Symantec 10547829 - Mail Security For Smtp 5.0 Smb Installation guide

Category
Networking
Type
Installation guide

This manual is also suitable for

Symantec Mail Security
Appliance Installation Guide
Symantec Information Foundation
Symantec Mail Security Appliance Installation Guide
The software described in this book is furnished under a license agreement and may be used
only in accordance with the terms of the agreement.
PN: 10747600
Legal Notice
Copyright © 2007 Symantec Corporation.
All rights reserved.
Symantec, the Symantec Logo, and LiveUpdate are trademarks or registered trademarks of
Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be
trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use,
copying, distribution, and decompilation/reverse engineering. No part of this document
may be reproduced in any form by any means without prior written authorization of
Symantec Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,
ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO
BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL
OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,
PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED
IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in
Commercial Computer Software or Commercial Computer Software Documentation", as
applicable, and any successor regulations. Any use, modification, reproduction release,
performance, display or disclosure of the Licensed Software and Documentation by the U.S.
Government shall be solely in accordance with the terms of this Agreement.
Symantec Corporation
20330 Stevens Creek Blvd.
Cupertino, CA 95014
http://www.symantec.com
Technical Support
Symantec Technical Support maintains support centers globally. Technical
Support’s primary role is to respond to specific queries about product feature and
function, installation, and configuration. The Technical Support group also authors
content for our online Knowledge Base. The Technical Support group works
collaboratively with the other functional areas within Symantec to answer your
questions in a timely fashion. For example, the Technical Support group works
with Product Engineering and Symantec Security Response to provide alerting
services and virus definition updates.
Symantec’s maintenance offerings include the following:
A range of support options that give you the flexibility to select the right
amount of service for any size organization
A telephone and web-based support that provides rapid response and
up-to-the-minute information
Upgrade insurance that delivers automatic software upgrade protection
Global support that is available 24 hours a day, 7 days a week worldwide.
Support is provided in a variety of languages for those customers that are
enrolled in the Platinum Support program
Advanced features, including Technical Account Management
For information about Symantec’s Maintenance Programs, you can visit our Web
site at the following URL:
www.symantec.com/techsupp/
Select your country or language under Global Support. The specific features that
are available may vary based on the level of maintenance that was purchased and
the specific product that you are using.
Contacting Technical Support
Customers with a current maintenance agreement may access Technical Support
information at the following URL:
www.symantec.com/techsupp/
Select your region or language under Global Support.
Before contacting Technical Support, make sure you have satisfied the system
requirements that are listed in your product documentation. Also, you should be
at the computer on which the problem occurred, in case it is necessary to recreate
the problem.
When you contact Technical Support, please have the following information
available:
Product release level
Hardware information
Available memory, disk space, and NIC information
Operating system
Version and patch level
Network topology
Router, gateway, and IP address information
Problem description:
Error messages and log files
Troubleshooting that was performed before contacting Symantec
Recent software configuration changes and network changes
Licensing and registration
If your Symantec product requires registration or a license key, access our technical
support Web page at the following URL:
www.symantec.com/techsupp/
Select your region or language under Global Support, and then select the Licensing
and Registration page.
Customer service
Customer service information is available at the following URL:
www.symantec.com/techsupp/
Select your country or language under Global Support.
Customer Service is available to assist with the following types of issues:
Questions regarding product licensing or serialization
Product registration updates such as address or name changes
General product information (features, language availability, local dealers)
Latest information about product updates and upgrades
Information about upgrade insurance and maintenance contracts
Information about the Symantec Value License Program
Advice about Symantec's technical support options
Nontechnical presales questions
Issues that are related to CD-ROMs or manuals
Maintenance agreement resources
If you want to contact Symantec regarding an existing maintenance agreement,
please contact the maintenance agreement administration team for your region
as follows:
Asia-Pacific and Japan: contractsadmin@symantec.com
Europe, Middle-East, and Africa: semea@symantec.com
North America and Latin America: supportsolutions@symantec.com
Additional Enterprise services
Symantec offers a comprehensive set of services that allow you to maximize your
investment in Symantec products and to develop your knowledge, expertise, and
global insight, which enable you to manage your business risks proactively.
Enterprise services that are available include the following:
These solutions provide early warning of cyber
attacks, comprehensive threat analysis, and
countermeasures to prevent attacks before they occur.
Symantec Early Warning Solutions
These services remove the burden of managing and
monitoring security devices and events, ensuring
rapid response to real threats.
Managed Security Services
Symantec Consulting Services provide on-site
technical expertise from Symantec and its trusted
partners. Symantec Consulting Services offer a variety
of prepackaged and customizable options that include
assessment, design, implementation, monitoring and
management capabilities, each focused on establishing
and maintaining the integrity and availability of your
IT resources.
Consulting Services
Educational Services provide a full array of technical
training, security education, security certification,
and awareness communication programs.
Educational Services
To access more information about Enterprise services, please visit our Web site
at the following URL:
www.symantec.com
Select your country or language from the site index.
Technical Support
Chapter 1 Planning your deployment
General deployment considerations ................................................ 11
MTA usage ............................................................................ 11
Configuring Scanners .............................................................. 11
Positioning with other filtering products .................................... 12
Filtering internal deliveries ..................................................... 12
LDAP services ........................................................................ 12
Load balancing ...................................................................... 13
Adjusting MX records .............................................................. 13
Deployment models ...................................................................... 14
Basic gateway deployment ....................................................... 14
Multi-tier gateway deployment ................................................ 15
Post-gateway deployment ........................................................ 17
Chapter 2 Understanding system requirements
Factors that affect performance ...................................................... 19
Environmental factors that affect performance ............................ 19
Settings that affect performance ............................................... 20
Ports used by Symantec Mail Security ............................................. 21
Configuring your firewall for connections to public IM network
servers ........................................................................... 24
Chapter 3 Setting up the Symantec Mail Security Appliance
Before you set up your appliance ..................................................... 25
Compatible browsers ............................................................... 26
Configuring SSH clients to log into an appliance .......................... 26
Configuring your DNS for IM filtering ........................................ 27
How to set up the appliance ............................................................ 28
Configuring your network to include the new appliance ................. 29
Understanding key indicators and controls for rack-mounted
appliances ...................................................................... 29
Initialize your new appliance .................................................... 30
Contents
Registering your system .......................................................... 33
Updating a new appliance to the latest software ........................... 35
Setting up a Control Center with optional Scanner ........................ 35
Setting up a Scanner ............................................................... 40
Completing setup ................................................................... 44
Logging in and logging out ............................................................. 45
Having trouble logging in or out? .............................................. 49
Migrating to Symantec Mail Security 7.5 ........................................... 49
Migration considerations ......................................................... 49
Backing up existing Control Center data ..................................... 51
Running software update ......................................................... 52
Index
Contents10
Planning your deployment
This chapter includes the following topics:
General deployment considerations
Deployment models
General deployment considerations
This section provides information about integrating Symantec Mail Security into
your network.
Note: Multiple Scanner scenarios are common for organizations with system
failover needs or high mail scanning throughput requirements.
MTA usage
Symantec Mail Security contains a Message Transfer Agent (MTA), which processes
and relays messages to support filtering activities.
Note: Symantec Mail Security provides neither mailbox access for end users nor
message storage. You must provide an MTA for use in your email infrastructure.
Configuring Scanners
During installation, you can use a wizard to add a Scanner. Depending on your
filtering requirements and messaging environment, you may want to deploy
multiple Scanners. In such cases, you can dedicate Scanners to specific functions.
For example, you might want one Scanner to filter inbound mail, another to filter
outbound mail, and another to filter instant messages.
1
Chapter
Positioning with other filtering products
In order for Symantec Mail Security's spam and Content Compliance filters to
function properly, you should avoid placing the product behind other filtering
products (such as content filters) or MTAs that alter or remove pre-existing
message headers or modify the message body.
Filtering internal deliveries
You can force internal mail through Symantec Mail Security to avoid propagation
of viruses and spam generated by email mass-mailing worms that may have been
picked up by individuals via Web browsing or downloading.
LDAP services
LDAP (Lightweight Directory Access Protocol) is a directory name service that
allows organizations to structure email directory data according to the
organization's own structure, whether by location, business unit, department, or
other criteria. Organizations with multiple internal mail hosts rely on centralized
LDAP servers to synchronize changes made to email directories across the
organization. Symantec Mail Security supports LDAP services to authenticate
user access to Spam Quarantine and to synchronize email directory information
stored in the Control Center with LDAP directories. These services synchronize
LDAP user, alias, and group directory data with the Control Center's own directory
data stores for subsequent replication to attached and enabled Scanners. They
convert the data to formats compatible with Spam Quarantine, Scanner, and
Control Center data stores while minimizing impact on directory infrastructure.
If your organization uses an LDAP server, Symantec Mail Security must be
configured so that it can access LDAP directories and update the Control Center's
data stores.
The Control Center can use directory information from LDAP servers at your site
for any of the following purposes:
The Control Center can use data from your LDAP server to
determine whether users are allowed access to Quarantine.
The Control Center authenticates users by checking their
user-name and password data directly against the LDAP source.
Authentication
Planning your deployment
General deployment considerations
12
The Control Center can synchronize user and group email
address data from your LDAP server and replicate it to
Scanners. This data is then used to validate message recipients,
apply policies to groups, recognize directory harvest attacks,
and expand distribution lists (aliases). LDAP-authenticated
user and group email address data are cached in the Control
Center for subsequent replication to Scanners but are not
written back to the LDAP source.
Synchronization
The Control Center uses LDAP user and password data to route
email messages based on alias and/or transport specification
to specified domains.
Routing
Symantec Mail Security supports the following LDAP directory types:
Windows 2000 Active Directory
Windows 2003 Active Directory
Sun Directory Server 5.2 (formerly known as the iPlanet Directory Server)
Note: If you are using Sun Directory Server 5.2, you must update to patch 4 to
address some changelog issues that arose in patch 3.
Exchange 5.5
Lotus Domino LDAP Server 6.5
Load balancing
Symantec Mail Security is not intended to be used for load balancing.
Administrators can associate only one host name or IP address as the MTA to
which email is relayed. You must implement multiple Scanners to perform load
balancing.
Adjusting MX records
When you implement Symantec Mail Security in front of a separate MTA that
receives inbound messages, you must to change the DNS mail exchange (MX)
records. The records must point incoming messages to the system. Symantec Mail
Security should have a higher priority than the existing MTA.
However, if you simply list Symantec Mail Security as a higher-weighted MX
record in addition to the existing MX record, spammers can look up the previous
MTA's MX record. This allows them to send spam directly to the old server,
13Planning your deployment
General deployment considerations
bypassing your spam filtering. To prevent spammers from circumventing the new
spam-filtering servers, you should do one of the following:
The MX record should point at your Symantec Mail Security. Do not point the
MX record at downstream MTAs.
Remove the previous MTA's MX record from DNS.
Block off the MTA from the Internet using a firewall.
Modify the firewall's network address translation (NAT) tables to route external
IP addresses to internal non-routable IP addresses. You can then map from
the old server to Symantec Mail Security.
When naming Symantec Mail Security, ensure that the name you choose does
not imply its function. For example, antispam.yourdomain.com,
symantec.yourdomain.com, or antivirus.yourdomain.com are not good choices.
If you want to send mail to a downstream MTA, you can use a load balancer.
Deployment models
You can deploy Symantec Mail Security in the following ways:
Basic gateway deployment
Multi-tier gateway deployment
Post-gateway deployment
Basic gateway deployment
This is the simplest deployment model. Symantec Mail Security resides at the
outermost gateway layer inside the enterprise firewall. It provides Secure Email
Services by relaying inbound mail to other relay layers or to the user-facing mail
server layer. Symnatec Mail Security routes outbound mail through local relay
for delivery to local domain addresses or through the firewall to the Internet.
Inbound and outbound mail are both processed on one Ethernet NIC through a
single IP address. Inbound and outbound traffic can be logically separated by
assigning one to the physical IP and the other to a virtual IP address or by assigning
inbound and outbound traffic to separate ports (such as 25 and 26).
On all configured server computers, port 443 must be configured to permit
outbound connections to Symantec to download content updates.
Figure 1-1 shows Symantec Mail Security deployed at the gateway, behind a
firewall.
Planning your deployment
Deployment models
14
Figure 1-1
Basic gateway deployment
Advantages
The basic gateway deployment takes advantage of Symantec Mail Security's
proximity to the Internet.
Because spam emanates from the outside world, the gateway is the logical and
effective place to deploy Symantec Mail Security.
When you deploy the system closer to the gateway, you can minimize mail
processing and storage requirements as well as network bandwidth via Email
Firewall filtering.
Considerations
Administrators considering the basic gateway deployment should take into account
the following factors:
Some organizations prefer to have secure gateways with no other services
running. In these environments, all other services run behind the first gateway
layer.
Some smaller organizations do not have dedicated gateway servers or a gateway
layer. Instead, they deploy gateway servers and internal mail servers on the
same computers.
Multi-tier gateway deployment
Note: This model may be implemented with one or more Scanner hosts.
Figure 1-2 shows Symantec Mail Security in a multi-tier gateway deployment,
with multiple Scanners in the DMZ and a Control Center behind a second firewall.
15Planning your deployment
Deployment models
Figure 1-2
Multi-tier gateway deployment
Advantages
A multi-tier gateway deployment maximizes Symantec Mail Security's network
administration capacities.
This configuration meets a common security audit requirement in that all data
stores are in the second tier, including the Control Center and Spam Quarantine
databases.
Inbound traffic may be load balanced across multiple scanners with this model.
Compared with basic gateway deployment, this configuration eliminates a
single point of failure for message scanning.
This model allows administrators to take individual Scanners offline for
maintenance without incurring downtime.
This scenario enables load balancing of filtered mail across multiple
downstream MTAs.
Considerations
With its greater administrative controls, a multi-tier deployment requires higher
administrative and maintenance overhead.
This approach requires more administrative overhead and complex networking
than a basic gateway deployment.
With increased hardware and maintenance costs, this model could require a
higher total cost of operation.
Planning your deployment
Deployment models
16
Post-gateway deployment
Note: This model may be implemented with one or more SMTP gateway MTAs
and one or more Scanner hosts.
Figure 1-3 shows Symantec Mail Security deployed after MTAs at the firewall.
Figure 1-3
Post-Gateway deployment
MTAs at the gateway layer accept unfiltered mail from the Internet then relay it
to Symantec Mail Security. The system filters mail from the gateway layer and
relays mail to other MTAs downstream.
Advantages
Your network configuration may require that you place your Scanner hosts with
your SMTP gateway MTA in a "demilitarized zone" between two firewalls.
If you have a customized MTA or specific business needs, then running this
configuration may outweigh the extra overhead and loss of functionality.
Considerations
Post-gateway deployment limits the functionality of Scanners and may decrease
system throughput.
This configuration limits Scanner functionality as IP-based defenses are
nullified.
Unless the SMTP Gateway is performing filtering, all email is processed by
the gateway (read, stored, and forwarded) then sent to the system, which must
17Planning your deployment
Deployment models
then read, filter, and take some action based on the verdict. Such redundancy
may add overhead, thereby decreasing throughput.
Planning your deployment
Deployment models
18
Understanding system
requirements
This chapter includes the following topics:
Factors that affect performance
Ports used by Symantec Mail Security
Factors that affect performance
The performance of Symantec Mail Security appliances can be affected by many
factors. This section provides guidelines regarding those factors, and suggestions
that may improve performance.
Overall performance involves several factors, some depending on the configuration
and deployment options you choose, and others depending on external factors,
such as the percentage of your organizations email that is spam.
Environmental factors that affect performance
Environmental factors, including historical usage patterns of your particular
deployment, will affect system performance. Prior to installation, collect
information about your environment to understand typical usage patterns:
Outgoing SMTP connections. This can cause additional overhead by swelling
disk queues with email destined for remote email servers which may not be
immediately accepting new email. Larger queues on disk result in reduced
MTA performance. Ideally, inbound and outbound mail streams should be
configured to work on separate appliances.
2
Chapter
External MTA performance. If appropriate, determine the performance of the
MTA sending incoming email to your MTA, and the performance of your
gateway MTAs and message store.
The characteristics of messages sent and received can impact performance. Key
parameters to identify are:
Average message size
Number of messages with attachments
Average attachment size
Types of attachments
Percentage of virus-infected messages in the email traffic
Types of end-users (ISP or enterprise)
Settings that affect performance
The choices you make when configuring Symantec Mail Security appliances affect
their performance.
Filtering performance considerations
If a message has more than one recipient, each with different group policies, then
the Scanner may need to bifurcate the message (split it into one or more messages)
for modification prior to delivery. Bifurcated messages resulting from many group
policies may degrade performance. Use group policies as necessary but be aware
that using a large number of policies can affect performance.
Control Center performance considerations
The Control Center is used to start and stop servers; view logs and reports; set
configuration options; backup, restore, and reset system software; and consolidate
statistics, report data, and logs. Consider the following regarding its configuration:
Number of Scanners - The number of Scanners a Control Center collects logging
and statistics from can impact the Control Center's performance. As you add
Scanners to a Control Center, monitor the Control Center's performance to
ensure that it does not degrade to unacceptable levels.
Log level - The higher the log levels, the more data the Control Center must
consolidate over the network. Consider keeping log levels relatively low unless
you are troubleshooting. You can also set logs to be expunged more frequently.
Scheduled reports - Schedule reports for times when utilization is low.
Understanding system requirements
Factors that affect performance
20
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54

Symantec 10547829 - Mail Security For Smtp 5.0 Smb Installation guide

Category
Networking
Type
Installation guide
This manual is also suitable for

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI