Course Course 221 - FortiMail FortiMail Email Email Filtering Filtering
Overview
FortiMail Email Filtering Course 221 FortiMail v5.0
© 2013 Fortinet Inc. All r ights reserved. The information contained herein is subject to change without notice. No part of this publication including text, examples, diagrams 1 or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical optical or otherwise, for any purpose, without prior written permission of Fortinet Inc. 06-50000-0221-20130726
Course Objectives • Upon completion of this course you will be able to: » Configure, manage and and maintain a FortiMail FortiMail appliance » Implement various various FortiMail unit security features features » Use FortiMail unit logging to monitor system system operation and troubleshoot issues issues » Configure available FortiMail operation modes and select a suitable deployment for your network » Design and configure fully featured email security solutions
2
06-50000-0221-20130726
1
Course Course 221 - FortiMail FortiMail Email Email Filtering Filtering
Overview
Prerequisites • Sound knowledge of email protocols and email routing principles • Working knowledge of emailing systems
3
Housekeeping
• Washrooms
• Schedule
• Fire exits
» Start/Stop
• Telephones
» Breaks
• Smoking
» Lunch
• Cell phones
• Facilities access
• Safety
• Food and beverage restrictions
4
06-50000-0221-20130726
2
Course Course 221 - FortiMail FortiMail Email Email Filtering Filtering
Overview
Introductions • Tell us a little about yourself: » Your name » Network and mail security experience » Fortinet product experience » Your expectations for this course
5
Agenda • FortiMail Overview • System Configuration • Email Setup • Access Control and Inspection • Antispam • Session Monitoring • Content Inspection and Archiving • Securing Communications • LDAP • Troubleshooting and Maintenance • Transparent Mode • High Availability • Server Mode 6
06-50000-0221-20130726
3
Course Course 221 - FortiMail FortiMail Email Email Filtering Filtering
Overview
FortiMail Overview Module 1
© 2013 Fortinet Inc. All r ights reserved. The information contained herein is subject to change without notice. No part of this publication including text, examples, diagrams 7 or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical optical or otherwise, for any purpose, without prior written permission of Fortinet Inc. 06-50000-0221-20130726
Module Objectives • By the end of this module, you will be able to: » Identify the key features of a FortiMail appliance » Describe the various FortiMail unit operation modes and determine which modes best suit their own deployment needs » Recall basic email terminology, message flow, as well as the protocols and processes for sending and receiving email
8
06-50000-0221-20130726
4
Course Course 221 - FortiMail FortiMail Email Email Filtering Filtering
Overview
FortiMail • Industry-leadin Industry-leadingg multi-layered messaging security platform for organizationss of all sizes organization • Advanced bi-directional bi-directional filtering (incoming and and outgoing) • Flexible deployment mode • Up to date email protection guaranteed by Fortinet FortiGuard™ FortiGuard™
9
Key Benefits • Out of the box identity based encryption (IBE) for secure delivery • DLP module to detect accidental or intentional loss of confidential or regulated data • Endpoint traffic analysis to block spamming endpoints • No per-user or per-mailbox pricing • Only messaging security solution on the market to support transparent mode inspection
10
06-50000-0221-20130726
5
Course Course 221 - FortiMail FortiMail Email Email Filtering Filtering
Overview
FortiMail Deployment Options • The FortiMail device can be deployed in three operational modes: » Gateway » Transparent » Server
11
Gateway Mode (default) • In Inbboun undd an andd outb tbou ound nd pro roxxy mai aill tr traans nsfe ferr agen entt (M (MT TA) serv rvic icees fo for r existi exi sting ng ema emailil se serve rvers rs • A DNS MX record change (or VIP change on Firewall) redirects email traf tr affificc to th thee Fo Fort rtiM iMai aill un unitit fo forr co cont nten entt in insp spec ectition on Local email users
Internal email server
Remote email users FortiGate UTM gateway or other firewall
FortiMail in Gateway mode
12
06-50000-0221-20130726
6
Course Course 221 - FortiMail FortiMail Email Email Filtering Filtering
Overview
Transparent Mode • Email traffic is intercepted even though the destination IP is not the FortiMail Forti Mail unit • Email traffic is inspected and then transmitted to the destination email server for delivery • No need to change the DNS MX record • Port1 and Port2 bridged Local email users External email server
Internal email server
Remote email users
FortiMail in Transparent mode 13
Server Mode • Ful Full-f l-fea eatur tured ed SMT SMTP P ma mailil se serve rverr wit withh ma mailil sec securi urity ty fun functi ctiona onaliti lities es • Email traffic is received, inspected, and then delivered to user mailboxes Local email users
Remote email users
FortiGate UTM gateway or other firewall
FortiMail in Server mode
14
06-50000-0221-20130726
7
Course Course 221 - FortiMail FortiMail Email Email Filtering Filtering
Overview
Supported Platforms • Appliance based based » FortiMail-100C » FortiMail-200D » FortiMail-400B, 400C » FortiMail-2000A, 2000B » FortiMail-3000C, 3000D » FortiMail-4000A » FortiMail-5001A » FortiMail-5002B
• Virtual Appliances » FortiMail-VM Note: 1000c model coming soon. Refer to www.fortinet.com for up to date releases 15
FortiMail 100C 10/100 Interfaces
1
10/100/1000
2
Storage
1 TB
RAID Storage Management
N/A
Email Domains
50
»Small to medium business
Recipient-B Recipi ent-Based ased Polic Policies ies (Doma (Domain/Sy in/System) stem) 60/30 60/3000 Server Mode Mailboxes
200
Profiles (Domain/System)
50/60
Email Routing
90,000
( 3KB Message / Hr)
16
06-50000-0221-20130726
8
Course Course 221 - FortiMail FortiMail Email Email Filtering Filtering
Overview
FortiMail-200D 10/100/1000 Ports
4
Storage
1 TB
RAIID St RA Stor orag agee Man anag agem emen entt
N/A N/ A
Email Domains
50
Recipient-Based Policies (Domain/System)
60/300
Server Mode Mailboxes
200
Profiles (Domain/System)
50/60
Email Routing
200,000
»Small to medium business
( 3KB Message / Hr)
17
FortiMail-400C
10/100/1000 RJ45
4
Storage
2 X 1TB (Max 2TB)
RAID RA ID St Stora orage ge Ma Mana nage geme ment nt
Soft So ftwa ware re 0,1
Email Domains
500
Recipient-Based Policies (Domain/System)
600/3000
Server Mode Mailboxes
1000
Pro roffililes es (D (Dom omai ain/S n /Sys yste tem) m)
50//20 50 2000
Email Routing
400,000
»Small to medium business
(3 KB Message / Hr)
18
06-50000-0221-20130726
9
Course Course 221 - FortiMail FortiMail Email Email Filtering Filtering
Overview
FortiMail-2000B
10/100/1000 Ports
6
Storage
2TB (Max 6TB)
RAID RA ID Sto Stora rage ge Man Manag agem emen entt
Hard Ha rdwa ware re 1, 5, 10, 50
Email Domains
5000
Recipient-Based Policies
1500/7500
»Large enterprise, carriers and service providers
(Domain/System) Server Mo Mode Ma Mailboxes
3000
Profiles
50/600
(Domain/System) Email Routing
1.5 Million
(3 KB Message / Hr)
19
FortiMail-3000C Gigabit Fiber SFP Ports
2
10/100/1000 Ports
4
Storage
2TB (Max 6TB)
RAID Storage Management
Hardware 1, 5, 10, 50
Email Domains
5000
Recipient-Based Policies
1500/7500
»Large enterprise, carriers and service providers
(Domain/System) Server Mode Mailboxes
3000
Profiles
50/600
(Domain/System) Email Routing
2.0 Million
(3 KB Message / Hr) 20
06-50000-0221-20130726
10
Course Course 221 - FortiMail FortiMail Email Email Filtering Filtering
Overview
FortiMail-3000D Gigabit Fiber SFP interface
2
10/100/1000 RJ45 Ports
4
Storage
2TB X2 (Max 4TB)
RAID Storage Management
Hardware 1, 5, 10, 50
Email Domains
5000
Recipient-Based Policies
1500/7500
»Large enterprise, carriers and service providers
(Domain/System) Server Mode Mailboxes
3000
Profiles
50/600
(Domain/System) Email Routing
2.0 Million
(3 KB Message / Hr) 21
FortiMail 5002B 10/100/1000 Interfaces
3
Internal Backplane Base
2
Storage
1 X 146GB HDD
RAID Storage Management
N/A
Email Domains
10000
Recipient-Base Policies
1500/7500
»Large enterprise, carriers and service providers
(Domain/System) Server Mode Mailboxes
3000
Profiles
50/600
(Domain/System) Email Routing
2.3 Million
(3 KB Message / Hr) 22
06-50000-0221-20130726
11
Course Course 221 - FortiMail FortiMail Email Email Filtering Filtering
Overview
Virtual Appliance Resource
FortiMail Virtual Appliances
VM01
Hypervisor supported versions
VM02
VM04
VM08
VMWare ESXi/ESX/4.0/4.1/5.0
Maximum vCPUs
1
2
4
8
Maximum vNICs
4
4
4
4
Virtual Machine Storage (Min/Max)
50GB/1TB 50GB/1TB
50GB/2TB
50GB/2TB
Virtual Machine Memory (Min/Max)
1GB/2GB
1GB/6GB
1GB/12GB
1GB/4GB
23
Email Basics Basics Overview - Terms • MTA >> Mail Transfer Agent (Router) • MUA >> Mail User Agent (Host) • MAA >> Mail Access Agent (User auth & retrieval) • DNS >> MX Records (Routes) • SMTP >> Simple Mail Transfer Protocol (RFC 2821) » HELO or EHLO, MAIL, RCPT, DATA, RSET, NOOP, QUIT » 3-digit server response codes: 2xx, 3xx, 4xx, 5xx
• RFC 821 >> Original SMTP • RFC 1869 >> ESMTP (Extended SMTP)
24
06-50000-0221-20130726
12
Course Course 221 - FortiMail FortiMail Email Email Filtering Filtering
Overview
Email Basics Basics Overview - Terms • Mail Relay » Intermediate hop » Another MTA configured configured for forwarding » Open Relay – no restrictions on external external senders
• More SMTP commands (RFC 2554, 2920, 3207…) » Not supported by all mail servers • AUTH, STARTTLS, STARTTLS, PIPELINING, PIPELINING, VRFY, EXPN • Note that VRFY and EXPN are frequently disabled on Internet accessible mail servers » This provides privacy protection and prevents directory harvesting attacks
25
Email Basics Basics Overview Overview - Sending Email
Recipient:
[email protected] Sending Process: 1. DNS look-up for MX record (performed by MTA not the client) •
Equivalent to performing nslookup –type=MX example3.com
2. Connect to remote mail server 3. Deliver message
MUA (mail client)
MTA MTA (mail server)
26
06-50000-0221-20130726
13
Course Course 221 - FortiMail FortiMail Email Email Filtering Filtering
Overview
Email Basics Basics Overview Overview - Retrievi Retrieving ng Email (POP) (POP) • Post Office Protocol (POP) allows mail clients to download email from remote servers and save those messages locally • RFC 1939 1939 – POP3 (version (version 3) • TCP/110 or TCP/995 (SSL/TLS) » SSL/TLS are commonly supported and used to encrypt entire session » If going over port 110 username and password sent in cleartext
• States: Authentication > Transaction > Update » Authenticatio Authentication: n: username and password exchange exchange (cleartext!) » Transaction: list, download, delete messages » Update: delete flagged message, session clean-up
• APOP, KPOP provides provides secure authentication authentication but requires server/client server/client support (password encrypted via MD5 hash, still over port 110) 27
Email Basics Basics Overview Overview - Receivi Receiving ng Email (IMAP) • Internet Message Access Protocol (IMAP) allows mail client applications to access remotely stored messages » Message kept on mail server
• RFC 2060 2060 – IMAP IMAP4rev 4rev11 • TCP/143 (clear or TLS) or TCP/993 (SSL) • States: Not Authenticated > Authen. <=> Selected > Logout » Authenticati Authentication on of username and password also also cleartext (over port 143)!
• SSL/TLS most common way to secure connection
28
06-50000-0221-20130726
14
Course Course 221 - FortiMail FortiMail Email Email Filtering Filtering
Overview
Email Basics Basics Overview Overview - Message Flow Flow
3
5
4 2 1
6 ;; ANSWER SECTION: example3.com 3600 example3.com 3600
IN IN
MX MX
50 relay.example2.net 100 mail.example3.com
;; ANSWER SECTION: example3.com 3600 example3.com 3600
IN IN
MX MX
50 mail.example3.com 100 relay.example2.net
29
06-50000-0221-20130726
15