Configuring Security for SMTP Traffic



Similar documents
Configuring Security for FTP Traffic

Load Balancing IBM Lotus Instant Messaging and Web Conferencing Servers with F5 Networks BIG-IP System

DEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP System v10 with Microsoft IIS 7.0 and 7.5

Deploying the BIG-IP LTM system and Microsoft Windows Server 2003 Terminal Services

Releasing blocked in Data Security

Load Balancing IBM WebSphere Servers with F5 Networks BIG-IP System

Introducing the Microsoft IIS deployment guide

Introducing the BIG-IP and SharePoint Portal Server 2003 configuration

F-Secure Messaging Security Gateway. Deployment Guide

SysAid Remote Discovery Tool

How to set up popular firewalls to work with Web CEO

Frequently Asked Questions

Setting up Microsoft Office 365

Setting up Microsoft Office 365

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

DEPLOYMENT GUIDE Version 2.1. Deploying F5 with Microsoft SharePoint 2010

DEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP System v9.x with Microsoft IIS 7.0 and 7.5

DEPLOYMENT GUIDE Version 1.2. Deploying F5 with Oracle E-Business Suite 12

DEPLOYMENT GUIDE. Deploying the BIG-IP LTM v9.x with Microsoft Windows Server 2008 Terminal Services

Integrating CoroSoft Datacenter Automation Suite with F5 Networks BIG-IP

Load Balancing BEA WebLogic Servers with F5 Networks BIG-IP

Core Protection Suite

DEPLOYMENT GUIDE CONFIGURING THE BIG-IP LTM SYSTEM WITH FIREPASS CONTROLLERS FOR LOAD BALANCING AND SSL OFFLOAD

DEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP system v10 with Microsoft Exchange Outlook Web Access 2007

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP LTM with the Zimbra Open Source and Collaboration Suite

F-SECURE MESSAGING SECURITY GATEWAY

Spam Marshall SpamWall Step-by-Step Installation Guide for Exchange 5.5

HOW TO CONFIGURE SQL SERVER REPORTING SERVICES IN ORDER TO DEPLOY REPORTING SERVICES REPORTS FOR DYNAMICS GP

Deploying the BIG-IP System v10 with Oracle Application Server 10g R2

To install the SMTP service:

Instructions Microsoft Outlook Express Page 1

Inbound Load Balance. User Manual

Network Load Balancing

Load Balancing BEA WebLogic Servers with F5 Networks BIG-IP v9

DEPLOYMENT GUIDE Version 1.4. Configuring IP Address Sharing in a Large Scale Network: DNS64/NAT64

Guardian Digital Secure Mail Suite Quick Start Guide

Gateways Using MDaemon 6.0

DEPLOYMENT GUIDE. Deploying F5 for High Availability and Scalability of Microsoft Dynamics 4.0

Quick Guide of HiDDNS Settings (with UPnP)

Setting up Sharp MX-Color Imagers for Inbound Fax Routing to or Network Folder

Prerequisites. Creating Profiles

Fus - Exchange ControlPanel Admin Guide Feb V1.0. Exchange ControlPanel Administration Guide

DEPLOYMENT GUIDE DEPLOYING THE BIG-IP LTM SYSTEM WITH ADOBE ACROBAT CONNECT PROFESSIONAL

Chapter 9 Monitoring System Performance

How to add your Weebly website to a TotalCloud hosted Server

ERserver. iseries. Networking TCP/IP Setup

Configuring the BIG-IP system for FirePass controllers

Setting Up Sharp MX-Color Imagers To Scan To

Copyright 2012 Trend Micro Incorporated. All rights reserved.

Setting up SMTP in Talis Decisions

Configuration Guide for Exchange 2003, 2007 and 2010

DEPLOYMENT GUIDE DEPLOYING THE BIG-IP LTM SYSTEM WITH MICROSOFT WINDOWS SERVER 2008 TERMINAL SERVICES

Quick Scan Features Setup Guide

SpamPanel Level Manual Version 1 Last update: March 21, 2014 SpamPanel

DLP Quick Start

SysPatrol - Server Security Monitor

Deploying the BIG-IP System with Oracle E-Business Suite 11i

Configuring Your Gateman Server

Chapter 3 Security and Firewall Protection

GFI Product Manual. Administration and Configuration Manual

NETWRIX EVENT LOG MANAGER

Kaseya Server Instal ation User Guide June 6, 2008

Lab - Configure a Windows 7 Firewall

RoomWizard Synchronization Software Manual Installation Instructions

Device Log Export ENGLISH

DEPLOYMENT GUIDE Version 1.0. Deploying F5 with the Oracle Fusion Middleware SOA Suite 11gR1

Instructions for Microsoft Outlook 2003

Scan to Quick Setup Guide

Configuration Information

DEPLOYMENT GUIDE Version 1.1. DNS Traffic Management using the BIG-IP Local Traffic Manager

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Security perimeter white paper. Configuring a security perimeter around JEP(S) with IIS SMTP

Deploying F5 with Microsoft Active Directory Federation Services

POP3 Connector for Exchange - Configuration

Encryption. Administrator Guide

Advanced Settings. Help Documentation

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP LTM System with VMware View

Quick Guide of DDNS Settings

Welcome to this review guide for Configuration and Using ZyALERT. Conditions. Contact Us. Review Guide Configuration and Using ZyALERT

Understand Troubleshooting Methodology

How to backup with R1soft

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

Installing GFI MailEssentials

Managing the System Event Log

Deploying the BIG-IP System v10 with VMware Virtual Desktop Infrastructure (VDI)

Services Deployment. Administrator Guide

Instructions Android Smartphone & Tablet Page 1

DEPLOYMENT GUIDE Version 1.1. Deploying F5 with IBM WebSphere 7

DEPLOYMENT GUIDE Version 1.3. Deploying F5 with VMware ESX Server

Dynamic DNS How-To Guide

A D M I N I S T R A T O R V 1. 0

Configuration Information

Deploying the BIG-IP System v10 with SAP NetWeaver and Enterprise SOA: ERP Central Component (ECC)

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP LTM with Microsoft Windows Server 2008 R2 Remote Desktop Services

Deploying the BIG-IP LTM with the Cacti Open Source Network Monitoring System

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

Setup Guide for Exchange Server

Transcription:

4 Configuring Security for SMTP Traffic Securing SMTP traffic Creating a security profile for SMTP traffic Configuring a local traffic SMTP profile Assigning an SMTP security profile to a local traffic SMTP profile Configuring an SMTP virtual server Reviewing violations statistics for SMTP security profiles

Configuring Security for SMTP Traffic Securing SMTP traffic When you configure the SMTP security profile, the system provides the following security checks for SMTP traffic: Enforces SMTP protocol compliance as defined in RFC 2821. Rejects the first message from a sender, because legitimate senders retry sending the message, and spam senders typically do not. The system does not reject subsequent messages from the same sender to the same recipient. Blocks mail from domains or IP addresses in the Disallowed Senders list. Blocks mail from IP addresses or domains that cannot be resolved with a DNS server (typically, spam senders on the Internet). Blocks mail from any senders whose MAIL FROM: domain is in the Disallowed Users list. Blocks mail from senders whose MAIL FROM: domain cannot be resolved with a DNS server (spam senders use fake domain names). Blocks mail from senders whose RCPT TO: domain is not configured as an allowed receiving domain. Blocks attempted directory attacks. Blocks certain SMTP methods, such as VRFY, EXPN, and ETRN, that spam senders use to attack mail servers. Applies rate limits to the number of messages from a particular domain, which helps prevent an attack from a spam sender. Applies rate limits, per domain, to the number of messages sent to the mail servers. Validates DNS SPF records. To configure security checks for the SMTP traffic, you create an SMTP security profile in the Protocol Security Module, and associate the security profile with a local traffic SMTP profile for a virtual server. For detailed information and specific configuration tasks, refer to the remaining sections of this chapter. To configure a security profile, see Creating a security profile for SMTP traffic, on page 4-2. To configure a local traffic SMTP profile and enable the Protocol Security Module, see Configuring a local traffic SMTP profile, on page 4-3, and Assigning an SMTP security profile to a local traffic SMTP profile, on page 4-4. To configure a virtual server and pool for SMTP traffic, and associate the local traffic SMTP profile, see Configuring an SMTP virtual server, on page 4-5. For more information on configuring local traffic management features, refer to the Configuration Guide for BIG-IP Local Traffic Management. Configuration Guide for BIG-IP Protocol Security Module 4-1

Chapter 4 Creating a security profile for SMTP traffic The SMTP security profile provides the security settings that are applicable to the SMTP service. In the security profile, you also specify whether the Protocol Security Module sends violation log messages to a remote logging server. By default, the Protocol Security Module retains up to 500 log entries per security profile in memory. If you want to retain additional log data, then we recommend that you configure remote logging. If you want to use remote logging, we recommend that you set up the remote logging configuration before you create any security profiles. The remote logging configuration applies to all security profiles. For more information, refer to Configuring remote logging, on page 5-2. To create a security profile for SMTP traffic 1. On the Main tab of the Application Security navigation pane, click Security Profiles. The SMTP Security Profiles screen opens. 2. From the Security Profiles menu, choose SMTP. The SMTP Security Profiles screen opens. 3. Above the SMTP Security Profiles area, click the Create button. The New Security Profile screen opens. 4. In the Profile Properties area, in the Profile Name box, type a unique name for the profile. 5. For the Remote Logging setting, check the box to enable remote logging for this security profile. If you have not yet configured remote logging, then click the Remote Logging configuration link. The Remote Logging Configuration screen opens. : The system does not return you to the New Security Profile screen if you configure remote logging in this manner. Therefore, you must return to step 1 to create the security profile after you set up the remote logging configuration. 6. In the Defense Configuration area, you can enable the blocking policy settings for the security profile violations. If you do not check either Alarm or Block for a violation, the system does not perform the corresponding security check. Check Alarm if you want the system to log any requests that trigger the security profile violation. Check Block if you want the system to block requests that trigger the security profile violation. Check both Alarm and Block if you want the system to perform both actions. Tip: See SMTP security violations, on page A-4, for an explanation of the individual violations. 7. Click Create. The screen refreshes, and you see the new security profile in the list. 4-2

Configuring Security for SMTP Traffic Configuring a local traffic SMTP profile Once you have created the SMTP security profile in the Protocol Security Module, you create a local traffic SMTP profile in the local traffic configuration. The local traffic SMTP profile uses the SMTP security profile to scan for vulnerabilities specific to the protocol. For more information about local traffic profiles in general, refer to the chapter, Understanding Profiles, in the Configuration Guide for BIG-IP Local Traffic Management. To create a local traffic SMTP profile 1. On the Main tab of the navigation pane, expand Local Traffic, and then click Profiles. The HTTP Profiles screen opens. 2. From the Services menu, choose SMTP. The SMTP Profiles screen opens. 3. Above the list area, click the Create button. The New SMTP Profile screen opens. 4. In the General Properties area, for the Name setting, type a unique name for the profile. 5. For the Parent Profile setting, select the existing SMTP protocol from which you want the new profile to inherit settings. The default setting is smtp. 6. Above the Settings area, check the Custom check box. The system activates the editing mode for the individual settings. 7. Check the Advanced Firewall check box to enable the SMTP security profile that you created. 8. Click Finished. The screen refreshes and displays the new local traffic SMTP profile in the list. Configuration Guide for BIG-IP Protocol Security Module 4-3

Chapter 4 Assigning an SMTP security profile to a local traffic SMTP profile When you enable the Advanced Firewall setting on the local traffic SMTP profile, the system automatically assigns the first-listed SMTP security profile to the service profile. If you have more than one security profile configured, you can change the associations on the Profiles Assignment screen in the Protocol Security Module. On the Profiles Assignment screen, you can review the current associations, including the local traffic SMTP profile, the virtual server that uses the service profile, and the SMTP security profile. Tip You can use the same SMTP security profile for many local traffic SMTP profiles. To modify the SMTP security profiles assignment 1. On the Main tab of the Application Security navigation pane, click Profiles Assignment. The Profile Assignment screen opens. 2. From the Profile Assignment menu, choose SMTP. 3. In the SMTP Security Profiles Assignment area, in the Assigned Security Profile column, for each traffic profile select the SMTP security profile that you want the service profile to use. 4. Click Save to retain any changes you may have made. If you have not yet created a virtual server that uses the local traffic SMTP profile, you will not see any virtual servers listed in the Virtual Servers column. 4-4

Configuring Security for SMTP Traffic Configuring an SMTP virtual server You configure a local traffic virtual server and a default pool for the SMTP servers, and associate the local traffic SMTP profile that you created. This automatically associates the SMTP security profile with the virtual server. The result is that when the virtual server receives SMTP traffic, the SMTP security profile in the Protocol Security Module scans the SMTP traffic for security vulnerabilities, and then the local traffic virtual server load balances any traffic that passes the scan. For more information about local traffic profiles in general, refer to the chapter, Configuring Virtual Servers, in the Configuration Guide for BIG-IP Local Traffic Management. To create a local traffic virtual server for SMTP traffic 1. On the Main tab of the navigation pane, expand Local Traffic, and then click Virtual Servers. The Virtual Servers screen opens. 2. Above the list, click the Create button. The New Virtual Server screen opens. 3. In the General Properties area, for the Name setting, type a unique name for the virtual server. 4. For the Destination setting, select the type, and type an address, or an address and mask, as appropriate for your network. 5. For the Service Port setting, either type 25 in the box, or select SMTP from the list. 6. Above the Configuration area, select Advanced. The screen refreshes, and displays additional configuration options. 7. For the SMTP Profile setting, select the SMTP service protocol that you created. 8. For the SNAT Pool setting, if your network configuration requires address translation, select Auto Map. 9. In the Resources area, for the Default Pool setting, click the Create (+) button. The New Pool screen opens. 10. On the New Pool screen, in the Configuration area, for the Name setting, type a unique name for the pool. 11. In the Resources area, for the New Members setting, you can add members to the pool by typing the IP addresses and ports, or by selecting addresses from a list. Select New Address to type the address and port of any SMTP servers that you want to add to the configuration. ( that the system automatically adds them as nodes, too.) Configuration Guide for BIG-IP Protocol Security Module 4-5

Chapter 4 Select Node List to select addresses from a list of servers that already exist in the local traffic configuration. 12. For the Service Port setting, select SMTP from the list. 13. Click the Add button to add each node or address to the New Members list. 14. Click Finished. The screen refreshes, and returns you to the New Virtual Server screen. The new pool should be listed in the Default Pool setting. 15. Click Finished on the New Virtual Server screen. The screen refreshes, and you see the new virtual server in the list. The system is now ready to scan SMTP traffic for vulnerabilities common to that protocol. See Reviewing violations statistics for SMTP security profiles, on page 4-7, for information on reviewing the SMTP security attacks that the system detects. 4-6

Configuring Security for SMTP Traffic Reviewing violations statistics for SMTP security profiles The Protocol Security Module provides statistics and other information about requests that trigger SMTP security violations. If you have enabled the Alarm flag for a violation, and an incoming request triggers a violation, the Protocol Security Module logs the request, which you can review from the Statistics screen of the Protocol Security Module. If you have enabled the Block flag for any of the SMTP security violations, then the Protocol Security Module blocks the request. Important The Protocol Security Module stores security violations in the system memory rather than on the hard disk. As a result, if you are using a redundant system, the violations data does not replicate to the other unit when you perform the ConfigSync operation. To review SMTP security violations 1. On the Main tab of the Application Security navigation pane, in the Advanced Firewall section, click Statistics. The Statistics screen opens. 2. If the system has detected a violation, then the violation name becomes a hyperlink. Click the link to see details about the offending requests. 3. On the Statistics screen, you can also review information regarding the traffic volume for each service. For a description of each SMTP violation, and the event or events that trigger the violation, refer to SMTP security violations, on page A-4. Configuration Guide for BIG-IP Protocol Security Module 4-7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information