IronMail
Installation Site Survey for IronMail 6.7
REQUIRED: IronMail appliance serial numbers (found on front panel of appliance)
1. IRQ5-XGVE-4JS8-ZM80
2. IR8X-4T6C-EZ6T-K728
3.
4.
5.
PLEASE CHECK REASON FOR VISIT
__X_ New IronMail (CQS) Installation
____IronMail Server Upgrade/Replacement
__X_IronMail Training/Knowledge Transfer
__X_IronMail Fine Tuning
Company Information:
Company Name
Site Name
Contact Person
Contact Title
Site Address: Street
City
State
Zip Code
Contact Phone Number
Contact Cell Number
Contact FAX Number
Contact E-mail Address
Backup Contact
Backup Contact Phone
Backup Contact Cell
Backup Contact Email
Washington University – St. Louis
Medical School
Joe Walters
Manager – Systems R&D
660 S Euclid
St. Louis
MO
63110
314-747-2868
314-341-2671
314-747-2866
jwalters@wusm.wustl.edu
Scott Kleinman
314-747-0038
314-341-1529
kleinman@wusm.wustl.edu
Last Updated: 3/8/16
Page 1 of 6
Other Security Solutions installed: (Firewall, NIDS, HIDS, Anti-Virus)
1.
2.
3.
Mail Server and Mail Relays installed:
1. IronMail
2. Exchange
3. Notes
Other Email Security Solutions being installed/evaluated:
1. N/A
Date Evaluated:
2.
Date Evaluated:
3.
Date Evaluated:
To aid in the installation process we have provided this simple checklist.
[]
Hardware Required (Install Only)
Computer Monitor (VGA)
Computer Keyboard
[]
Power Supply
ITEM
TYPE
Country
Power Supply
110-Volt [X ] 220-Volt [ ]
USA
[]
Network Administrator Checklist
ITEM
Host Name
Domain Name
DEFAULT
Newbox
Companya.com
Primary IP Address
192.168.0.254
Network Mask
Default Gateway
DNS Servers
255.255.0.0
192.168.0.1
192.168.0.253
NTP Servers
Virtual Hostname (EUQ)
Virtual IP Address (EUQ)
time.nist.gov
bitsy.mit.edu
clock.isc.org
euq.company.com
192.168.0.253
NAT IP Address – (external)
NAT – FQDN
CT Support Port #
12.12.12.12
smtp.company.com
20022
LDAP Server
LDAP Port#
389/3268
YOUR INFORMATION
CQSOS1
cqsos1.wucon.wustl.e
du
10.39.46.103
10.39.46.104
255.255.255.0
10.39.46.254
10.39.46.239
10.39.232.239
10.39.232.238
YOUR INFORMATION
CQSRD1
cqsrd1.wucon.wustl.edu
euq.wusm.wustl.edu
Public:
128.252.147.7 &
128.252.147.135
Private:
10.39.6.57
euq.wusm.wustl.edu
Public:
128.252.147.7 &
128.252.147.135
Private:
10.39.6.56
20022 (hop via
IronMail)
20022 (hop via IronMail)
10.39.232.82
10.39.232.84
255.255.255.0
10.39.232.254
10.39.46.239
10.39.232.239
10.39.232.238
Last Updated: 3/8/16
Page 2 of 6
LDAP User for
Authentication
LDAP Base String
LDAP User String
LDAP Email Attribute
LDAP Mailhost Attribute
[]
DNS “MX” Record
DNS “A” Record (internal-euq)
10.39.232.82 cqsrd1.wucon.wustl.edu
10.39.46.103 cqsos1.wucon.wustl.edu
10.39.232.84 euqrd1.wucon.wustl.edu
10.39.46.104 euqos1.wucon.wustl.edu
128.252.147.7 euq.wusm.wustl.edu (public)
128.252.147.135 euq.wusm.wustl.edu (public)
10.39.6.56 euq.wusm.wustl.edu (private)
10.39.6.57 euq.wusm.wustl.edu (private)
n/a
10.39.232.84 cqseuqrd1.wucon.wustl.edu
10.39.46.104 cqseuqos1.wucon.wustl.edu
YOUR INFORMATION
n/a
n/a
n/a
HTTP/HTTPS Proxy
ITEM
Is HTTP/HTTPS proxy used?
Internal WebMail server ip
What version of mail server
Is SSL/TLS enabled
[]
YOUR INFORMATION
Internal Mail Server(s). Please separate additional servers with comma between.
ITEM
Mail Server Type
Mail Server IP Address
Mail Server FQDN
[]
(|(proxyAddresses=SMTP:
%%SMTP%%)(proxyAddre
sses=smtp:%%SMTP%%))
Mail
Mail
DNS (Domain Name Service) Issues
ITEM
DNS “PTR” Record
DNS “A” Record
[]
“domain”\administrator
Default
No
192.168.1.1
Outlook Web Access
No
n/a
n/a
n/a
n/a
POP3 / IMAP accessibility
Is POP3 and / or IMAP connectivity being utilized? No
[]
Internet Connection
To host an Internet mail server, your network must have a specific type of connection to the Internet. It
must be a permanent connection (connected all the time, not just when you have dialed into an ISP for
outgoing use) and it must also have at least one static IP address.
[]
Domain Name
You must have a valid Internet domain name, which is not currently serviced by any existing e-mail
server. If you don’t currently have a domain name, you can contact VeriSign (formerly Network Solutions)
Last Updated: 3/8/16
Page 3 of 6
(www.verisign.com), Register.Com (www.register.com) or any other Internet domain name
registrar to obtain your own domain name (e.g. mycompany.com).
Your connection to the Internet must be a permanent connection, since incoming mail could be sent to
you at any time, you must be connected in order to receive it. Your mail server must have a static IP
address.
[]
Virtual IP Address and Host Name
The IronMail appliance requires two IP address. The primary IP address of the appliance is used for Web
Administration, SMTP, update, and support functions. The second IP address, or Virtual IP Address, is
used for the End User Quarantine Notifications (EUQ).
[]
Internal Mail Server Issues
The Internal Mail server is the next hop inbound for internal email. IronMail can communicate via SMTP to
any type of internal email server. This includes SendMail proxies, Anti-Virus proxies, and Content-Filtering
servers. Multiple inbound mail server support requires IronMail 1.2.6 and newer. Internal Mail server must
be configured to forward outbound email to IronMail.
It is safe to expose the WebAdmin port to the Internet, especially if you are using strong client
authentication with a Secure Computing/VeriSign X.509 administrator client certificate.
[]
Firewall Issues
There are two main styles of firewall: packet filtering (with or without “stateful inspection”) and proxy
server. Note that SMTP over SSL will not work via a proxy server style firewall, unless the proxy server
also supports SMTP over SSL (most current proxy firewalls do not). With a packet filtering style firewall
(e.g. Check Point’s Firewall-1), SMTP over SSL will pass transparently through a firewall.
Unlike most mail servers, it is safe to install the Secure Computing mail server on your internal network
(rather than in a DMZ), due to its security features. If you choose to do so, it is fairly simple to open the
necessary “port holes” in the firewall. Some of the incoming ones are optional, depending on which
services you want to allow access to from outside your firewall:
ITEM
Firewall Type
TYPE
CISCO PIX, Microsoft ISA
Server
IP ADDRESS
Outgoing Connections (from IronMail)
Port
Port 21 (TCP)
Port 22 (TCP)
Port 25 (TCP)
Port 53 (TCP/UDP)
Port 123 (UDP)
Port 162 (UDP)
Port 389 (TCP)
Port 514 (UDP)
Port 20022 (TCP)
Port 20022 (TCP)
Connects To:
Service
FTP Server
FTP–Optional (Only if remote IMs log to CMC)
SCP Server
SCP–Optional (Only if remote Ims log to CMC)
any (internal / external) SMTP (Alert Notification)
DNS
DNSserver(s)
server(s)
DNS
Domain Name Servers
NTP Server(s)
NTP – Optional
SNMP Trap Mgr
SNMP Trap – Optional (Alert Notification)
LDAP Server
LDAP – Optional
Syslog Server
Syslog – Optional
66.179.104.137
CT Updates (update.ciphertrust.net)
IronMail CMC
CMC IronMail Secure Tunnel (REQUIRED if
managed by a CMC)
Incoming Connections (into IronMail - Primary IP)
Port
Port 20 (TCP)
Connects From:
FTP Server
Service
FTP – Optional (FTP Control Connection)
Last Updated: 3/8/16
Page 4 of 6
Port 22 (TCP)
Port 25 (TCP)
Port 110 (TCP)
Port 143 (TCP)
Port 443 (TCP)
Port 465 (TCP)
Port 993 (TCP)
Port 995 (TCP)
Port 10443 (TCP)
Port 20022 (TCP)
Port 20022 (TCP)
Internal Network
Primary IronMail
Any (internal / external)
Any (internal / external)
Any (internal / external)
Any (internal / external)
Any (internal / external)
Any (internal / external)
Internal Network
66.179.104.132
IronMail CMC
CLI Management
SMTP
POP3 - Optional
IMAP4 - Optional
HTTPS – Optional (WebMail Reverse Proxy)
SMTPS - Optional (Secure SMTP)
IMAP4 – Optional (Secure IMAP4)
POP3S - Optional (Secure POP3)
CT WebAdmin
CT Support
CMC IronMail Secure Tunnel (REQUIRED if
managed by a CMC)
Incoming Connections (into IronMail - Virtual IP (EUQ))
Port
Port 80 (TCP)
Port 443 (TCP)
Connects From:
Any (Internal / External)
Any (Internal / External)
Service
HTTP – optional port for EUQ
HTTPS – Default port for EUQ
Other requirements for IronMail installation:
To help Secure Computing install the IronMail and prepare your personnel for its use, please supply
the following:




Approximately eight hours for each installation day purchased.
Appropriate network down time for actual integration of the IronMail into your network.
An expert on your existing network architecture who is on-site and available during installation.
An individual who is familiar with the Internet services (DNS, FTP, etc.) and applications your site
wants to run (including access to the manuals or documentation for those applications).
Secure Computing Policy for Installations






Sales order should include a requested installation date
Install must be at least 2 weeks after receipt of PO
On receipt of PO, install coordinator will contact customer and email/fax site survey
After receipt of site survey, installer will contact the customer directly to review content/readiness
Install must be at least one week after receipt of validated site survey
Final install date will depend on confirmation of customer readiness by installer
Cancellation Policy
If the customer cancels the install within 2 business days of the scheduled date, he will be charged
the full installation price.
Contact Information
Network Services Department
Last Updated: 3/8/16
Page 5 of 6
Secure Computing®
your trusted source for enterprise security™
www.securecomputing.com
NASDAQ: SCUR
(888) 740-8040 (Toll Free)
(651) 628-2718 (Fax)
Network_Services@securecomputing.com
Secure Computing Corporation
2340 Energy Park Drive
Saint Paul, MN 55108
Last Updated: 3/8/16
Page 6 of 6