close

Вход

Забыли?

вход по аккаунту

код для вставкиСкачать
Installing, Configuring, and
Optimizing Novell Internet
™
Messaging System
www.novell.com
Lynn Madsen
NIMS Product Manager
Novell, Inc.
[email protected]
Jason Brothers
QA Engineer
Novell, Inc.
[email protected]
Rodney Price
NIMS Engineering
Novell, Inc.
[email protected]
Vision…one Net
A world where networks of all types—corporate and public,
intranets, extranets, and the Internet—work together as
one Net and securely connect employees, customers,
suppliers, and partners across organizational boundaries
Mission
To solve complex business and technical challenges with Net
business solutions that enable people, processes, and
systems to work together and our customers to profit from
the opportunities of a networked world
What Is Novell Internet Messaging
System™ (NIMS)?
• Features





E-mail
Calendaring/scheduling
List server
Rules server
Antivirus integration
• Strengths





Standards compliance ensures compatibility
High performing and scalable
Centralized or distributed administration
Novell eDirectory™ foundation
Low TCO
• Markets




Education
Service providers
Governments
Small business
What Is NIMS™?
(cont.)
• NIMS is not an Instant Messaging product
• NIMS is a scalable, Internet standards–based e-mail,
•
•
•
•
calendaring, and scheduling system that is tightly
integrated with Novell eDirectory™
NIMS is not a “web-based” e-mail/calendaring system
NIMS supports any POP, IMAP, or iCal compatible client
NIMS is not a NetWare®-based product
NIMS runs with eDirectory on NetWare 5.1 (SP3 and
above) and NetWare 6, Solaris 8, Red Hat Linux (possibly
other Linux) with the 2.4 kernel, and Windows
NT/2000/XP
What’s New in NIMS 3.x?
• iCal-based calendaring/scheduling, to-do’s and notes
• ModWeb template-based web engine




Public templates (non-authenticated)
Multiple session templates (authenticated)
Template compiler
HTML message viewing
• Class of service (Parent Objects)
• Delegated administration (a.k.a. TOM—Task Oriented
Management)
• Individual time zone and date format support
• Enhanced list server (moderator, announce-only lists)
• Antivirus integration
Administration Overview
• Install process
 OS
patch levels
 DS health
 NIMS install
 NIMS patches
 Resources
• Administrative tools
Administration Overview
Install Process
• OS patch levels
 NetWare
• 4.x—SP9
• 5.1—SP3
• 6.0—SP1
 Linux
• RedHat 7.0
 Solaris
• Solaris 8 for SPARC
(cont.)
Administration Overview
(cont.)
Install Process
• DS health
 Important
 NIMS
is directory-based
 Novell TID 10012858 and 10060600
• See http://support.novell.com or NIMS 3.0 manual
Administration Overview
(cont.)
Install Process
• Symptoms of an unhealthy DS
 Objects
will have fields that are ‘greyed-out’
 Settings made will not take effect or hold
 Every time NIMS is loaded the message store path
has more path information appended to it
 End user settings not sticking
 E-mail is rejected because a valid user cannot
be found
Administration Overview
(cont.)
Install Process
• NIMS installation
 NetWare
• Installs though NWConfig, just like a service pack
 Linux
• An rpm installation
 Solaris
• An install package
Administration Overview
(cont.)
Install Process
• Patches





Tested on MyRealBox before they are released to the public
We consider the newest patch we release to be our minimum
patch level
Patches can be copied to the server at any time and then
NIMS can be restarted at a time when it is convenient
The latest NIMS patches are listed on the Minimum Patch list
Beta patches can be found on http://www.nimsinfo.com
Administration Overview
(cont.)
Install Process
• Resources
 NIMS
3.0 manual
• Much improved over the NIMS 2.5 manual
• Written to explain the concepts
• Concepts apply to 2.6x
 http://www.nimsinfo.com
• FAQ
• Downloads
• Listserv
Administration Overview
(cont.)
Install Process
• Resources
 FAQ
• Contains over 230 question and answers
• Contains a list of the all of NIMS attributes and settings
• The answer to your question is probably here
 Tool
and utilities
• Various NIMS tools and utilities can be found here
 NIMS
listserv list
• NIMSTalk—very active NIMS community
• DevTalk—a place developers can ask questions
Administration Overview
Administrative Options
(cont.)
Administration Overview
(cont.)
Administrative Options
• Traditional

Network administrator
• NIMS tools



Web Administrator
Task Oriented Management (TOM)
Parent Objects
• Others



ICE
DS Snoop
JRB Utilities
Administration Overview
(cont.)
Administrative Options
• Network Administrator

NWAdmin32
• Web Administrator

NetWare

Linux

Solaris

Default URLs—http and https
• load webadmin.nlm
• /usr/local/nims/bin/webadmin.sh
• /opt/NOVLnims/bin/webadmin.sh
» Port 81 Port 444
Installation and Configuration
Administrative Options
• Parent Objects
 Configured
through NWAdmin or WebAdmin
 Group management
 Allows you to easily manage different domains
or identifiable groups in your organization
Installation and Configuration
Administrative Options
• Task Oriented Management (TOM)
 What
is it?
• Great for ISP/ASP and large organizations
• Allows you to hand off administration
• Works in conjunction with Parent Objects
 Setup
and use
• Demo
(cont.)
Installation and Configuration
(cont.)
Administrative Options
• Other utilities
 Why
would you use other utilities?
• Bulk administration
• Set attributes that are not exposed by the GUI interfaces
– See FAQ for attribute settings
• Command line is often faster than GUI interfaces
Installation and Configuration
Administrative Options
• Others
 DSBrowse
• Quickly look at attributes
 DSSnoop
• Single users attribute manipulation
 ICE/JRB
Utilities
• Allows mass attribute settings
(cont.)
Installation and Configuration
Administrative Options
• Quick demos
 DSBrowse
• Quickly look at an attribute
 DSSnoop
• Company logo
 JRB
Setname
• Timeout value
(cont.)
NIMS Design
• Design requirements
• Architecture
 Data
 APIs
 Agents
• Queue mechanism
Mail/Calendaring Evolution
?
SMTP
E-mail
IMAP
PALM
Calendar
POP
User info
WAP
NEXTP
Queue
Mail/Calendaring Evolution
Scalability
Extensibility
Stability
E-mail
Calendar
User info
Queue
NIMS Architecture
Scalability
Extensibility
Stability
E-mail
Calendar
User Info
Queue
NIMS Architecture
?
SMTP
IMAP
PALM
POP
WAP
Scalability
NEXTP
Extensibility
Stability
E-mail
Calendar
User info
Queue
NIMS Architecture
?
SMTP
IMAP
PALM
POP
WAP
Scalability
NEXTP
Abstraction
Extensibility
Stability
E-mail
Calendar
User info
Queue
NIMS Architecture
?
SMTP
IMAP
PALM
POP
WAP
Scalability
NEXTP
Abstraction
Extensibility
Stability
E-mail
Calendar
User info
Queue
NIMS Architecture
Abstraction
Scalability
Extensibility
Non-replicated data
Stability
Replicated
data
Message
Store
E-mail
Calendar
Store
Calendar
Directory
Queue
User info
Queue
NIMS Architecture
Abstraction
Scalability
Extensibility
Non-replicated data
Stability
Replicated
data
Message
Store
Calendar
Store
Directory
Queue
NIMS Architecture
NMAP*Abstraction
Protocol
DDB API
Scalability
Extensibility
Non-replicated data
Stability
TCP/IP
Replicated
data
NMAP* Agent
Message
Store
Calendar
Store
* Novonyx Message Access Protocol
Queue
Directory
NIMS Architecture
NMAP Protocol
DDB API
Scalability
Extensibility
Stability
Directory
NMAP Agent
Message
Store
Calendar
Store
Queue
NIMS Architecture
Scalability
POP
IMAP
Stability
POP
NMAP Protocol
NMAP Agent
Message
Store
Calendar
Store
DDB API
Directory
Queue
Extensibility
NIMS Architecture
Scalability
POP
IMAP
SMTP
IMAP
NMAP Protocol
NMAP Agent
Message
Store
Calendar
Store
POP
DDB API
Directory
Queue
Extensibility
Stability
NIMS Architecture
Scalability
POP
IMAP
SMTP
SMTP
IMAP
NMAP Protocol
NMAP Agent
Message
Store
Calendar
Store
POP
DDB API
Directory
Queue
Extensibility
Stability
NIMS Architecture
Scalability
IMAP
SMTP
POP
PALM
SMTP
IMAP
NMAP Protocol
NMAP Agent
Message
Store
Calendar
Store
POP
DDB API
Directory
Queue
Extensibility
WAP
Stability
NIMS Architecture
Scalability
IMAP
SMTP
SMTP
IMAP
NMAP Protocol
NMAP Agent
Message
Store
POP
PALM
Calendar
Store
POP
Modweb
DDB API
Directory
Queue
Extensibility
WAP
Stability
NIMS Architecture
Single Server
SMTP
IMAP
NMAP Protocol
NMAP Agent
Message
Store
Calendar
Store
POP
Modweb
DDB API
Directory
Queue
Scalability
NIMS Architecture
Multi Server
Scalability
IMAP
SMTP
IMAP
NMAP Protocol
Calendar
Store
Modweb
DDB API
Directory
NMAP Agent
Message
Store
POP
NMAP Agent
Queue
Message
Store
Calendar
Store
Queue
IMAP
POP
NMAP Protocol
Modweb
IMAP
DDB API
NMAP Protocol
POP
Modweb
SMTP
Queue Agents
DDB API
NMAP Protocol
SMTP
DDB API
Directory
Directory
Message Calendar
Store
Store
Client Protocol Agents
Message Calendar
Store
Store
Queue
Message Calendar
Store
Store
Queue
DDB API
Directory
Message Calendar
Store
Store
Queue
Queue Agents
NMAP
NMAP
NMAP
NMAP Protocol
NMAP
NMAP
Directory
Queue Agents
Message Calendar
Store
Store
Queue
Queue
IMAP
POP
NMAP Protocol
Modweb
IMAP
DDB API
NMAP Protocol
POP
Modweb
SMTP
Queue Agents
DDB API
NMAP Protocol
SMTP
DDB API
Directory
Directory
Queue
Message Calendar
Store
Store
Queue
Message Calendar
Store
Store
Queue
Mail Store Agents
DDB API
Directory
Queue
Queue Agents
NMAP
NMAP
NMAP
NMAP Protocol
NMAP
NMAP
Directory
Queue Agents
Message Calendar
Store
Store
Queue
NIMS Architecture
(cont.)
NMAP Queue Functions
 Provides
Queue
a mechanism
to create messages
 Pushes messages through
a staged queue
 Processes queue agent
commands
 Delivers messages
to local recipients
 Stores and reprocesses
problem messages
NIMS Architecture
(cont.)
NMAP Queue States
 Incoming
 000–007
Queue Agents
Processing
 006 Local Delivery
 007 Remote Delivery
 008 Bounce Queue
Queue
NIMS Architecture
(cont.)
NMAP Queue Processing Time
 Almost
all messages are
processed immediately
 Queuing conditions
• Errors
• High load
Queue
NIMS Architecture
SMTP
Anti-Virus
Agent
Queue Agent
NMAP Protocol
DDB API
Directory
Requests to be
notified of
Cxxxxxxx.007
NMAP Agent
Message
Store
Calendar
Store
Queue
NIMS Architecture
SMTP
Anti-Virus Agent
NMAP Protocol
DDB API
Directory
Requests to be
notified of
Cxxxxxxx.000
NMAP Agent
Message
Store
Calendar
Store
Queue
NIMS Architecture
25
SMTP
SMTP
Anti-Virus Agent
NMAP Protocol
DDB API
Directory
NMAP Agent
Message
Store
Calendar
Store
Queue
Cxxxxxxx.in
Dxxxxxxx.msg
NIMS Architecture
SMTP
Anti-Virus Agent
NMAP Protocol
DDB API
Directory
NMAP Agent
Message
Store
Calendar
Store
Queue
Cxxxxxxx.000
Dxxxxxxx.msg
NIMS Architecture
SMTP
Anti-Virus Agent
NMAP Protocol
DDB API
Directory
NMAP Agent
Message
Store
Calendar
Store
Queue
Cxxxxxxx.006
Dxxxxxxx.msg
NIMS Architecture
SMTP
Anti-Virus Agent
NMAP Protocol
DDB API
Directory
NMAP Agent
Message
Store
Calendar
Store
Queue
Cxxxxxxx.007
Dxxxxxxx.msg
NIMS Architecture
SMTP
Anti-Virus Agent
NMAP Protocol
DDB API
Directory
NMAP Agent
Message
Store
Calendar
Store
Queue
Select Agent Configuration
Anti-Virus
Select Agent Configuration
(cont.)
Anti-Virus
• Anti-Virus
 NAI
(McAfee) Netshield
• mcscan32 Version 41.40 or greater
 CA
InoculateIT
• avengine Version 23.48 or greater
 Symantec

CarrierScan
If you are using Netshield or CarrierScan you do not need
to run the entire anti-virus package unless you are hosting
file and print services on that server
Select Agent Configuration
Anti-Virus
(cont.)
Select Agent Configuration
(cont.)
Anti-Virus
• Can update CA Inoculate on the fly
 Just
copy over the old signature file and engine
(if applicable)
 NIMS will automatically update the files
in about 5 minutes
• In order to update McAfee’s virus signature files
you have to unload Anti-Virus and then apply
the new files
Select Agent Configuration
SMTP
(cont.)
Select Agent Configuration
SMTP
• UBE Relaying
 SMTP-after-POP
 Authentication
 Allowed
list
• UBE Blocking
 Blocked
Lists
 RBL Lists
 Deny Access to Hosts not in DNS
(cont.)
Select Agent Configuration
(cont.)
SMTP
How do I prevent my server from being an Open-Relay?
Select Agent Configuration
•
•
•
•
•
•
(cont.)
SMTP-After-POP
Create a Connection Manager Agent
Enable the "SMTP-after-POP" on the SMTP agent
In the Messaging Server object, check the box
that identifies the connection manager
Wait a couple of minutes for DS to sync
IMS Unload
IMS
Select Agent Configuration
(cont.)
SMTP-after-POP
Internet
SMTP
IP Address:
64.258.14.32
User: JSmith
IP Address:
64.258.14.32
User: JSmith
Connection Manager
IMAP
POP
Select Agent Configuration
(cont.)
SMTP-after-POP
Internet
SMTP
N
A
T
IP Address:
64.258.14.32
User: JSmith
IP Address:172.16.30.2
User: BillyBob
Connection Manager
IMAP
POP
IP Address:
64.258.14.32
IP Address: 172.16.30.3
User: JSmith
Select Agent Configuration
(cont.)
Authentication
•
•
•
•
•
Connection Manager not used
Enable the “Authentication" on the SMTP agent
Wait a couple of minutes for DS to sync
IMS Unload
IMS
Select Agent Configuration
(cont.)
Authentication
Username?
Password?
Internet
SMTP
N
A
T
IP Address:
64.258.14.32
IP Address:172.16.30.2
IP Address: 172.16.30.3
Select Agent Configuration
(cont.)
Allowed List
• Connection Manager not used
• Enable “Require sender to be in ‘Allowed’ list
for remote sending” on the SMTP agent
• Wait a couple of minutes for DS to sync
• IMS Unload
• IMS
Select Agent Configuration
Allowed List
Internet
SMTP
IP Address:
64.258.14.32
Allowed senders
IP Address:
64.258.14.32
(cont.)
Select Agent Configuration
(cont.)
UBE Relaying Summary
Option
SMTP-after-POP
Pros
Cons
• No client configuration
• May have incorrect headers
Authentication
• Is not affected by NAT
• E-mail header will always
Allow Hosts
in an NAT environment
• May be difficult to track
someone that is abusing
your system
• Requires client that
be correct
• Easy to track abusers
supports Authentication
• Requires each client to be
properly configured
• No client configuration
• May be difficult to track
someone that is abusing
your system
• Limits remote senders
Select Agent Configuration
(cont.)
UBE Relaying
• All three options can be used in combination

For example, you could have an Allowed Hosts
list for your internal network and Authentication
for your remote users
• When used in combination they operate on
an “or” basis

User only needs to satisfy one of the conditions
Select Agent Configuration
UBE Blocking
• What can I do to stop all UBE?

Turn off your mail server
• What can I do to minimize UBE?



Blocked Lists
RBL Lists
Deny Access to Hosts not in DNS
(cont.)
Select Agent Configuration
(cont.)
UBE Blocking
• Blocked Lists



Customizable list entered by the mail administrator
Can be a single IP address or a range of addresses
Can be changed without reloading NIMS
• RBL List



Lists that contain known spammers or spam-friendly networks
Some of this lists are free to use (e.g., SPEWS.org)
Others are on a subscription bases (e.g., Mail-Abuse.org)
• Deny Access to Hosts not in DNS


There are many mail servers on the Internet that are
not properly configured
This option should be used with care
Select Agent Configuration
(cont.)
RBL List
32.14.258.64.spews.relays.osirusoft.com
56.23.32.121.spews.relays.osirusoft.com
SMTP
Foreign SMTP
IP Address:
121.32.23.56
64.258.14.32
RBL list:
spews.relays.osirusoft.com
DNS
32.14.258.64.spews.relays.osirusoft.com
Installation and Configuration
Utilities
• RMBox
 Bulk
account deletion
 Can use IMSAudit to identify aged accounts
 Security Settings
• Server Managers on Messaging Server
• Bulkmail
 Allows
you to quickly e-mail a large group of users
Installation and Configuration
Utilities
• Monitoring
 Statmon
 BabyMon
 SNMP—NIMS.MIB
• CleanQ
 Can
be used to remove messages from/to
a certain person
• As opposed to “mail remove,” which removes
messages destined for a certain domain
(cont.)
1/--страниц
Пожаловаться на содержимое документа