Upload
clifton-griffin
View
224
Download
2
Tags:
Embed Size (px)
Citation preview
www.novell.com
Installing, Configuring, and Optimizing Novell Internet Messaging System™
Installing, Configuring, and Optimizing Novell Internet Messaging System™
Lynn MadsenNIMS Product ManagerNovell, [email protected]
Jason BrothersQA EngineerNovell, [email protected]
Rodney PriceNIMS EngineeringNovell, [email protected]
Vision…one NetA world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries
MissionTo solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world
What Is Novell Internet Messaging System™ (NIMS)?
• Features E-mail Calendaring/scheduling List server Rules server Antivirus integration
• Strengths Standards compliance ensures compatibility High performing and scalable Centralized or distributed administration Novell eDirectory™ foundation Low TCO
• Markets Education Service providers Governments Small business
What Is NIMS™? (cont.)
• NIMS is not an Instant Messaging product• NIMS is a scalable, Internet standards–based e-mail,
calendaring, and scheduling system that is tightly integrated with Novell eDirectory™
• NIMS is not a “web-based” e-mail/calendaring system• NIMS supports any POP, IMAP, or iCal compatible client
• NIMS is not a NetWare®-based product
• NIMS runs with eDirectory on NetWare 5.1 (SP3 and above) and NetWare 6, Solaris 8, Red Hat Linux (possibly other Linux) with the 2.4 kernel, and Windows NT/2000/XP
What’s New in NIMS 3.x?
• iCal-based calendaring/scheduling, to-do’s and notes• ModWeb template-based web engine
Public templates (non-authenticated) Multiple session templates (authenticated) Template compiler HTML message viewing
• Class of service (Parent Objects)• Delegated administration (a.k.a. TOM—Task Oriented
Management)• Individual time zone and date format support• Enhanced list server (moderator, announce-only lists)• Antivirus integration
Administration Overview
• Install process OS patch levels DS health NIMS install NIMS patches Resources
• Administrative tools
Administration Overview (cont.)
Install Process
• OS patch levels NetWare
• 4.x—SP9• 5.1—SP3• 6.0—SP1
Linux• RedHat 7.0
Solaris• Solaris 8 for SPARC
Administration Overview (cont.)
Install Process
• DS health Important NIMS is directory-based Novell TID 10012858 and 10060600
• See http://support.novell.com or NIMS 3.0 manual
Administration Overview (cont.)
Install Process
• Symptoms of an unhealthy DS Objects will have fields that are ‘greyed-out’ Settings made will not take effect or hold Every time NIMS is loaded the message store
path has more path information appended to it
End user settings not sticking E-mail is rejected because a valid user cannot
be found
Administration Overview (cont.)
Install Process
• NIMS installation NetWare
• Installs though NWConfig, just like a service pack Linux
• An rpm installation Solaris
• An install package
Administration Overview (cont.)
Install Process
• Patches Tested on MyRealBox before they are released to the public We consider the newest patch we release to be our minimum
patch level Patches can be copied to the server at any time and then
NIMS can be restarted at a time when it is convenient The latest NIMS patches are listed on the Minimum Patch list Beta patches can be found on http://www.nimsinfo.com
Administration Overview (cont.)
Install Process• Resources
NIMS 3.0 manual• Much improved over the NIMS 2.5 manual• Written to explain the concepts• Concepts apply to 2.6x
http://www.nimsinfo.com• FAQ• Downloads• Listserv
Administration Overview (cont.)
Install Process• Resources
FAQ• Contains over 230 question and answers• Contains a list of the all of NIMS attributes and settings• The answer to your question is probably here
Tool and utilities• Various NIMS tools and utilities can be found here
NIMS listserv list• NIMSTalk—very active NIMS community• DevTalk—a place developers can ask questions
Administration Overview (cont.)
Administrative Options• Traditional
Network administrator
• NIMS tools Web Administrator Task Oriented Management (TOM) Parent Objects
• Others ICE DS Snoop JRB Utilities
Administration Overview (cont.)
Administrative Options
• Network Administrator NWAdmin32
• Web Administrator NetWare
• load webadmin.nlm Linux
• /usr/local/nims/bin/webadmin.sh Solaris
• /opt/NOVLnims/bin/webadmin.sh Default URLs—http and https
» Port 81 Port 444
Installation and Configuration
Administrative Options
• Parent Objects Configured through NWAdmin or WebAdmin Group management Allows you to easily manage different domains
or identifiable groups in your organization
Installation and Configuration (cont.)
Administrative Options
• Task Oriented Management (TOM) What is it?
• Great for ISP/ASP and large organizations• Allows you to hand off administration• Works in conjunction with Parent Objects
Setup and use• Demo
Installation and Configuration (cont.)
Administrative Options
• Other utilities Why would you use other utilities?
• Bulk administration• Set attributes that are not exposed by the GUI
interfaces– See FAQ for attribute settings
• Command line is often faster than GUI interfaces
Installation and Configuration (cont.)
Administrative Options• Others
DSBrowse• Quickly look at attributes
DSSnoop• Single users attribute manipulation
ICE/JRB Utilities• Allows mass attribute settings
Installation and Configuration (cont.)
Administrative Options• Quick demos
DSBrowse• Quickly look at an attribute
DSSnoop• Company logo
JRB Setname• Timeout value
NIMS Architecture
CalendarE-mail User info Queue
Scalability
Stability
Extensibility
SMTP IMAP PALM WAPPOP
?NEXTP
NIMS Architecture
CalendarE-mail User info Queue
Scalability
Stability
Extensibility
AbstractionAbstraction
SMTP IMAP PALM WAPPOP
?NEXTP
NIMS Architecture
CalendarE-mail User info Queue
Scalability
Stability
Extensibility
AbstractionAbstraction
SMTP IMAP PALM WAPPOP
?NEXTP
NIMS Architecture
CalendarE-mail User info
Scalability
Stability
Extensibility
AbstractionAbstraction
MessageStore
CalendarStore Directory
QueueQueue
Replicateddata
Non-replicated data
NIMS Architecture
Scalability
Stability
Extensibility
AbstractionAbstraction
MessageStore
CalendarStore QueueDirectory
Replicateddata
Non-replicated data
NIMS Architecture
Scalability
Stability
Extensibility
AbstractionAbstraction
MessageStore
CalendarStore Queue Directory
Replicateddata
Non-replicated data
DDB API
NMAP* Agent
NMAP* Protocol
TCP/IP
* Novonyx Message Access Protocol
NIMS Architecture
Scalability
Stability
Extensibility
MessageStore
CalendarStore Queue
NMAP Agent
Directory
DDB APINMAP Protocol
NIMS Architecture
Scalability
Stability
Extensibility
Directory
NMAP Protocol
MessageStore
CalendarStore Queue
NMAP Agent
DDB API
POP
POP
IMAP
NIMS Architecture
Scalability
Stability
Extensibility
Directory
NMAP Protocol
MessageStore
CalendarStore Queue
NMAP Agent
DDB API
POPIMAP
POPIMAPSMTP
NIMS Architecture
Scalability
Stability
Extensibility
Directory
NMAP Protocol
MessageStore
CalendarStore Queue
NMAP Agent
DDB API
POPIMAP
POPIMAPSMTP SMTP
NIMS Architecture
Scalability
Stability
Extensibility
Directory
NMAP Protocol
MessageStore
CalendarStore Queue
NMAP Agent
DDB API
POPIMAP
POPIMAPSMTP SMTP
PALM
WAP
NIMS Architecture
Scalability
Stability
Extensibility
Directory
NMAP Protocol
MessageStore
CalendarStore Queue
NMAP Agent
DDB API
POPIMAP
POPIMAPSMTP SMTP
PALM
WAPModweb
NIMS Architecture
Scalability
Directory
NMAP Protocol
MessageStore
CalendarStore Queue
NMAP Agent
DDB API
POPIMAPSMTP Modweb
Single Server
NIMS Architecture
Scalability
MessageStore
CalendarStore Queue
NMAP Agent
Multi Server
MessageStore
CalendarStore Queue
NMAP Agent
IMAP
NMAP Protocol DDB API
POPIMAPSMTP Modweb
Directory
Queue AgentsClient Protocol Agents
NMAP Protocol DDB API
SMTP
NMAP Protocol DDB API
POPIMAP Modweb POPIMAP Modweb Queue Agents
NMAP Protocol DDB API
NMAP
NMAP Protocol DDB API
NMAP
DirectoryDirectory Directory Directory
Queue AgentsSMTP
MessageStore
CalendarStore
MessageStore
CalendarStore
Queue Queue
NMAP
MessageStore
CalendarStore
Queue
NMAP
MessageStore
CalendarStore
Queue
NMAP
MessageStore
CalendarStore
Queue
Mail Store Agents
Queue Agents
NMAP Protocol DDB API
SMTP
NMAP Protocol DDB API
POPIMAP Modweb POPIMAP Modweb Queue Agents
NMAP Protocol DDB API
NMAP
NMAP Protocol DDB API
NMAP
DirectoryDirectory Directory Directory
Queue AgentsSMTP
Queue Queue
NMAP
MessageStore
CalendarStore
Queue
NMAP
MessageStore
CalendarStore
Queue
NMAP
MessageStore
CalendarStore
Queue
NIMS Architecture (cont.)
Queue
NMAP Queue Functions Provides a mechanism
to create messages Pushes messages through
a staged queue Processes queue agent
commands Delivers messages
to local recipients Stores and reprocesses
problem messages
NIMS Architecture (cont.)
Queue
NMAP Queue States Incoming 000–007 Queue Agents
Processing 006 Local Delivery 007 Remote Delivery 008 Bounce Queue
NIMS Architecture (cont.)
Queue
NMAP Queue Processing Time Almost all messages are
processed immediately Queuing conditions
• Errors• High load
NIMS Architecture
NMAP Protocol DDB API
Directory
Queue AgentSMTP
MessageStore
CalendarStore Queue
NMAP Agent
Anti-Virus Agent
Requests to be notified ofCxxxxxxx.007
NIMS Architecture
NMAP Protocol DDB API
Directory
SMTP
MessageStore
CalendarStore Queue
NMAP Agent
Anti-Virus Agent
Requests to be notified ofCxxxxxxx.000
NIMS Architecture
NMAP Protocol DDB API
Directory
SMTP
MessageStore
CalendarStore Queue
NMAP Agent
Anti-Virus Agent
SMTP
25
Cxxxxxxx.inDxxxxxxx.msg
NIMS Architecture
NMAP Protocol DDB API
Directory
SMTP
MessageStore
CalendarStore Queue
NMAP Agent
Anti-Virus Agent
Cxxxxxxx.000Dxxxxxxx.msg
NIMS Architecture
NMAP Protocol DDB API
Directory
SMTP
MessageStore
CalendarStore Queue
NMAP Agent
Anti-Virus Agent
Cxxxxxxx.006Dxxxxxxx.msg
NIMS Architecture
NMAP Protocol DDB API
Directory
SMTP
MessageStore
CalendarStore Queue
NMAP Agent
Anti-Virus Agent
Cxxxxxxx.007Dxxxxxxx.msg
NIMS Architecture
NMAP Protocol DDB API
Directory
SMTP
MessageStore
CalendarStore Queue
NMAP Agent
Anti-Virus Agent
Select Agent Configuration (cont.)
Anti-Virus• Anti-Virus
NAI (McAfee) Netshield• mcscan32 Version 41.40 or greater
CA InoculateIT• avengine Version 23.48 or greater
Symantec CarrierScan If you are using Netshield or CarrierScan you do not need
to run the entire anti-virus package unless you are hosting file and print services on that server
Select Agent Configuration (cont.)
Anti-Virus• Can update CA Inoculate on the fly
Just copy over the old signature file and engine (if applicable)
NIMS will automatically update the files in about 5 minutes
• In order to update McAfee’s virus signature files you have to unload Anti-Virus and then apply the new files
Select Agent Configuration (cont.)
SMTP• UBE Relaying
SMTP-after-POP Authentication Allowed list
• UBE Blocking Blocked Lists RBL Lists Deny Access to Hosts not in DNS
Select Agent Configuration (cont.)
SMTP-After-POP• Create a Connection Manager Agent • Enable the "SMTP-after-POP" on the SMTP
agent • In the Messaging Server object, check the
box that identifies the connection manager• Wait a couple of minutes for DS to sync• IMS Unload • IMS
Select Agent Configuration (cont.)
SMTP
Internet
POPIMAP
IP Address: 64.258.14.32User: JSmith
Connection Manager
IP Address: 64.258.14.32User: JSmith
SMTP-after-POP
Select Agent Configuration (cont.)
SMTP
Internet
POPIMAP IP Address: 172.16.30.3User: JSmith
Connection Manager
IP Address: 64.258.14.32User: JSmith
IP Address:172.16.30.2User: BillyBob
NAT
IP Address: 64.258.14.32
SMTP-after-POP
Select Agent Configuration (cont.)
Authentication
• Connection Manager not used• Enable the “Authentication" on the SMTP
agent • Wait a couple of minutes for DS to sync• IMS Unload • IMS
Select Agent Configuration (cont.)
SMTP
Internet
IP Address: 172.16.30.3
IP Address:172.16.30.2
NAT
IP Address: 64.258.14.32
AuthenticationUsername?Password?
Select Agent Configuration (cont.)
Allowed List
• Connection Manager not used• Enable “Require sender to be in ‘Allowed’
list for remote sending” on the SMTP agent • Wait a couple of minutes for DS to sync• IMS Unload • IMS
Select Agent Configuration (cont.)
SMTP
Internet
IP Address: 64.258.14.32
Allowed List
IP Address: 64.258.14.32
Allowed senders
Select Agent Configuration (cont.)
UBE Relaying SummaryOption Pros Cons
SMTP-after-POP • No client configuration • May have incorrect headers in an NAT environment
• May be difficult to track someone that is abusing your system
Authentication • Is not affected by NAT• E-mail header will always be correct• Easy to track abusers
• Requires client that supports Authentication
• Requires each client to be properly configured
Allow Hosts • No client configuration • May be difficult to track someone that is abusing your system
• Limits remote senders
Select Agent Configuration (cont.)
UBE Relaying • All three options can be used in combination
For example, you could have an Allowed Hosts list for your internal network and Authentication for your remote users
• When used in combination they operate on an “or” basis User only needs to satisfy one of the conditions
Select Agent Configuration (cont.)
UBE Blocking
• What can I do to stop all UBE? Turn off your mail server
• What can I do to minimize UBE? Blocked Lists RBL Lists Deny Access to Hosts not in DNS
Select Agent Configuration (cont.)
UBE Blocking • Blocked Lists
Customizable list entered by the mail administrator Can be a single IP address or a range of addresses Can be changed without reloading NIMS
• RBL List Lists that contain known spammers or spam-friendly networks Some of this lists are free to use (e.g., SPEWS.org) Others are on a subscription bases (e.g., Mail-Abuse.org)
• Deny Access to Hosts not in DNS There are many mail servers on the Internet that are
not properly configured This option should be used with care
Select Agent Configuration (cont.)
SMTP
IP Address: 64.258.14.32
RBL List
RBL list: spews.relays.osirusoft.com
Foreign SMTP
DNS
32.14.258.64.spews.relays.osirusoft.com
IP Address: 121.32.23.56
32.14.258.64.spews.relays.osirusoft.com56.23.32.121.spews.relays.osirusoft.com
Installation and Configuration
Utilities• RMBox
Bulk account deletion Can use IMSAudit to identify aged accounts Security Settings
• Server Managers on Messaging Server
• Bulkmail Allows you to quickly e-mail a large group of
users