Professional Documents
Culture Documents
Business Scalability
Businessand
and Scalability
Technical &&Fault
Technical Fault
Analysis Tolerance
Tolerance
Analysis
Secure
SecureYour
Your
Design Your
Design Your Messaging
Messaging
Topology
Topology System
System Netscape Messaging Services:
Analysis and Planning
Plan
PlanYour
Your Specify
Specify
Directory Message
Directory Message
Services Routing
Services Routing
Welcome
IfIfyou
youhave
havenot
notyet
yetdone
doneso,
so,
please
pleaseread
readthe
thecase
casestudy
study
ininAppendix
AppendixAAof ofthe
the
student
studentguide
guide. .
2
Course Audience
3
Course Prerequisites
4
What is a Messaging Service
POP/IMAP
Internet
SMTP
Messaging Communicator
LDAP POP/IMAP
5
How Do You Plan a Messaging Service?
Initial
InitialAnalysis
Analysis
High
HighLevel
LevelSolution
SolutionProposal
Proposal
Directory
Messaging
Messaging Publishing
Publishing ??
Services
Directory
Directory Messaging
Messaging Publishing
Publishing ??
Deployment
Deployment Deployment
Deployment Deployment
Deployment Deployment
Deployment
Process
Process Process
Process Process
Process Process
Process
6
Messaging Services Analysis and Planning
Messaging Deployment Process
Migration
Migration&&
Analysis
Analysis&& Design
Design&& Operations
Coexistence
Coexistence Pilot Deployment Operations&&
Planning Development
Development Pilot Deployment Maintenance
Planning Planning Maintenance
Planning
Business Scalability
Businessand
and Scalability
Technical &&Fault
Technical Fault
Analysis Tolerance
Tolerance
Analysis
Secure
SecureYour
Your
Design Your
Design Your Messaging
Messaging
Topology
Topology System
System Netscape Messaging Services:
Analysis and Planning
Plan
PlanYour
Your Specify
Specify
Directory Message
Directory Message
Services Routing
Services Routing
7
Course Objectives
8
Course Schedule
Lab 1 Lab 3
9
Exercise
10
Design Your Topology
Messaging Deployment Process
Migration
Migration&&
Analysis
Analysis&& Design
Design&& Operations
Coexistence
Coexistence Pilot Deployment Operations&&
Planning Development
Development Pilot Deployment Maintenance
Planning Planning Maintenance
Planning
Business Scalability
Businessand
and Scalability
Technical &&Fault
Technical Fault
Analysis Tolerance
Tolerance
Analysis
Secure
SecureYour
Your
Design Your
Design Your Messaging
Messaging
Topology
Topology System
System Netscape Messaging Services:
Analysis and Planning
Plan
PlanYour
Your Specify
Specify
Directory Message
Directory Message
Services Routing
Services Routing
Module Objectives
2
Messaging Design Goals
u Secure
u Scalable
u Easy to Manage
u Never Lose Messages
3
What is a Topology?
4
Select a Topology Strategy
u Central
t All messaging servers at one site
u Distributed
t Some or all the messaging servers at remote sites
5
Central Strategy
1000 1000
Chicago Paris
2500
FR
San FR 6000 T1 56K 100
Francisco
FR Atlanta Tokyo
56K
MS MS MS …n
6
Distributed Strategy
1000 1000
Chicago Paris
MS MS
2500 6000
San FR
FR 100
Francisco Atlanta T1
56K
FR
Tokyo
56K
MS
MS MS
MS
7
Reasons for Central or Distributed
u Business
t User Behavior
t Site Distribution and Mission Critical Sites
t Political Issues
u Technical
t Existing Infrastructure
t Support Personnel
u Financial
t Cost of Additional Hardware and Software
t Cost of Additional Support Personnel
8
Selecting Central or Distributed
Architecture Factors & Strategies
Factor Central Distributed
SMTP
Firewall
SMTP
Intranet
Mail Hub
DNS
SMTP LDAP
SMTP
Directory
Server
LDAP LDAP
Messaging Messaging
Server LDAP Server
POP3/IMAP4 POP3/IMAP4
Mail
Mail
Multiplexor
Multiplexor
POP3/IMAP4
SMTP
Clients
10
Basic Intranet Messaging Components
DNS
Directory
Server
LDAP LDAP
Messaging Messaging
Server Server
SMTP
Clients Clients
11
Internal Messages
DNS
Directory
2 Server
LDAP
Messaging Messaging
Server Server
SMTP
3
1 SMTP POP3/IMAP4 4
Clients Clients
12
Other Intranet Messaging Components
Intranet
Mail Hub
DNS
SMTP LDAP
SMTP
Directory
Server
Messaging Messaging
Server LDAP LDAP
Server
POP3/IMAP4 POP3/IMAP4
Mail
Multiplexor
POP3/IMAP4
SMTP
Clients
13
Internal Messages with MMP and Hub
Intranet
Mail Hub
3 DNS
SMTP LDAP 2
SMTP
Directory
Server
Messaging Messaging
Server LDAP LDAP
Server
POP3/IMAP4 POP3/IMAP4
Mail
4 Multiplexor
POP3/IMAP4
1 SMTP
Clients
14
Intranet Topology Decision Guidelines
u Directory Servers
t 1 dedicated server can support 3-5 messaging servers
u DNS
t Use DNS for IP address resolution, use LDAP for
intranet message routing
u Clients
t POP3 or IMAP4?
15
Intranet Topology Guidelines (Cont.)
16
Internet Connectivity Components
Internet
Mail Relay Internet
SMTP
Firewall
SMTP
Intranet
Mail Hub
DNS
SMTP LDAP
SMTP
Directory
Server
Messaging Messaging
Server LDAP LDAP
Server
POP3/IMAP4 POP3/IMAP4
Mail
Multiplexor
POP3/IMAP4
SMTP
Clients
17
Incoming Messages
Internet
Mail Relay Internet
1 SMTP
Firewall
SMTP
Intranet
Mail Hub
3 DNS
SMTP LDAP 2
SMTP
Directory
Server
Messaging Messaging
Server LDAP LDAP
Server
POP3/IMAP4 POP3/IMAP4
Mail
4 Multiplexor
POP3/IMAP4
SMTP
Clients
18
Outgoing Messages
Internet
Mail Relay Internet
SMTP
Firewall
SMTP
Intranet
3
Mail Hub
DNS
SMTP 2 LDAP
SMTP
Directory
Server
Messaging Messaging
Server LDAP LDAP
Server
POP3/IMAP4 POP3/IMAP4
Mail
Multiplexor
POP3/IMAP4
1 SMTP
Clients
19
Other Internet Components
Internet
Mail Relay Internet
SMTP
Firewall
SMTP
SMTP
Inbound Outbound
Mail Hub Mail Hub
DNS
SMTP
Directory
Server
Messaging Messaging
Server LDAP LDAP
Server
POP3/IMAP4 POP3/IMAP4
Mail
Multiplexor
POP3/IMAP4
SMTP
Clients
20
High Availability Messaging Topology
Internet
Internet Internet
Relay X Relay Y
SMTP SMTP
Firewall
SMTP
IMAP/POP, SMTP
21
Internet Connectivity Decision
Guidelines
u Firewall
t Required component, best to limit SMTP traffic to
single sender (relay) and receiver (hub)
u Internet relay?
t Need to limit traffic sent through firewall? Hide IP
addresses and hostnames? Filter unwanted mail?
22
Internet Connectivity Decision
Guidelines (Cont.)
u Mail hub (outbound)?
t Need address rewriting? Offload intranet servers
from routing and queuing mail sent to internet?
23
Other Topology Components
Internet
Mail Relay Internet
SMTP
Firewall
SMTP
SMTP
Inbound
Mail Hub
DNS
LDAP
Voice/Fax
SMTP
Paging SMTP Directory
Server
POP3/IMAP4 POP3/IMAP4
Legacy
Server Mail
Multiplexor
POP3/IMAP4
SMTP
Clients
24
Create an Initial Messaging Topology
25
Messaging Topology Diagram
Internet
Atlanta
Internet
Mail Relay
(irmail)
Firewall
Intranet
Chicago Mail Hub
(mhmail)
DNS
(dns)
Directory
Server
(atlds)
Messaging
Server
(atlantis)
Clients
26
Exercise 1: Design Your Topology
27
Exercise 1: Atlanta
Atlanta Internet
Internet
Mail Relay
(irmail)
SMTP
Firewall
Chicago
FR SMTP T1
Paris
Intranet
Mail Hub
(mhmail) 56K
San FR
LDAP Tokyo
Francisco Directory
DNS
SMTP (dns)
Server
(atlds)
SMTP
LDAP LDAP
SMTP Gateway Messaging Messaging
Legacy Exchange Server Server
(sleepy) (atlantis1) (atlantis2)
LDAP
POP3/IMAP4 POP3/IMAP4
Mail
Multiplexor
(bunny)
POP3/IMAP4
SMTP
Clients
28
Exercise 1: Chicago
Chicago
San FR FR
Atlanta
Francisco
LDAP
POP3/IMAP4/SMTP
Clients
29
Exercise 1: San Francisco
San Francisco
Chicago FR FR
Atlanta
LDAP
POP3/IMAP4/SMTP
Clients
30
Exercise 1: Paris
Paris
Atlanta T1 56K
Tokyo
LDAP
POP3/IMAP4/SMTP
Clients
31
Exercise 1: Tokyo
Tokyo
Directory SMTP
Server
(nrtds)
LDAP
POP3/IMAP4/SMTP
Clients
32
Discussion
33
Plan Your Directory Services
Messaging Deployment Process
Migration
Migration&&
Analysis
Analysis&& Design
Design&& Operations
Coexistence
Coexistence Pilot Deployment Operations&&
Planning Development
Development Pilot Deployment Maintenance
Planning Planning Maintenance
Planning
Business Scalability
Businessand
and Scalability
Technical &&Fault
Technical Fault
Analysis Tolerance
Tolerance
Analysis
Secure
SecureYour
Your
Design Your
Design Your Messaging
Messaging
Topology
Topology System
System Netscape Messaging Services:
Analysis and Planning
Plan
PlanYour
Your Specify
Specify
Directory Message
Directory Message
Services Routing
Services Routing
1
Module Objectives
2
Specific Messaging Needs for
Directory Services
What do we need to complete the DSAP process for
Messaging?
u Understand how the Messaging Server uses the
Directory Server
u Define Messaging Specific Access Control Rules
for the Directory Tree
u Determine the needs for additional Directory
Servers dedicated to Messaging
u ReviewMessaging Deployment
Recommendations
3
Identify Applications for Directory
Services
Directory
Applications LDAP
Directory
Service
Messaging Server
Communicator
Address Book
Netscape dB
Console
Directory Server
Gateway
4
Using Netscape Messaging Server
5
Mapping Addresses - Schema &
Attributes
Object Class Attribute
mailRecipient objectclass
cn
mail
mailAlternateAddress
mailQuota
mailgroup objectclass
cn
mail
mgrpAllowedBroadcasters
mgrpDeliverTo
6
Routing Messages - Schema &
Attributes
7
Configuration Information - Schema &
Attributes
/<server-root>/slapd-airius/config/ns-schema.conf
include files
ns-schema.conf
ns-schema.conf ns-admin-schema.conf
ns-admin-schema.conf
ns-common-schema.conf
ns-common-schema.conf
ns-mail-schema.conf
ns-mail-schema.conf
ns-msg-schema.conf
ns-msg-schema.conf
ns-mlm-schema.conf
ns-mlm-schema.conf
8
Authenticate Users - Schema &
Attributes
Directory Server Schema General User Access Special User/Group Access Groups
Help HR
Object Class Attribute Anonymous Authenticated Dir Admin Desk Managers
Person Object Classes
person (top) sn s,r,c w
cn s,r,c w
userPassword w w
organizationalPerson
(person) destinationIndicator
inetOrgPerson
(organizationalPerson) mail s,r,c w
uid s,r,c w w
userSMimeCertificate;binary
Messaging Server Object Classes
mailRecipient objectClass
mail
mailAlternateAddress
mailHost
mailRoutingAddress
mailGroup objectClass
mgrpAddHeader
mgrpAllowedBroadcaster
mgrpAllowedDomain
mgrpApprovedPassword
mgrpBroadcasterPolicy
mgrpDeliverTo
mgrpErrorsTo
mgrpModerator
mgrpMsgMaxSize 9
mgrpMsgRejectAction
Creating Mail Account
10
Plan Your Directory Tree
b2
Select unique relative
distinguished names 4
filter=“(&(|(objectclass=mailrecipient)(objectclass=mailgroup))(|(mail=postmaster@ms1.airius.com)
(mailalternateaddress=postmaster@ms1.airius.com)))”
12
Define Access Control Rules
13
Define General User Access
14
Define Access for Administrators and
Special Users/Groups
15
Create ACI Statements
ou=People ou=Groups
uid=scarter,ou=People,o=airchoc.com cn=Accounting,ou=Groups,o=airchoc.com
mail:
mail:scarter@airius.com
scarter@airius.com objectclass:
objectclass:mailgroup
mailgroup
mailalternateaddress:sam@airius.com
mailalternateaddress:sam@airius.com cn: Accounting
cn: Accounting
mailhost:
mailhost:mailserver1.airius.com
mailserver1.airius.com owner:
owner:uid=scarter,
uid=scarter,ou=people,
ou=people,o=airius.com
o=airius.com
Step
3 w here (target = "ldap:///ou=Groups, o=airius.com)
2 w hat (targetattr = "*")
aci name: (version 3.0; acl "Mailing List Ow ner";
4 how allow (all)
1 w ho/w hen (userdnattr="ow ner");)
16
Plan Replication
17
Determine Need for Additional
Directory Servers
10000 users x 10 lookups per day = 100000 queries per day / 12 hours / 60 minutes / 60 seconds = 2.31 queries per second
600000 messages per day x 1 lookup per message = 600000 queries per day / 12 hours / 60 minutes / 60 seconds = 14 queries per second
18
Map Directory Tree to Directory
Servers
Atlanta
North America
u Replicate only
needed branches
t People and
Groups
North America
21
Messaging Deployment
Recommendations: Mid Sized Company
Messaging statistics
Messages/day 300,000
Recipients/message 10
Average message size 30 KB
Median message size 3 KB
Number of accounts 15,000
22
Messaging Deployment
Recommendations: Large Sized Company
Messaging statistics
Messages/day 1,000,000
Recipients/message 15
Average message size 30 KB
Median message size 3 KB
Number of accounts 40,000
23
Exercise 2: Plan Your Directory
Services
24
Exercise 2: Atlanta
Atlanta Internet
Internet
Mail Relay
(irmail)
SMTP
Firewall
Chicago
FR SMTP T1
Paris
Intranet
Mail Hub
(mhmail) 56K
San FR
Tokyo
Francisco Directory
LDAP
Directory
DNS
SMTP (dns)
Server Server
(atlds) (atlmsgds)
SMTP
POP3/IMAP4 POP3/IMAP4
Mail
Multiplexor
Replication: (bunny)
ou=Groups POP3/IMAP4
ou=People SMTP
Clients
Failover
25
Exercise 2: Chicago
Chicago
San FR FR
Atlanta
Francisco
LDAP
POP3/IMAP4/SMTP
Replication:
ou=Groups
ou=People
Clients
Failover
26
Exercise 2: San Francisco
San Francisco
Chicago FR FR
Atlanta
LDAP
POP3/IMAP4/SMTP
Replication:
ou=Groups
ou=People
Clients
Failover
27
Exercise 2: Paris
Paris
Atlanta T1 56K
Tokyo
LDAP
POP3/IMAP4/SMTP
Replication:
ou=Groups
ou=People
Clients
Failover
28
Exercise 2: Tokyo
Tokyo
LDAP
Directory SMTP
Server
(nrtds)
LDAP
Messaging SMTP SMTP Gateway
SMTP
Server Legacy cc:Mail
(nrtmsg) (bashfull)
POP3/IMAP4/SMTP
Clients
Failover
29
Lab 1: Intranet Messaging
Atlanta
1
DS
Paris
San Francisco 2
MS
FR
4 3
MS
MS
30
Specify Message Routing
Messaging Deployment Process
Migration
Migration&&
Analysis
Analysis&& Design
Design&& Operations
Coexistence
Coexistence Pilot Deployment Operations&&
Planning Development
Development Pilot Deployment Maintenance
Planning Planning Maintenance
Planning
Business Scalability
Businessand
and Scalability
Technical &&Fault
Technical Fault
Analysis Tolerance
Tolerance
Analysis
Secure
SecureYour
Your
Design Your
Design Your Messaging
Messaging
Topology
Topology System
System Netscape Messaging Services:
Analysis and Planning
Plan
PlanYour
Your Specify
Specify
Directory Message
Directory Message
Services Routing
Services Routing
1
Module Objectives
2
System Routing Goals
u Accuracy
u Efficiency
3
System Routing Goals - Accuracy
Accuracy
u Avoid circular mail routing
u Avoid misdelivered mail
4
System Routing Goals - Efficiency
Efficiency
u Minimize number of hops
u Optimize server usage
5
Routing Information
6
Routing Information - LDAP
t mailHost
t mailRoutingAddress
7
LDAP Entry Attributes
8
Routing Information - SMTP
9
Routing Information - DNS
10
Routing Information - DNS (cont.)
DNS Records
u ‘A’ record
External DNS configuration
u ‘MX’
airius.com. IN MX 10 mail.airius.com.
record *.airius.com. IN MX 10 mail.airius.com.
mail.airius.com. IN A 123.4.0.1
hub.airius.com. IN A 123.4.1.100
Internal DNS configuration
airius.com. IN MX 10 hub.airius.com.
mail.airius.com. IN A 123.4.0.1
hub.airius.com. IN A 123.4.1.100
mail1.airius.com. IN A 123.4.1.101
mail2.airius.com. IN A 123.4.1.102
mail3.airius.com. IN A 123.4.1.103
11
Messaging Topology
Internet
1 Internet
Mail Relay
Firewall
2 Intranet 4
Mail Hub
12
Message Headers and Envelopes
u Message Header
t RFC 822
u SMTP Envelope
t RFC 821
13
Message Header
routing
14
SMTP Envelope
Mail From: dean_martin@bar.com
u RFC 821 Rcpt To: sammy_davis@foo.com
envelope Rcpt To: franksinatra@foo.com
u usedin message
routing From: Dean Martin <dean_martin@bar.com>
To: Sammy Davis <sammy_davis@foo.com,
Frank Sinatra <franksinatra@foo.com>
Subject: Happy Hour
message Date: January 10, 1987
Hello Gang,
How about we meet at the old hangout
for a few drinks?
15
Message Routing
handle locally
local
mail
user
group
acct
mailHost 2
16
Message Routing (cont.)
handle locally
MTA local
LDAP
Message
search
SMTP
Routing Table
Address
Other
DNS
Record found MTA
no match
Bounce
17
LDAP Search (A)
Is there a
matching Multiple
Bounce
LDAP
entry
None 1 match
Is domain
Can handle
local or
locally?
remote?
(B)
(C)
18
LDAP Search (B)
1 match
Yes Handle
Can handle
locally? locally
Determine if
No recipient is local
Routing No
information Bounce
present?
Yes
Rewrite
Address Determine if
address rewrite
is necessary
Proceed
to SMTP
routing table
19
LDAP Search (A)
Is there a
matching Multiple
Bounce
LDAP
entry
None 1 match
Is domain
Can handle
local or
locally?
remote?
(B)
(C)
20
LDAP Search (C)
No matches
Is Domain Remote
local or
remote?
Local
Back to
LDAP search
(A)
Check for No
routed Bounce
address
Yes
Proceed
Rewrite to SMTP
address routing table
21
Message Routing - SMTP
Message
MTA
Message local LDAP
Store search
SMTP
Routing Table
Bounce
22
SMTP Routing
Check SMTP
routing table
Destination
rewrite?
Proceed
to DNS
23
Check DNS
IP Address Yes
known?
No
Check DNS
Records
Bounce No
message
24
Plan Message Routing Topology
Internet
Internet mail
Mail Relay
Firewall
Intranet
hub
Mail Hub
25
Plan Message Routing Topology (cont.)
26
Plan Message Routing Topology - LDAP
27
Plan Message Routing Topology - SMTP
field value
SMTP Mail Routing Table *.airius.com:hub.airius.com
*.airchoc.com:hub.airius.com
*:<provider>.net
Address Completion Domain airius.com
Local Mail Domains airius.com
airchoc.com
28
Plan Message Routing Topology - DNS
29
Exercise 3
30
Routing Worksheet
1. Server hostname _____________________________
2. Original envelope address _____________________________
Internet
Atlanta Mail Relay
Firewall
San Francisco
Hub-West Hub-East
32
Module Summary
33
Lab 2: Internet Messaging - Outgoing
Internet
1
FR MS Hub
3 2
MS MS
DS
Atlanta
San Francisco Paris
34
Lab 2: Internet Messaging - Incoming
Internet
1
MS Relay
MS Hub
MS
DS
Paris
Atlanta 35
Secure Your Messaging System
Messaging Deployment Process
Migration
Migration&&
Analysis
Analysis&& Design
Design&& Operations
Coexistence
Coexistence Pilot Deployment Operations&&
Planning Development
Development Pilot Deployment Maintenance
Planning Planning Maintenance
Planning
Business Scalability
Businessand
and Scalability
Technical &&Fault
Technical Fault
Analysis Tolerance
Tolerance
Analysis
Secure
SecureYour
Your
Design Your
Design Your Messaging
Messaging
Topology
Topology System
System Netscape Messaging Services:
Analysis and Planning
Plan
PlanYour
Your Specify
Specify
Directory Message
Directory Message
Services Routing
Services Routing
1
Module Objectives
2
Why Plan for Messaging Security?
3
Messaging Security Levels
Internet
Mail Relay Internet
SMTP
MTA
3 Firewall
Level
SMTP
Intranet
Mail Hub
SMTP
LDAP
SMTP
Data Storage Directory
2 Server
Level
Messaging Messaging
Server LDAP LDAP
Server
POP3/IMAP4 POP3/IMAP4
Mail
Multiplexor
Client Access and
1 Authentication POP3/IMAP4
SMTP
Level
Clients
4
Secure Messaging at the Client Access
and Authentication Level
u Authentication
t User Password
t Authenticated SMTP
t Certificates
u Encryption
t SSL
t S/MIME
u Access
t Client Access: TCP Wrapper
t User Access Controls
5
Use Passwords For Authentication
u Prevents
t Unauthorized access to message stores
t Message spoofing if used with Authenticated SMTP
6
Send Messages with Authenticated SMTP
7
Use Certificates to Authenticate and Encrypt
u Prevents
t Unauthorized access to message stores
t Message spoofing (if using digital signatures)
t Eavesdropping on the line (SSL) or in storage
(S/MIME)
u Client Certificates
t Authenticates user to server (and other users)
t Encrypts messages to other users (S/MIME)
u Server Certificates
t Authenticates server to clients and other servers
t Encrypts messages to other servers (SMTP/SSL)
8
Use SSL for Authentication, Encryption,
and Message Integrity
TCP/IP Network
9
Use S/MIME for Encryption
10
Control Client Access with TCP Wrapper
11
Control User Access with LDAP attributes
12
Messaging Security: Data Storage Level
Internet
Mail Relay Internet
SMTP
MTA
3 Firewall
Level
SMTP
Intranet
Mail Hub
SMTP
LDAP
SMTP
Data Storage Directory
2 Server
Level
Messaging Messaging
Server LDAP LDAP
Server
u Access
t Message Store Access (Administrative)
t Server Configuration Access (Administrative)
t User Account Data Access (Administrative and
User)
u Message Store
t Quotas
t Program Delivery restrictions
14
Set Up Administrative Information Access
16
Restrict the Message Store: Quotas and
Program Delivery
Program Delivery
u Allows users to automatically execute programs
in response to incoming messages
u For Security, need Trusted Programs and
Directory
17
Messaging Security: MTA Level
Internet
Mail Relay Internet
SMTP
MTA
3 Firewall
Level
SMTP
Intranet
Mail Hub
SMTP
Message Store Access
LDAP
Server Configuration Access
SMTP
Data Storage User Data Access Directory
2 Quotas Server
Level
Program Delivery
Messaging Messaging
Server LDAP LDAP
Server
u Access
t TCP Wrapper
t Anti-Relay Plug-In
u Message Filtering
t UBE Filtering
t Virus Scanning
t Large Message Filtering
u Encryption
t SMTP/SSL
19
Decide How to Filter Messages
u Protocol Level
t Pre-SMTP Accept
t Preferred for saving queue space
20
Set Up Anti-Relay Plug-In on the Relay
Anti-Relay Plug-In
u Prevents unauthorized users from using your
relay to send messages to other sites.
u Protocol level filter (pre-SMTP Accept)
t Anti-relay plug-in
t Delivery - what domains can be delivered to
t Submission - what domains can use relay services
21
Filter Unsolicited Bulk Email - “Spam”
22
Filter for Viruses and Large Messages
Virus Filtering
u Prevents viruses from damaging your resources
u Usea protocol level plug-in, or you can try
UBE filters with RUN command.
Large Message Filtering
u Prevents attacks that try to overload your
system
u Limits the size of messages your system will
accept.
23
Messaging Security: Summary
Internet
TCP Wrapper Mail Relay Internet
Anti-Relay
SMTP
MTA UBE Filtering
3 Firewall
Level Virus Scanning
Large Messages SMTP
SMTP/SSL Intranet
Mail Hub
SMTP
Message Store Access
LDAP
Server Configuration Access
SMTP
Data Storage User Data Access Directory
2 Quotas Server
Level
Program Delivery
Messaging Messaging
Server LDAP LDAP
Server
25
Exercise 5: Atlanta
Atlanta Internet
Internet
Mail Relay
(irmail)
Anti-Relay SMTP
Firewall
Chicago
FR UBE Filtering SMTP T1
Paris
SMTP/SSL Intranet
Mail Hub
(mhmail) 56K
San FR
Tokyo
Francisco Directory
LDAP
Directory
DNS
SMTP (dns)
Server Server
(atlds) (atlmsgds)
SMTP
Message Store Access
SMTP Gateway Messaging Messaging Server Configuration Access
LDAP
Legacy Exchange Server Server
(sleepy) (atlantis1) (atlantis2) User Data Access
POP3/IMAP4 POP3/IMAP4
Mail
Multiplexor Certificates
(bunny)
Replication: SSL
ou=Groups POP3/IMAP4 S/MIME
ou=People SMTP
Clients
Failover
26
Exercise 5: Chicago
Chicago
San FR FR
Atlanta
Francisco
LDAP
POP3/IMAP4/SMTP
Certificates
Replication:
SSL
ou=Groups S/MIME
ou=People
Clients
Failover
27
Exercise 5: San Francisco
San Francisco
Chicago FR FR
Atlanta
LDAP
POP3/IMAP4/SMTP
Replication:
Certificates
SSL
ou=Groups
S/MIME
ou=People
Clients
Failover
28
Exercise 5: Paris
Paris
Atlanta T1 56K
Tokyo
LDAP
POP3/IMAP4/SMTP
Replication:
Certificates
ou=Groups
ou=People
Clients
Failover
29
Exercise 5: Tokyo
Tokyo
LDAP
Directory SMTP
Server
(nrtds)
LDAP
Message Store Access
Messaging SMTP SMTP Gateway
Server Configuration Access Server
SMTP
Legacy cc:Mail
User Data Access (nrtmsg) (bashfull)
TCP Wrapper
Certificates POP3/IMAP4/SMTP
SSL
S/MIME
Clients
Failover
30
Lab 3: Secure Your Messaging System
Internet
2
MS Relay
1
MS Hub
MS
DS
Paris
Atlanta 31
Scalability and Fault Tolerance
Messaging Deployment Process
Migration
Migration&&
Analysis
Analysis&& Design
Design&& Operations
Coexistence
Coexistence Pilot Deployment Operations&&
Planning Development
Development Pilot Deployment Maintenance
Planning Planning Maintenance
Planning
Business Scalability
Businessand
and Scalability
and
Technical
Technical andFault
Fault
Analysis Tolerance
Tolerance
Analysis
Secure
SecureYour
Your
Design Your
Design Your Messaging
Messaging
Topology
Topology System
System Netscape Messaging Services:
Analysis and Planning
Plan
PlanYour
Your Specify
Specify
Directory Message
Directory Message
Services Routing
Services Routing
Module Objectives
2
Scalability
u Vertical
u Horizontal
3
Vertical Scalability
u Monitor Load
t Add resources as demand increases
4
Sizing Spreadsheet
u Javascript Application
u Review Qualifying Assumptions
u Enter Customer Data
u Review Results
5
Sizing Spreadsheet - Data Inputs
6
Sizing Spreadsheet - Example
7
Sizing Spreadsheet - Results
8
Horizontal Scalability
u Redundant servers
9
Spread users across servers
10
Mail Multiplexor
11
Mail Multiplexor (cont.)
12
Redundant Servers
u Load Balancers
u MX records
u DNS round-robin
13
Load Balancer
14
Redundant Hubs/External Mail Relays
Internet
Internet Internet
Relay X Relay Y
SMTP SMTP
Firewall
SMTP
IMAP/POP, SMTP
15
Network Bandwidth
u LAN analyzers
u Network topology
16
Fault Tolerance
17
High Availability Hardware
18
Redundancy
19
Protecting Your Data
u Backup
u Message Store
u RAID
20
Exercise 6
21
Module Summary
u Scalability
u Sizing Spreadsheet
u Fault Tolerance
22
Lab 4: Mail Multiplexor
Internet
FR
DS MS Hub
(LDAP:389) (SMTP:25)
MS MMP MS
(POP3:110) 1
3 (IMAP4:143) 2
Paris
San Francisco Atlanta
23
Lab 4 Debrief
Course Review
25
Lab 1: Intranet Messaging
Atlanta
1
DS
Paris
San Francisco 2
MS
FR
4 3
MS
MS
1
Lab 2: Internet Messaging - Outgoing
Internet
1
FR MS Hub
3 2
MS MS
DS
Atlanta
San Francisco Paris
2
Lab 2: Internet Messaging - Incoming
Internet
1
MS Relay
MS Hub
MS
DS
Paris
Atlanta 3
Lab 3: Secure Your Messaging
Internet
2
MS Relay
1
MS Hub
MS
DS
Paris
Atlanta 4
Lab 4: Mail Multiplexor
Internet
FR
DS MS Hub
(LDAP:389) (SMTP:25)
MS MMP MS
(POP3:110) 1
3 (IMAP4:143) 2
Paris
San Francisco Atlanta