Applies To:

Show Versions Show Versions

Manual Chapter: Deploying the BIG-IP® Message Security Module: Introducing the BIG-IP Message Security Module
Manual Chapter
Table of Contents   |   << Previous Chapter


Deploying the BIG-IP Message Security Module


Introducing the BIG-IP Message Security Module

The BIG-IP® Message Security Module (MSM) identifies and blocks unwanted emails at the edge of your network. You configure MSM to block known and malicious spam senders, and keep them from filling your network with unwanted email. Blocking unwanted email at the edge of your network minimizes the resource load on your network and associated devices. This document introduces MSM, and describes how to install it and configure the BIG-IP system to use it.

MSM includes a real-time subscription to Secure Computing® TrustedSource®, and email filtering capabilities for the BIG-IP system. TrustedSource® is an industry-leading system for evaluating the safety of email sources, and for scoring the reputation of the IP addresses from which email originates.

TrustedSource® assigns an IP address reputation score to senders of email. The score indicates whether the sender is known for sending only legitimate email traffic, always sending spam, or sending a combination of both. The scores range from -140 through +140. The lower the score, the better the sender's reputation is for sending legitimate email traffic. For example, a score of -140 represents a source IP address that never sends spam. Whereas, a score of +140 represents a source IP address that never sends legitimate email traffic. The score is dynamic. An email sender's score can fall anywhere within the range at any given time, and the score can fluctuate on a real-time basis.

When MSM is active on a virtual server, the BIG-IP system evaluates the sender of each message that is destined for your mail servers by communicating with TrustedSource®. Based on the score that TrustedSource® returns, MSM either accepts a connection and load balances the connection to your mail network, or rejects and drops the connection.

If MSM accepts a connection, it routes the connection to your mail network based on load balancing specifications that you specify in the new MSM_config data group. Administrators can configure MSM to:

  • Forward connections from bad sources to a pool of mail servers where the emails are stored for manual analysis.
  • Forward connections from questionable sources to a pool of mail servers where emails are scanned by your existing email filtering systems, perhaps including your existing spam filters.
  • Forward connections from trusted sources to a pool of mail servers where emails are scanned by your existing email filtering systems, but not necessarily by your existing spam filters.
  • Gather statistics about all connections including total requests for connection, dropped requests, quarantined requests, suspected requests, and trusted requests.

Table 1 shows the TrustedSource® IP address reputation score ranges, how MSM assesses the connections in each range, and which variable in the MSM_config data group directs the connections that fall in the specified range of scores.

Table 1 IP reputation scores and connection routing
Default IP reputation score thresholds
MSM Assessment
Action Taken by MSM
Variable to set in the MSM_config data group
-140 through -50
Trusted sender
Accepts and routes connection to existing mail filtering systems, excluding existing spam filters
trusted_pool
-49 through +50
Questionable sender
Accepts and routes connection to existing mail filtering systems, including existing spam filters
suspect_pool
+51 through +80
Bad sender
Accepts and routes connection for storage and possible manual analysis
quarantine_pool
+81 through +140
Worst sender
Drops connection
 

 

For more information on Secure Computing, and TrustedSource®, see http://www.SecureComputing.com/.

For more information on the BIG-IP® system, see http://www.f5.com/products/bigip/ltm/.

Prerequisites and configuration notes

To install and configure the BIG-IP® Message Security Module, you must:

  • Install and license a BIG-IP® Local Traffic Manager, version 9.2 or later.
  • Have a license for the BIG-IP® Message Security Module.
  • For more information on licensing, contact your F5 Networks sales representative.

  • Configure DNS for the BIG-IP system.
  • DNS (Domain Name System) is an industry-standard distributed internet directory service that resolves domain names to IP addresses.

  • Have command line access to the Root directory of the BIG-IP system. This means that you must be assigned the Administrator role with access to the Root directory of the system.

We recommend that you use MSM as a spam volume-control solution in addition to using the existing, content-based, email filtering solutions that are already installed on your network. This combination provides more complete protection for your network than either solution alone.

This document is written with the assumption that you are familiar with the BIG-IP system. For more information, see the BIG-IP system documentation located on AskF5sm (https://tech.f5.com).

Requirements and recommendations for installation and configuration of the BIG-IP Message Security Module

We recommend that you install the BIG-IP Message Security Module in front of both your mail servers and any existing anti-spam systems that may be in place. MSM is an IP address reputation solution that works with existing email content inspection products; it does not replace them. This configuration provides the most robust mail security possible by overlapping multiple anti-spam solutions.

The BIG-IP Message Security Module should be the first device behind the firewall that an incoming email message encounters. When you place the BIG-IP system at the mail network edge, MSM drops connections from the known, malicious, email source IP addresses before the connections reach the content inspection systems on your network that scan each individual email message. Likewise, the connections that MSM does not immediately drop (the connections that TrustedSource® either knows to be in good standing or is unsure of) are sent directly to the mail processing network, where your existing content inspection systems examine individual messages through the SMTP connection. By allowing MSM to reject the known, worst connections at the network edge, and then manage the distribution of the email connections that it does not reject according to score thresholds and load balancing specifications, you minimize the resource load on your network and associated devices.

Figure 1 shows an example of the recommended configuration for the BIG-IP® Message Security Module.

 

 

  1. Example BIG-IP Message Security Module configuration

Configuring the BIG-IP Message Security Module

When you configure the BIG-IP® Message Security Module, you perform these tasks:

It is also a good idea to create health monitors to monitor the pools that you create, and profiles to manage the application-specific traffic on your network. The following procedures describe the tasks listed above, but do not describe how to create health monitors and custom profiles. For more information on these tasks, see the BIG-IP system documentation located on AskF5sm (https://tech.f5.com), and the BIG-IP system online help.

Licensing the BIG-IP Message Security Module

Before you install the BIG-IP Message Security Module, you must activate the license using the Add-on registration key that you received by email. If the BIG-IP system is connected to the internet, you can activate the MSM license using the Automatic setting. However, if the BIG-IP system is not connected to the internet, you must choose the Manual setting when you activate the MSM license.

Note

It is important to note that Trusted Source® may begin to process submissions from the BIG-IP system up to two business days following activation of the MSM license on the BIG-IP system.

To automatically license the BIG-IP Message Security Module

  1. Verify that the BIG-IP system is connected to the internet.
  2. If the BIG-IP system is not connected to the internet, you must manually license MSM as shown in, To manually license the BIG-IP Message Security Module , immediately following.
  3. On the Main tab, expand System, and click License.
    The License screen opens.
  4. Click the Re-activate button.
    The Re-activate screen opens.
  5. In the Add-on box, type your MSM registration key, and click the Add button.
    The key appears in the Add-on Registration Key List.
  6. Leave the Activation Method set to Automatic, and click Next.
    The BIG-IP system contacts the license server and completes the licensing process automatically.

To manually license the BIG-IP Message Security Module

  1. On the Main tab, expand System, and click License.
    The License screen opens.
  2. Click the Re-activate button.
    The Re-activate screen opens.
  3. In the Add-on box, type your MSM registration key, and click the Add button.
    The key appears in the Add-on Registration Key List.
  4. For the Activation Method, click the Manual button, and click Next.
    The screen refreshes, and the dossier for your system appears.
  5. From the Step 1: Dossier box, copy the full dossier.
  6. In the Licensing Server box, click the link: Click here to access F5 Licensing Server.
    The Activate F5 Product screen opens in a new browser window.
  7. In the Enter your dossier box, paste the dossier that you copied in step 5, and then click Next.
    A license key appears in the box.
  8. Copy the entire license key, paste it in the Step 3: License box on the Re-activate screen of the Configuration utility, and then click Next.
    The Re-activate screen refreshes, displaying the MSM in the Active Modules box.
  9. Close the Licensing Server browser.

Installing the BIG-IP Message Security Module

You can install the BIG-IP® Message Security Module on BIG-IP 9.2 systems and later. To install MSM, you must be assigned the Administrator role with access to the Root directory of the BIG-IP system. You use the msm-install-1.1.0.10.0.im file to install MSM. This file is available for download from the AskF5 Downloads screen.

Note that you must add the Add-on registration key to the BIG-IP system before you install MSM. If you do not, when you try to install MSM, the system returns the message: MSM module not licensed, installation aborted. For instructions on adding the MSM registration key, see Licensing the BIG-IP Message Security Module .

If you install MSM, and then upgrade the BIG-IP system, we recommend that you re-install MSM. For re-installation instructions, see Re-installing the BIG-IP Message Security Module after a system upgrade .

Important

The Traffic Management Microkernel (TMM) service is the process running on the BIG-IP system that performs most traffic management for the system. Installing the BIG-IP Message Security Module includes an automatic restart of the TMM service. This causes the BIG-IP system to drop all current connections. We recommend that you install MSM during a maintenance window. If you have a high availability BIG-IP system, we recommend that you install the MSM on the standby system, initiate failover, and then install MSM on the other system.

To install the BIG-IP Message Security Module

  1. Download the msm-install-1.1.0.10.0.im file, and save it to the /var/tmp directory of the BIG-IP system.
  2. From the BIG-IP system command line, run the following installation command:
  3. im msm-install-1.1.0.10.0.im

    The prompt, Please enter the IP address of your DNS server, appears.

  4. Type the IP address of the DNS server to which you want the system to forward DNS requests, and press Enter.
    The installation program returns the message, Would you like to enable high performance mode by bypassing local bind [Y/N]?
  5. Indicate whether you want to enable high performance:
    • To enable high performance mode, type Y, and then press Enter.
      This indicates that DNS queries go directly to the DNS server that you specified in step 3. This option creates the fastest response time.
  6. The installation program installs MSM, renames the /config/bigip.conf, /config/bigip_local, and /config/bigip_sys.conf files, and returns the message, Message Security Module installation complete.
    • To prevent high performance mode, type N, and then press Enter.
      This indicates that DNS queries go through the named daemon before reaching the DNS server that you specified in step 3.
  7. The installation program installs MSM, and returns the message, Message Security Module installation complete.

Accessing the Configuration utility

To perform the tasks necessary to configure the BIG-IP® Message Security Module, you first access the BIG-IP system web-based Configuration utility.

To access the Configuration utility

  1. In a browser, type the following URL:
  2. https://<administrative IP address of the BIG-IP system>

    A Security Alert dialog box appears.

  3. Accept the certificate.
    The authorization dialog box appears.
  4. Type your user name and password, and then click OK.
    The Configuration utility opens displaying the Welcome screen.

Configuring the BIG-IP Message Security Module to manage traffic to your mail servers

The BIG-IP® Message Security Module installation creates a data group named MSM_config, and adds the following three variables and default attributes to the data group:

  • trusted_pool:good_mail
  • suspect_pool:maybe_mail
  • quarantine_pool:quarantine_mail

These variables correspond to the IP address reputation scores that TrustedSource® assigns to the sources requesting connection to your network (as shown in Table 1 ). The default value for each variable is the name of a pool of mail servers to which MSM directs a specified kind of traffic, as shown in Table 2 , following.

Table 2 Default values of three variables in MSM_config
Variable in MSM_config
Default value
trusted_pool
good_mail (This is the name of the pool of mail servers to which MSM load balances mail from trusted sources.)
suspect_pool
maybe_mail (This is the name of the pool of mail servers to which MSM load balances mail from suspect sources. That is, mail that you want your existing email filtering systems to scan.)
quarantine_pool
quarantine_mail (This is the name of the pool of mail servers to which MSM load balances mail that you want to quarantine on your network for possible manual analysis.)

 

You can create the three pools described in Table 2 , or you can use existing pools to manage your email traffic. If you use existing pools, you must perform the procedure described in Modifying the names of variables in the MSM_config data group .

The following procedure provides step-by-step instructions for creating the pools that the MSM_config data group references by default. If you decide to create these pools, we recommend that you create at least the maybe_mail and quarantine_mail pools. For example, if you want all email that is sent to your system to be sent to your existing email filtering applications, you do not need to create a pool to which MSM directs trusted email traffic. Instead, you can use the maybe_mail pool as an attribute for both the trusted_pool and suspect_pool variables of the MSM_config data group. For instructions on making this modification, see Modifying the names of variables in the MSM_config data group .

To create load balancing pools

  1. On the Main tab, expand Local Traffic, and click Pools.
    The Pool screen opens.
  2. In the upper right portion of the screen, click the Create button.
    The New Pool screen opens.
  3. To display more (optional) pool configuration settings, select Advanced from the Configuration list. You can configure the additional settings as applicable for your network.
  4. In the Name box, type good_mail for the name of the pool referenced by the trusted_pool variable.
  5. Select a health monitor appropriate for your configuration.
  6. From the Load Balancing Method list, select your preferred load balancing method. (It is important to note that different load balancing methods yield optimal results for different network configurations.)
  7. When you create the pool to which the system sends trusted email, do not change the Priority Group Activation. This pool uses the default, Disabled. When you create the other pools, select the option that is appropriate for your network.
  8. In the New Members section, make sure the New Address option button is selected.
  9. In the Address box, type the IP address of the first email server that you want to add to this pool, for example, 10.10.100.151.
  10. In the Service Port box, type the service port that you want to use for this pool, or select a service port from the list.
  11. Click the Add button to add the member to the list.
  12. Repeat steps 8-11 for each email server that you want to add to this pool.
  13. Click the Finished button.
  14. Repeat steps 2 - 13 to create a pool for each of the other categories of email that you want the system to filter. You must either use maybe_mail for the name of the pool referenced by the suspect_pool variable, and quarantine_mail for the name of the pool referenced by the quarantine_pool variable, or you must modify the names of the variables in the MSM_config data group, as shown in the following section.

Modifying the names of variables in the MSM_config data group

As described earlier in Configuring the BIG-IP Message Security Module to manage traffic to your mail servers , the BIG-IP® Message Security Module installation creates a data group named MSM_config, and adds the following three variables and default attributes to the data group:

  • trusted_pool:good_mail
  • suspect_pool:maybe_mail
  • quarantine_pool:quarantine_mail

If the pools you created have different names than the pool names in these three strings, you must modify the string records in the MSM_config data group. Note that the pool names are the names following the colons in the strings, for example, in the string, suspect_pool:maybe_mail, the pool name is maybe_mail.

The following procedure describes how to modify MSM_config. Figure 2 shows the screen that you use to modify MSM_config.

 

  1. Modifying the names of the variables in the MSM_config data group

To modify the MSM_config data group

  1. On the Main tab, expand Local Traffic, and then click iRules.
    The iRules screen opens.
  2. On the menu bar, click Data Group List.
    The Data Groups screen opens.
  3. In the Name column, click MSM_config.
    The MSM_config Properties screen opens.
  4. In the Records area, modify the string records that represent the load balancing pools that handle the email on your system.
    1. In the String Records list, select the string that you want to modify to match the pool you created, and then click the Edit button.
      The string displays in the String box.
    2. Modify the string, and then click the Add button.
  5. For example, if you named the pool to which the system sends trusted email, acceptable_mail, you must change the string record, trusted_mail:good_mail, to trusted_mail:acceptable_mail.
    1. Repeat steps 4a and 4b for each of the strings that you want to modify that identifies a pool that you created. Remember that the following three string records must exactly match the names of the pools you created:
  6. trusted_pool:<pool_name>
    This is the name of the pool that you created to which the system load balances trusted email connections. For example:
    trusted_pool:good_mail.
  7. suspect_pool:<pool_name>
    This is the name of the pool that you created to which the system load balances moderately scored email connections. For example: suspect_pool:maybe_mail.
  8. quarantine_pool:<pool_name>
    This is the name of the pool that you created to which the system load balances poorly scored email connections. For example: quarantine_pool:quarantine_mail.
  9. Modify the strings that represent the threshold values in the MSM_config data group.
    1. In the String Records list, select the string that you want to modify, and then click the Edit button.
      The string displays in the String box.
    2. Modify the string, and then click the Add button.
  10. The modified string displays in the String box.
  11. The four strings that determine which IP address reputation scores force connections to which load balancing pools on your system are shown below with the default value for each string. You can modify any of these strings:
  12. trusted:-50
  13. suspect:25
  14. refuse:80
  15. quarantine:50
  16. Click the Finished button.
  17. After creating or updating the data group, you must force MSM to re-initialize the class data. To do this:
    1. Open an SSH client and log in to the BIG-IP system as an administrator.
    2. Run the following command from the command line:
    3. # MSM_init

      This loads the MSM data class and initializes the new values.

Configuring the BIG-IP Message Security Module to accept all connections

By default, the BIG-IP® Message Security Module drops connections from sources that have a TrustedSource® IP address reputation score in the +81 through +140 range. However, you can configure MSM to route all connections to your network. With this configuration, MSM continues to collect statistics on connections in the +81 through +140 range. For statistical purposes, MSM classifies these connections as dropped connections. This enables you to evaluate the statistics and determine how you want to customize the MSM configuration for your network. To do this, you modify the no_drop variable in the MSM_config data group.

By default, the no_drop variable is set to 0 (zero) which means that the system drops all connections with a TrustedSource® IP address reputation score in the +81 through +140 range. When you set the no_drop variable to 1 (one) the system load balances all connections with a TrustedSource® IP address reputation score in the +81 through +140 range to the quarantine_pool.

To configure MSM to accept all connections

  1. On the Main tab, expand Local Traffic, and then click iRules.
    The iRules screen opens.
  2. On the menu bar, click Data Group List.
    The Data Groups screen opens.
  3. In the Name column, click MSM_config.
    The MSM_config Properties screen opens.
  4. Select the no_drop string record, and then click the Edit button.
    The string displays in the String box.
  5. Change the attribute to 1 (one), and then click the Add button.
    The string displays in the String box.
  6. Click the Finished button.
    Now MSM collects statistics on all connections without dropping any connections.
  7. After creating or updating the data group, you must force MSM to re-initialize the class data.
    1. Open an SSH client and log in to the BIG-IP system as an administrator.
    2. Run the following command from the command line:
    3. # MSM_init

      This loads the MSM data class and initializes the new value that you set for the no_drop string record.

Creating an SMTP virtual server

The next step is to create a virtual server that references the iRule that the BIG-IP® Message Security Module installation process creates. In the following procedure, we leave most of the virtual server settings at their default level. For your configuration, you may want to change some of these default settings, or use custom profiles to manage the traffic on your network.

For more information on configuring the virtual server, see the Configuring Virtual Servers chapter of the Configuration Guide for BIG-IP® Local Traffic Management, and the BIG-IP system online help.

Important

If your system is already configured to handle SMTP traffic, you do not have to create a new virtual server for this purpose, but you must configure your existing SMTP virtual server by performing steps 7 - 10, of the following procedure.

To create an SMTP virtual server

  1. On the Main tab, expand Local Traffic, and then click Virtual Servers.
    The Virtual Servers screen opens.
  2. In the upper right portion of the screen, click the Create button.
    The New Virtual Server screen opens.
  3. In the Name box, type email_virtual.
  4. For the Destination setting:
    1. Click the Host option.
    2. In the Address box, type the IP address of this virtual server. For example, 192.168.104.147.
  5. In the Service Port box, type 25, or select SMTP from the list.
  6. From the Configuration list, select Advanced.
  7. Scroll down to the Statistics Profile list, and select MSM_reputation. (This is the Statistics profile that the MSM installation process created.)
  8. Scroll down to the Resources section, and from the iRules Available list, select MSM_reputation, and click the Move (<<) button to move the iRule to the Enabled list. (This is the iRule that the MSM installation process created.)
  9. Modify any of the other virtual server settings as applicable for your configuration.
  10. Click the Finished button.

Troubleshooting the BIG-IP Message Security Module

If the BIG-IP® Message Security Module develops operating issues, review any changes that have been made to the system. If you do not find a solution, perform the following network checks to determine the source of the problem.

To troubleshoot the BIG-IP Message Security Module

  1. Check that the BIG-IP system is running, and licensed, and configured to manage traffic.
  2. Verify that the MSM re-initialization application, MSM_init, the MSM_uninstall program, and the MSM_test script reside in the /bin directory on the BIG-IP system.
  3. Determine whether a device on the network is blocking DNS lookups.
  4. If you modified the named.conf file, review the changes to make sure that named (the daemon that forwards name requests to your DNS server) is configured to forward DNS queries properly.
  5. Make sure that the names of the objects and variables that the BIG-IP Message Security Module uses exactly match the names and settings in Checking the names of objects and variables .
  6. If updates to the MSM_config data group are not taking effect, log in to the BIG-IP system console and run the MSM_init script to re-initialize the values of the data group variables.
  7. Determine whether your network is able to access TrustedSource®, as shown in Verifying that the network can connect to TrustedSource .
  8. Determine whether the BIG-IP system can perform a successful DNS query of TrustedSource as shown in Verifying that the system can perform a successful DNS query of TrustedSource .
  9. If the results of MSM_test are inconclusive, you can perform advanced troubleshooting by enabling verbose logging, as shown in Enabling verbose logging .

After performing the previous nine steps, if you cannot find the problem, you can run the MSM_uninstall command from the BIG-IP system command line. Running the MSM_uninstall command replaces the named.conf file and removes any changes made to the system during the MSM installation.

Checking the names of objects and variables

When troubleshooting the BIG-IP Message Security Module, check that the names of the objects and variables that the modules uses exactly match the following names and settings:

  • The SMTP response that the system returns when an email connection is determined to be spam is failure_response:554 Transaction Failed.
  • The name of the MSM re-initialization application is MSM_init.
  • The name of the iRule is MSM_reputation.
  • The name of the Statistics profile is MSM_reputation.
  • The name of the virtual server is email_virtual.
  • The name of the data group is MSM_config.
  • The string record values in the MSM_config data group are:
  • The four strings that determine which IP address reputation scores force connections to which load balancing pools on your system are shown below with the default value for each string. Make sure that these strings are set with these default values.
    • trusted:-50
    • suspect:25
    • quarantine:50
    • refuse:80
    • VERBOSE:1
    • no_drop:0

Verifying that the network can connect to TrustedSource

When troubleshooting the BIG-IP Message Security Module, verify that your network is able to connect to TrustedSource®. To do this, use the contents of the license_key attribute of the MSM_config data group to send a DNS Query (using nslookup, dig, or other tools).

To verify the network connection to TrustedSource

Send a DNS query using the following syntax:

b.<contents of the license_key attribute of the MSM_config data group>.1.1.1.1.ts-api.ciphertrust.net.

You receive a response similar to the following:

Name: b.<contents of the license_key attribute of the MSM_config data group>.1.1.1.1.ts-api.ciphertrust.net
Address: 0.0.0.50

For example:

b.ABCDEFG-HIJKLMNO.1.1.1.1.ts-api.ciphertrust.net

Server: 10.40.1.5

Address:10.40.1.5#53

Name:b.ABCDEFG-HIJKLMNO.1.1.1.1.ts-api.ciphertrust.net

Address: 0.0.0.50

Verifying that the system can perform a successful DNS query of TrustedSource

When troubleshooting the BIG-IP Message Security Module, verify that the BIG-IP system can perform a successful DNS query of TrustedSource®.

To run a DNS query of TrustedSource

Run the following command from the command line:

# MSM_test

The system returns one of the following four responses. If the name resolution fails, follow the instructions in the message.

  • Lookup using 0.0.0.0 returned score 0.0.0.50
    Lookup using 0.0.0.127 returned score 0.0.0.0
    Test successfully completed.
  • Name resolution failed. Please check the following:
    - Confirm that your MSM license is active.
  • Name resolution failed. Could not reach a server. Make sure named is running.
  • Name resolution failed. Please check the following:.
    - Make sure named is forwarding to a DNS server.
    - Check that the DNS server has access to the internet.

Enabling verbose logging

Verbose logging sets up the system to record each MSM event in a log file that is located in the /var/log/ltm directory. After you enable verbose logging, you can review the MSM events in the log to assist you in troubleshooting the module.

To enable verbose logging

  1. On the Main tab, expand Local Traffic, and then click iRules.
    The iRules screen opens.
  2. On the menu bar, click Data Group List.
    The Data Groups screen opens.
  3. In the Name column, click MSM_config.
    The MSM_config Properties screen opens.
  4. In the String box, type VERBOSE:1, and then click the Edit button.
    The string displays in the String Records list.
  5. Click the Update button.
    The data group is updated.
  6. After you update the MSM_config data group, you must force MSM to re-initialize the class data.
    1. Open an SSH client and log in to the BIG-IP system as an administrator.
    2. Run the following command from the command line:
      # MSM_init
    3. This loads the MSM data class and initializes the new values.

The following are examples of entries in the log.

  • This is an example of an entry in the log that occurs when MSM drops the connection:
  • May 2 14:28:59 tmm tmm[5433]: Rule MSM_reputation <CLIENT_ACCEPTED>: TrustedSource Lookup is b.YGODGOH-FFIVBGIP.21.3.36.83.ts-api.ciphertrust.net. May 2 14:28:59 tmm tmm[5433]: Rule MSM_reputation <NAME_RESOLVED>: 83.36.3.21 score is 140. May 2 14:28:59 tmm tmm[5433]: Rule MSM_reputation <NAME_RESOLVED>: 83.36.3.21 Connection dropped!
  • This is an example of an entry in the log that occurs when MSM accepts the connection:
  • May 2 14:29:10 tmm tmm[5433]: Rule MSM_reputation <CLIENT_ACCEPTED>: TrustedSource Lookup is b.YGODGOH-FFIVBGIP.4.7.73.6.ts-api.ciphertrust.net. May 2 14:29:10 tmm tmm[5433]: Rule MSM_reputation <NAME_RESOLVED>: 6.73.7.4 score is -50. May 2 14:29:10 tmm tmm[5433]: Rule MSM_reputation <NAME_RESOLVED>: 6.73.7.4 pool selected is good_mail.
  • This is an example of an entry in the log that occurs when MSM accepts the connection, but routes the connection to a pool of mail servers where emails are scanned by your existing email filtering applications:
  • Rule MSM_reputation <NAME_RESOLVED>: score is 40. Rule MSM_reputation <NAME_RESOLVED>: maybe_mail.

Re-installing the BIG-IP Message Security Module after a system upgrade

After you upgrade a BIG-IP® system that includes the BIG-IP Message Security Module, we recommend that you re-install MSM.

To re-install MSM, you must be assigned the Administrator role with access to the Root directory of the BIG-IP system. You use the same msm-install-1.1.0.10.0.im file to re-install MSM that you used to install MSM the first time.

Important

Installing the BIG-IP Message Security Module includes an automatic restart of the TMM service. This causes the BIG-IP system to drop all current connections. We recommend that you install MSM during a maintenance window. If you have a high availability BIG-IP system, we recommend that you install the MSM on the standby system, initiate failover, and then install MSM on the other system.

To re-install MSM

  1. Verify that the msm-install-1.1.0.10.0.im file is saved on the BIG-IP system.
  2. From the BIG-IP system command line, run the following command:
  3. im msm-install-1.1.0.10.0.im

    The system displays this message:

    "Would you like to overwrite, repair, or quit? [O/R/Q]."
  4. Type the letter that matches the action you want to perform.
    • To install MSM without overwriting the variables in the MSM_config data group, type R, and press the Enter key.
      The system displays the following message when the re-installation is complete, Message Security Module installation complete.
    • To install MSM and overwrite the variables in the MSM_config data group, type O (the letter O), and press the Enter key.
      The system displays the following message when the re-installation is complete, Message Security Module installation complete.
  5. To quit, type Q, and press the Enter key.
    The re-installation stops.



Table of Contents   |   << Previous Chapter

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)