IPBrick Reference Guide Version 5.0. iportalmais

(1)

IPBrick

Reference Guide

Version 5.0

iPortalMais

August 2008

(2)

Copyright c iPortalMais

The information in this manual is submitted to changes without previous com-munication. The presented explanations, technical data, configurations and rec-ommendations are precise and trustful. Nevertheless they have no expressed or implied guarantees.

(3)

2 Before Starting 15 3 IPBrick.I 17 3.1 Machines Groups . . . 17 3.2 Machine Management . . . 18 3.2.1 Mass Operations . . . 20 3.3 User Groups . . . 23 3.4 Users Management . . . 25 3.4.1 Mass Operations . . . 28 3.5 Domain Server . . . 31 3.5.1 Configure . . . 32 3.5.2 Users Management . . . 32 3.6 File Server . . . 32

3.6.1 Individual Work Areas . . . 33

3.6.2 Group Work Areas . . . 34

3.6.3 Kaspersky . . . 37 3.7 E-Mail . . . 41 3.7.1 Configure . . . 42 3.7.2 Definitions . . . 47 3.7.3 Queue Management . . . 48 3.7.4 Users management . . . 49 3.7.5 Mailing Lists . . . 53 3.7.6 Kaspersky Anti-V´ırus . . . 54 3.7.7 Kaspersky Anti-Spam . . . 59 3.8 Print Server . . . 62 3.9 Backup . . . 65 3.9.1 Bacula . . . 66 3.9.2 Remote . . . 66 3.10 Fax Server . . . 69 3.10.1 Fax2Mail . . . 70 3.10.2 Mail2Fax . . . 74 3.10.3 Statistics . . . 74 3.11 Terminal Server . . . 76 3.11.1 Configuration . . . 77

(4)

3.11.2 Client configuration . . . 81 4 IPBrick.C 85 4.1 Firewall . . . 85 4.1.1 Available Services . . . 85 4.1.2 Block Services . . . 86 4.2 Proxy . . . 86 4.2.1 Configuration . . . 87 4.2.2 Statistics . . . 96 4.2.3 Kaspersky Proxy . . . 97 4.3 VPN . . . 100 4.3.1 PPTP . . . 100 4.3.2 IPSec . . . 102 4.3.3 SSL . . . 104 4.4 E-mail . . . 108 4.4.1 Advanced relay . . . 108

4.4.2 Get Mail from ISP . . . 108

4.4.3 Mail Copy . . . 111

4.5 Web Server . . . 112

4.5.1 Creating a new site . . . 112

4.5.2 Management . . . 114 4.6 Webmail . . . 118 4.7 FTP Server . . . 120 4.7.1 Access log . . . 122 4.8 VoIP . . . 123 4.8.1 Phone management . . . 123 4.8.2 Services . . . 125 4.8.3 Monitoring . . . 141 4.8.4 Routes Management . . . 147 4.8.5 Music on Hold . . . 152 4.9 IM . . . 152

4.9.1 Enabling / disabling the IM server . . . 154

5 Advanced Configurations 159 5.1 IPBrick . . . 159 5.1.1 Definitions . . . 159 5.1.2 System Information . . . 161 5.1.3 Web Access . . . 161 5.1.4 Authentication . . . 164 5.1.5 Update . . . 167 5.2 Network . . . 168 5.2.1 Firewall . . . 168 5.2.2 Route management . . . 171 5.2.3 QOS . . . 172 5.2.4 Service Routing . . . 174 5.3 Support services . . . 187 5.3.1 LDAP . . . 187

(5)

CONTENTS 5 5.3.2 DNS . . . 188 5.3.3 DHCP . . . 192 5.3.4 ENUM . . . 198 5.4 Disaster recovery . . . 200 5.4.1 Configurations . . . 200 5.4.2 Applications . . . 202 5.5 System . . . 204 5.5.1 Services . . . 204 5.5.2 Task Manager . . . 205

5.5.3 Date and Hour . . . 206

5.5.4 System users . . . 206 5.5.5 Monitoring . . . 207 5.5.6 SSH . . . 210 5.5.7 Reboot . . . 211 5.5.8 Shutdown . . . 211 5.6 Telephony . . . 211 5.6.1 Cards . . . 212 5.6.2 Registered Phones . . . 214 5.6.3 Configurations . . . 216 5.6.4 Interfaces . . . 224 5.6.5 SIP peers . . . 226 5.6.6 IAX peers . . . 226 6 Apply Configurations 231 7 Appendix A - Join in the domain 233 7.1 Windows XP Professional Workstation . . . 233

8 Appendix B - Configuring a VPN connection 237 9 Appendix C - Configuration of a VPN SSL connection (Open VPN) 239 9.1 Two or more SSL certificates . . . 239

9.2 Configuration of a SSL Connection for Windows Vista . . . 240

10 Appendix D - Backup Service - Arkeia 241 10.1 Advanced Administration . . . 242

(6)

(7)

List of Figures

3.1 Machine Groups - List . . . 18

3.2 Machine Groups - Example . . . 19

3.3 Machines Management - Machine registration . . . 20

3.4 Machines Management - Options . . . 21

3.5 Machines Management - List . . . 22

3.6 Machine Management - Export . . . 23

3.7 Machine Management - Mass Operations . . . 24

3.8 User Groups - Group creation . . . 25

3.9 User Groups - Groups List . . . 26

3.10 User Groups - Users . . . 27

3.11 Users Management - Insert . . . 28

3.12 Users Management - List . . . 29

3.13 Users Management - Operations . . . 30

3.14 Users Management - Modify . . . 31

3.15 Domain Server - Definitions . . . 33

3.16 Domain server - Users Management . . . 34

3.17 Work Areas - Summary . . . 35

3.18 Work Areas - List . . . 36

3.19 Work Areas - Summary of Individual Areas . . . 37

3.20 Work Areas - List . . . 38

3.21 Work Areas - Group - Insert with recycle bin . . . 39

3.22 Work Areas - Group - Insert without recycle bin . . . 40

3.23 Work Areas - Group - Management . . . 41

3.24 Work Areas - Group - Users Access . . . 42

3.25 Workareas - Kaspersky Licence . . . 43

3.26 Workareas - Kaspersky - Configure 1/2 . . . 44

3.27 Workareas - Kaspersky - Configure 2/2 . . . 45

3.28 Workareas - Kaspersky . . . 45

3.29 Workareas - Kaspersky - Statistics 1/2 . . . 46

3.30 Workareas - Kaspersky - Statistics 2/2 . . . 46

3.31 E-mail - Configure . . . 47

3.32 E-Mail - Definitions 1/2 . . . 49

3.33 E-Mail - Definitions 2/2 . . . 50

3.34 E-Mail - Definitions - Valid internal recipients . . . 50

3.35 E-Mail - Definitions - Invalid senders . . . 51

(8)

3.37 E-mail - Users Management . . . 52

3.38 E-Mail - Alternative addresses, Forwarding and automatic replys . . 53

3.39 E-Mail - Mailing List - Insert . . . 54

3.40 E-Mail - Mailing List - Users . . . 55

3.41 E-Mail - Mailing List - External users . . . 56

3.42 E-Mail - Kaspersky Anti-V´ırus . . . 56

3.43 E-Mail - Kasp. Anti-V´ırus - General Configurations . . . 57

3.44 E-Mail - Kasp. Anti-V´ırus - Groups Management . . . 57

3.45 E-Mail - Kasp. Anti-V´ırus - Notification Rules . . . 58

3.46 E-Mail - Kasp. Anti-V´ırus - Filter . . . 58

3.47 E-Mail - Kasp. Anti-V´ırus - Statistics 1/2 . . . 59

3.48 E-Mail - Kasp. Anti-V´ırus - Statistics 2/2 . . . 60

3.49 E-Mail - Kasp. Anti-Spam - Protected Domains . . . 61

3.50 E-Mail - Kasp. Anti-Spam - Actions . . . 62

3.51 E-Mail - Kasp. Anti-Spam - Rules . . . 63

3.52 E-Mail - Kasp. Anti-Spam - Statistics . . . 64

3.53 Print Server - Inserting a network printer at IPBrick . . . 65

3.54 Print Server - Printer configurations . . . 65

3.55 Backup - Task insertion . . . 67

3.56 Backup - Task list . . . 68

3.57 Fax Server - Configure . . . 69

3.58 Fax Server - FAX at telephony card . . . 71

3.59 Fax Server - Serial Fax Modem . . . 72

3.60 Fax Server - Fax Users . . . 73

3.61 Fax Server - Fax line definitions . . . 73

3.62 Fax Server - Sent Faxes . . . 75

3.63 Fax Server - Received Faxes . . . 75

3.64 Fax Server - Current Faxes . . . 76

3.65 Terminal Server - General Configuration - 1/2 . . . 79

3.66 Terminal Server - General Configuration - 2/2 . . . 80

3.67 Terminal Server - Boot System configuration . . . 80

3.68 Terminal Server - Boot Loader configuration . . . 81

3.69 Terminal Server - Operating System . . . 81

3.70 Terminal Server - Configuration for PXE boot . . . 82

3.71 Terminal Server - Machines . . . 82

4.1 Firewall - Available Services . . . 87

4.2 Firewall - Block Services . . . 88

4.3 Proxy - Configuration . . . 89

4.4 Proxy - Rules 1/2 . . . 90

4.5 Proxy - Rules 2/2 . . . 91

4.6 Proxy - Source groups . . . 92

4.7 Proxy - Source groups - LDAP filter . . . 92

4.8 Proxy - Destination groups . . . 93

4.9 Proxy - Access Lists . . . 94

(9)

LIST OF FIGURES 9

4.11 Proxy - Other configurations . . . 97

4.12 Proxy - Statistics . . . 98

4.13 Proxy - Kaspersky - Licence . . . 98

4.14 Proxy - Kaspersky - General Settings . . . 99

4.15 Proxy - Kaspersky - Statistics . . . 100

4.16 VPN - PPTP - Users . . . 101

4.17 VPN - IPSec Configuration 1/2 . . . 104

4.18 VPN - IPSec Configuration 2/2 . . . 105

4.19 VPN - SSL Settings . . . 106

4.20 E-Mail - Advanced relay . . . 109

4.21 E-Mail - Get Mail from ISP - Base menu . . . 110

4.22 E-Mail - Get mail from ISP - Servers Management . . . 110

4.23 E-Mail - Get mail from ISP - Add Account . . . 111

4.24 E-Mail - Mail copy . . . 112

4.25 Web Server - Hosted sites . . . 113

4.26 Web Server - Adding sites . . . 114

4.27 Web Server - Features . . . 115

4.28 Web Server - Alias 1 . . . 116

4.29 Web Server - Alias 2 . . . 116

4.30 Web Server - Alias List . . . 117

4.31 Web Server - Redirect - Example 1 . . . 117

4.32 Web Server - Redirect - Example 2 . . . 118

4.33 Web Server - Redirections List . . . 118

4.34 Web Server - Reverse Proxy - Example 1 - Empty site created . . . 119

4.35 Web Server - Reverse Proxy - Example 1 - Add . . . 119

4.36 Web Server - Reverse Proxy - Example 2 - Add . . . 120

4.37 Web Server - Reverse Proxy - Example 2 - List . . . 120

4.38 Web Server - Statistics . . . 121

4.39 WebMail - Servers . . . 121

4.40 FTP Server - Account definitions . . . 122

4.41 VoIP - Registered Phones . . . 124

4.42 VoIP - Alternative Addresses . . . 125

4.43 VoIP - Call groups . . . 126

4.44 VoIP - Sequence definitions . . . 128

4.45 VoIP - Attendance sequences list . . . 129

4.46 VoIP - IVR attendance configuration . . . 130

4.47 VoIP - Call conference insertion . . . 131

4.48 VoIP - Call conference list . . . 131

4.49 VoIP - Dynamic call conferences . . . 132

4.50 VoIP - Call Parking . . . 132

4.51 VoIP - Call Parking - Modify . . . 133

4.52 VoIP - Scheduling . . . 133

4.53 VoIP - Scheduling - Insert rules . . . 135

4.54 VoIP - Scheduling - Rules list . . . 135

4.55 VoIP - DISA - Insert . . . 136

(10)

4.57 VoIP - Call queue members . . . 139

4.58 VoIP - Call queue agents . . . 140

4.59 VoIP - Access Classes - Insert . . . 141

4.60 VoIP - Access Classes - Members . . . 142

4.61 VoIP - Speed Dial . . . 143

4.62 VoIP - Online phones . . . 143

4.63 VoIP - Statistics filter . . . 145

4.64 VoIP - Call Manager configuration . . . 145

4.65 VoIP - Call Manager . . . 146

4.66 VoIP - Routes Management . . . 147

4.67 VoIP - Local Routes . . . 149

4.68 VoIP - Outbound route definition . . . 151

4.69 VoIP - Prefix definition . . . 152

4.70 VoIP - SIP server for registering . . . 153

4.71 VoIP - Music on hold . . . 153

4.72 IM - Enabling Instant Messaging Server . . . 155

4.73 IM - Blocking MSN applications . . . 156

4.74 IM - Web messenger sites blocking in firewall . . . 157

5.1 Advanced Configurations - Definitions . . . 161

5.2 Advanced Configurations - System Information - 1/2 . . . 162

5.3 Advanced Configurations - System Information - 2/2 . . . 163

5.4 Advanced Configurations - Web Access . . . 164

5.5 Advanced Configurations - Language . . . 165

5.6 Advanced Configuration - Authentication . . . 166

5.7 Advanced Configurations - Update . . . 168

5.8 Network - Firewall . . . 169

5.9 Network - Firewall - General settings rule . . . 171

5.10 Network - Firewall - Disable access rule . . . 172

5.11 Network - Firewall - DNAT rule . . . 173

5.12 Network - Firewall - Order . . . 174

5.13 Network - Route management . . . 175

5.14 Network - QoS management . . . 176

5.15 Network - QOS - General Configurations . . . 177

5.16 Network - Service Routing . . . 178

5.17 Support Services - LDAP . . . 187

5.18 Support Services - DNS - Name resolution zones . . . 189

5.19 Support Services - DNS - Zone Management 1/2 . . . 192

5.20 Support Services - DNS - Zone Management 2/2 . . . 193

5.21 Support Services - DNS - Forwarders . . . 194

5.22 Support Services - DNS - Name resolution . . . 195

5.23 Support Services - DHCP - Subnets . . . 196

5.24 Support Services - DHCP - General Options . . . 197

5.25 Support Services - DHCP - Subnets Definition . . . 198

5.26 Support Services - DHCP - Redundancy . . . 198

(11)

LIST OF FIGURES 11

5.28 Support Services - ENUM . . . 200

5.29 Disaster Recovery - Replace configuration . . . 201

5.30 Disaster Recovery - Download configuration . . . 202

5.31 Disaster Recovery - Upload configuration . . . 203

5.32 Disaster Recovery - Applications - Data backups list . . . 203

5.33 Disaster Recovery - Applications - Data restore confirmation . . . . 204

5.34 System - Services . . . 205

5.35 System - Task Manager . . . 206

5.36 System - Date and Hour . . . 207

5.37 System - System users . . . 208

5.38 System - Monitoring - System Logs . . . 209

5.39 System - SSH . . . 211

5.40 System - Reboot . . . 212

5.41 System - Shutdown . . . 213

5.42 Telephony - Cards - Insert . . . 214

5.43 Telephony - Card definitions . . . 215

5.44 Telephony - Cards list . . . 215

5.45 Telephony - Simple phone register . . . 216

5.46 Telephony - Configurations . . . 217

5.47 Telephony - Analog and ISDN PRI options . . . 219

5.48 Telephony - ISDN BRI options . . . 221

5.49 Telephony - Configurations - Codecs . . . 222

5.50 Telephony - Configurations - Codecs with g729 . . . 222

5.51 Telephony - Configurations - g729 licence . . . 223

5.52 Telephony - IP PBX remote managers . . . 224

5.53 Telephony - IP PBX remote managers - Configuration . . . 225

5.54 Telephony - VoIP domain alias . . . 226

5.55 Telephony - Interfaces . . . 227

5.56 Telephony - Interface insertion . . . 228

5.57 Telephony - SIP peers . . . 229

5.58 Telephony - IAX Peers . . . 229

6.1 Apply Configurations . . . 231

10.1 Backup - Arkeia - Main Menu . . . 242

10.2 Backup - Arkeia - Running Jobs . . . 243

10.3 Backup - Arkeia - Backups confirmation . . . 243

10.4 Backup - Arkeia - Add Users . . . 244

10.5 Backup - Arkeia - Directories to save . . . 245

(12)

(13)

Chapter 1 Aim of this document

This reference guide give you a detailed description of the following IPBrick menus: • IPBrick.I configuration; • IPBrick.C configuration; • IPBrick.GT configuration; • IPBrick.KAV configuration; • Advanced Configurations.

In appendix we present the procedure to deal with the Workstation configura-tions. You will find the following configurations

• Process of joining a workstation (MS Windows) in a domain;

• Procedures for the establishment of a virtual private network (VPN) PPTP and SSL.

(14)

(15)

Chapter 2 Before Starting

IPBrick is a complete integrated server system based in a Linux distribution. When installed you can access IPBrick with a Internet browser. The IPBrick IP address by default is 192.168.69.199. The address to write on the browser bar is https://192.168.69.199.

When you open a WEB session with IPBrick you will see a web page authen-tication. After a correct validation IPBrick allows you to change the domain and the IP networks of the private and public server interfaces.

Attention: If the communication network where you are trying to install IP-Brick has already a DHCP server you should deactivate this in order to avoid conflicts.

For more information about installing IPBrick and configuring a workstation, please consult the Installation Manual.

IPBrick web interface management is divided into five main menus: • IPBrick.I : For configuration of specific Intranet services;

• IPBrick.C : For configuration of specific Communication services outside the LAN;

• IPBrick.GT : Permit an easy configuration of services normally active at the IPBrick.GT appliance1_;

• IPBrick.KAV : Permit an easy configuration of services normally active at the IPBrick.KAV appliance2_;

• Advanced Configurations.

All configurations done by the IPBrick administrator are stored in a Post-greSQL database. Only when the option Apply Configurations is clicked, the

1_{It’s a IPBrick hardware appliance for telephony gateway. Can have analogic/ISDN telephony} cards

(16)

database will generate all the new system configurations files. Changing configu-rations in the following menus:

• Advanced Configurations IPBrick Definitions;

• Advanced Configurations IPBrick Authentication;

• Advanced Configurations System Date and Hour Time zone;

causes a restart of IPBrick (IPBrick needs approximately 1 minute to restart, depending on the hardware where it is installed).

IPBrick allows an efficient management of configurations where, whenever changes are made in the system by the web interface, a new configuration is locally recorded or automatically stored in an USB pen if one is plugged. This way the Disaster Recovery is guaranteed, one of the surplus values of IPBrick. For exam-ple, if the hard drive crashes down you can quickly restore the configurations with the IPBrick Installation CD and the Pen Drive.

On the management interface there are some links that allow you to manage the services. You will find links like:

• Back : Allows you to turn back to the previous page without saving changes; • Insert: Allows you to insert new items;

• Modify: Allows you to change item settings; • Delete: Allows you to delete an item;

(17)

Chapter 3 IPBrick.I

This chapter describes the IPBrick.I menus used to manage the main Intranet services.

It is divided into the following main sections: • Machine Groups • Machines Management; • User Groups; • Users Management; • Domain server; • File Server; • E-mail; • Print Server; • Backup; • Fax Server; • Terminal Server.

3.1 Machines Groups

In this menu you can manage groups of machines that lets you create groups and assign machines to each group. For instance, machine groups can be used to configure web proxy accesses. To insert a group of machines you have to set:

• Group name: The name assigned to the group of machines; • Group type

– Machines Subnets: Depending on the used IP address, the groups of machines can be split into defined sizes.

(18)

– Machines: If you choose this option and Insert, it’s possible to assign existing network machines to the group;

• Machine count: If the group is a subnet of machines, you can choose the number of machines for the group;

• Subnet: This field defines the subnet for the group of machines. It represents the range of IP addresses concerning the defined group.

By clicking Insert, the group is created and its settings are displayed. In that screen you can see three links: Back to go back to the list; Modify to change the name of the present group; Delete to remove the group of machines. We can see an example of a machine group at Figure 3.2 and the general list at Figure 3.1

Figure 3.1: Machine Groups - List

3.2 Machine Management

This section deals with adding or changing machine registrations in LDAP (e.g. PC, laptop, printer). A machine is represented by the type, name, group, IP ad-dress and MAC adad-dress, as you can see in Figure 3.3.

(19)

3.2 Machine Management 19

Figure 3.2: Machine Groups - Example

• Workstation: Workstation in LAN running a Windows operating system; • Workstation + SoftPhone: Windows workstation in LAN with a softphone

association;

• Linux Workstation: Workstation in LAN running a Linux distribution, so it will be possible to export the user’s home account by NFS to that Linux clients;

• Linux Workstation + SoftPhone: Linux workstation in LAN with a soft-phone association. The name will be the SIP username and it will always be associated to the IP address;

• Printer: Network printer. Location is a description about the printer loca-tion. Port will be the port where the print server is running. Example: 9100 for HP’s;

• IP Phone: Hardware IP SIP phone in LAN. The name will be the SIP username and it will always be associated to the IP address;

• Linux Terminal: Thinclient with remote session to a Linux machine that will be used with the Terminal Server in IPBrick;

(20)

• Windows Terminal: Thinclient with remote session to a Windows machine that will be used with the Terminal Server in IPBrick;

In order to insert a machine you only have to define the type, introduce the name and IP Address. In this way the machine is registered in the LDAP and the DNS server. If you fill in the MAC Address field with the MAC adddress of the machine to be registered then a record is also created for this machine in the DHCP server.

Note: The machine MAC address can be obtained from the network connection icon in Windows XP or by executing the order ipconfig /all in the command line.

Figure 3.3: Machines Management - Machine registration

You can manage a specific machine clicking over its name in the list. You will get the screen present at Figure 3.4. If you click the link Modify, the form from Figure 3.3 is displayed and enables you to redefine the machine parameters. If you click Delete, the machine will be deleted. When all the machines are registered you can get the list at the main menu (Figure 3.5).

3.2.1 Mass Operations

The Export feature will export all the data to a .csv file (Figure 3.6). The Mass operations option permit an import of a .csv file (Figure 3.7). You can edit

(21)

3.2 Machine Management 21

Figure 3.4: Machines Management - Options

a .csv file in a spreadsheet application, choosing the ; to split the columns. The fields are:

Mandatory fields:

• actionmachine: Options available: – I: To insert a machine in IPBrick;

– U: To update machine information in IPBrick; – D: To delete a machine in IPBrick;

• machinetype: Options available: – 1: For Workstation;

– 3: For Workstation + Softphone; – 14: For Linux Workstation;

– 15: For Linux Workstation + Softphone; – 16: For Printer;

– 2: For IP Phone; – 7: For Linux Terminal; – 4: For Windows Terminal.

(22)

Figure 3.5: Machines Management - List

• name: Machine single name;

• ip: Machine IP. The format is xxx.xxx.xxx.xxx;

• mac: Machine NIC MAC address. The format is xx:xx:xx:xx:xx:xx; • password: Password to use if a SIP phone is selected. Example: 123; Other fields:

• computernumber: Machine LDAP ID;

• groupnumber: Machine group number if associated to some group; • rdpsrvaddress: Remote server IP if a terminal is selected;

• rdpsrvdomain: Remote server domain if a Windows terminal is selected. Example of a .cvs file content for mass operations import option:

"actionmachine";"machinetype";"name";"ip";"mac";"password" "I";"1";"wrk01";"192.168.69.100";"00:E0:98:9C:49:03";"" "I";"1";"wrk02";"192.168.69.101";"00:E0:98:4D:23:12";"" "I";"1";"wrk03";"192.168.69.102";"00:E0:98:9B:45:04";""

(23)

3.3 User Groups 23

! Attention:

• The computer name has to be an alphanumerical name. Exceptions are the characters _ and -;

• The computer name shouldn’t have spaces nor diacritical marks on characters neither punctuation. Its maximum size should be 15 characters;

• Is is not allowed to register neither machine with the same name nor machine whose names are identical with a registered user log in;

• For a registration of a Windows station, the name as to be always in small letters and if necessary change the Computer name to small letters, too.

Figure 3.6: Machine Management - Export

3.3 User Groups

A group is an set of users generally created when you wish that all people in that group share the same permissions to a group of files. In this section you manage IPBrick user groups.

(24)

Figure 3.7: Machine Management - Mass Operations

– Click on Insert ((Figure 3.8); – Choose the group name.

• To add or remove users from a group: – Click on the group name (Figure 3.9);

– In the generated page (Figure 3.10) choose the users that should be added or removed from the defined group.

There are two pre-defined groups that cannot be deleted or changed. These groups are:

• Administrators; • General.

Users that belong to the Administrators group have administrator permissions in the domain served by IPBrick. You may add or remove users of this group with the exception of the pre-defined Administrator. The General group is a common group for all users created in IPBrick.

! Attention:

(25)

3.4 Users Management 25

• The group name can contain spaces, but can’t have more than 32 only al-phanumerical characters without accents.

• When the user is created, there shouldn’t be other group with the same name, including domains.

Figure 3.8: User Groups - Group creation

3.4 Users Management

In this section you learn how to register new users, change the information of already existing users and delete users. When creating a new user IPBrick creates automatically an e-mail account, and individual work area (user drive space in the server) and a net logon in order to identify the user in the domain.

After being installed, IPBrick creates by default one user and two groups. The created user have the login Administrator and the two groups are the Administrators and the General. The user with Administrator login has a work area created in the Work Area 1. This user has special characteristics because he belongs to the Administrators group and is responsible for the management of some system functions. Therefore he can never be removed.

The user registration is composed of the following fields: • Name: User’s name. Normally is the first and last name;

• Login: User’s identification to be used for any IPBrick authentication pro-cess.

(26)

Figure 3.9: User Groups - Groups List

• Server: Selection of the server where the user account shall be created. The user account stands for the hard drive space in the server where various user contents are stored, including email folder, Windows profile and documents. If there are slaves servers they are also listed.

• Work Areas: Partition of the server drive selected to create the account. The users should be distributed the fairest way in order to use the available space most efficiently.

• Password: Password definition;

• Retype Password: Confirmation of the password;

• Quota: Value that limits the user hard drive space in the system. The unit os measurement is kilobytes. If you don’t indicate a limit value, the user will have unlimited space to occupy.

An example is present at Figure 3.11. ! Attention:

• When inserting users only use characters without accents for their name, login and e-mail address.

(27)

Figure 3.10: User Groups - Users

• Spaces, brackets, full stops, small and capital letters are possible in the Name field.

• You are not allowed to use spaces in the Login field. Avoid using capital letters.

• Every login has to be unique. There cannot be a login with the same name of a machine registered in IPBrick.

In order to modify some user information you have to click over the name (Fig-ure 3.12).

In the form where you change the user (Figure 3.14) you can see all fields that were defined when the user account was created. The only exception is the uidNumber which is an IPBrick user identification number. The password is not shown. All defined fields are editable with the exception of the login and uidNumber.

To remove a IPBrick user record: • Click on the user name;

(28)

Figure 3.11: Users Management - Insert

• In the generated page, besides from displaying user properties, you can also delete the user (Figure 3.13).

⇒ Note: The user contents (personal files, profile, e-mails) are not eliminated when deleting his registration. They are moved to an administrative share called BackupX (X representing the number of the work area where the user was regis-tered, 1 or 2). Only members of the Administrators group have access to this share from any Windows station. Therefore they have to do the following:

• Press the keys [Win]+[R] at the same time

• Write \\ipbrick\backup1 and press the button ”OK”

All folders and files deleted in these administrative shares are finally eliminated in IPBrick.

3.4.1 Mass Operations

The Export feature will export all the data to a .csv file. The Mass operations option permit an import of a .csv file. You can edit a .csv file in a spreadsheet application.

(29)

Figure 3.12: Users Management - List

• actionuser: Options available: – I: To insert a user in IPBrick;

– U: To update user information in IPBrick; – D: To delete a user in IPBrick;

• login: User login;

• name: User name. If more than one word is used the " is necessary; • email: User email;

• accountquota: Quota for the user account. The 0 is unlimited; • idworkarea: User workarea number;

• password: Insert a user password. Later the user can change it by the myipbrick site. Note that this field is not present when we export a .cvs file, so you must create it;

• mailalias: User email alias. Other fields:

(30)

Figure 3.13: Users Management - Operations

• usernumber: User LDAP ID;

• groupnumber: Group LDAP ID of user;

• idserver: Slave server IP where to create the account. The 0 is for local; • passwordtype: 1 for normal, 2 for biometric mode;

• randompassword: Used to generate random password’s for users; • sipurl: User’s SIP url, representing the phone near the user; • mailaccountstatus: 1 for active, 2 for inactive;

• mailquota: Maximum mail account quota in MBytes; • mailmaxsize: Maximum received message size in MBytes; • mailforward: It’s a forward mail for the user;

• mailoutoreply: It’s the automatic reply message. The use of " is needed; • homedrive: Represents the account network drive. The default is Z; • roamingprofile: 1 for a roaming profile, 2 for a local profile.

(31)

3.5 Domain Server 31

Figure 3.14: Users Management - Modify

Example of a .cvs file content for mass operations import option:

”actionuser”;”login”;”name”;”email”;”accountquota”;”idworkarea”;”password”;”mailalias” ”I”;”jsmith”;”John Smith”;”[email protected]”;”0”;”1”;”123456”;”[email protected]” ”I”;”bjones”;”Bill Jones”;”[email protected]”;”0”;”2”;”123456”;”[email protected]”

”I”;”shamilton”;”Sara Hamilton”;”[email protected]”;”0”;”2”;”123456”;”[email protected]”

3.5 Domain Server

IPBrick as a Intranet server manages all the network resources belonging to a certain domain and provides important network support services as DNS and DHCP. A relevant feature to consider in the domain server1 _{is that it works with}

the authentication server, where all the users have a username/password match defined in the LDAP database of IPBrick. PDC is checked whenever there is a authentication demand in a workstation.

(32)

3.5.1 Configure

In this section you define the name of the domain served by IPBrick as well as this fields (Figure 3.15):

• Domain Login:

– YES: IPBrick will be a Primary Domain Controller in the chosen do-main;

– NO: IPBrick will not operate as a domain server.

• Default account network drive: Will be the drive where the users account will be mapped in the workstations side. The default is Z;

• Default type of profile: The profile is a Windows workstation is a group of folders that are stored normally at c:\Documents and Settings\user_login;

– Roaming: In this case when the user logout at workstation, all the profile folders are synchronized to the user personal account in IPBrick, located at \\ipbrick\user_login\.profiles. When he logins again in the same workstation or a different one, the profile will be synchronized back to the workstation;

– Local: The profile will never be synchronized to IPBrick.

⇒ Note: The information on this page is only valid for the MS Windows environment. The IPBrick Domain Name field is related to the Workgroup or Domain Name in the MS Windows environment.

3.5.2 Users Management

For each user it’s possible to specify: • Account network drive: Z: by default; • Type of profile: Roaming or local;

Clicking at that option the user’s list is presented. Choosing a specific user as shown at Figure 3.16, we can configure the domain server definitions for him.

3.6 File Server

A workarea corresponds to a physical partition in the drive with the denomi-nation /home1 or /home2. When a new user is created, the system also creates its personal account that represents a folder structure that supports the user account. 1. Personal Accounts: Located in the MS Windows environment, containing

e-mails files and the user profile;

(33)

3.6 File Server 33

Figure 3.15: Domain Server - Definitions

3. Administrative Sharing: Responsible for sharing user accounts and elim-inated group sharings. These areas are only available for Administrators. IPBrick has two Work Areas by default: Work Area 1 and Work Area 2. When you click on Work Areas you are given a list of all users and sharing groups classified by Work Area as well as information about the occupied space in the system of each individual Work Areas (Figure 3.17).

3.6.1 Individual Work Areas

When you select Individual Work Areas, IPBrick shows you a list with the existing Work Areas and a schedule of the occupation rate for each Work Area (Figure 3.18). These Work Areas correspond to the hard drive space where the users data is stored.

When you click on a Work Area, e.g. Work Area 1, you are given a list with all users introduced in this area as well as the occupied space of each user (Figure 3.19). Each user area is created in the moment you make the IPBrick registration in IPBrick.I Users Management. In individual workareas we have too the list

of FTP accounts created in FTP menu at IPBrick.C.

! Attention: If the occupied space in the Work Areas reaches 100% users can longer save their data in IPBrick. More over, e-mails are no more delivered to the

(34)

Figure 3.16: Domain server - Users Management

users. They stay in the queue till some space is released in the Work Areas. It is recommended to keep the occupation rate of each Work Areas under 95%.

3.6.2 Group Work Areas

The group work areas are network shares that can be acceded by SMB or by NFS clients. You can create network shares in any Work Area. After creating a network share you have to define the correspondent access permissions.

When inserting a Group Work Area you have to first choose the workarea were the share will be created (Figure 3.20) and fill in the following fields:

• Name: Name of the share folder. Try to avoid spaces, characters with accents and punctuation;

• Description: Share description. It’s a optional field;

• Administrator: Share administrator’s email. It’s a optional field;

• Browseable: If Yes it will appear in the server browse list. If No the share will became hidden;

(35)

3.6 File Server 35

Figure 3.17: Work Areas - Summary

• Name of the recycle bin folder: If you choose to enable the previous option, you can set in this field the folder that will be used as a recycle bin. Two examples can be viewed at (Figure 3.21) and (Figure 3.22).

Access Permissions

After creating a Group Work Area you have to give permissions to the users in order to have access to the network share. This is done by first clicking at the share name as shown at Figure 3.23.

There are 3 different types of permissions:

• None: No access to the share. Users have no access to open a share folder of a workstation;

• Read Only: Users have access to share folders and its files. Nevertheless, they are not allowed to change these files;

• Read/Write: Users have access to share folders and its files and are allowed to change files and save changes.

Permissions are given to individual users or user groups (Figure 3.24). Users groups are defined in IPBrick.I _{Group Management.}

For example, in order to create a share folder for users belonging to a commer-cial department you have to do the following steps:

(36)

Figure 3.18: Work Areas - List

• Create group ”Dept Financeiro”, in Group Management and add the users of this department to the group.

• Create an area called ”Financeiro” in Work Areas _{Group Work Areas.}

• Give read and write permissions to the group ”Dept Financeiro”. The other groups have either reading permissions or no access to this area.

⇒ Note: When defining user group permissions any change in the General group leads to changes for all the other groups. This happens because all users introduced in IPBrick are part of General group.

⇒ Note: A deleted share is no more available for users. All files in this share are moved to an administrative share called BackupX (X representing the number of the work area where the share was created, 1 or 2) that you find in the same Work Area. Only useres belonging to the IPBrick Administrators group have access to this administrative folder. You can access this share from a Windows station. Therefore you have to do the following steps:

• Press the keys [Win]+[R] at the same time

• Write \\ipbrick\backup1 and press ”OK” (share that exist in Workarea 1) All files and folders deleted in these administrative share are definitively deleted in IPBrick.

(37)

3.6 File Server 37

Figure 3.19: Work Areas - Summary of Individual Areas

3.6.3 Kaspersky

Kaspersky Antivirus for Samba Server (file server) is already installed in IP-Brick. After inserting a valid license (Figure 3.25), Kaspersky Antivirus for Samba Server is activated and displays the interface with the following links:

• Update: After the license expiration you should renew with a new license file;

• Delete: Removes the license;

• Configure: It provides you a general Anti-Virus configuration option; • Work areas: Antivirus behavior in work areas;

• Statistics: Interface with specific statistics about the file server Anti-Virus.

Configuration General settings:

(38)

Figure 3.20: Work Areas - List

• Notify to the address: Email address that will receive notifications. Object settings:

• Directory exclusion mask: Directories that will be analyzed; • File exclusion mask: Files that will be analyzed;

• Packed Files: If you choose this item, this type of file will be analyzed; • Archives: If you choose this item, this type of file will be analyzed;

• Auto-extraction files: If you choose this item, this type of file will be analyzed;

• Email database: If you choose this item, this type of file will be analyzed; • Text format email: If you choose this item, this type of file will be

ana-lyzed. Scan settings:

• Cure: If activated, detected virus will be automatically removed;

• Use heuristic: If activated, virus can be detected through the analysis of the code with characteristics and behavior similar to a virus;

(39)

3.6 File Server 39

Figure 3.21: Work Areas - Group - Insert with recycle bin

• Usar IChecker: If the file was not modified since the last time that was checked, there will be no new analysis for this file.

Actions Settings: Defines what the Anti-Virus will do with infected and sus-pecting files or with warnings

• Remove: Removes the file;

• Inalterable: Doesn’t make any action on the file; • Move: Moves the file.

Notification settings: Defines what notifications the Anti-Virus will do about infected and suspecting files or with warnings.

• Notify user through winpopup: Notification using the Windows net send command;

• Notify user through email;

• Notify administrator through email.

To change settings click on Modify. You can see the configuration interface at Figure 3.26 and Figure 3.27.

(40)

Figure 3.22: Work Areas - Group - Insert without recycle bin

Workareas

By default, work areas are verified when they are opened and closed. You can set for each share if it will be protected, or not, and if it will be verified when users open and/or close files, like shown at Figure 3.28.

Statistics

Several statistics are displayed in this interface:

• Virus Statistics in period: Options to display present graphic in Virus Statistics (Figure 3.29):

– Start: The starting date for statistics;

– View: Can be set in hours, days, months or years; – Repetition: Scale of the graphic horizontal axis;

– Group: It enables you to group data, depending on the chosen view • V´ırus statistics: The display can be filtered by: Infected files, protected,

corrupted, errors and files where disinfection failed;

• Virus list: Can be organized by Virus name/Number of occurrences (Fig-ure 3.30).

(41)

3.7 E-Mail 41

Figure 3.23: Work Areas - Group - Management

3.7 E-Mail

Email is the most used network service in Internet, increasingly replacing tradi-tional mail and fax. The protocol that is used to send electronic messages is SMTP (Simple Mail Transfer Protocol) that runs on gate 25 TCP. It enables email sending for one or several recipients and is implemented by MTA (Mail Transfer Agents). IPBrick MTA is Qmail2.

SMTP is only capable of sending messages, being necessary to users the use of an email client that supports the protocols aiming to download messages from servers POP3/IMAP.

IPBrick’s Email section is composed by: • Configure; • Queue Management; • Users Management; • Mailing Lists; • Kaspersky Anti-Virus; 2_{http://cr.yp.to/qmail.html}

(42)

Figure 3.24: Work Areas - Group - Users Access

• Kaspersky Anti-Spam.

3.7.1 Configure

An important concept about the email server configuration is open relay. A server that works in open relay processes messages between senders and recipients out of the server domain, that actually can even be non-existent. Obviously, IP-Brick doesn’t work as open relay, only forwarding Internet emails to domains that are explicitly indicated.

Is is important to mention four very simple and decisive concepts in the E-mail configuration:

1. Locally delivered domains: E-mail addresses with destination to the IP-Brick server itself, that is, the associated e-mail accounts are in the local network. E-mails that are in the queue and whose recipient is one of these domains are not sent to another server in order to be delivered. The domains served by the machine have to be correctly configured in each DNS domain server. That is, the ”E-mail servers” of these domains have to be configured to this machine.

(43)

3.7 E-Mail 43

Figure 3.25: Workareas - Kaspersky Licence

their domains in this list and will be accepted by the server to a queue list. Messages to other recipients that don’t belong to this domains won’t be accepted by the server (please see 3.

3. Relay networks definitions: IPBrick relays to any domain as long as the e-mail is sent from his corresponding internal network. If there are different internal IP networks it is necessary to add these networks to the list. This way all machines in the networks are able to send e-mails to other domains using IPBrick as a relay server. The Other networks (Internet IP’s) could use this SMTP server but only with TLS authentication. So someone in Internet that want to use the IPBrick’s SMTP to send email is forced to authenticate with his LDAP username/password;

4. SMTP Routes: SMTP routes are configured when you want e-mails to follow a certain way (server) in order to find their recipient. Normally, a SMTP route is defined by default (showing the SMTP route and leaving the Domain empty).When the server is not correctly registered with the IP name in the Internet DNS, you have to define a SMTP route. In this route it should be either the server responsible for the forward of company e-mails or the SMTP server of the ISP used by firms to access the Internet. This configuration is

3_{Only e-mails from the Internet respecting these rules are processed. IPBrick is not configured} as open-relay.

(44)

Figure 3.26: Workareas - Kaspersky - Configure 1/2

necessary because certain e-mail servers make additional verifications of the sending server authenticity. If they can’t resolve the server name into the corresponding IP address (reverse DNS check), the mail may be deleted or sent back as SPAM. In case no SMTP route is used the server tries to send the mails in the queue by his own. With the help of the DNS registrations he tries to find the recipients directly in the Internet.

Each e-mail configuration option has a link to Insert new entries (Figure 3.31). The domains for local delivery (domains with IPBrick serves) and relay (do-mains which IPBrick forwards) can be edited and/or deleted. The exception is the domain whose name is the same as that of the machine in the local networks or that of the local domain in the relay.

⇒ Note: To make IPBrick relay e-mails to another server that has the ac-counts, the firm base domain has to be retreated from the domains served by IPBrick, since it is a domain served by IPBrick by default.

By default IPBrick only forwards email messages that come from is private network. If there are different internal IP networks, they should be added to let them send messages.

(45)

3.7 E-Mail 45

Figure 3.27: Workareas - Kaspersky - Configure 2/2

Figure 3.28: Workareas - Kaspersky

1. FQDN4 _{of the route server. For example: smtp.exchange.telepac.pt.}

2. IP address of the route server. Please give attention to the brackets 195.22.133.45. In the following you are given two examples of configurations, one with an IP for a specific domain and another configuration for the same domain with the FQDN:

(46)

Figure 3.29: Workareas - Kaspersky - Statistics 1/2

Figure 3.30: Workareas - Kaspersky - Statistics 2/2

First Example: Domain : abzas.miz SMTP route : 195.22.133.45 Second Example: Domain : abzas.miz SMTP route : smtp.exchange.telepac.pt

(47)

3.7 E-Mail 47

Figure 3.31: E-mail - Configure

An important configuration is that of a machine relaying e-mails. Whenever you add in this situation a SMTP route by default (without indicating the domain) you have to add another SMTP route to forward e-mails do the internal e-mail server. In the following you can see an example of such a configuration.

In this configuration IPBrick is relaying all the e-mails comming to an internal e-mail server called accounts. IPBrick have a second route to deliver all the mail to the Internet by the smarthost smtp.isp.pt:

Domain: domain.com

SMTP route: accounts.domain.com Domain:

SMTP route: smtp.isp.pt

3.7.2 Definitions

There is a link called Definitions (see Figure 3.32 and Figure 3.33) to define characteristics of the e-mail server:

• Message maximum size: It’s the global message maximum size of a sending message

(48)

• Maximum time to hold the message in the server: Maximum time the message will be in mail queue

Value by default: 604800 seconds (7 days)

• Maximum number for simultaneous SMTP connections: Number of con-nections that the server can support

Value by default: 20

• Incoming message timeout: Maximum time to receive a single message in server. If reached it will timeout

Value by default: 1200 seconds

• Outgoing message timeout: Maximum time to send a single message. If reached it will timeout

Value by default: 1200 seconds

• Reject emails from invalid domains: The server will reject incoming mail if the sender’s domain MX record don’t exist, so it will be invalid. Default value: Yes

• Reject emails from invalid servers: The server will reject incoming mail if the sender’s FQDN don’t have a reverse DNS record.

Default value: No

In this interface it is even possible to define permissions of sending and receiving e-mails:

• Valid internal recipients: This list is important to fill in order to pro-tect the server from a mailbomb attack. Here should be listed all the internal valid email addresses. If the list is empty all the internal recipients will be accepted (Figure 3.34);

• Invalid senders: A list with e-mail addresses that are not allowed to send email ((Figure 3.35).

3.7.3 Queue Management

The Queue Management (Figure 3.36) allows you to manage and visualize e-mails that are in the e-mail server queue waiting to be delivered to their local or remote recipient.

You can see the number of e-mails that are in the queue waiting to be delivered to their local or remote recipient as well as the total number of e-mails in the queue. The list presents the following fields:

• ID: The only message identification added by IPBrick ; • Date: E-mail sending date;

(49)

3.7 E-Mail 49

Figure 3.32: E-Mail - Definitions 1/2

• To: e-mail recipient; • Subject: Message subject;

• Size: Message size displayed in Kbytes.

You can delete several e-mails at the same time by selecting the corresponding checkboxes and clicking in the Delete Mails option. You have to confirm this action in order to eliminate the chosen mails.

When selecting a mail you can see its complete source. This operation is done in real time. Therefore is not necessary to Apply Configurations.

! Attention: E-mails deleted in the queue are eliminated definitely. A email can stand in queue for a default value of 7 days.

! Attention: When a message in queue is deleted the qmail service is restarted.

3.7.4 Users management

This option provides a centralized management for each user email account of the system and it’s possible to configure:

• State: The user email account can be enable or disabled;

• Default mail: The user default mail address. It’s not mandatory to be equal to login@domain;

(50)

Figure 3.33: E-Mail - Definitions 2/2

Figure 3.34: E-Mail - Definitions - Valid internal recipients

• Alternative addresses; • Mail quota;

(51)

3.7 E-Mail 51

Figure 3.35: E-Mail - Definitions - Invalid senders

Figure 3.36: E-Mail - Queue Management

• Forward to;

• Automatic reply message.

Configuration example at Figure 3.38. Alternative Addresses

Alternative addresses (Figure 3.38) allow you on the one hand to have practical logins which are easily to manage and on the other hand the confort to use more personalized e-mail addresses. This way the user can have an e-mail address with which he identifies himself more.

(52)

Figure 3.37: E-mail - Users Management

All mails that are sent to any defined alternative e-mail user address are deliv-ered to the inbox respectively.

Example: name : John Smith login : jsmith email : [email protected] Alternative Addresses: [email protected] [email protected] [email protected]

To Insert a new email address: • Select the account (user);

• In the Alternative Addresses field: Set the alternative email address(es). Whenever you want to you can access the e-mail address list (IPBrick user e-mail address arranged in groups) and change the names or the user of an e-mail address. Is it obvious that when you change the user of an alternative e-mail address new mails will be delivered to the new user while the other alternative addresses stay with the old user.

(53)

3.7 E-Mail 53

Figure 3.38: E-Mail - Alternative addresses, Forwarding and automatic replys

Mail Forward

Mail forward allows delivered mails to be sent to the user’s email and other internal or external e-mail addresses.

To insert a new mail forward (Figure 3.38): • Select the account (user);

• In the Forward to field: Set the recipient email address(es). Automatic reply message

A automatic reply message is an e-mail automatically send by IPBrick to an-swer other e-mails. When a e-mail arrives at a user account with Auto Response configured, IPBrick send a mail to this send with the personalized user contents.

In order to Insert a new Auto Respond you need to (Figure 3.38): • Select the account (user);

• Insert in the Automatic reply message text area, insert the content you want. Ex: Vacations

3.7.5 Mailing Lists

A mailing list provides the feature of sending email from one to many. To add a mailing list:

(54)

• Click on Insert;

• Write the address you want in the mail field (Figure 3.39); • Click on Insert.

After you add a mailing list (Figure 3.40), you have to configure:

• Internal Users List: Set the IPBrick Users that will be part of the mailing list;

• IPBrick Contacts address list: Set if any contact present at IPBrick Contacts site will be part of the mailing list;

• External Users List: Set the email addresses that don’t belong to the LAN ((Figure 3.41)).

In both cases you only have to click Modify to add members to the list.

Figure 3.39: E-Mail - Mailing List - Insert

3.7.6 Kaspersky Anti-V´ırus

The Anti-Virus is already installed in the Email section. You only have to acquire a license to activate its management interface. After inserting the license, the interface displays the following links (Figure 3.42):

(55)

3.7 E-Mail 55

Figure 3.40: E-Mail - Mailing List - Users

• Update: After the license expiration, you need to renew with a new license file;

• Delete: Removes the licence;

• Configure: Provides a general configuration of notifications;

• Groups Management: Provides personalization of Kaspersky Antivirus con-figuration and filtering;

• Statistics: Interface with specific statistics about the Anti-Virus use. General configurations

Click in Modify to configure email address of notifications (Figure 3.43). General Settings:

• Notify from address: Sender will make the notifications;

• Notify to address: Email address that will receive notifications. Limits:

• Do not send notification to: Address that won’t be able to receive no-tifications (the notification sender).

(56)

Figure 3.41: E-Mail - Mailing List - External users

Figure 3.42: E-Mail - Kaspersky Anti-V´ırus

Groups Management

The group default is already created. If you click on the group, the default general settings are displayed. If you click on Modify, you can personalize the

(57)

3.7 E-Mail 57

Figure 3.43: E-Mail - Kasp. Anti-V´ırus - General Configurations

following options (Figure 3.44):

• Enable: Kaspersky Anti-V´ırus State;

• Group administrator address: Group administrator email;

• Quarantine path: The files in the quarantine state are stored in this direc-tories;

• Sender mask: You may add this item if a new group is created; • Recipient mask: You may add this item if a new group is created;

(58)

The notification rules for any type of object can be changed in Notification Rules menu, as you can see in Figure 3.45.

Figure 3.45: E-Mail - Kasp. Anti-V´ırus - Notification Rules

In the Filter menu (Figure 3.46), you may set the filter rules/exceptions by the name of the files or by mime-type.

Figure 3.46: E-Mail - Kasp. Anti-V´ırus - Filter

Statistics

• Virus Statistics in period: Options to display present graphic in Virus Statistics:

(59)

3.7 E-Mail 59

– Group: It enables you to group data, depending on the chosen view • Virus statistics: The display can be filtered by: Infected files, protected,

corrupted, errors and files where disinfection failed;

• Virus List: Can be organized by Virus name/Number of occurrences; • List of email senders: Shows some statistics about files by sender

ad-dresses;

• List of email recipients: Shows some statistics about files by IPBrick recipients addresses;

An example can be seen at Figure 3.47 and Figure 3.48.

Figure 3.47: E-Mail - Kasp. Anti-V´ırus - Statistics 1/2

3.7.7 Kaspersky Anti-Spam

Like Kaspersky Anti-Virus, Anti-Spam is already installed, you only need to apply a license to activate this feature at the communications IPBrick. After the activation, the following options are displayed:

(60)

Figure 3.48: E-Mail - Kasp. Anti-V´ırus - Statistics 2/2

• Update: After the license expiration, you need to renew with a new license file;

• Delete: Removes the licence;

• Configure: Provides a general configuration of notifications;

• Statistics: Interface with specific statistics about the Anti-Spam use. The most important Anti-Spam configuration features are:

• To add every email domains of the company that the Anti-Spam should filter (Figure 3.49);

• To set Kaspersky Anti-Spam detection level. Standard is the default level. If the spam reception rate is high, the level of detection should be increased (Figure 3.51);

• To redirect all the emails classified by KaspersKy Anti-Spam to a email account (At Figure 3.50: [email protected]). This enables the network administrator to analyze all the emails classified as Spam - if there is any misclassified email, the administrator may forward this email to his recipient. In a Intranet and a Communications IPBrick topology we can use a local mailbox from the Communications IPBrick (ex: [email protected]), because all the spam must stay at the com. server;

(61)

3.7 E-Mail 61

• Email and IP addresses Whitelists and Blacklists should be added - if there is any (menu on Figure 3.49).

Figure 3.49: E-Mail - Kasp. Anti-Spam - Protected Domains

Statistics

• Spam Statistics in period: Options to display present graphic in Spam Statistics:

– Group: It enables you to group data, depending on the chosen view • Spam statistics: The display can be filtered by: Clean files, Spam,

prob-able and blacklists;

• List of email recipients: Shows some statistics about files by IPBrick recipients addresses.

(62)

Figure 3.50: E-Mail - Kasp. Anti-Spam - Actions

3.8 Print Server

This section deals with the interface management of the printers intended to be available in the network. When you define a printer you are asked to define that fields (Figure3.53):

1. Name: Printer name;

2. Description: Simple description about the printer. This field is not manda-tory;

3. Location: Physical location in the company. This field is not mandatory; 4. Interface: Interface type used between the printer and the server. There

are 4 options: • Parallel port; • Serial port; • USB port;

• Network printer: Connected to a LAN switch.

5. Device: Used by the printer. This is directly related to the interface. (This option is only available for interfaces with parallel port, series port and USB port) (e.g. Interface–>Parallel Port, Hardware ->Parallel Port 1)

(63)

3.8 Print Server 63

Figure 3.51: E-Mail - Kasp. Anti-Spam - Rules

6. In case of a network printer, the following information is necessary:

• Address: Network printer address. (this option is only available for network printers) (e.g. 192.168.1.1)

• Port: Used by the network printer. This field is not obligatory. (This option is only available for network printers) (e.g. for a HP printer: 9100)

After inserting a printer IPBrick has to put the drivers available for the client stations in order to finish the configuration. Therefore the printer drivers have to be transferred to the server:

1. Log on in a Windows station with a user of the Administrators group (the workstation has to be already registered in the IPBrick domain);

2. Press the keys [Win]+[R] at the same time and type \\ipbrick; 3. Select Printers and Faxes

Verify if the added printer to the IPBrick Web interface is shown.

4. Right click inside the window Printers and Faxes and select Server Properties; 5. Select the Drivers option in the presented window.

(64)

Figure 3.52: E-Mail - Kasp. Anti-Spam - Statistics

7. Select the Windows version which the drivers have to correspond with. 8. Click Finish

Now the printer’s drivers are transferred to IPBrick.

9. At share named Printers and Faxes on IPBrick, right click at the printer and choose Printer Properties. You’ll be prompted with a message like the one in Figure3.54. Choose ”No”.

10. Enter in ”Advanced”, select the new driver just added and click ”Apply”. To configure the printer on the client side, you must:

• Press the keys [Win]+[R] at the same time; • Type \\ipbrick at the new window;

• Right click on the printer and choose ”Connect”.

(65)

3.9 Backup 65

Figure 3.53: Print Server - Inserting a network printer at IPBrick

Figure 3.54: Print Server - Printer configurations

3.9 Backup

Backup consists of copying data from one device to another with the aim of preserving the data in case of future problems. Usually this copy is made from the hard disk to tapes, DVD or other disks. Nowadays paper is increasingly replaced by digital files, bringing companies to the importance of having a reliable backup system.

(66)

3.9.1 Bacula

In IPBrick 5.0 we include Bacula that is a complete network backup solution. Link: http://www.bacula.org.

3.9.2 Remote

This option enables the possibility of configuring scheduled backups to a NAS5 device or to a rsync server. Rsync is a powerful backup tool included in IPBrick, that does incremental copies of files/directories to another rsync server.

To add a backup task you must click Insert (Figure 3.55). You will have the following fields:

Backup definitions:

• Backup Name: It’s the backup name.

• Notification E-mail: Recipient that will receive all the backup notifications; • Job to do: There are two options:

– Copy: It will copy all work areas to the backup device(/home1, /home2, /home3...);

– Restore: It will restore all work areas from the backup device; • Periodicity: The backup will be allways daily;

• Time to start: Time when the copy will start; Destination Data Definitions:

• Data Location: The only option is remote. It will always be a remote ma-chine.

• Backup Device

– NAS (SMB): The backup device is a NAS6 _{with a SMB share created.}

The backup method is done using the archiving utility tar. Options available:

∗ IP address: Backup device’s IP address; ∗ Login: Username that has access to the share; ∗ Password: Share password;

∗ Share Name: Name of the share created in the NAS.

– NAS (NFS): The backup device is a NAS7 with a NFS share created. The backup method is done using the incremental backup utility rsync. Options available:

5_{Network Attached Storage} 6_{Network-attached Storage} 7_{Network-attached Storage}

(67)

3.9 Backup 67

Figure 3.55: Backup - Task insertion

∗ IP address: Backup device’s IP address:

∗ Share Name: Name of the share created in the NAS.

– Rsync Server: The backup device is a machine running a rsync server. You can see an example of a rsync server configuration in the next section;

∗ IP address: The rsync server’s IP address.

When a backup task is inserted, we have a Backups List with the following options (Figure 3.56):

• Name: Clicking in the Backup Name you will have access to these options: – Back: Go to backups list;

– Modify: Modify the current backup task definitions; – Delete: Delete the current backup task;

• Start copy: Starts the backup immediately; • Statistics: Backup statistics;

(68)

Figure 3.56: Backup - Task list

Rsync server configuration

If the backup device is another IPBrick, the server must be prepared to act as a rsync server. First let’s suppose that the client IPBrick machine has that configurations:

• IP: 192.168.69.199;

• FQDN: ipbrick.domain.com; At IPBrick rsync server we need to:

1. Create a group workarea (share) using the Workarea 1, with the FQDN as the share name: ipbrick.domain.com;

2. Connect by SSH to the IPBrick server and type the following command in order to put rsync allways running when the server reboots:

update-rc.d rsync defaults 20

3. Create the configuration file for rsync by typing: nano /etc/rsyncd.conf 4. Fill the following content:

(69)

3.10 Fax Server 69

uid = root

[ipbrick.domain.com]

path = /home1/_shares/ipbrick.domain.com hosts allow = 192.168.69.199

read only = false write only = false

5. Save the file and exit from the file editor nano;

6. Start rsync using this command: /etc/init.d/rsync start

3.10 Fax Server

The fax server is integrated at IPBrick from version 4.1. It works with serial modem/fax or integrated in the PBX IP server. Incoming faxes are automatically forwarded trough email.

The FAX Server configurations are implemented through the web interface in IPBrick.I - FAX Server (Figure 3.57).

Figure 3.57: Fax Server - Configure

IPBrick provides you the use of two services: FAX2Mail e Mail2FAX. With the FAX2Mail service, a FAX sent by an external FAX device is received by the FAX

(70)

connected to IPBrick and then is forwarded to a defined email address.

With Mail2FAX you can send from an email an attached pdf file to a defined FAX number. to enable this task you have to configure the email client with the SMTP server where the FAX service is running and add the configured fax domain to the domain list that is allowed to be forwarded by the email server.

3.10.1 Fax2Mail

To configure the service you have to click on Modify link and select Yes to Enable Configuration. The following options are displayed:

• Fax Device: Type of physical connection/FAX hardware.

– Line type: When the server has a telephony PCI card acting as Fax. The type of line could be ISDN or ANALOG in the case of an analogic telephony access (Figure 3.58);

– Serial Fax Modem: If the modem is connected to the server serial port you should choose the port that connects to the the modem in the Serial Ports list (COM1 to COM8), the Baud rate (1200 to 38400) and Class of the modem (Class1 to Class2.1). To know the appropriate values you should read the modem manual (Figure 3.59).

• Number of virtual fax machines: You can use more that one virtual fax machine;

• Main Fax Number: The PSTN Fax number to be present when a FAX is sended;

• Company identification: Company name to be present when a FAX is sended; • Country Code: Country phone number code to be present when a FAX is

sended;

• Area Code: Area phone number code to be present when a FAX is sended; • Long distance prefix: 0 by default;

• International prefix: 0 by default;

• Rings Before Answer: Number of rings before IPBrick answers to Fax. Can be useful if another FAX equipment is connected. For example, if the FAX equipment can’t receive the FAX, IPBrick FAX server can answer at the 5th ring;

• Speaker volume: FAX sound volume; • Enable delay: Should be active by default;

(71)

3.10 Fax Server 71

Figure 3.58: Fax Server - FAX at telephony card

• Sender of notifications: It’s a internal email account that will send the noti-fications to users that are using the Mail2FAX. Examples: Error sending the fax, successfully task completed etc. By default we use IPBrick Fax Server that will use the current domain;

• Sender of received fax notifications: Identification of the reception warnings sender. By default we use IPBrick Fax Server.

If the inserted Fax is connected to a serial port, there are some options: • Send to: At this moment the single option available is sending to email; • Destination: Is the email address where the IPBrick incoming faxes are

forwarded;

• File type: The format faxes will be delivered (pdf, ps or tiff); To activate configuration, click Modify

If you access the menu again, there will two new options near the link Modify: Fax Users e Fax Lines (if the Fax is connected to an analogic telephony/ISDN card).

IPBrick Reference Guide Version 5.0. iportalmais

IPBrick

Reference Guide

Version 5.0

iPortalMais

August 2008

Contents

List of Figures

Chapter 1

Aim of this document

Chapter 2

Before Starting

Chapter 3

IPBrick.I

3.1

Machines Groups

3.2

Machine Management

3.2.1

Mass Operations

3.3

User Groups

3.4

Users Management

3.4.1

Mass Operations

3.5

Domain Server

3.5.1

Configure

3.5.2

Users Management

3.6

File Server

3.6.1

Individual Work Areas

3.6.2

Group Work Areas

3.6.3

Kaspersky

3.7

E-Mail

3.7.1

Configure

3.7.2

Definitions

3.7.3

Queue Management

3.7.4

Users management

3.7.5

Mailing Lists

3.7.6

Kaspersky Anti-V´ırus

3.7.7

Kaspersky Anti-Spam

3.8

Print Server

3.9

Backup

3.9.1

Bacula

3.9.2

Remote

3.10

Fax Server

3.10.1

Fax2Mail