IBM Proventia Getting Started Manual

IBM Proventia

Getting Started Guide

®

Network Mail Security System

Version 1.6

IBM Internet Security Systems

© Copyright IBM Corporation 2006, 2008.
IBM Global Services
Route 100
Somers, NY 10589
U.S.A.

Produced in the United States of America.
All Rights Reserved.
IBM and the IBM logo are trademarks or registered trademarks of International Business Machines Corporation in the

United States, other countries, or both. ADDME, Ahead of the threat, BlackICE, Internet Scanner, Proventia, RealSecure,
SecurePartner, SecurityFusion, SiteProtector, System Scanner, Virtual Patch, X-Force and X-Press Update are trademarks
or registered trademarks of Internet Security Systems, Inc. in the United States, other countries, or both. Internet Security
Systems, Inc. is a wholly-owned subsidiary of International Business Machines Corporation.

Microsoft, Windows, and Windows NT are trademarks of Microsoft Corporation in the United States, other countries, or
both.

Other company, product and service names may be trademarks or service marks of others.
References in this publication to IBM products or services do not imply that IBM intends to make them available in all

countries in which IBM operates.
Disclaimer: The information contained in this document may change without notice, and may have been altered or

changed if you have received it from a source other than IBM Internet Security Systems (IBM ISS). Use of this information
constitutes acceptance for use in an “AS IS” condition, without warranties of any kind, and any use of this information is at
the user’s own risk. IBM Intern et Security Systems disclaims all warranties, either expressed or implied, including the
warranties of merchantability and fitness for a particular purpose. In no event shall IBM ISS be liable for any damages
whatsoever, including direct, indirect, incidental, consequential or spe ci al damages, arising from the use or dissemination
hereof, even if IBM Internet Security System s has been advised of th e possibility of such damages. Some states do not allow
the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Reference herein to any specific commercial products, process, or service by trade name, trademark, ma nufacturer, or
otherwise, does not necessarily constitute or imply its endorsement, r ecommendation, or favoring b y IBM Internet Security
Systems. The views and opinions of authors expressed herein do not necessarily state or reflect those of IBM Internet
Security Systems, and shall not be used for advertising or product endorsement purposes.

Links and addresses to Internet resources are inspected thoroughly prior to release, but the ever-changing nature of the
Internet prevents IBM Internet Security Systems, Inc. from guaranteeing the content or existence of the resource. When
possible, the reference contains alternate sites or keywor ds that could be used to acquire the information by other methods .
If you find a broken or inappropriate link, please send an email with the topic name, link, and its behavior to

support@iss.net

Document Part Number: 51J1881
September 26, 2008

.

Contents

Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

How to Use the Appliance Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Getting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Chapter 1: Introduction to the Appliance

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Appliance Package Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

About the Appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Understanding SMTP Mail Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Chapter 2: Getting Connected

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Connecting the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Configuring the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Completing the Initial Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Accessing Proventia Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Working with Proventia Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Installing License Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Applying Mail Security Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Verifying Network Connectivity and SMTP Settings . . . . . . . . . . . . . . . . . . . . . . . . . 36

Reinstalling the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

IBM Proventia Network Mail Security System Getting Started Guide, Version 1.6

3

Contents

4

IBM Internet Security Systems

Preface

Overview

Introduction This getting started guide contains information about installing and

configuring initial settings for the IBM Proventia Network Mail Securi ty
System appliance.

Scope This guide includes general information and procedures required for

connecting the appliance to your network and configuring the basic
settings for the appliance.

Audience This guide is intended for Administrators with a fundamental knowledge

of mail security best practices and SMTP configuration.

Note: If you are running the appliance on VMware, see the Getting

Started Guide for VMware Workstation on the IBM ISS Web site at

www.iss.net/support/documentation/

using VMware.

for installation procedures

http://

IBM Proventia Network Mail Security System Getting Started Guide, Version 1.6

5

Preface

How to Use the Appliance Documentation

Using this guide Read this entire guide before you install or operate this product. You

should review prerequisites and considerations before you begin.

Latest information For the latest appliance documentation, always r efer to the Help found in

Proventia Manager and in the Readme files associated with each
firmware release located on the IBM ISS Download Center at

http://www.iss.net/download/

Related publications The following publications provide more information about the

appliance:

Document Contents

.

Licensing
agreement

IBM Proventia Network
Mail Security System
Getting Started Guide for
VMware Workstation

IBM Proventia Network
Mail Security System
Administrator Guide

IBM Proventia Network
Mail Security System
Help

Readme file This file contains the most current information about

Tabl e 1: Reference documentation

This guide contains information on how to set up the
appliance on VMware.

This guide contains information on configuring,
managing, and maintaining the appliance.

The online Help is accessed from Proventia
Manager (the Web-based Management Interface),
and contains information on how to use features of
the appliance while you are in the application.

product issues and updates, including how to
contact Technical Support.

For licensing information on IBM Internet Security Systems products,
download the IBM Licensing Agreement from:

http://www-935.ibm.com/services/us/iss/html/
contracts_landing.html

6

IBM Internet Security Systems

Getting Technical Support

Getting Technical Support

Introduction IBM ISS provides technical support through its Web site and by email or

telephone.

The IBM ISS Web
site

The IBM Internet Security Systems (IBM ISS) Resour ce Center Web site at

http://www-935.ibm.com/services/us/index.wss/offerfamily/
iss/a1029129

provides direct access to user documentation, current
versions listings, detailed product literature, white papers, and the
Technical Support Knowledgebase.

Hours of support The following table provides hours for Technical Support at the Americas

and other locations:

Location Hours

Americas 24 hours a day
All other

locations

Tabl e 2: Hours for technical support

Monday through Friday, 9:00 A.M. to 6:00 P.M. during their
local time, excluding IBM published holidays

Note: If your local support office is located outside the
Americas, you may call or send an email to the Americas
office for help during off-hours.

Contact information For contact information, go to the IBM Internet Security Systems

(IBM ISS) Resource Center Web site at

services/us/index.wss/offering/iss/a1029178

IBM Proventia Network Mail Security System Getting Started Guide, Version 1.6

http://www-935.ibm.com/

.

7

Preface

8

IBM Internet Security Systems

Chapter 1

Introduction to the Appliance

Overview

Introduction This chapter contains introductory information about deploying your

appliance.

In this chapter This chapter contains the following topics:

Topic Page

Appliance Package Contents 10
About the Appliance 11
Understanding SMTP Mail Routing 13

IBM Proventia Network Mail Security System Getting Started Guide, Version 1.6

9

Chapter 1: Introduction to the Appliance

Appliance Package Contents

Introduction Before you begin, you should verify that you have all of the package

contents necessary to install the appliance.

Verifying the
contents

Verify the appliance package includes the following:

Item

9













Tabl e 1: Materials for connecting the appliance

IBM Proventia Network Mail Security System appliance

Ethernet crossover cable

Po wer cord

Recovery CD pack

Getting Started Gui de

Warranty statement

10

IBM Internet Security Systems

About the Appliance

About the Appliance

Introduction Before you connect the appliance to the network, familiarize yourself

with the appliance’s hardware features.

Front panel Figure 1 illustrates the front panel of the appliance:

Figure 1: Front panel of the appliance

The front panel of the appliance includes the following:

Label Description

A LED Indicators (from left to right:)

• Power LED - Green

• HDD Activity LED - Green

• LAN1 LED - Green

• LAN2 LED - Green

• Fault Event LED - Amber

B The LCD module navigation arrow keys are used for entering IP

addresses.
C The LCD controller module is used for initial network configuration.
D The LCD module configuration keys are used to set up the ETH1

interface from the front panel.

Tabl e 2: Front panel label descriptions

IBM Proventia Network Mail Security System Getting Started Guide, Version 1.6

11

Chapter 1: Introduction to the Appliance

Back panel Figure 2 illustrates the back panel of the appliance:

Figure 2: Appliance back panel

The back panel of the appliance includes the following:

Label Description

E Ethernet Port 2 (ETH2)
F Ethernet Port 3 (ETH3)

Configuring the
ETH1 interface

G Ethernet Port 1 (ETH1) (This is the default gateway for the appliance.)
H Ethernet Port 0 (ETH0)

Tabl e 3: Back panel label descriptions

You will need to re-route mail traffic through the appliance, before it can
inspect all incoming mail and then forward the clean mail on to internal
mail servers. Make sure the ETH1 interface is configured as the default
gateway IP address for the appliance.

Figure 3: ETH1 interface setup

12

IBM Internet Security Systems

Understanding SMTP Mail Routing

Understanding SMTP Mail Routing

Introduction Before you set up and configure the appliance, you should understand

the basics of using SMTP, which will help you in determining where to
place the appliance on your network.

Performing a DNS
lookup

Example of
performing a DNS
lookup

Every domain has a domain name server (DNS) that handles its requests,
and a System Administrator who maintains the records in that DNS.
These records are used to determine mail routing to and from the
Internet. You can easily check what servers are responsible for your
domain by performing an

nslookup

on the MX DNS records for that

domain.

The following example shows how to check the MX DNS records for the

iss.net

domain:

Open a command prompt, and then enter the following:

nslookup

The output would look something like the following:

Default Server: dns.server
Address: x.x.x.x

Now enter the following commands (these commands set the DNS query
to look up responsible mail servers for the

iss.net

domain):

set q=mx
iss.net

The output would look something like the following:

Server: dns.server
Address: x.x.x.x

iss.net MX preference = 5, mail exchanger =

iss.net MX preference = 10, mail exchanger =

iss.net MX preference = 10, mail exchanger =

IBM Proventia Network Mail Security System Getting Started Guide, Version 1.6

atla-mx1.iss.net

colo-mx1.iss.net

sfld-mx1.iss.net

13

Chapter 1: Introduction to the Appliance

The Internet mail servers for the

atla-mx1.iss.net, colo-mx1.iss.net

iss.net

domain use the servers,

, and

sfld-mx1.iss.net

to

send email messages.

MX preferences MX preferences are used to determine the priority of a mail server. By

default, sending Internet mail servers will use the mail server with the
lowest preference number (= lowest cost like metric in IP r outes ). Servers
with the lowest preference number have the highest priority.

For example, if the server
Internet mail servers will use
to deliver email messages for the

atla-mx1.iss.net

colo-mx1.iss.net

iss.net

domain.

is unre achable, the sending

or

sfld-mx1.iss.net

Using the same MX preference automatically load balances the mail
traffic beyond the servers with the same priority. If you have multiple
mail servers available for redundancy and/or load balancing, the use of
multiple DNS MX entries with the same MX preference is the easiest and
most common way for SMTP to split mail traffic. You will often find
multiple mail servers responsible for one domain due to r edundancy and
load balancing needs.

Reference: See the following Web sites for more information on MX

records:

http://en.wikipedia.org/wiki/MX_record

http://www.ietf.org/rfc/rfc974.txt

.

or

14

IBM Internet Security Systems

Understanding SMTP Mail Routing

Example of
incoming mail
traffic

The following diagram illustrates how email messages are relayed
through the appliance to internal mail servers on the corporate network
after the messages have passed through the corporate firewall, accessible
to the Internet:

Figure 4: An example of incoming mail traffic through the appliance

In the example above, a remote mail server performs a DNS MX lookup
on the

iss.net

domain, which outputs two mail servers with the same
MX preference = 10. Since the servers are the same priority, the remote
mail server will randomly choose one of the servers to deliver email
messages via SMTP on TCP port 25.

You can assign mail servers with the configured MX IP addresses or an
external firewall/router/switch can own these IP addresses and forward
(for example, destination NAT) incoming SMTP connections on these
addresses to the appr opriate internal servers. This allows mail traffic to be
efficiently balanced so that if one system fails the other system takes over
completely (redundancy).

Relaying SMTP
traffic through the
appliance

After email messages are received and processed by the appliance, the
clean email messages are relayed to their internal destination servers
where users connect to access their email accounts.

From a deployment perspective, make sure that all incoming SMTP traffic
on MX IP addresses is routed through the appliance before it is relayed to
internal servers. You can do this by changing the destination NAT rules
on the firewall(s) to r edir e ct SMTP connectio ns on the MX IP addre sses to

IBM Proventia Network Mail Security System Getting Started Guide, Version 1.6

15

Chapter 1: Introduction to the Appliance

the appliance. Changes might also be possible on preceding mail relays,
load balancers, or content switches.

Important: Make sure that all MX IP addresses for all internal domains

are routed through the appliance. The appliance works as an SMTP relay,
which is a Layer 7 device. The appliance does not forward or route IP
traffic; inline deployment is not a deployment option for the appliance.

Important: If you need to change the DNS MX entries on your DNS

servers to new addresses, the DNS population over the Internet can take
up to three days (72 hours). Make sure you can re-route SMTP traffic on
MX IP addresses before you change any DNS records.

Example of outgoing
mail traffic

Important: Even if you only want to scan incoming mail traffic, you

should still configure outgoing SMTP, which is used for email messages
generated from the appliance.

You should set up the appliance to inspect outgoing email messages from
your network, for example, configuring the appliance to check for
attachments, confidential content, or disclaimers that have been added to
outgoing mail.

Figure 5: An example of outgoing mail traffic through the appliance

16

IBM Internet Security Systems

Understanding SMTP Mail Routing

The System Administrator for the internal mail server should make sure
that all outgoing email messages are being rela yed thr oug h the appliance
(by configuring the relay host/smart host for outgoing mail). If the IP
addresses for the internal mail servers have not been configured as relay
hosts, email messages may be denied by the built-in anti-relay check that
protects the appliance from being used by unauthorized users or
spammers to send unsolicited junk mail to other Internet users.

The appliance delivers email messages to external mail domains as
follows:

● Performs direct MX DNS lookups and then sends the emai l messages

via SMTP directly to responsible servers on the Internet.

● Forwards all outgoing email messages to another mail relay.

Reference: See the chapter on SMTP Settings in the IBM Proventia

Network Mail Security System Administrator Guide at

http://www.iss.net/support/documentation

that describes the

configuration process for SMTP settings in more detail.

IBM Proventia Network Mail Security System Getting Started Guide, Version 1.6

17

Chapter 1: Introduction to the Appliance

Required services You will need the following services in order to operate the appliance:

Service Port Number Required Optional

DNS UDP 53

HTTPS (for Management) TCP 43

SMTP (for sending and
receiving email messages)

SSH (for appliance Console
access)

HTTPS (only if end-user
access is enabled)

SNMP GET (only if SNMP is
enabled)

SNMP Trap (only if SNMP
Trap is enabled)

LDAP (only if LDAP
integration is enabled)

the IBM SiteProtector
Console if SiteProtector is
enabled (disabled by default)

TCP 25
(inbound and
outbound)

TCP 22

TCP 4443

UDP 160

UDP 161

TCP 389

3995

9

9

9

9

9

9

9

9

9

18

Tabl e 4: Services needed to operate the appliance

Note: You can adjust these settings later on the Firewall Settings page in

Proventia Manager (System > Firewall).

IBM Internet Security Systems

Chapter 2

Getting Connected

Overview

Introduction This chapter contains connection and configuration procedures for the

appliance. It also includes checklists to help you gather information to
complete these tasks.

In this chapter This chapter contains the following topics:

Topic Page

Getting Started 20
Connecting the Appliance 21
Configuring the Appliance 23
Completing the Initial Configuration 26
Accessing Proventia Manager 29
Working with Proventia Manager 30
Installing License Keys 35
Applying Mail Security Updates 35
Verifying Network Connectivity and SMTP Settings 36
Reinstalling the Appliance 38

IBM Proventia Network Mail Security System Getting Started Guide, Version 1.6

19

Chapter 2: Getting Connected

Getting Started

Prerequisite Make sure you have read the section “Understanding SMTP Mail

Routing” on page 13 or are knowledgeable about setting up SMTP mail
servers before you proceed to the setup process.

Setup process
overview

Connecting and configuring the appliance is an 8-step process:

Step Description Where to find the

procedure

1 Connect the appliance cables to a

computer and turn on the appliance

2 Configure the appliance from a Web

interface, a remote connection, or the
LCD on the front panel of the appliance

3 Log in to the Setup Assistant and

configure initial network settings

4 Verify you have the following:

• Internet Explorer version 6.0 or later

• Java Runtime En vironment (JRE)
version 1.5. The application
prompts you with an installation link
if you do not have it installed.

5 Open Internet Explorer and log in to

Proventia Manager as username
admin and the password you
configured during setup

“Connecting the Appliance”
on page 21

“Configuring the Appliance”
on page 23

“Completing the Initial
Configuration” on page 26

N/A

“Accessing Proventia
Manager” on page 29

6 Collect license information and install

7 Apply firmware and mail security

8 Verify network connectivity and SMTP

Tabl e 5: Setup process

20

the license key

content updates

settings

“Installing License Keys” on
page 33

“Applying Mail Security
Updates” on page 35

“Verifying Network
Connectivity and SMTP
Settings” on page 36

IBM Internet Security Systems

Connecting the Appliance

Connecting the Appliance

Introduction After you have determined where you plan to place the appliance in your

network, you are ready to connect the appliance.

Installation
checklist

Verify that you have the necessary items for installing the appliance:

Item

9

















2U form factor designed to fit into a standard 19-inch rack mount
enclosure

Two power connector cables

Physical Ethernet connection to a switch

Static IP address within the network

Default gateway

Accessible DNS server (UDP 53)

HTTPS (TCP 443) accessible to the Internet for updates and optional
proxy usage

SMTP (TCP 25 inbound and outbound) accessible for the f ollowing uses:

• To the Inte rnet for outgoing mail relay usage

• To receive mails from the Internet

• To all configured internal mail servers







Tabl e 6: Installation checklist

IBM Proventia Network Mail Security System Getting Started Guide, Version 1.6

SSH (TCP 22) and HTTPS (TCP 443) access to the appliance for
management purposes

Optional: End-user quarantine access from internal (TCP 4443) and
optional SNMP (UDP 161) for monitoring

Recommended: LDAP connectivity to an internal Directory server(s)
(TCP 389)

21

Chapter 2: Getting Connected

9

Item





Tabl e 6: Installation checklist (Continued)

An accessible email account on the internal ser ver for the following
uses:

• Alerting messages

• Testing purposes
Routing firewall rules set up to the internal mail servers

22

IBM Internet Security Systems

Configuring the Appliance

Configuring the Appliance

Introduction Once you have connected the appliance, you are ready to log on the

appliance and begin configuring.

Configuration

Choose one of the following options to configure the appliance:

options

Option Description Reference

1 Configure the appliance using an

administration computer connected to the
network

2 Run the terminal emulator and connect to the

appliance

3 Configure an IP address and the ETH1

interface using the LCD on the front of the
appliance

Tabl e 7: Hardware configuration options

Configuring from an
administration PC

If you want to configure the appliance from an administration computer
connected to your network with the default ETH0 IP address, use the

“Configuring from an administration PC” on
page 23.

“Configuring from a remote PC” on page 24

“Configuring an IP and the default gateway
(ETH1) from the LCD” on page 25

following procedure:

1. Make sure the appliance is turned off.

2. Connect one end of the power cord to the appliance and the other
end to an electrical outlet.

3. Connect the provided RED Ethernet cross-over cable from the ETH0
port on the appliance to the computer.

4. Turn on the appliance and wait until it fully boots.

5. Open a Web browser and go to

https://192.168.123.123

6. Click Yes when the security alert window appears.

7. Type

admin

for the username and

admin

for the password, and then

click Next.

8. Go to “Completing the Initial Configuration” on page 26.

IBM Proventia Network Mail Security System Getting Started Guide, Version 1.6

.

23

Chapter 2: Getting Connected

Configuring from a
remote PC

If you want to configure the appliance from a remote computer, follow
the procedure below, which explains how to connect to the appliance
using Hyperterminal. You may use another terminal emulation program,
such as PuTTY, to connect to the appliance, but those procedures are not
outlined here.

To connect to the appliance remotely using Hyperterminal:

1. On your computer, select Start

> Programs > Accessories >

Communications.

2. Select Hyperterminal.

3. Create a new connection using the following settings:

Setting Value

Communications Port Typically COM1

(depending on computer

setup)
Emulation VT100
Bits per second 9600
Data bits 8
Parity None
Stop bits 1
Flow control None

4. Press

ENTER to establish a connection.

When the connection is established, the Proventia Setup
Configuration Menu appears.

Tip: If you are unable to establish a connection, make sure the

appliance has power and that you have started the appliance.

5. Go to “Completing the Initial Configuration” on page 26.

24

IBM Internet Security Systems

Configuring the Appliance

Configuring an IP
and the default
gateway (ETH1)

You can use the LCD panel on the front of the appliance to configure an
IP address and the ETH1 interface as the default gateway if you do not
have a computer available for configuration.

from the LCD

To configure an IP address and the default gateway (ETH1) from the LCD
panel:

1. Press

F1 for HELP, and then press ENTER to change the configuration.

2. You can configure the interface with either a static IP address
(recommended) or assign a DHCP server to the interface as follows:

For ETH1, if you want
to assign...

a DHCP server 1. Press F1 to select DHCP.

a static IP address 1. Press

Do this...

2. Press

2. Use the LCD module navigation arrow keys on the left side of the appliance’s
front panel to enter the IP address.

3. Type an IP address, and then press ENTER to set the subnet mask, and then
press ENTER again to set the default gateway.

4. Press ENTER to confirm your settings or press F1 to cancel the selection.
Use the LCD module configuration keys on the right side of the appliance’s

front panel if you need to change any settings for the IP address, subnet
mask, or defaul t gateway.

ENTER to confirm your settings or press F1 to cancel the selection.
F2 to select a static IP address.

■ Us e the LEFT arrow key (<) and the RIGHT arrow key (>) to switch IP octets.

■ Us e th e UP arrow key and the DOWN arrow key to change numbers in the

IP address.

3. Start the setup wizard by accessing the configured IP address fr om an
external computer using HTTPS through a Web browser and a cable
plugged into ETH1. (Use a patch cable if the appliance is connected to
a switch or hub; an Ethernet crossover cable if the appliance is
connected directly to a PC.)

4. Go to “Completing the Initial Configuration” on page 26.

IBM Proventia Network Mail Security System Getting Started Guide, Version 1.6

25

Chapter 2: Getting Connected

Completing the Initial Configuration

Introduction The Setup Assistant is the program you use to configure initial appliance

network settings. After you complete the initial setup process, use
Proventia Manager to change and manage these settings.

Procedure To complete the initial configuration for the appliance from the Setup

Assistant:

1. At the unconfigured login prompt, type the following login
credentials, and then press

■ Username = admin

■ Password = admin

ENTER:

2. Click Start, and then press

3. Follow the on-screen instructions to complete the Setup Assistant.
The following table describes the required information:

Tab Task Tab Description

License Key Install the appliance

license keys

Passwords Set the passwords for

the appliance

Network Assign a host name to

the appliance

Download the antispam and antivirus keys for the appliance.
You will not be able to update signatures for the mail security
database without these keys.

Set the following required passwords for appliance access:

• Root—This password is used to log on to the appliance
directly or to log on using SSH.

• Administrative—This password is used to connect to the
management console using the Web browser.

Note: All passwords can be the same as the root password.
Provide a fully qualified domain name for the appliance like in

the following example:

appliance.example.com

ENTER.

Tabl e 8: Configuration tasks

26

IBM Internet Security Systems

Tab Task Tab Description

Completing the Initial Configuration

Network Assign information to the

main network interface
(ETH1)

SMTP Define system accounts

and configure SMTP
settings

ETH1 is the default gateway for the appliance that passes mail
traffic from the local subnet to devices on other subnets.

You can configure this interface with a static IP address
(recommended) or assign a DHCP server to the interface,
which assigns its IP address, subnet mask, and default
gateway from the DHCP server dynamically.

Provide the root domain of the internal mail server and define
SMTP notification email addresses.

Note: You can adjust these settings later in Proventia Manager
(SMTP > Configuration).

Receiving Emails: Enable this setting to set up the appliance
to receive incoming email messages.

• Provide the mail server IP address for each internal mail
exchange domain as in the following example:

Use

maildomain1:<IP>

for

maildomain1

to its respective IP address.

to forwar d al l ema i l me ssa ge s

• Provide addresses for relay hosts

Sending Emails: Enable this setting to configure the delivery
of outgoing email messages.

Use one of the following delivery mechanisms:

• DNS resolution—You configure XMail to use DNS
Resolution to deliver email messages to external mail
domains.

• Forward—You con fi g ure th e SMTP se rver to us e th e
Forward delivery if you want to relay outgoing email
messages through one or several SMTP relay server(s).

• To forward all outgoing email messages to an IP

address, configure

*;<IP>

.

Tabl e 8: Configuration tasks (Continued)

IBM Proventia Network Mail Security System Getting Started Guide, Version 1.6

• To forward email messages from specific domains to a

specific host, configure

maildomain2;<IP2>

maildomain1;<IP1>,

.

Reference: See the IBM Proventia Network Mail Security
System Administrator Guide for detailed information on SMTP

settings.

27

Chapter 2: Getting Connected

Tab Task Tab Description

Alerts Configure the appliance

to alert you of mail
security or system
events

Enable the appliance to notify you by email for the following
events:

• Mail security issues

• System errors

• System warnings

• System information

Time Set the date and time for

the appliance

Provide the date and time for the appliance.
Note: To synchronize the appliance time with the time of a

network server, you must enable the Network Time Protocol
(NTP) and provide the IP address of the server.

Tabl e 8: Configuration tasks (Continued)

Next steps After you complete the initial setup, you are ready to log on to Proventia

Manager.

28

IBM Internet Security Systems

Accessing Proventia Manager

Accessing Proventia Manager

Introduction Proventia Manager is the Web-based mana gement int erface for the

appliance. Use Proventia Manager to perform the following tasks:

● Monitor the status of the appliance

● Manage appliance license keys

● Schedule antispam and antivirus updates to the mail security

database

● Configure and manage SMTP servers

● Adjust appliance network settings initially configured in the Setup

Assistant

● Configure and deploy mail security policies

● Set up and manage accounts for end users who want to use personal

block and allow lists

Logging on to
Proventia Manager

● Generate predefined reports about email usage on the network

● Tune appliance s etting s using advanced parameters

To log on to the Proventia Manager interface:

1. Open a Web browser, and then go to the DNS name or IP address of
the appliance like in the following examples:

■

https://example.com

■

https://192.168.123.123

2. Log in using the username

admin

and the Proventia Manager

password.

3. If a message informs you that you do not have Java Runtime
Environment (JRE) installed, install it, and then return to this
procedure.

4. Read the IBM Software License Agreement, and then click Accept to
continue.

5. Click Launch Proventia Manager.

IBM Proventia Network Mail Security System Getting Started Guide, Version 1.6

29

Chapter 2: Getting Connected

Working with Proventia Manager

Introduction When you open Proventia Manager, the Home page provides up-to-date

diagnostic information for the appliance.

Diagnostic tabs The following table describes each of the diagnostic tabs:

Tab Description

Protection The categories of email messages that the appliance has analyzed over a given period of

time.

Assessment The current state of the appliance , including statistics of running processes and the status

of mail flow within the appliance.

• Database Writer Queue
This queue contains the records of analyzed email messages that have not been

written to the database.

• Analysis Queue Rating
The number of records in the analysis queue.

• Resource Shortage
The status of RAM/diskspace on the appliance.

• Message Tracking Queue
The number of email messages that have been tracked between mailsec and XMail.

• IPC Queue Rating
The number of email messages in the complication queue between XMail and

mailsec.

• Send Queue Rating
The number of email messages in the XMail sending queue.

Tabl e 9: Diagnostics tabs

30

IBM Internet Security Systems

Working with Proventia Manager

Tab Description

Traffic The network traffic over a given period of time. The appliance provides data about

additional network traffic:

• Queued for Analysis
This graph shows the number of email messages that are waiting to be analyzed by

the appliance.
Every incoming email message goes to the analysis queue first. Once the email

message has been analyzed by the policy in place, the email message is removed
from the unchecked queue. The email messages in the unchecked queue are
considered temporary data; a large unche cked queue indicates that the appliance is
receiving more email messages then it can process.

• Queued for Delivery
This graph shows how many email messages are being delivered from the XMail

server.

• Queued for Re-Delivery
This graph shows the number of email messages that were sent to the target SMTP

server but failed to be processed due to a temporary error, such as the server was not
reachable. The email message is moved to the resend queue to be resent by the
appliance. A large resend queue indicates that there is an email message delivery
problem.

Note: The number of email messages in the resend queue is an average number
calculated over a certain period of time (for example, five minutes). If the graph shows
"0.7 email messages in the unchecked queue between 8:00 and 9:00" this means that
between 8:00 and 9:00 the average number of email messages in the analysis queue
was 0.7. The data is stored every five minutes and the granularity on the graph is one
hour.

Resources Information about your appliance that may be helpful if you need to contact IBM ISS

Technical Support about a problem.

Updates The current status of the latest updates to the appliance.

Tabl e 9: Diagnostics tabs (Continued)

IBM Proventia Network Mail Security System Getting Started Guide, Version 1.6

31

Chapter 2: Getting Connected

Tab Description

System The current status of the appliance:

• Appliance Model
The type of appliance, hardware or VMware.

• Hardware Serial
The serial number for the appliance’s hardware.

• Base Image Revision
The base or initial version of the appliance software.
Note: The base version is the software version sh ip p ed wi th th e ap p l ia n c e, or the

software version of the most recent system backup.

• Appliance Firmware
The firmware version of the appliance’s software.

•Uptime
The length of time the appliance has been online. The time is given in the x days, x

hours, x minutes format: 10 days, 3 hours, 36 minutes

• Last Restart
The time the appliance was last restarted. The time is given in the

hh:mm:ss

format: 2008-12-31 12:45:10

• System Time
The time on the machine running th e appliance software.

• Total Network Interfaces
The number of interfaces on your appliance.

• Bound IP Addresses
The IP addresses currently in use by the appliance's internal and external interfaces.

• Last System Backup
The time the last system backup was created. The time is given in the

hh:mm:ss

format: 2008-12-31 12:45:10

• CAL Info
The current list of the latest versions of the Content Analysis Library (CAL).

Tabl e 9: Diagnostics tabs (Continued)

yyyy-mm-dd

yyyy-mm-dd

32

IBM Internet Security Systems

Installing License Keys

Installing License Keys

Introduction The appliance requires license keys if you want to download and install

updates to the mail security database (such as signatures or heuristics).

About the Licensing
page

Ordering license
keys

Downloading license
keys

The Licensing page displays important information about the current
status of license keys, including expiration dates. Additionally, this page
allows you to access the License Information page, which includes
information on how to acquire current license keys.

When a Registered End User orders the license keys from IBM ISS, they
will receive an email message containing order confirmation information
and instructions for registering, generating, and downloading license
keys.

The Registered End User will need to follow these steps in order to
download the license key(s) from the License Registration Center:

1. Go to the IBM ISS License Registr ation Center at

https://www1.iss.net/lrc/

.

2. Enter the order confirmation number (OCN) and the password
provided in the email message.

3. Optional: Complete the survey.

4. The key is generated and ready for download.

5. Download the key to a temporary directory on your computer.

Installing the

To install the license keys on the appliance:

license key file

1. In Proventia Manager, click Updates, and then click Status &
Licensing.

If your appliance model requires it, the Export Administration
Regulations window appears.

2. Review the content of this window, and then click Yes, I agree.

3. Expand the Mail Se curity License section.

4. Click Browse to locate the directory where you copied your key(s).

5. Click Install Key.

IBM Proventia Network Mail Security System Getting Started Guide, Version 1.6

33

Chapter 2: Getting Connected

6. Follow the same procedures (Step 3 through Step 5) to install the key
for the Antivirus License.

You are now ready to apply mail security updates to the appliance.

34

IBM Internet Security Systems

Applying Mail Security Updates

Applying Mail Security Updates

Introduction Before you begin to use the appliance, you should apply the latest mail

security updates to the appliance. The appliance retrieves updates from
the IBM ISS Download Center, accessible over the Internet.

For information about maintaining appliance updates, see the chapter on
“Updates” in the IBM Proventia Network Mail Security System
Administrator Guide at

http://www.iss.net/support/documentation/

.

Viewing a list of
mail security
updates

Downloading and
manually installing
updates

The mail security updates provide daily updates of URLs and spam
signatures for the appliance.

Important: You should update your local mail security da tabase at least

once daily to keep it up-to-date.

1. In Proventia Manager, click Updates, and then click Status &
Licensing.

2. Click View versions online at the bottom of the page to access a Web
page that lists each update and its contents.

1. After you have downloaded and installed your license keys
(page 33), click Configure Automatic Updates.

If your appliance model requires it, the Export Administration
Regulations window appears.

2. Review the agreement, select Yes, I agree, and then click Submit.

3. Make sure Automatically Update Mail Security Database is enabled
in the Mail Security Database Updates section.

4. Click Save Changes.

IBM Proventia Network Mail Security System Getting Started Guide, Version 1.6

35

Chapter 2: Getting Connected

Verifying Network Connectivity and SMTP Settings

Introduction You can send a test email message to make sure the appliance is

connected and configured correctly.

Procedure 1. If you did not configure the SMTP relay settings during the network

configuration (see “Understanding SMTP Mail Routing” on page 13),
click SMTP, and then click Configuration to configure those settings.

2. Configure an email client to send email messages through the
appliance in order to verify network connectivity and the SMTP
settings.

3. Send a test email message to your mailbox on the internal mail server
and one to an external email account (for example, a webmail
account).

When both email messages arrive in their respective inboxes, you
will be able to send inbound and outbound email messages using the
appliance.

4. Click Mail Security, and then click Policy to configure a mail security
policy. (A mail security policy contains a set of rules that define how
the appliance should inspect and control both incoming and outgoing
email messages.)

5. Enable the last rule in the sample policy (“MyMail (For testing
purposes: Check for occurrence of ‘MyMail’ in Subject)).

6. Click Save Changes.

36

IBM Internet Security Systems

Verifying Network Connectivity and SMTP Settings

7. Send two new test email messages, as described in Step 3, using

“MYMAIL”

as the subject of the test email messages.

Every mail with the string

“Found MYMAIL in MYMAIL”

“MYMAIL”

.

in the Subject will be tagged

If the test does not work as expected, verify the following:

■ That the email message was actually sent through the appliance

(RECEIVED header)

■ That the appliance is able to send email messages to internal mail

servers and to mail servers on the Internet

IBM Proventia Network Mail Security System Getting Started Guide, Version 1.6

37

Chapter 2: Getting Connected

Reinstalling the Appliance

Introduction This topic describes the process and procedures for reinstalling the

appliance.

Caution: Reinstalling the appliance firmware clears the appliance’s

current configuration settings and all data stored on the appliance.

The Recovery CD The Recovery CD included in the appliance packaging contains the

software that was installed on the appliance at the factory. You can
reinstall the software from this CD on the appliance.

Important: Reinstalling the appliance means erasing all data from the

system and returning it to its factory state. Only perform this procedur e
under the guidance of IBM ISS Technical Support.

Recovery process Use the following procedure to reinstall the firmware on your appliance:

1. Connect a computer monitor to the appliance.

2. Boot the Recovery CD.

3. At the prompt, type

reinstall

, and then press ENTER.

The installer reloads the operating system.

Note: When the reinstallation is complete, the appliance

automatically reboots. Let the appliance complete the boot process
without interruption.

4. When the appliance has rebooted, the

login

prompt appears.

unconfigured.appliance

You can log in with the default user and password of admin/admin
and configure the appliance using the Configuration Menu.

Results This process does the following:

● Overwrites software configuration changes you have made since you

first installed the appliance.

● Restores the original, default login credentials for the username and

password (admin/admin).

38

IBM Internet Security Systems

Index

a

administrative password 26

initial setup 26
alerts 28
appliance

configuring 23

connecting 21

installing 21

package contents 10

reinstalling 38
appliance status 32

b

back panel of the appliance 12

c

configuration options 23
configuring a mail security policy 36
configuring the appliance 23

d

e

ETH0 12
ETH1 12

configuring from LCD 25
ETH2 12
ETH3 12
Ethernet Port 0 12
Ethernet Port 1 12
Ethernet Port 2 12
Ethernet Port 3 12
events 28

f

Forward delivery 27
front panel of the appliance 11

h

Home page

diagnostic tabs 30
host name

initial setup 26
Hyperterminal 24

date settings 28
direct MX DNS lookups 17
DNS lookup 13
DNS MX entries

changing 16
DNS query 13
DNS resolution 27
domain name server 13

IBM Proventia Network Mail Security System Getting Started Guide, Version 1.6

i

IBM Internet Security Systems

technical support 7
Web site 7

IBM ISS

technical support 7

IBM ISS Download Center 35

39

Index

IBM ISS License Registration Center 33
inbound SMTP settings 27
initial setup

after initial setup 28

l

LCD Controller Module 11
LCD Module Configuration Keys 11
LCD Module Navigation Arrows 11
license keys 26

downloading 33

installing 33

ordering 33

Registration Center 33
License Registration Center

IBM ISS 33
Licensing Agreement site

IBM Internet Security Systems 6
licensing information

IBM Internet Security Systems 6
Licensing page 33
load balancing 14

m

mail security policy

configuring 36
MX preferences 14
MYMAIL 37

o

order confirmation number 33
outbound SMTP settings 27

Proventia Manager

accessing 29
Home page 30

PuTTY 24

r

Recovery CD 38
recovery process 38
Registered End User 33
reinstalling the appliance 38
relaying email messages, example 14
relaying outgoing email messages 17
relaying SMTP traffic 15
required services 18
root password

initial setup 26

s

setup 20
setup process overview 20
SMTP

receiving emails 27
sending emails 27

Status & Licensing page 33

t

technical support

IBM ISS 7

technical support, IBM Internet Security

Systems 7

time settings 28

–15

p

passwords

initial setup 26

40

w

Web site, IBM Internet Security Systems 7

IBM Internet Security Systems