Www.novell.com Installing, Configuring, and Optimizing Novell Internet Messaging System ™ Lynn Madsen NIMS Product Manager Novell, Inc. [email protected]

www.novell.com

Installing, Configuring, and Optimizing Novell Internet Messaging System™

Installing, Configuring, and Optimizing Novell Internet Messaging System™

Lynn MadsenNIMS Product ManagerNovell, [email protected]

Jason BrothersQA EngineerNovell, [email protected]

Rodney PriceNIMS EngineeringNovell, [email protected]

Vision…one NetA world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries

MissionTo solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world

What Is Novell Internet Messaging System™ (NIMS)?

• Features E-mail Calendaring/scheduling List server Rules server Antivirus integration

• Strengths Standards compliance ensures compatibility High performing and scalable Centralized or distributed administration Novell eDirectory™ foundation Low TCO

• Markets Education Service providers Governments Small business

What Is NIMS™? (cont.)

• NIMS is not an Instant Messaging product• NIMS is a scalable, Internet standards–based e-mail,

calendaring, and scheduling system that is tightly integrated with Novell eDirectory™

• NIMS is not a “web-based” e-mail/calendaring system• NIMS supports any POP, IMAP, or iCal compatible client

• NIMS is not a NetWare®-based product

• NIMS runs with eDirectory on NetWare 5.1 (SP3 and above) and NetWare 6, Solaris 8, Red Hat Linux (possibly other Linux) with the 2.4 kernel, and Windows NT/2000/XP

What’s New in NIMS 3.x?

• iCal-based calendaring/scheduling, to-do’s and notes• ModWeb template-based web engine

Public templates (non-authenticated) Multiple session templates (authenticated) Template compiler HTML message viewing

• Class of service (Parent Objects)• Delegated administration (a.k.a. TOM—Task Oriented

Management)• Individual time zone and date format support• Enhanced list server (moderator, announce-only lists)• Antivirus integration

Administration Overview

• Install process OS patch levels DS health NIMS install NIMS patches Resources

• Administrative tools

Administration Overview (cont.)

Install Process

• OS patch levels NetWare

• 4.x—SP9• 5.1—SP3• 6.0—SP1

Linux• RedHat 7.0

Solaris• Solaris 8 for SPARC


Install Process

• DS health Important NIMS is directory-based Novell TID 10012858 and 10060600

• See http://support.novell.com or NIMS 3.0 manual


Install Process

• Symptoms of an unhealthy DS Objects will have fields that are ‘greyed-out’ Settings made will not take effect or hold Every time NIMS is loaded the message store

path has more path information appended to it

End user settings not sticking E-mail is rejected because a valid user cannot

be found


Install Process

• NIMS installation NetWare

• Installs though NWConfig, just like a service pack Linux

• An rpm installation Solaris

• An install package


Install Process

• Patches Tested on MyRealBox before they are released to the public We consider the newest patch we release to be our minimum

patch level Patches can be copied to the server at any time and then

NIMS can be restarted at a time when it is convenient The latest NIMS patches are listed on the Minimum Patch list Beta patches can be found on http://www.nimsinfo.com


Install Process• Resources

NIMS 3.0 manual• Much improved over the NIMS 2.5 manual• Written to explain the concepts• Concepts apply to 2.6x

http://www.nimsinfo.com• FAQ• Downloads• Listserv


Install Process• Resources

FAQ• Contains over 230 question and answers• Contains a list of the all of NIMS attributes and settings• The answer to your question is probably here

Tool and utilities• Various NIMS tools and utilities can be found here

NIMS listserv list• NIMSTalk—very active NIMS community• DevTalk—a place developers can ask questions


Administrative Options


Administrative Options• Traditional

Network administrator

• NIMS tools Web Administrator Task Oriented Management (TOM) Parent Objects

• Others ICE DS Snoop JRB Utilities



• Network Administrator NWAdmin32

• Web Administrator NetWare

• load webadmin.nlm Linux

• /usr/local/nims/bin/webadmin.sh Solaris

• /opt/NOVLnims/bin/webadmin.sh Default URLs—http and https

» Port 81 Port 444

Installation and Configuration


• Parent Objects Configured through NWAdmin or WebAdmin Group management Allows you to easily manage different domains

or identifiable groups in your organization

Installation and Configuration (cont.)


• Task Oriented Management (TOM) What is it?

• Great for ISP/ASP and large organizations• Allows you to hand off administration• Works in conjunction with Parent Objects

Setup and use• Demo



• Other utilities Why would you use other utilities?

• Bulk administration• Set attributes that are not exposed by the GUI

interfaces– See FAQ for attribute settings

• Command line is often faster than GUI interfaces


Administrative Options• Others

DSBrowse• Quickly look at attributes

DSSnoop• Single users attribute manipulation

ICE/JRB Utilities• Allows mass attribute settings


Administrative Options• Quick demos

DSBrowse• Quickly look at an attribute

DSSnoop• Company logo

JRB Setname• Timeout value

NIMS Design

• Design requirements

• Architecture Data APIs Agents

• Queue mechanism

Mail/Calendaring Evolution

CalendarE-mail User info

SMTP POPIMAP PALM WAP

Queue

?NEXTP

Mail/Calendaring Evolution

CalendarE-mail User info Queue

Scalability

Stability

Extensibility

CalendarE-mail User Info Queue

Scalability

Stability

Extensibility

NIMS Architecture

NIMS Architecture


Scalability

Stability

Extensibility

SMTP IMAP PALM WAPPOP

?NEXTP

NIMS Architecture


Scalability

Stability

Extensibility

AbstractionAbstraction


?NEXTP

NIMS Architecture


Scalability

Stability

Extensibility



?NEXTP

NIMS Architecture

CalendarE-mail User info

Scalability

Stability

Extensibility


MessageStore

CalendarStore Directory

QueueQueue

Replicateddata

Non-replicated data

NIMS Architecture

Scalability

Stability

Extensibility


MessageStore

CalendarStore QueueDirectory

Replicateddata

Non-replicated data

NIMS Architecture

Scalability

Stability

Extensibility


MessageStore

CalendarStore Queue Directory

Replicateddata

Non-replicated data

DDB API

NMAP* Agent

NMAP* Protocol

TCP/IP

* Novonyx Message Access Protocol

NIMS Architecture

Scalability

Stability

Extensibility

MessageStore

CalendarStore Queue

NMAP Agent

Directory

DDB APINMAP Protocol

NIMS Architecture

Scalability

Stability

Extensibility

Directory

NMAP Protocol

MessageStore

CalendarStore Queue

NMAP Agent

DDB API

POP

POP

IMAP

NIMS Architecture

Scalability

Stability

Extensibility

Directory

NMAP Protocol

MessageStore

CalendarStore Queue

NMAP Agent

DDB API

POPIMAP

POPIMAPSMTP

NIMS Architecture

Scalability

Stability

Extensibility

Directory

NMAP Protocol

MessageStore

CalendarStore Queue

NMAP Agent

DDB API

POPIMAP

POPIMAPSMTP SMTP

NIMS Architecture

Scalability

Stability

Extensibility

Directory

NMAP Protocol

MessageStore

CalendarStore Queue

NMAP Agent

DDB API

POPIMAP

POPIMAPSMTP SMTP

PALM

WAP

NIMS Architecture

Scalability

Stability

Extensibility

Directory

NMAP Protocol

MessageStore

CalendarStore Queue

NMAP Agent

DDB API

POPIMAP

POPIMAPSMTP SMTP

PALM

WAPModweb

NIMS Architecture

Scalability

Directory

NMAP Protocol

MessageStore

CalendarStore Queue

NMAP Agent

DDB API

POPIMAPSMTP Modweb

Single Server

NIMS Architecture

Scalability

MessageStore

CalendarStore Queue

NMAP Agent

Multi Server

MessageStore

CalendarStore Queue

NMAP Agent

IMAP

NMAP Protocol DDB API

POPIMAPSMTP Modweb

Directory

Queue AgentsClient Protocol Agents


SMTP


POPIMAP Modweb POPIMAP Modweb Queue Agents


NMAP


NMAP

DirectoryDirectory Directory Directory

Queue AgentsSMTP

MessageStore

CalendarStore

MessageStore

CalendarStore

Queue Queue

NMAP

MessageStore

CalendarStore

Queue

NMAP

MessageStore

CalendarStore

Queue

NMAP

MessageStore

CalendarStore

Queue

Mail Store Agents

Queue Agents


SMTP


POPIMAP Modweb POPIMAP Modweb Queue Agents


NMAP


NMAP

DirectoryDirectory Directory Directory

Queue AgentsSMTP

Queue Queue

NMAP

MessageStore

CalendarStore

Queue

NMAP

MessageStore

CalendarStore

Queue

NMAP

MessageStore

CalendarStore

Queue

NIMS Architecture (cont.)

Queue

NMAP Queue Functions Provides a mechanism

to create messages Pushes messages through

a staged queue Processes queue agent

commands Delivers messages

to local recipients Stores and reprocesses

problem messages


Queue

NMAP Queue States Incoming 000–007 Queue Agents

Processing 006 Local Delivery 007 Remote Delivery 008 Bounce Queue


Queue

NMAP Queue Processing Time Almost all messages are

processed immediately Queuing conditions

• Errors• High load

NIMS Architecture


Directory

Queue AgentSMTP

MessageStore

CalendarStore Queue

NMAP Agent

Anti-Virus Agent

Requests to be notified ofCxxxxxxx.007

NIMS Architecture


Directory

SMTP

MessageStore

CalendarStore Queue

NMAP Agent

Anti-Virus Agent

Requests to be notified ofCxxxxxxx.000

NIMS Architecture


Directory

SMTP

MessageStore

CalendarStore Queue

NMAP Agent

Anti-Virus Agent

SMTP

25

Cxxxxxxx.inDxxxxxxx.msg

NIMS Architecture


Directory

SMTP

MessageStore

CalendarStore Queue

NMAP Agent

Anti-Virus Agent

Cxxxxxxx.000Dxxxxxxx.msg

NIMS Architecture


Directory

SMTP

MessageStore

CalendarStore Queue

NMAP Agent

Anti-Virus Agent


NIMS Architecture


Directory

SMTP

MessageStore

CalendarStore Queue

NMAP Agent

Anti-Virus Agent


NIMS Architecture


Directory

SMTP

MessageStore

CalendarStore Queue

NMAP Agent

Anti-Virus Agent

Select Agent Configuration

Anti-Virus

Select Agent Configuration (cont.)

Anti-Virus• Anti-Virus

NAI (McAfee) Netshield• mcscan32 Version 41.40 or greater

CA InoculateIT• avengine Version 23.48 or greater

Symantec CarrierScan If you are using Netshield or CarrierScan you do not need

to run the entire anti-virus package unless you are hosting file and print services on that server


Anti-Virus


Anti-Virus• Can update CA Inoculate on the fly

Just copy over the old signature file and engine (if applicable)

NIMS will automatically update the files in about 5 minutes

• In order to update McAfee’s virus signature files you have to unload Anti-Virus and then apply the new files


SMTP


SMTP• UBE Relaying

SMTP-after-POP Authentication Allowed list

• UBE Blocking Blocked Lists RBL Lists Deny Access to Hosts not in DNS


SMTPHow do I prevent my server from being an Open-

Relay?


SMTP-After-POP• Create a Connection Manager Agent • Enable the "SMTP-after-POP" on the SMTP

agent • In the Messaging Server object, check the

box that identifies the connection manager• Wait a couple of minutes for DS to sync• IMS Unload • IMS


SMTP

Internet

POPIMAP

IP Address: 64.258.14.32User: JSmith

Connection Manager


SMTP-after-POP


SMTP

Internet

POPIMAP IP Address: 172.16.30.3User: JSmith

Connection Manager


IP Address:172.16.30.2User: BillyBob

NAT

IP Address: 64.258.14.32

SMTP-after-POP


Authentication

• Connection Manager not used• Enable the “Authentication" on the SMTP

agent • Wait a couple of minutes for DS to sync• IMS Unload • IMS


SMTP

Internet

IP Address: 172.16.30.3

IP Address:172.16.30.2

NAT

IP Address: 64.258.14.32

AuthenticationUsername?Password?


Allowed List

• Connection Manager not used• Enable “Require sender to be in ‘Allowed’

list for remote sending” on the SMTP agent • Wait a couple of minutes for DS to sync• IMS Unload • IMS


SMTP

Internet

IP Address: 64.258.14.32

Allowed List

IP Address: 64.258.14.32

Allowed senders


UBE Relaying SummaryOption Pros Cons

SMTP-after-POP • No client configuration • May have incorrect headers in an NAT environment

• May be difficult to track someone that is abusing your system

Authentication • Is not affected by NAT• E-mail header will always be correct• Easy to track abusers

• Requires client that supports Authentication

• Requires each client to be properly configured

Allow Hosts • No client configuration • May be difficult to track someone that is abusing your system

• Limits remote senders


UBE Relaying • All three options can be used in combination

For example, you could have an Allowed Hosts list for your internal network and Authentication for your remote users

• When used in combination they operate on an “or” basis User only needs to satisfy one of the conditions


UBE Blocking

• What can I do to stop all UBE? Turn off your mail server

• What can I do to minimize UBE? Blocked Lists RBL Lists Deny Access to Hosts not in DNS


UBE Blocking • Blocked Lists

Customizable list entered by the mail administrator Can be a single IP address or a range of addresses Can be changed without reloading NIMS

• RBL List Lists that contain known spammers or spam-friendly networks Some of this lists are free to use (e.g., SPEWS.org) Others are on a subscription bases (e.g., Mail-Abuse.org)

• Deny Access to Hosts not in DNS There are many mail servers on the Internet that are

not properly configured This option should be used with care


SMTP

IP Address: 64.258.14.32

RBL List

RBL list: spews.relays.osirusoft.com

Foreign SMTP

DNS

32.14.258.64.spews.relays.osirusoft.com

IP Address: 121.32.23.56

32.14.258.64.spews.relays.osirusoft.com56.23.32.121.spews.relays.osirusoft.com

Installation and Configuration

Utilities• RMBox

Bulk account deletion Can use IMSAudit to identify aged accounts Security Settings

• Server Managers on Messaging Server

• Bulkmail Allows you to quickly e-mail a large group of

users


Utilities• Monitoring

Statmon BabyMon SNMP—NIMS.MIB

• CleanQ Can be used to remove messages from/to

a certain person• As opposed to “mail remove,” which removes

messages destined for a certain domain

Documents

Www.novell.com Installing, Configuring, and Optimizing Novell Internet Messaging System ™ Lynn Madsen NIMS Product Manager Novell, Inc. [email protected]