IBM Lotus Protector For Mail Security - OpenMicSession

Content Protection for Social Business Platform
Open Mic : IBM Lotus Protector for Mail Security

Speaker : Chandra Shekhar Anumandla
Date : 23rd April 2015
IBM Corporation ©2015 IBM Software Group | IBM Enterprise Social Solutions
IBM Lotus Protector for Mail Security
Agenda:
✔ IBM Lotus Protector for Mail Security – About
✔ IBM Protector - Inbound & Outbound
✔ IBM Protector - Workflow Process
✔ IBM Protector - Installation & Config Demo
✔ IBM Protector - Local Management Interface
✔ IBM Protector - Spam Analysis Modules
✔ IBM Protector - Spam Detection Methods
✔ IBM Protector - Important Services
✔ IBM Protector - Integration with Notes Client
✔ IBM Protector - Integration with Domino Server
✔ IBM Protector - Rules and Objects
✔ IBM Protector - Basic Troubleshooting
✔ IBM Protector - TIPs
✔ IBM Protector - References
✔ Questions?
IBM Corporation ©2015 23/04/2015 IBM Software Group | IBM Enterprise Social Solutions
2
Lotus Protector for Mail Security (LPMS or IBM Protector):
✔ IBM® Lotus® Protector for Mail Security scans email messages and attached files for
unwanted, confidential or malicious content, extending content protection and compliance
for your social business platform.
✔ IBM Global Data Center delivers updates every 2-3 minutes, to help you respond to fast
changing spam tactics and threats.
3
Lotus Protector for Mail Security:
<<- Outbound SMTP Traffic
Internet
Inbound SMTP Traffic ->>
4
LPMS Components Processing workflow :
✔ Incoming emails pass several components and ordered by complexity and resource 'cost'
✔ Quicker, cheaper components come first & Expensive, complex components come last
✔ Processing can be ended prematurely if email is sufficiently classified
5
LPMS Spam Analysis Modules:
Lotus Protector for Mail Security uses more than 20 analysis modules for custom scanning of email
messages at many different levels. These modules provide the following types of protection:
✔ Attachment Check : Inspects email attachments with a virus protection system that takes
preemptive action against suspicious code even before it is publicly known.
✔ Keyword Search : A regular expression search engine.
✔ Language Check : Supports more than 40 different languages, other than the United States.
✔ Media Type : This module is able to detect more than 120 different file types.
✔ Phishing Check : Prevents phishing attempts against email messages that targets personal info
✔ Message Field Check : Scan for regular expressions within the message fields of the emails.
✔ Compound : A combination of analysis modules. Supports Unicode & double-byte char analysis.
6
LPMS Spam Analysis Modules:
New Features:
✔ File Attachment Analysis : Scans text from attachments including compressed, recursively
(OLE, Zip-in-Zip), default depth is 100
✔ ICAP Services : Provide Real-Time Anti-Virus services to ICAP capable clients and reduces
AntiSpam throughput.
✔ Silent Drop for all SMTP detection methods: Pretends to have accepted the email although
it will be dropped internally
✔ Global IP Access Lists: IP Allow or Blocklist for all IP-Based detection method, Supports IP-
Ranges : e.g. 192.168.2.0 / 255.255.255.0
✔ Product Alerts: Direct Communication Channel with the customer inside the UI
✔ System Package Updates (RPM): Quicker release of (security) patches outside of the
Firmware release cycle.
7
Spam Detection Methods ( Content Based ):
✔ Signatures: The body of the email is separated into several records (divided by .,!?- etc.).
✔ URLs: If at least one URL in the email is categorized as "Spam URL", then the email is blocked.
✔ Keyword Detection: The Keyword Analysis based special words, phrases that typical for spams.
✔ Meta Heuristics: Examine several properties of emails (particularly the information of the header).
✔ Multibayes:Extra Bayesian Classifiers..Japanese Dating Spam, Chinese Attachment Spam etc..
✔ Struct Signatures: The Structure Analysis checks the HTML structure of the email.
✔ Flow Control: Blocks spam recd within short period contains diff sender domains but identical
body.
✔ Fingerprint: If at least one MD5 hash is contained in the spam database then email is blocked.
✔ Fuzzy Fingerprint: Calculates a special fingerprint on image attachments.
✔ Phishing: Detection methods Phishing Signature, URL,Structure,Fingerprint,Heuristic & Spoofing.
8
Spam Detection Methods ( SMTP Level )
✔ Signatures: The body of the email is separated into several records (divided by .,!?- etc.).
✔ DNSBL: This method is a traditional DNS-based Blackhole List (Realtime Blackhole List).
✔ IP Reputation mechanism is similar to DNSBL but has frequent updates, broader IP coverage.
✔ Dynamic Host Reputation Works locally, determines a reputation for each IP emails are sent from.
✔ ZLA Spam URL:In first 5 URLs, If at least one is categorized as "Spam URL" then email is blocked.
✔ ZLA Spam Flow:It blocks spams that are received within a short period of time.
✔ ZLA NDR This method is based on phrases which are typical for NDRs.
✔ ZLA Spam Bayes is a "classical" Bayesian Classifier based upon shingles instead of words.
✔ ZLA Spam ShinglePrint Method is based on the statistical occurrence of shingles within the email.
✔ ZLA Spam ShingleHeaderPrint This method checks for special shingles within the email header.
9
LPMS Installation – Demo :
✔ Install the Protector software on off-the-shelf IBM System x® hardware & deploy as a physical appliance
OR Install the Protector on supported VMware software and deploy as a virtualized appliance (as below).
10
✔ Set your Admin & Root passwords, host name etc....from the console command (SSH client like PuTTY)
11
✔ Once installation done and start Protector – Starts with a splash below:
12
✔ Redirects to LMI, which Prompts for credentials.
13
LPMS Configuration – Demo :
✔ Configuration Method.
14
✔ Set passwords for Root & Admin. Do never lose passwords as we can't recover it.
15
✔ Provide your correct host name.
16
✔ Provide your Root Domain, postmaster & no-reply addresses.
17
✔ Provide local domain servers & Relay hosts.
18
✔ Alerts..
19
✔ Configuration Complete.
20
LPMS - Local Management Interface ( LMI ) :
✔ LMI is the browser based interface for Admin to configure the settings & manage the Protector.
21
The IBM Protector Main Services :
✔ All of the below services must be running at all times. If any of the services is “unused” you
are looking at an error condition that should not happen under normal circumstances.
✔ Mailsecd -> Protector Main Binary, provides content filtering
✔ Xmail -> Xmail SMTP relay, handles all mail traffic
✔ Postgresql -> Postgresql Database Server for Message Store
✔ Named -> Local DNS service for DNSBL and accelerated resolution
✔ Apache2 -> Apache Web server, provides the Web GUI
✔ IssDaemon -> Configuration Daemon
✔ You can restart any service that appears to be stuck or unresponsive by running command
on console: service [servicename] restart
22
IBM Notes Client Integration
✔ Require Notes client 8.5.x or above versions.
✔ Internet credentials in Domino Directory & Can use LDAP Authentication for users.
✔ Enable IBM Notes Client's Notes.ini parameter : "$PROTECTOR_LOCATION=192.111.22.33:4443"
✔ Can use Desktop Policy Settings document to enforce to all users.
✔ The In-box shows a “Block Sender” icon in the toolbar
✔ A new “Spam Protection” navigator element visible in left pane/views.
23
LPMS Integration with Domino Mail Server:
✔ The IBM Lotus Protector for Mail Security software helps protect your IBM Lotus Domino and
mixed email infrastructure from spam, viruses, and other threats originating on the Internet.
✔ Configure the Domino client to relay SMTP mail through the Protector
24
The Lotus Protector Rules :
✔ Lotus Protector for Mail Security uses rules-based policies that enable custom spam filtering, define who
(sender and recipient), when (time frames), analysis modules to use, and one of more actions to take
against email messages
WHO-Object Responses
●For: ●Store in Quarantine
●Sender / Recipient ●Modify Email Contents
●Can contain ●Remove Attachments
●Patterns ●Notify Admin
●LDAP-User / Group ●Attach File
●...
Analysis Module
●Spam Signatures
●Heuristics
Actions
●Bayes Filter ●Continue (Next Rule)
●Malware-Check ●Drop (Delete, End)
●Specific Keyword ●Allow (Deliver, End)
●..
25
LPMS Basic Troubleshooting : How to verify who objects :
✔ Does he get the match on the Who Object 'Online Domino Directory'?
✔ The log will list all prior delivery attempts and the errors encountered.
26
LPMS Basic Troubleshooting : Checking the Queues :
✔ Emails with delivery problems will be stored in the "Resend“ Queue.
✔ The log will list all prior delivery attempts and the errors encountered. In the sample
screen shot the internal mail relay could not be reached.
27
LPMS Basic Troubleshooting : Events
✔ Events will in red or yellow. Especially problems with the system updates, licensing or
service health can be quickly identified by taking a look at the event log.
✔ In the example screen, there is a problem contacting the download servers. This points
to issues with the network, such as incorrect routing, network outages etc..
28
LPMS Basic Troubleshooting : Service Status & Helth
✔ The system will monitor service health automatically and report as traffic light icons.
✔ All lights are green, means good condition & If any service stops responding shows red.
✔ You will also receive a description about what lead to the current condition. Click on “Show
Solutions“ to get a more detailed view of the problems.
29
LPMS Basic Troubleshooting : Message Tracking
✔ Tracking will provide you with a brief overview of the emails „life“ showing you when it was
originally received, processed by the policy and how the email was handled after that.
30
LPMS Basic Troubleshooting: Collect Full Provinfo ( Support Diagnostic File )
✔ Log in to the web interface of the mail security system> Go to Support -> Diagnostics File.
✔ Change the value for "Number of past days to capture" to '7' and click Generate File.
✔ After the file has been created, return to Support -> Diagnostics File and click 'Download'.
✔ If the file less than 20 MB in size, you may send by email.
Up to 2 GB : http://www.ecurep.ibm.com/app/upload
Up to 100 GB: http://www-05.ibm.com/de/support/ecurep/index.html
31
Lotus Protector TIPs :
✔ ROOT is the only person who can make changes on Lotus Protector.
✔ ADMIN is the only person who change the Passwords and set up the Network Settings.
✔ To know LMI version, issue console (SSH) command 'rpm -qa |grep lmi'
✔ Use HELPDESK account to manage the messageStore to release blocked mails to the endusers.
✔ SPAM EMAILS should be sent to spam@kassel.ibm.com quickly, maximum of 2 business days.
✔ If CUSTOMER is blocked by the IBM gateway servers, save original email as a .eml file and send
to: notspam.feedack@kassel.ibm.com
32
Lotus Protector References :
✔ Lotus Protector for Mail Security
✔ Lotus Protector for Mail Security - how to block executable files
✔ TLS Configuration Guide
✔ Adding the free ClamAV antivirus engine as an additional scan engine to a Lotus Protector for Mail
Security installation
✔ Lotus Protector for Mail Security - Adding a XMail filter to check the SPF records of incoming emails
on the SMTP level
✔ Lotus Protector for Mail Security - Adding a XMail filter to verify DKIM Signatures of incoming emails
33
Questions?
Press *1 on your telephone to ask a question.
Visit our Support Technical Exchange page or our Facebook page for
details on future events.
To help shape the future of IBM software, take this quality survey and
share your opinion of IBM software used within your organization:
https://ibm.biz/BdxqB2
IBM Collaboration Solutions Support page IBM Collaboration Solution Support

http://www.facebook.com/IBMLotusSupport http://twitter.com/IBM_ICSSupport
34
Legal Disclaimer
© IBM Corporation 2015. All Rights Reserved.
The information contained in this publication is provided for informational purposes only. While efforts were made
to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS
without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product
plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any
damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing
contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations
from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement
governing the use of IBM software.
References in this publication to IBM products, programs, or services do not imply that they will be available in all
countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may
change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to
be a commitment to future product or feature availability in any way. Nothing contained in these materials is
intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any
specific sales, revenue growth or other results. IBM, Lotus, Lotus Notes, Notes, and Domino are trademarks of
International Business Machines Corporation in the United States, other countries, or both.
Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or Both.
Other company, product, or service names may be trademarks or service marks of others. All references to
renovations.com refer to a fictitious company and are used for illustration purposes only.
THANK YOU
35

IBM Lotus Protector For Mail Security - OpenMicSession

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IBM Lotus Protector For Mail Security - OpenMicSession

Uploaded by

Copyright:

Available Formats

Content Protection for Social Business Platform

Open Mic : IBM Lotus Protector for Mail Security

<<- Outbound SMTP Traffic

Inbound SMTP Traffic ->>

✔ Keyword Search : A regular expression search engine.

✔ Multibayes:Extra Bayesian Classifiers..Japanese Dating Spam, Chinese Attachment Spam etc..

✔ Fuzzy Fingerprint: Calculates a special fingerprint on image attachments.

✔ Phishing: Detection methods Phishing Signature, URL,Structure,Fingerprint,Heuristic & Spoofing.

LPMS Installation – Demo :

✔ Redirects to LMI, which Prompts for credentials.

✔ Provide your correct host name.

✔ Provide your Root Domain, postmaster & no-reply addresses.

✔ Provide local domain servers & Relay hosts.

✔ Mailsecd -> Protector Main Binary, provides content filtering

✔ Xmail -> Xmail SMTP relay, handles all mail traffic

✔ Postgresql -> Postgresql Database Server for Message Store

✔ Apache2 -> Apache Web server, provides the Web GUI

✔ IssDaemon -> Configuration Daemon

✔ Require Notes client 8.5.x or above versions.

✔ Enable IBM Notes Client's Notes.ini parameter : "$PROTECTOR_LOCATION=192.111.22.33:4443"

✔ Can use Desktop Policy Settings document to enforce to all users.

✔ The In-box shows a “Block Sender” icon in the toolbar

✔ A new “Spam Protection” navigator element visible in left pane/views.

●Sender / Recipient ●Modify Email Contents

●Can contain ●Remove Attachments

●Patterns ●Notify Admin

●LDAP-User / Group ●Attach File

●Malware-Check ●Drop (Delete, End)

●Specific Keyword ●Allow (Deliver, End)

LPMS Basic Troubleshooting : How to verify who objects :

✔ Emails with delivery problems will be stored in the "Resend“ Queue.

LPMS Basic Troubleshooting : Message Tracking

LPMS Basic Troubleshooting: Collect Full Provinfo ( Support Diagnostic File )

✔ SPAM EMAILS should be sent to spam@kassel.ibm.com quickly, maximum of 2 business days.

✔ Lotus Protector for Mail Security

✔ Lotus Protector for Mail Security - how to block executable files

✔ TLS Configuration Guide

IBM Collaboration Solutions Support page IBM Collaboration Solution Support

You might also like