Ironport Mail Security Gateway Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 1
Ironport 1. Ironport.....3 2. Log in..12 3. Incoming Mail email...13 4. Incoming Report...16 5. Incoming Mail Configuration...33 6. Brightmail Anti-Spam...37 7. Sophos Anti-Virus...41 8. Outgoing Mail Overview...45 9. System...48 Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 2
Ironport 1 IronPort Ironport IronPort, cli ( Consol systemsetup WEB (1 cli serial port manage NIC systemsetup sethostname y reset resetconfig. Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 3
Ironport (2 IronPort hostname sricnet.com (3 IP Interface data1 PrivateNet ip interface 192.168.10.110 PrivateNet ip xxx.xxx.xxx.xxx PrivateNet 192.168.10.255 PrivateNet PrivateNet Interface Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 4
Ironport (5 IP Interface data2 y data2 PublicNet data2 IP interface xxx.xxx.xxx.xxx PublicNet ip 255.255.255.240 PublicNet PublicNet xxx.xxx.xxx.xxx PublicNet Interface Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 5
Ironport (6 gateway web interface DNS xxx.xxx.xxx.xxx y web interface y https https demo certconfig 2 dns 1 internet ns-px.online.sh.cn dns 202.96.209.5 dns ip Enter dns dns Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 6
Ironport (7 public listener GroupWise_in listener 3 listener IP interface sricnet.com HAT y sricnet.com smtp sricnet.com sricnet.com y 500 Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 7
Ironport (8. private listener y ironport Exchange_in private listener 2 Exchange_in ip interface sricnet.com ip Ironport HAT listenerconfig-edit listener Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 8
Ironport (9. hans_yu@sricnet.com IronPort IronPort (10. 5 Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 9
Ironport 4 Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 10
Ironport 9 y NTP time.ironport.com y commit systemsetup cli gui ironport Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 11
Ironport 2. Log in Browser, Ironport IP Web, Username Password Login Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 12
Ironport 3. Incoming Mail( IronPort email Overview : Current Host : TIME RANGE: 4 Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 13
Ironport Quick Search IP Domain Owner Quick Report : email IP email Domain email Domain email Recipients Over Time (events per minute email Recipients Received : Recipients Blocked by Rate Limit : Rate Limit Block : TIME RANGE :pass Hour, events per minute TIME RANGE :pass day, events per hour TIME RANGE :pass week, events per hour TIME RANGE :pass month, : events per day Connection Attempts by Mail Flow Policy mail flow policy ( Mail Flow Summary : Mail flow Sender: Domain : Recipients : Received : % Change : Unclassified : (sendergroup Blocked by Rate Limit : Rate Limit block Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 14
Ironport Other % Brightmail Positive : Brightmail % Brightmail Suspect: Brightmail Virus Positive : sophos Connections Rejects : Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 15
Ironport 4. Incoming Report Reporting Reporting STANDARD : CUSTOM :, IP TIME RANGE : SHOW :, 20 50 100 Reset, Run Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 16
Ironport Sender: IP Address : IP HOSTNAME : DNS Verified : DNS Recipients : Received : % Change : Blocked by Rate Limit : Rate Limit block Other % Brightmail Positive : Brightmail % Brightmail Suspect: Brightmail Virus Positive : sophos Connections Rejects : Last Sender Group : SBRS : SenderBase Select All : Clear All : Add to Sender Group : Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 17
Ironport Report, STANDARD, CUSTOM, STANDARD : A. STANDARD Top IPs by recipients blocked ( past day [ email IP ] Run B. STANDARD Top domain by recipients blocked ( past day email Domain Run C. STANDARD Top domain by unclassified recipients ( past day email Domain, Run D. STANDARD Top network owners by unclassified recipients ( past day email, Run Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 18
Ironport CUSTOM : Ironport CUSTOM, IP Address Domain Network Owner, Run IP IP Address, IP Address Domain Domain, Domain Network Owner Network, Network Owner. IP, SORT BY : Recipients Received : % Change Recipients : Rcpts. Blocked by Bate Limit : Rate Limit block % Brightmail Positive : Brightmail Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 19
Ironport % Brightmail Suspect: Brightmail Virus Positive : Sophos Connections Rejected : SBRS : SenderBase Sender ( Recipients IP Address IP HostName: DNS Verified : DNS Received: % Change : Blocked by Rate Limit : Rate Limit block Other % Brightmail Positive : Brightmail % Brightmail Suspect: Brightmail Virus Positive : Sophos Connections Rejected : Last SenderGroup: SBRS : SenderBase Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 20
Ironport IP Enter IP address, domain, or network owner IP Local Data From, sricnet.com, Last connection attempt: IronPort Hostname: IP DNS verified: IP DNS % Increase (Recipients : % Brightmail Positive : Brightmail % Brightmail Suspect: Brightmail Virus Positive : Sophos Last Sender Group: IP Last Mail Flow Policy IP Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 21
Ironport Recipients Over Time (events per minute 5 Recipients Received: Recipients Blocked by Rate Limit : Rate Limit block Global Data From SenderBase, A. Information about this IP Address IP Internet Message Volume(Internet IP Daily Magnitude ( IP IP Monthly Magnitude ( IP Average Magnitude( IP CIDR Range(( IP CIDR Sender Reputation ( IP SenderBase Bonded Sender Status Not Bonded SenderBase Reputation Score (SBRS: IP SenderBase B Information about this Domain ( Domain Name ( Domain Daily Magnitude ( Domain Monthly Magnitude ( Days Since First Message From This Domain C Information About this Network Owner ( IP Network Owner Name ( Network Owner Category ( Network Owner Daily Magnitude ( Network Owner Monthly Magnitude ( Days Since First Message From This Network Owner Number of Domains in This Network Owner ( Number of IPs Used to Send Mail ( IP Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 22
Ironport D More form SenderBase ( SenderBase E. Mail flow statistic( Last: Hour Day( Week Month Recipients Received: Blocked by Rate Limit : Rate Limit block Messages Recieived: Scaned by Brightmail : Brightmail Brightmail Positive : Brightmail Brightmail Suspect: Brightmail Virus Positive : Sophos Other Bytes Received : Connections Rejected : Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 23
Ironport Domain, SORT BY : Recipients Received : % Change Recipients : Rcpts. Blocked by Bate Limit : Rate Limit block Rcpts. From unclassified sender: % Brightmail Positive : Brightmail % Brightmail Suspect: Brightmail Virus Positive : Sophos Connections Rejected : SBRS : SenderBase Sender ( Domain Recipients Received: % Change : Unclassified Blocked by Rate Limit : Rate Limit block Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 24
Ironport Other % Brightmail Positive : Brightmail % Brightmail Suspect: Brightmail Virus Positive : Sophos Connections Rejected : Domain Enter IP address, domain, or network owner Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 25
Ironport IP Local Data From, sricnet.com, Last connection attempt: IronPort % Increase (Recipients : % Brightmail Positive : Brightmail % Brightmail Suspect: Brightmail Virus Positive : Sophos Domain classified in Sender Group: Recipients Over Time (events per minute 5 Recipients Received: Recipients Blocked by Rate Limit : Rate Limit block Global Data From SenderBase, A. Information about this IP Domain Domain Name: Domain Daily Magnitude : Domain Monthly Magnitude : Days Since First Message From This Domain : B Information About this Network Owner ( IP Network Owner Name ( Network Owner Category ( Network Owner Daily Magnitude ( Network Owner Monthly Magnitude ( Days Since First Message From This Network Owner Number of Domains Associated With This Network Owner : Number of IPs Used to Send Mail : IP C More form SenderBase ( SenderBase Mail flow statistic( Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 26
Ironport Last: Hour Day( Week Month Recipients Received: Blocked by Rate Limit : Rate Limit block Messages Recieived: Scaned by Brightmail : Brightmail Brightmail Positive : Brightmail Brightmail Suspect: Brightmail Virus Positive : Sophos Other Bytes Received : Connections Rejected : Domain Details Domain Name:( IP Details : IP Sender: IP Address : IP Hostname : DNS Verified : DNS Recipients : Received : % Change : Blocked by Rate Limit : Rate Limit Other % Brightmail Positive : Brightmail % Brightmail Suspect: Brightmail Virus Positive : sophos Connections Rejected : Last SenderGroup: SBRS :SenderBase Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 27
Ironport Network Owner, SORT BY : Recipients Received : % Change Recipients : Rcpts. Blocked by Bate Limit : Rate Limit block Rcpts. From unclassified sender: % Brightmail Positive : Brightmail % Brightmail Suspect: Brightmail Virus Positive : Sophos Connections Rejected : SBRS : SenderBase Sender ( Network Owner Recipients Received: % Change : Unclassified Blocked by Rate Limit : Rate Limit block Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 28
Ironport Other % Brightmail Positive : Brightmail % Brightmail Suspect: Brightmail Virus Positive : Sophos Connections Rejected : Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 29
Ironport Network Owner Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 30
Ironport Enter IP address, domain, or network owner IP Local Data From, ****, Last connection attempt: IronPort % Increase (Recipients : % Brightmail Positive : Brightmail % Brightmail Suspect: Brightmail Virus Positive : Sophos Network Owner classified in Sender Group: Recipients Over Time (events per minute 5 Recipients Received: Recipients Blocked by Rate Limit : Rate Limit block Global Data From SenderBase Information About this Network Owner ( Network Owner Name ( Network Owner Category ( Network Owner Daily Magnitude ( Network Owner Monthly Magnitude ( Days Since First Message From This Network Owner Number of Domains Associated With This Network Owner : Number of IPs Used to Send Mail : IP More form SenderBase ( SenderBase Mail flow statistic( Last: Hour Day( Week Month Recipients Received: Blocked by Rate Limit : Rate Limit block Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 31
Ironport Messages Recieived: Scaned by Brightmail : Brightmail Brightmail Positive : Brightmail Brightmail Suspect: Brightmail Virus Positive : Sophos Other Bytes Received : Connections Rejected : Network Owner details: Network Owner Name: IP Details : IP Sender: IP Address : IP Hostname : DNS Verified : DNS Recipients : Received : % Change : Blocked by Rate Limit : Rate Limit Other % Brightmail Positive : Brightmail % Brightmail Suspect: Brightmail Virus Positive : sophos Connections Rejected : Last SenderGroup: SBRS :SenderBase Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 32
Ironport 5. Incoming Mail Configuration Configuration, Listener Listener Host Access Table(Sender/Mail Flow Policy Mapping Order Sender Group WHITELIST BLACKLIST SUSPECLIST UNKNOWLIST Relay relay Mail Flow Policy TRUSTED BLOCKED THROTTLED ACCEPTED Relay Comments Sender Group Action Edit Group, Edit Order Group Add Sender Group Group Modify Policies Group Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 33
Ironport Edit Order Sender Group Order Group 1,2,3,4 Save Order Add Sender Group Group Sender Group Name Sender Group Comment Mail Flow Policy Continue Accepted Blocked Throttled Trusted Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 34
Ironport Add Sender IP,IP Range, Domain Name SBRS Order Sender IP IP SenderBase Sender Comment Modify Policies, Policy Modigy Policies Add Policy Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 35
Ironport Policy Name: Connection Behavior Is: Accept Relay Reject TCP refuse TCP Max. Messages Per Connection: Max. Recipients Per Message: Max. Message Size (add a trailing k for kilobytes; M for megabytes: Max. Concurrent Connections From a Single IP: IP Custom SMTP Banner Code: SMTP Custom SMTP Banner Text: SMTP Use TLS: No Preferred Required Rate Limiting Max. Recipients Per Hour: Max. Recipients Per Hour Code (452 recommended Max. Recipients Per Hour Text: Use SenderBase: Sender Base Spam Detection Use Spam Detection: Virus Detection Use Virus Detection: Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 36
Ironport 6. Brightmail Anti-Spam Sannning, Brightmail Sophos Brightmail, Brightmail Overview (Brihgtmail Global Settings Brightmail Anti-Spam Scanning: Enable Brightmail Rules Download URL: Brightmail Proxy Server URL: ( Suspected Sapm Threshold Brightmail Registration Key: key Edit Global Setting ( Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 37
Ironport Per-Listener Settings: Listener Listener Listener Sapm Message Handling Suspect Sapm Message Handling Action Edit Rule Updates Rule type( Header Rules Body Hash Rules BrightSig2 Rules Heuristic Rules Permit Rules Last update Listener, Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 38
Sapm Message Handling Spam Ironport Enable Spam Scanning Brightmail Action applied to message Deliver( Drop Bounce Quarantine Modify message subject NO Prepend Append Text: [SPAM] Add customer header to message Yes( No Header Namer Header text Modify message Recipient: Address Send message to Quarantine or Alter Destination Host Host Archive Message Yes( No( Suspect Sapm Message Handling Enable Spam Scanning Brightmail Action applied to message Deliver( Drop Bounce Quarantine Modify message subject NO Prepend Append Text: [SUSPECTED SPAM] Add customer header to message Yes( No Header Namer Header text Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 39
Ironport Modify message Recipient: Address Send message to Quarantine or Alter Destination Host Host Archive Message Yes( No( Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 40
Ironport 7. Sophos Anti-Virus Sannning, Brightmail Sophos Sophos, Sophos Overview (Sophos Global Setting: Anti-Virus Scanning By Sohpos: Enable Sophos Automatic Update Interval(hours: 1 Sophos (1 Edit Global Setting ( Per-Listener Settings: Listener Status (enable/disable Listener Listener Message Scanning Drop Attachments Clean Message Handling Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 41
Ironport Handling of Message that may Contain Virus Action Edit Current Anti-Virus Files: File Type: Version: Updated On: Listener, Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 42
Ironport Enable Sophos Anti-Virus Sacnning on this Listener: Listener Sophosl Message Saqcnning: Scan and clear Scan only Drop attachments if a virus found or it cannot be cleared If an attachment canot be scaned, assume it is clean: never always only if its extension is:, Clean Message handling: Action Applied to original message: Deliver As is: Modify message subject : No: Prepend: Append: Add custom header to message: No: Yes: Header name: Header text: Archive original message: No: Yes: Send Notification: to sender: to recipient: to others: Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 43
Ironport Handling message that may contain viruses: Action Applied to original message: Drop Deliver as Attachmentr to New Message Deliver As Is Modify message subject : No: Prepend: Append: Add custom header to message: No: Yes: Header name: Header text: Modify message receipt: No: Yes: ( Addtress : Modify destination host: No: Yes: (Host : Archive original message: No: Yes: Send Notification: to sender: to recipient: to others: Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 44
Ironport 8. Outgoing Mail Overview IronPort Outgoing Mail Overview Outgoing Domain Search Outbound queue Status : Outgoing Domain Search Domain NAME: Search Outbound Queue Status: Destination Domain Active Recipients Connections Out Delivered Recipients Soft Bounced Hard Bounced Outgoing Domain Status Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 45
Ironport Domain Name Domain, Search Domain Report Host mail status for Status as of Host up/down Last Activity Ordered IP Addresses MX Oldest Message MX Records MX Ip Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 46
Ironport Counters Queue Soft bounced Events 数 Completion Completed Recipients 数 Hard Bounced Recipients 数 DNS Hard Bouncer DNS 数 5xx Hard Bouncer 5XX 数 Filter Hard Bouncer 数 Expired Hard Bouncer 数 Other Hard Bouncer 数 Dalivered Recipients 数 Delated Recipients 数 Gauges Queue Active Recipients Unattempted Recipients 数 Attempted Recipients 数 Connections Current Inbound Conn. Ironport Current Outbound Conn. Ironport Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 47
Ironport 9. System IronPort System Overview IronPort Historical Graphs 数 : Message Received IronPort 数 Recipients Received Soft Bounced Events 数 Completed Hard Recipients 数 Bounced Recipients Delivered Recipients 数 Current Inbound Connections 当 Ironport 数 Current Outbound Connections 当 Ironport 数 Active Recipients Unattempted Recipients 数 Attempted Recipients 数 Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 48
Ironport Interval Past Hour Past Day Past Week Past Month IronPort Statistics System 状 Status RAM Utilixation RAM CPU Utilixation CPU Disk I/O Utilization Queue KB Used Free Mail Status Recipients Received 数 Soft Bounced Events 数 Completed Recipients 数 Hard Bounced Events 来数 Delivered Recipients 数 Current Connections Inbound 当 Ironport 数 Outbound 当 Ironport 数 Version Information Model 号 OS OS Build Date Serial Number 号 IronPort Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 49
Ironport IronPort System Status IronPort : Mail Status 状 Status As of Up since Last counter reset 数 Syst em status 状 Oldest Message Feature - Sophos S ophos license Feature - Recelving Ironport license Feature - BrightMail Brightmail license IronPort Counters Receiving Reset 数 Uptime Lifetime Message Received Ironport 数 Recipients Received 数 Gen. Bounce Recipients Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 50
Ironport IronPort Counters Rejection Reset 数 Uptime Lifetime Rejected Recipients 数 Dropped Message 弃 数 Queue Soft Bounced Event 数 IronPort Completion Completed Recipients 数 Hard Bounced Recipients 数 DNS Hard Bouncer DNS 数 5xx Hard Bouncer 5XX 数 Filter Hard Bouncer 数 Expired Hard Bouncer 数 Other Hard Bouncer 数 Dalivered Recipients 数 Delated Recipients 数 Global Unsub. Hits global unsubscribe setting Current IDs Message ID MID 数 Injection Conn. ID ICID 数 Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 51
Ironport Delivery Conn. ID DCID 数 IronPort Rates Events per Hour 数 Receiving Message Received Ironport 数 Recipients Received 数 Queue Soft bounced Events 数 Completion Completed Recipients 数 Hard Bounced Recipients 数 Delivered Recipients 数 IronPort Gauges System RMA Utilization RAM CPU Utilization CPU Disk I/O Utilization Pesource Conservation IronPort Gauges Connections Current Inbound Conn. Ironport Current Outbound Conn. Ironport IronPort Gauges Queue Active Recipients Unattempted Recipients 数 Attempted Recipients 数 Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 52
Message In Work Queue Kilobytes Free 数 Ironport Destinations In Memory domain Kilobytes Used 数 IronPort DNS Status DNS 状 Reset 从 数 当 Uptime 从 设备 当 时间 Lifetime 从 当时间 DNS Requests DNS 数 Network Request 数 Cache Hits DNS 数 Caches Misses DNS Cache Exceptions DNS Cache Expired DNS Cache Expired DNS SenderBase Status SenderBase 状 Status as of 当 状 Host up/down 状 Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 53
Ironport IronPort System Setting Reset Counters Reset Counters 点 Reset Counters 数 Trace : I ronport System Trace, Sender Information Remote IP IP IP Remote Domain SenderBase Owner ID SenderBase ID Lookup Network Owner ID associated remote ID IP ID Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 54
Ironport Use SenderBase ID SenderBase Reputation Score SenderBase Lookup SBRS associated remote ID IP SenderBase Use SenderBase ID Receiving Listener Lisener Envelope Information Envelope Sender Envelope Recipients Message Body Upload Message Body ( SMTP 0029 Tel:(02 27016052 Fax:(02 2701-6053 ww.sric.com.tw 55