Symantec Mail Security for SMTP Installation guide

Symantec Mail Security for

SMTP Installation Guide

Symantec Mail Security for SMTP Installation Guide

The software described in this book is furnished under a license agreement and may be used

only in accordance with the terms of the agreement.

Legal Notice

Federal acquisitions: Commercial Software - Government Users Subject to Standard License

Terms and Conditions.

Symantec, the Symantec Logo are trademarks or registered trademarks of Symantec

Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks

of their respective owners.

The product described in this document is distributed under licenses restricting its use,

copying, distribution, and decompilation/reverse engineering. No part of this document

may be reproduced in any form by any means without prior written authorization of

Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,

REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF

MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,

ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO

BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL

OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING PERFORMANCE,

OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS

DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be "commercial computer software"

and "commercial computer software documentation" as defined in FAR Sections 12.212 and

DFARS Section 227.7202.

Symantec Corporation

20330 Stevens Creek Blvd.

Cupertino, CA 95014 USA

http://www.symantec.com

Technical Support

Symantec Technical Support maintains support centers globally. Technical

Support’s primary role is to respond to specific queries about product feature and

function, installation, and configuration. The Technical Support group also authors

content for our online Knowledge Base. The Technical Support group works

collaboratively with the other functional areas within Symantec to answer your

questions in a timely fashion. For example, the Technical Support group works

with Product Engineering and Symantec Security Response to provide alerting

services and virus definition updates.

Symantec’s maintenance offerings include the following:

■ A range of support options that give you the flexibility to select the right

amount of service for any size organization

■ A telephone and web-based support that provides rapid response and

up-to-the-minute information

■ Upgrade insurance that delivers automatic software upgrade protection

■ Global support that is available 24 hours a day, 7 days a week worldwide.

Support is provided in a variety of languages for those customers that are

enrolled in the Platinum Support program

■ Advanced features, including Technical Account Management

For information about Symantec’s Maintenance Programs, you can visit our Web

site at the following URL:

www.symantec.com/techsupp/ent/enterprise.html

Select your country or language under Global Support. The specific features that

are available may vary based on the level of maintenance that was purchased and

the specific product that you are using.

Contacting Technical Support

Customers with a current maintenance agreement may access Technical Support

information at the following URL:

www.symantec.com/techsupp/ent/enterprise.html

Select your region or language under Global Support.

Before contacting Technical Support, make sure you have satisfied the system

requirements that are listed in your product documentation. Also, you should be

at the computer on which the problem occurred, in case it is necessary to recreate

the problem.

When you contact Technical Support, please have the following information

available:

■ Product release level

■ Hardware information

■ Available memory, disk space, and NIC information

■ Operating system

■ Version and patch level

■ Network topology

■ Router, gateway, and IP address information

■ Problem description:

■ Error messages and log files

■ Troubleshooting that was performed before contacting Symantec

■ Recent software configuration changes and network changes

Licensing and registration

If your Symantec product requires registration or a license key, access our technical

support Web page at the following URL:

www.symantec.com/techsupp/ent/enterprise.html

Select your region or language under Global Support, and then select the Licensing

and Registration page.

Customer service

Customer service information is available at the following URL:

www.symantec.com/techsupp/ent/enterprise.html

Select your country or language under Global Support.

Customer Service is available to assist with the following types of issues:

■ Questions regarding product licensing or serialization

■ Product registration updates such as address or name changes

■ General product information (features, language availability, local dealers)

■ Latest information about product updates and upgrades

■ Information about upgrade insurance and maintenance contracts

■ Information about the Symantec Value License Program

■ Advice about Symantec's technical support options

■ Nontechnical presales questions

■ Issues that are related to CD-ROMs or manuals

Maintenance agreement resources

If you want to contact Symantec regarding an existing maintenance agreement,

please contact the maintenance agreement administration team for your region

as follows:

■ Asia-Pacific and Japan: contractsadmin@symantec.com

■ Europe, Middle-East, and Africa: semea@symantec.com

■ North America and Latin America: supportsolutions@symantec.com

Additional Enterprise services

Symantec offers a comprehensive set of services that allow you to maximize your

investment in Symantec products and to develop your knowledge, expertise, and

global insight, which enable you to manage your business risks proactively.

Enterprise services that are available include the following:

These solutions provide early warning of cyber

attacks, comprehensive threat analysis, and

countermeasures to prevent attacks before they occur.

Symantec Early Warning Solutions

These services remove the burden of managing and

monitoring security devices and events, ensuring

rapid response to real threats.

Managed Security Services

Symantec Consulting Services provide on-site

technical expertise from Symantec and its trusted

partners. Symantec Consulting Services offer a variety

of prepackaged and customizable options that include

assessment, design, implementation, monitoring and

management capabilities, each focused on establishing

and maintaining the integrity and availability of your

IT resources.

Consulting Services

Educational Services provide a full array of technical

training, security education, security certification,

and awareness communication programs.

Educational Services

To access more information about Enterprise services, please visit our Web site

at the following URL:

www.symantec.com

Select your country or language from the site index.

Technical Support

Chapter 1 About Symantec Mail Security

Key features .................................................................................. 9

New features ............................................................................... 10

Functional overview ...................................................................... 12

Architecture ............................................................................... 13

Firewall rules ............................................................................... 15

Where to get more information ....................................................... 16

Chapter 2 Installing Symantec Mail Security for SMTP

Before you install ......................................................................... 19

Before you install on any platform ............................................. 19

Before you install on Windows .................................................. 22

Before you install on Solaris or Linux ......................................... 23

Before you upgrade ................................................................. 25

System requirements .................................................................... 25

Hardware requirements ........................................................... 26

Supported browsers ................................................................ 26

Supported LDAP servers .......................................................... 26

System requirements for Windows ............................................ 26

System requirements for Solaris ............................................... 27

System requirements for Linux ................................................. 27

Installing on Windows ................................................................... 27

Installing on Solaris and Linux ....................................................... 30

Setting up ................................................................................... 32

Logging in ............................................................................. 33

Registering your system .......................................................... 33

Configuring your system .......................................................... 34

Setting up a Scanner ............................................................... 38

Completing setup ................................................................... 42

Adding more Scanners .................................................................. 42

Setting mail filtering policies ......................................................... 42

Testing Scanners .......................................................................... 43

Accessing the Control Center .......................................................... 43

Contents

Logging out ........................................................................... 47

Having trouble logging in or out? .............................................. 47

Areas of localization ..................................................................... 47

Importing configuration files ................................................... 48

Configuring system locale ........................................................ 49

Uninstalling Symantec Mail Security for SMTP .................................. 49

Uninstalling from Windows ...................................................... 49

Uninstalling from Linux and Solaris .......................................... 50

Appendix A Sample options file

About the sample options file ......................................................... 53

Appendix B Integrating Symantec Mail Security with Symantec

Security Information Manager

About Symantec Security Information Manager ................................. 57

Interpreting events in the Information Manager ................................ 58

Firewall events that are sent to the Information Manager .............. 59

Definition Update events that are sent to the Information

Manager ......................................................................... 59

Message events that are sent to the Information Manager .............. 60

Administration events that are sent to the Information

Manager ......................................................................... 61

Installing and configuring event logging to the Information

Manager ............................................................................... 63

Configuring the Information Manager ........................................ 64

Installing the local SSIM Agent ................................................ 64

Installing the Collector ............................................................ 66

Configuring data sources ......................................................... 66

Uninstalling Information Manager components ................................ 68

Uninstalling the Collector ........................................................ 68

Uninstalling the Information Manager Agent .............................. 69

Index

Contents8

About Symantec Mail

Security

This chapter includes the following topics:

■ Key features

■ New features

■ Functional overview

■ Architecture

■ Firewall rules

■ Where to get more information

Key features

Symantec Mail Security offers enterprises an easy-to-deploy, comprehensive

gateway-based email security solution through the following features:

■ Email Firewall - This early response feature improves message throughput by

analyzing incoming SMTP connections, comparing them to industry-generated

lists of known hostile senders and enabling you to refuse connections or email

messages from those hosts.

■ Antispam technology – Symantec's state-of-the-art spam filters assess and

classify email as it enters your site.

■ Antivirus technology – Virus definitions and engines protect your users from

email-borne viruses.

1

Chapter

■ Content Compliance – These features help administrators enforce corporate

policies, reduce legal liability, and ensure compliance with regulatory

requirements.

■ Group policies and filter policies – An easy-to-use authoring tool lets

administrators create powerful, flexible ad hoc filters for users and groups.

New features

The following table lists the features that have been added to this version of

Symantec Mail Security:

Table 1-1

New features for Symantec Mail Security (all users)

DescriptionFeaturesCategory

Protects against directory-harvest attacks,

denial-of-service attacks, spam attacks, and virus

attacks.

Improved email

firewall

Threat

protection

features

Protects against phishing attacks, using the Sender

Policy Framework (SPF), Sender ID, or both.

Sender

Authentication

Additional virus verdicts protect against suspected

viruses, spyware, and adware and quarantine

messages with suspicious encrypted attachments.

Email messages that may contain viruses can be

delayed in the Suspect Virus Quarantine, then

refiltered, with updated virus definitions, if available.

This feature tcan be effective in defeating virus

attacks before conventional signatures are available.

View a list of available virus-definition updates.

Improved virus

protection

Automatically detects file types without relying on

file name extensions or MIME types.

True file type

recognition for

content compliance

filtering

Inbound

and

outbound

content

controls

Scan within attachments to find keywords from

dictionaries you create or edit. Specify a number of

occurrences to look for.

Keywords filtering

within attachments,

keyword frequency

filtering

Use regular expressions to further customize filter

conditions by searching within messages and

attachments.

Regular expression

filtering

About Symantec Mail Security

New features

10

Table 1-1

New features for Symantec Mail Security (all users) (continued)

DescriptionFeaturesCategory

Specify conditions that result in email being sent to

an archival email address or disk location.

Support for

Enterprise Vault and

third-party archival

tools

Dynamic group population via any of several

supported LDAP servers

LDAP integrationFlexible

mail

management

More than two dozen actions that can be taken,

individually or in combination, on messages

Expanded variety of

actions and

combinations

SMTP connection management, including support for

secure email (TLS encryption, with security level

depending on platform); for user-based routing and

static routes; for address masquerading, invalid

recipient handling, and control over delivery-queue

processing

Expanded mail

controls

Distribution lists automatically expanded, mail

filtered and delivered correctly for each user

Aliasing

More than 50 graphical reports that you can generate

ad-hoc or on a scheduled basis. Reports can be

exported for offline analysis and emailed.

Extensive set of

pre-built reports,

scheduled reporting,

and additional alert

conditions

Improved

reporting

and

monitoring

View a trail of detailed information about a message,

including the filtering processing applied to a

message.

Message tracking

Control which hosts and networks can access your

Control Center.

IP-based access

control

Expanded

administration

capabilities

Specify user-based and total limits, configure

automatic message deletions.

Control over

Quarantine size

limits

11About Symantec Mail Security

New features

Table 1-1

New features for Symantec Mail Security (all users) (continued)

DescriptionFeaturesCategory

Support for double-byte character sets.

Language autodetection of messages for Quarantine

and of subject encodings for message handling.

Support for non-ASCII LDAP source descriptions.

Support for

non-ASCII character

sets

Enhanced

localization

capabilities

Functional overview

Each Symantec Mail Security Scanner uses the following three separate message

transfer agents MTAs:

The component that sends inbound and

outbound messages that have already been

filtered to their required destinations. To do

this, the delivery MTA uses the filtering

results and the configuration settings for

relaying inbound and outbound mail.

Delivery MTA

The component that receives inbound mail

and forwards it to the Filtering Hub for

processing.

Inbound MTA

The component that receives outbound mail

and forwards it to the Filtering Hub for

processing.

Outbound MTA

You can deploy Symantec Mail Security in different configurations to best suit

the size of your network and your email processing needs.

Note: Symantec Mail Security provides neither mailbox access for end users nor

message storage. It is not intended for use as the only MTA in your email

infrastructure.

Each Symantec Mail Security host can be deployed in the following ways:

Deployed as a Scanner, a Symantec Mail Security host filters email

for viruses, spam, and noncompliant messages. You can deploy

Scanners on exisiting email or groupware server(s).

Scanner

About Symantec Mail Security

Functional overview

12

Deployed as a Control Center, a Symantec Mail Security host allows

you to configure and manage email filtering, SMTP routing, system

settings, and all other functions from a Web-based interface.

Multiple Scanners can be configured and monitored from your

enterprise-wide deployment of Symantec Mail Security, but only

one Control Center can be deployed to administer all the Scanner

hosts.

The Control Center provides information on the status of all

Symantec Mail Security hosts in your system, including system

logs and extensive customizable reports. Use the Control Center

to configure both system-wide and host-specific details.

The Control Center provides the Setup Wizard, for initial

configuration of all Symantec Mail Security instances at your site,

and also the Add Scanner Wizard, for adding new Scanners.

The Control Centrer also hosts the Spam and Suspect Virus

Quarantines to isolate and store spam and virus messages,

respectively. End users can view their quarantined spam messages

and set their preferences for language filtering and blocked and

allowed senders. Alternatively, you can configure Spam Quarantine

for administrator-only access.

Control Center

A single Symantec Mail Security host performs both functions.Scanner and Control

Center

Note: Symantec Mail Security does not filter messages that do not flow through

the SMTP gateway. For example, when two mailboxes reside on the same MS

Exchange Server, or on different MS Exchange Servers within an Exchange

organization, their messages will not pass through the Symantec Mail Security

filters.

Architecture

Figure 1-1 shows how a Symantec Mail Security installation processes an email

message, assuming the sample message passes through the Filtering Engine to

the Transformation Engine without being rejected.

13About Symantec Mail Security

Architecture

Figure 1-1

Symantec Mail Security architecture

Messages proceed through the installation in the following way:

■ The incoming connection arrives at the inbound MTA via TCP/IP.

■ The inbound MTA accepts the connection and moves the message to its inbound

queue.

■ The Filtering Hub accepts a copy of the message for filtering.

■ The Filtering Hub consults the LDAP SyncService directory to expand the

message's distribution list.

■ The Filtering Engine determines each recipient's filtering policies.

■ The message is checked against Blocked/Allowed Senders Lists defined by

administrators.

■ Virus and configurable heuristic filters determine whether the message is

infected.

About Symantec Mail Security

Architecture

14

■ Content Compliance filters scan the message for restricted attachment types,

regular exessions, or keywords as defined in configurable dictionaries.

■ Spam filters compare message elements with current filters published by

Symantec Security Response to determine whether the message is spam. At

this point, the message may also be checked against end-user defined Language

settings.

■ The Transformation Engine performs actions per recipient based on filtering

results and configurable Group Policies.

Firewall rules

The following table shows the necessary firewall rules for Symnatec Mail Security.

These assignments may differ slightly depending on your environment and

filtering types (inbound, outbound, or both).

Table 1-2

Firewall rules for Symantec Mail Security

DescriptionToFromProtocolPort

Inbound internet mail trafficSymantec Mail

Security

InternetTCP25

Inbound internal mail trafficInternal mail

servers

Symantec Mail

Security

TCP25

Outbound internal mail trafficSymantec Mail

Security

Internal mail

servers

TCP25

Outbound internet mail trafficInternet mail

hosts

Symantec Mail

Security

TCP25

Rapid response antivirus updatesInternetSymantec Mail

Security

TCP21

Default automatic antivirus updatesInternetSymantec Mail

Security

TCP80

Rule updates and license registrationInternetSymantec Mail

Security

TCP443

LDAP server access to synchronize

users/groups/d-lists

LDAP serversSymantec Mail

Security

TCP389

LDAP server access to synchronize

users/groups/d-lists (Global Catalog

Access)

LDAP serversSymantec Mail

Security

TCP3268

15About Symantec Mail Security

Firewall rules

Table 1-2

Firewall rules for Symantec Mail Security (continued)

DescriptionToFromProtocolPort

Communication between the Control

Center and Scanners

ScannersControl CenterTCP41002

Communication between the Control

Center and Scanners

Control CenterScannersTCP41002

To send quarantined messages to

the Control Center

Control CenterScannersTCP41025

Disabled by defaultControl CenterManagement

hosts

TCP41080

Web management port for the

Control Center

Control CenterManagement

hosts

TCP41443

Symantec Mail Security also uses the following web addresses:

DescriptionPortProtocolURL

Used to register Symantec Mail

Security

443TCPregister.brightmail.com

Used to retrieve filters443TCPaztec.brightmail.com

Used to retrieve automatic

antivirus updates

80TCPliveupdate.symantecliveupdate.symantec.com

Used to retrieve automatic

antivirus updates

80TCPliveupdate.symantec.com

Used to retrieve Rapid

Response antivirus updates

21TCPupdate.symantec.com

Where to get more information

The Symantec Mail Security documentation set consists of the following manuals:

■ Symantec Mail Security Administration Guide

■ Symantec Mail Security Planning Guide

■ Symantec Mail Security Installation Guide

■ Symantec Mail Security Getting Started

About Symantec Mail Security

Where to get more information

16

Symantec Mail Security also includes a comprehensive help system that contains

conceptual and procedural information.

You can visit the Symantec Web site for more information about your product.

The following online resources are available:

www.symantec.com/enterprise/supportProvides access to the technical support Knowledge

Base, newsgroups, contact information, downloads,

and mailing list subscriptions

www.symantec.com

/licensing/els/help/en/help.html

Provides information about registration, frequently

asked questions, how to respond to error messages,

and how to contact Symantec License Administration

www.enterprisesecurity.symantec.comProvides product news and updates

www.symantec.com/security_responseProvides access to the Virus Encyclopedia, which

contains information about all known threats;

information about hoaxes; and access to white

papers about threats

17About Symantec Mail Security

Where to get more information

About Symantec Mail Security

Where to get more information

18

Installing Symantec Mail

Security for SMTP

This chapter includes the following topics:

■ Before you install

■ System requirements

■ Installing on Windows

■ Installing on Solaris and Linux

■ Setting up

■ Adding more Scanners

■ Setting mail filtering policies

■ Testing Scanners

■ Accessing the Control Center

■ Areas of localization

■ Uninstalling Symantec Mail Security for SMTP

Before you install

Before you install Symantec Mail Security for SMTP, you must perform some

pre-installation tasks.

Before you install on any platform

The following are pre-installation tasks for both Windows and Linux/Solaris:

2

Chapter

■ Disable other antivirus programs

■ Ensure no other programs are using the port that you want to use for the

inbound MTA (usually port 25)

■ Ensure no Tomcat or MySQL installations are present

■ Establish an alternate MTA for alerting (optional)

■ Save whitelist, blacklist, local domain, and Anti-Relay list data (optional, for

users of Symantec Mail Security for SMTP 4.x only)

Disabling other antivirus programs

If you have other antivirus programs installed on your computer, it is

recommended that you uninstall them to prevent any installation or operational

errors. At a minimum, you must configure any other antivirus program to exclude

the following directories from scanning:

■ The MTA data directory (which you can specify during the Symantec Mail

Security for SMTP installation process — to do this, you must specify a ‘custom’

installation)

■ On Windows, the C:\windows\tmp directory

■ On Linux and Solaris, anything under /var/tmp

For information on excluding directories from scanning, see the user

documentation that came with the antivirus program.

Ensuring no other programs or services are running on the

MTA port

Stop, disable, or reconfigure any services running on the port you plan to use for

your MTA (usually port 25) on the installation host if you are installing a Scanner.

This is most likely an MTA such as sendmail or postfix. Optionally, you can

configure the MTA to listen on another port when you add it to the Control Center.

Do the following:

■ To check on Linux, use the following command:

netstat -an

| grep ':25'

You can also telnet to port 25 and see if it answers.

■ To check on Solaris, use the following command:

netstat -an

| grep '\.25'

Installing Symantec Mail Security for SMTP

Before you install

20

Page is loading ...

Symantec Mail Security for SMTP Installation guide

This manual is also suitable for

Symantec Mail Security for SMTP Installation guide

Related papers

Other documents