlanta
23
Lab 4 Debrief
Course Review
u Designed a messaging topology

u Designed a directory service for messaging
u Designed a routing topology
u Designed a security strategy
u Designed for scalability and fault tolerance
25
Lab 1: Intranet Messaging
Atlanta
1
DS
Paris
San Francisco 2
MS
FR
4 3
MS
MS
1
Lab 2: Internet Messaging - Outgoing
Internet
1
FR MS Hub
3 2
MS MS
DS
Atlanta
San Francisco Paris
2
Lab 2: Internet Messaging - Incoming
Internet
1
MS Relay
MS Hub
MS
DS
Paris
Atlanta 3
Lab 3: Secure Your Messaging
Internet
2
MS Relay
1
MS Hub
MS
DS
Paris
Atlanta 4
Lab 4: Mail Multiplexor
Internet
FR
DS MS Hub
(LDAP:389) (SMTP:25)
MS MMP MS
(POP3:110) 1
3 (IMAP4:143) 2
Paris
San Francisco Atlanta

MSG2024 - Netscape Messaging Services Analysis - Oh - 1298

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MSG2024 - Netscape Messaging Services Analysis - Oh - 1298

Uploaded by

Copyright:

Available Formats

Course Introduction

Messaging Deployment Process

Netscape Messaging Services:

Analysis and Planning

u Consultants, System engineers, and other

u Bestsuited to those with minimal experience

u Working familiarity with the operating system used

Directory Messaging Text Communicator

u Design a messaging topology

Day 1 Day 2 Day 3

Exercise - Directory Exercise - Security

u Reviewquiz on some of the key messaging

Design and Document a Messaging Topology

u Highly Available and Reliable (7x24)

uA topology is a graphical representation of a

Business Messaging at remote sites not Messaging at remote sites is

Messages with large

One site, or many sites with Large user populations at

IS Support No remote IS support Good remote IS support

Good bandwidth to remote Poor bandwidth to remote

POP3/IMAP4 SMTP SMTP POP3/IMAP4

u How many Messaging Servers?

u Use Mail Hub(s)?

u Use Mail Multiplexor(s)?

SMTP LDAP LDAP

Intranet Intranet Outbound Outbound

Messaging Messaging Messaging Messaging

Clients Clients Clients Clients

u Intranet hub (inbound)?

SMTP Messaging Messaging

u Review your constraints

u Based on the constraints, choose a Central or

SMTP Directory SMTP

SMTP Gateway Messaging

SMTP Directory SMTP

SMTP Gateway Messaging

SMTP Directory SMTP

SMTP Gateway Messaging

Atlanta 56K 56K

Messaging SMTP SMTP Gateway

u What are the significant differences between

u Identify Messaging needs for Directory services

The Messaging Server uses the Directory Server to:

Object Class Attribute

Add Server Select a suffix 1

b1 2 Select branch points

dn: attribute=value, b2,

ms1.airius.com ms2.airius.com ms3.airius.com

Define and create access control rules for your

Directory Applications Directory Server Schema General User Access

Directory Applications Directory Server Schema Special User/Group Access Groups

u Determine need for additional Directory Servers

2.31 queries per second

u Fault u Load Balancing

14 queries per second

People Groups Conference Rooms

Suffix People Groups

ou=north america ou=europe ou=asia

San Francisco Chicago Paris Tokyo

SMTP Gateway Messaging Messaging

SMTP Directory Directory SMTP

SMTP Gateway Messaging

SMTP Directory Directory SMTP

.airius.com: - destination for messages of any subdomain