Email Address Registration: Administrator Guide

advertisement
Email Address Registration
Administrator Guide
Address Registration Administrator Guide
Documentation version: 1.0
Legal Notice
Legal Notice Copyright © 2013 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo, the Checkmark Logo and are trademarks or registered
trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other
names may be trademarks of their respective owners.
No part of this document may be reproduced in any form by any means without prior written
authorization of Symantec Corporation and its licensors, if any.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
http://www.symantec.com
Clients are advised to seek specialist advice to ensure that they use the Symantec services
in accordance with relevant legislation and regulations. Depending on jurisdiction, this may
include (but is not limited to) data protection law, privacy law, telecommunications
regulations, and employment law. In many jurisdictions, it is a requirement that users of
the service are informed of or required to give consent to their email being monitored or
intercepted for the purpose of receiving the security services that are offered by Symantec.
Due to local legislation, some features that are described in this documentation are not
available in some countries.
Configuration of the Services remains your responsibility and entirely in your control. In
certain countries it may be necessary to obtain the consent of individual personnel. Symantec
advises you to always check local legislation prior to deploying a Symantec service. You
should understand your company’s requirements around electronic messaging policy and
any regulatory obligations applicable to your industry and jurisdiction. Symantec can accept
no liability for any civil or criminal liability that may be incurred by you as a result of the
operation of the Service or the implementation of any advice that is provided hereto.
The documentation is provided "as is" and all express or implied conditions, representations,
and warranties, including any implied warranty of merchantability, fitness for a particular
purpose or non-infringement, are disclaimed, except to the extent that such disclaimers are
held to be legally invalid. Symantec Corporation shall not be liable for incidental or
consequential damages in connection with the furnishing, performance, or use of this
documentation. The information that is contained in this documentation is subject to change
without notice.
Symantec may at its sole option vary these conditions of use by posting such revised terms
to the website.
Technical support
If you need help on an aspect of the security services that is not covered by the
online Help or administrator guides, contact your IT administrator or Support
team. To find your Support team's contact details in the portal, click Support >
Contact us.
Address Registration
This document includes the following topics:
■
About Address Registration
■
Registering addresses step-by-step
■
Locating address registration in the portal
■
Creating an address list in a spreadsheet or text editor
■
Managing registered addresses manually
■
Extracting email addresses with the synchronization tool
■
Extracting the address list from a mail server
■
Reviewing an address list
■
Uploading addresses to the infrastructure using the portal
■
Uploading addresses to the infrastructure using the synchronization tool
■
Maintaining an address list
■
Merging or replacing an existing address list
■
Automatic outbound address harvesting
■
Activating Address Registration
About Address Registration
Address Registration operates at the perimeter of the email services infrastructure
alongside other protective and validation technologies such as traffic shaping
and connection management.
6
Address Registration
Registering addresses step-by-step
Address Registration is used to reject any email sent to an address in your domains
that does not appear in a database of known valid email addresses. Any email sent
to an unregistered address is not accepted and gives rise to an SMTP 550 error.
This error indicates to the sending mail server that the address is invalid.
The process involved in using Address Registration is first to define a list of valid
addresses, then to upload the addresses to the email services infrastructure. You
can then review the addresses in the portal.
By using Address Registration, you should see a significant drop in detected spam.
Warning: You must provide one address list for each domain or subdomain that
is provisioned to use the Email Services.
Registering addresses step-by-step
The following table provides an overview of the process for registering the lists
of valid email addresses for your organization's domains.
Table 1-1
Step
Further Information
Define list(s) of the valid email
You can generate the list(s) by the following
addresses for each of your domains and methods:
subdomains.
■ Enter the email addresses manually through
the portal.
See “Managing registered addresses manually”
on page 9.
■ Create the list manually using a spreadsheet
or text editor.
See “Creating an address list in a spreadsheet
or text editor” on page 8.
■ Extract the user list using the Address
Synchronization Tool.
See “Extracting email addresses with the
synchronization tool” on page 10.
■ Extract the list directly from your mail server.
See “Extracting the address list from a mail
server ” on page 11.
Address Registration
Locating address registration in the portal
Table 1-1
(continued)
Step
Further Information
Upload the list(s) to the email services Use one of the following methods:
infrastructure.
■ Use the upload facility in the portal
See “Uploading addresses to the infrastructure
using the portal” on page 16.
■ Use the Address Synchronization Tool
See “Uploading addresses to the infrastructure
using the synchronization tool” on page 17.
Review the list(s) in the portal
See “Reviewing an address list” on page 15.
Activate Address Registration.
See “Activating Address Registration” on page 20.
Maintain your list of addresses.
Several options are available to maintain valid
address lists:
Adding and deleting addresses manually
See “Managing registered addresses manually”
on page 9.
■ Using the upload functionality in the portal
to merge or replace an existing list
See “Merging or replacing an existing address
list” on page 18.
■ Keeping your addresses synchronized using
the Address Synchronization Tool
See “Uploading addresses to the infrastructure
using the synchronization tool” on page 17.
■ Automatic outbound address harvesting
See “Automatic outbound address harvesting”
on page 19.
■
Locating address registration in the portal
You configure and apply Address Registration settings per domain.
7
8
Address Registration
Creating an address list in a spreadsheet or text editor
To locate the address registration pages in the portal
1
Click Services > Email Services > Platform > Address Registration.
2
A summary of the state of Address Registration protection is shown for each
of your domains.
3
To see details of the email addresses registered for a domain, first locate the
domain in the summary list. Then click the domain name, or select the domain
from the drop-down list.
Creating an address list in a spreadsheet or text
editor
To use Address Registration, you first need to create a full list of your
organization’s valid email addresses in a .csv file or .txt file. Each of your
organization’s registered domains and subdomains must have its own list of valid
email addresses.
When compiling your lists of valid email addresses, include any alias addresses
and externally visible group addresses; for example, sales@domain.com. However,
if email addresses exist on subdomains (for example, user@sub.domain.com),
these addresses should not be included in the valid address list for domain.com.
A list of registered addresses must be provided for each domain and subdomain.
You can create the lists manually either as a .txt file or .csv file in either a
spreadsheet application or text editor.
Enter each email address on a separate row or line.
Wildcard symbols such as ^& %$* are not valid in an email address. The only
acceptable symbols in an email address are:
■
underscore _
■
hyphen -
■
dot .
You can create your address list in several ways:
■
Enter the email addresses manually through the portal.
■
Create the list manually using a spreadsheet or text editor.
■
Extract the user list using the Address Synchronization Tool.
■
Extract the list directly from your mail server.
See “Managing registered addresses manually” on page 9.
See “Extracting email addresses with the synchronization tool” on page 10.
Address Registration
Managing registered addresses manually
See “Extracting the address list from a mail server ” on page 11.
Managing registered addresses manually
You can add and delete registered addresses manually in the portal.
You can define a list of email addresses to delete from the Address Registration
service (such as recent staff leavers) and upload the list into the portal for deletion.
The list must be defined in a .csv file.
To enter an address
1
Click Services > Email Services > Platform > Address Registration.
2
Select the required domain from the Summary list or from the domains
drop-down list.
3
Click New Address.
4
Enter the email address to register.
5
Click Add.
The email address appears in the list of registered addresses.
To delete a registered address
1
Click Services > Email Services > Platform > Address Registration.
2
Select the required domain from the Summary list or from the domains
drop-down list.
3
Locate the address to delete and tick the box to the left of it.
Note: In the Search Address field, you can use the * wildcard for partial
matching.
4
Click Delete Selected.
A confirmation message is displayed.
To delete a list of registered addresses
1
Click Services > Email Services > Platform > Address Registration.
2
Select the required domain from the Summary list or from the domains
drop-down list.
3
Click Delete Multiple Email Addresses.
9
10
Address Registration
Extracting email addresses with the synchronization tool
4
Enter the file name of the .csv file or click Browse to locate it.
5
Click Upload.
The upload-and-delete operation may take some time to complete depending
on the size of the list. A confirmation message is displayed.
See “Creating an address list in a spreadsheet or text editor” on page 8.
Extracting email addresses with the synchronization
tool
The Synchronization Tool enables you to extract and maintain a list of valid email
addresses in use in your organization.
The address list is required for Address Registration.
Synchronized email addresses can be used in Content Control rules.
If you have a license for the Synchronization tool, you can extract your valid email
addresses directly to the email services infrastructure. If you do not have a license,
you can save the email addresses to a file.
To use the synchronization tool with a license
1
In the Data repository section of the configuration process, in the Configure
data repository window, select Symantec.cloud as the Repository Type.
2
Click Next.
You can now continue with the User setup and the Domain setup.
See the Online Help: Creating a configuration profile - process overview.
To use the synchronization tool without a license
1
In the Data repository section of the configuration process, in the Configure
data repository window, select File as the Repository Type.
2
Click Next.
3
In the Repository file configuration window, in the File Name field, enter
the path and file name for the output. The Additions and Deletions fields
are entered automatically.
4
Click Next.You can now continue on to the Filters section of the configuration.
See the Online Help: Creating a configuration profile - process overview.
See also Online Help on the Synchronization Tool.
Address Registration
Extracting the address list from a mail server
Extracting the address list from a mail server
We provide procedures to extract a list of your organization's valid email addresses
from the following mail environment networks:
■
Exchange 2000 and 2003
■
GroupWise
■
iMail
■
Lotus Notes V7
■
MDaemon
To extract user data from your mail server, you must have administrative rights
for the domain or subdomain for which you are producing the list.
The user data that is extracted by following these instructions may include more
information than only the required valid email addresses. You need to remove
any extra data before uploading the list to the email services infrastructure. You
can do so by importing the data into a spreadsheet.
To remove extra user data from an address list
1
Import the data into Microsoft Excel or another spreadsheet application.
2
Sort on the column that contains the email addresses, and delete all entries
without an email address.
3
Delete all columns except the one containing the email addresses.
4
Save the file as a .csv file or copy the addresses to a .txt file.
5
You may also need to separate the data further, to provide one list for each
of your domains or subdomains.
Note: If you have questions on extracting your address lists directly from your
mail server, contact your IT department or IT consultant.
See “Producing an address list from Microsoft Exchange” on page 12.
See “Producing an address list from GroupWise 7” on page 12.
See “Producing an address list from iMail” on page 13.
See “Producing an address list from Lotus Notes 7” on page 14.
See “Producing an address list from MDaemon” on page 15.
11
12
Address Registration
Extracting the address list from a mail server
Producing an address list from Microsoft Exchange
There are two versions of the command that extracts user data from the Exchange
server. One produces a list of email addresses from one domain and all of its
subdomains. The other enables you to select domains and subdomains from which
to produce the list.
To produce an address list from a single high level Active Directory domain and all
of its subdomains
◆
From a command prompt, enter the following command:
ldifde -f filename.txt -l proxyaddresses -r
"(proxyaddresses=*smtp:*@*)"
A text file called filename.txt containing your valid email addresses is
produced.
To produce an address list from a specific Active Directory location
◆
From a command prompt, enter the following command:
ldifde -f filename.txt -d "dc=subsub,dc=sub,dc=domain,dc=com" -l
proxyaddresses -r "(proxyaddresses=*smtp:*@*)"
This command contains the information that you must supply in italics; for
example, the name of the .txt file that is produced (filename.txt). The dc=
values identify the required location in the Active Directory. Use as many of
the dc= values as are required. For example, the command above produces a
user list from the subsub.sub.domain.com Active Directory domain structure.
Note: The *smtp: *@* filter in the command above ensures that only current valid
email addresses are produced. You can amend this filter to your requirements, if
necessary.
See “Extracting the address list from a mail server ” on page 11.
Producing an address list from GroupWise 7
You need to be familiar with NWAdmin and GroupWise Utilities before performing
this procedure.
Address Registration
Extracting the address list from a mail server
To produce an address list from GroupWise 7
1
Log on to NWAdmin and select the eDirectory tree that contains the users to
export.
2
Select Tools > GroupWise Utilities > Export.
An NDS query tool is displayed.
3
Click NDS/GroupWise Class and select User from the drop-down list to the
right of it.
4
Under Attributes, select the object name (logon name), last name, given
name, and NGW: File ID.
5
Enter a text file export name (for example, GW-FID.TXT).
6
Under Starting Context, click [Root].
7
Check Export from subordinate contexts.
This option causes objects in subordinate contexts to be exported.
8
Check Put the attribute names in first line.
This option directs the export to put the attribute names as a comment in
the first line of the export file.
9
Click Run.
A comma-delimited text file of your users is produced.
See “Extracting the address list from a mail server ” on page 11.
Producing an address list from iMail
Extracting a list of your user's email addresses can only be achieved on a single
domain basis. If you have more than one domain, repeat these steps for each
domain.
To extract email addresses from iMail
1
Navigate to the iMail Administrator.
2
Expand the tree under your server name or domain.
3
Click Users.
4
Click Export Users to File.
The \imail\Users.txt file is created.
See “Extracting the address list from a mail server ” on page 11.
13
14
Address Registration
Extracting the address list from a mail server
Producing an address list from Lotus Notes 7
To produce an address list from Lotus Notes 7
1
From the Notes client, open the Name and Address book (names.nsf) on the
Domino server.
2
Open the People view in the names.nsf database and create views to list the
Internet addresses for each Person document in your domain:
■
Select Create > View.
■
Update the Create View window
■
Select Save and Customize.
■
Delete all column headings in the new private view. To delete all headings
at once, highlight the first heading, click Control, and select the last
heading to select them all. Use the Delete key to delete all headings. Click
Yes to confirm the deletion
■
Right click on the empty heading bar and select Insert New Column...
■
Select Field as the Display type. Scroll down to the InternetAddress field
and select it.
■
On the File menu, click Save to save the private view.
3
Close the view design tab by pressing the Esc key.
4
In the names.nsf left navigation view is the InternetAddressList view. One
column in the view lists the Internet addresses of all users who are listed in
the People view. To export the list of Internet addresses to a text file, select
File > Export.
5
Update the Export window.
6
Select Export.
7
Update the Tabular Text Export window.
8
To export the view, select OK.
9
Repeat these steps for the other Views/Fields that contain valid Internet
addresses if necessary.
For example include the people view ShortName field (for Internet ID aliases),
Group/InternetAddress (for external group distribution lists), and Mail-in
databases/InternetAddress (for external Mail-in databases).
See “Extracting the address list from a mail server ” on page 11.
Address Registration
Reviewing an address list
Producing an address list from MDaemon
To produce an address list from MDaemon
1
Navigate to the Message Router.
2
Click Accounts > Exporting > Export accounts to a comma delimited text
file.
3
Specify the required path and file name.
4
Click OK.
See “Extracting the address list from a mail server ” on page 11.
Reviewing an address list
When your address lists are uploaded to the email services infrastructure, review
the addresses that are registered for each domain in the portal before activating
Address Registration.
Reviewing your list is imperative when your addresses are uploaded initially.
Thereafter, it is good practice to review the list when any changes are made. If a
list has uploaded incorrectly or if any email addresses are missing, you may
experience temporary mail loss.
The Summary page lists your domains and shows the state of each. You can
download a CSV file of this summary.
To review a summary of your address registration settings
1
Click Services > Email Services > Platform > Address Registration.
2
Ensure that Summary is selected in the domains drop-down list at the top of
the page.
Your domains are listed with the following information:
■
Domain name:
If the domain is enabled for Address Registration, click on the domain
name to view and edit its address list
■
Status:
■
On—Address Registration is protecting your organization from
receiving emails to addresses not registered for this domain
■
Off—Create and check your list of registered addresses, and click this
link to turn on the protection
15
16
Address Registration
Uploading addresses to the infrastructure using the portal
Do not set the Address Registration protection to On until you are
satisfied that your list of registered email addresses is accurate and
correct. Otherwise email to valid addresses may be rejected.
■
■
Service not enabled for viewing—Contact Support to have this domain
provisioned for Address Registration. Click Support > Contact Us for
details.
Upload/Download:
Use the links to download an existing address list as a CSV file so that you
can make changes to it and upload the edited file back to the portal.
See “Uploading addresses to the infrastructure using the portal”
on page 16.
To review the address list for a domain
1
Click Services > Email Services > Platform > Address Registration.
2
Select the required domain from the Summary list or from the drop-down
domains list.
The list of registered addresses is displayed. You can download the list as a
CSV file.
3
Repeat for any other domains to review.
Uploading addresses to the infrastructure using the
portal
You can create or edit a list of your registered addresses offline in a .csv file or
.txt file and upload the list to the portal.
The following options are available for uploading lists into the portal:
■
Delete existing email addresses and replace with uploaded email addresses
By selecting this option the uploaded list replaces the existing list. Any entries
in the existing list that are not in the uploaded list are lost.
■
Merge existing email addresses with uploaded email addresses
By selecting this option the uploaded list merges into the existing list. This is
a useful way to add new entries to an existing list. During a merge, if duplicate
email addresses exist within both the uploaded and existing lists, the portal
does the following: highlights the number of duplicates, and gives you the
option to overwrite the entries in the existing list (and to change their
description, if required) or to cancel the list merge process.
Address Registration
Uploading addresses to the infrastructure using the synchronization tool
To upload a list of addresses for a domain
1
Click Services > Email Services > Platform > Address Registration.
2
Do one of the following:
■
Select the domain from the Summary list, and click Upload
■
Select the domain from the domains drop-down list, and click Upload
Multiple Email Addresses
3
Enter the file name of the .csv file or click Browse to locate it.
4
In the On upload area, select the appropriate option depending on whether
the new addresses should replace or be merged with any existing addresses
(duplicate entries are ignored).
5
Click Upload.
The upload operation may take some time to complete depending on the size
of the list. Confirmation of that the file was uploaded successfully is displayed.
6
Click OK.
The list entries are displayed in the Address Registration page.
Uploading addresses to the infrastructure using the
synchronization tool
If you have a license for the Synchronization tool, you can extract your valid
addresses directly to the email services infrastructure.
See “Extracting email addresses with the synchronization tool” on page 10.
Maintaining an address list
The purpose of registering your valid email addresses is to allow the email services
to reject mail to unrecognized addresses. Therefore, it is important that an
up-to-date list is maintained. You have several options for keeping the lists
up-to-date:
Periodic refresh of the complete list
Achieved by uploading the address list and choosing Delete existing
addresses and replace with uploaded addresses. It is recommended that
you perform this refresh at regular intervals to implement all address
additions and removals.
See “Uploading addresses to the infrastructure using the portal” on page 16.
17
18
Address Registration
Merging or replacing an existing address list
Incremental additions
Achieved by uploading the harvested list and choosing Merge existing
addresses with uploaded addresses. This action can be used to augment
the address harvesting operation, particularly where new addresses may
not be captured when outbound messages are sent.
See “Uploading addresses to the infrastructure using the portal” on page 16.
Ad-hoc edits
Achieved by adding and deleting addresses individually. This action can
be used in between your routine list update cycle.
See “Managing registered addresses manually” on page 9.
Automated synchronization
Use the Address Synchronization Tool to synchronize your address list
automatically.
Address harvesting
An automatic process by which all email addresses that send mail out of
your organization’s domains are harvested by the email services
infrastructure and added to your list of registered addresses.
See “Automatic outbound address harvesting” on page 19.
It may be advisable to combine the process of adding new addresses and deleting
old addresses with your existing process for handling staff leavers and joiners.
You may also want to perform address maintenance tasks when you create
distribution lists.
See “Merging or replacing an existing address list” on page 18.
See “Automatic outbound address harvesting” on page 19.
Merging or replacing an existing address list
You can download the current list from the portal and edit it offline before
uploading it back to the portal. When saving the list, ensure that it is saved as a
CSV (comma delimited) or TXT file.
To download the current address list
1
Navigate to the Address Registration page.
2
Click Download Email Addresses.
A dialog box asks you whether to open or save the file. The CSV file is named
RegisteredUser.csv. The download operation may take some time to
complete depending on the size of the list.
See “Uploading addresses to the infrastructure using the portal” on page 16.
See “Uploading addresses to the infrastructure using the synchronization tool”
on page 17.
Address Registration
Automatic outbound address harvesting
See “Maintaining an address list” on page 17.
Automatic outbound address harvesting
Outbound address harvesting is an automatic process. The Email Services
infrastructure harvests all email addresses that send mail out by your registered
outbound IP addresses. These addresses are added to your list of registered
addresses.
Outbound address harvesting does not automatically detect aliases. For example,
johnsmith@company.com is the primary address for new user John Smith.
However, the mail server environment may also hold and allow aliases such as
j.smith@company.com, jsmith@company.com, and johnsmith@co.com. These
alias addresses are not harvested automatically when John Smith’s first outbound
message is sent out of your mail server environment. For all aliases to be harvested,
an email must be sent out by each alias. Therefore, it may be appropriate to
combine outbound address harvesting and manual addition or deletion through
the portal as maintenance options.
You must use the email services infrastructure as your outbound mail relay in
order for address harvesting to work.
To ensure that an email address is harvested, you can send an email from the
email address to harvest@smtpsink.messagelabs.net. The email goes through the
email services infrastructure and the address is harvested. The email is then
deleted.
It may take up to one hour for the infrastructure to process a harvested address.
We keep a record of addresses that have been deleted. Email addresses that you
have deleted from your list are not harvested in future. The email address is not
harvested again.
In line with relevant data protection legislation and industry best practice, the
system does not harvest recipient addresses in the emails that your users send.
Also, the system does not harvest addresses from the emails that are sent to your
users.
See “Maintaining an address list” on page 17.
See “Merging or replacing an existing address list” on page 18.
19
20
Address Registration
Activating Address Registration
Activating Address Registration
Note: Address Registration may already have been activated when your account
was provisioned to use the Email Services.
Once you are sure that you have a valid list of your organization’s valid email
addresses uploaded to the email services infrastructure, you can then turn on
Address Registration for your domains.
When the setting for a domain is set to On, any email that is sent to an unregistered
address is not accepted and gives rise to an SMTP 550 error. This error indicates
to the sending mail server that the address is invalid. You should see a significant
drop in detected spam.
There should be no need to switch off Address Registration . If you want to do so,
contact Support. Click Support > Contact Us for details.
Warning: Do not set the Address Registration protection to On until you are
satisfied that your list of registered email addresses is accurate and correct.
Otherwise email to valid addresses may be rejected.
To turn on Address Registration
1
Click Services > Email Services > Platform > Address Registration.
2
Locate the required domain in the Summary list or from the domains
drop-down list.
3
Click the Off link.
The Registered Email Address Settings window is displayed.
4
Click On.
5
Click Update.
The Address Registration page now indicates that Address Registration
protection for the domain is On.
See “Reviewing an address list” on page 15.
Download