Symantec 10547829 - Mail Security For Smtp 5.0 Smb Installation guide

Brand: Symantec

Model: 10547829 - Mail Security For Smtp 5.0 Smb

Category: Networking

Type: Installation guide

This manual is also suitable for

Mail Security Appliance

Symantec Mail Security

Appliance Installation Guide

Symantec Information Foundation

Symantec Mail Security Appliance Installation Guide

The software described in this book is furnished under a license agreement and may be used

only in accordance with the terms of the agreement.

PN: 10747600

Legal Notice

Symantec, the Symantec Logo, and LiveUpdate are trademarks or registered trademarks of

Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be

trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use,

copying, distribution, and decompilation/reverse engineering. No part of this document

may be reproduced in any form by any means without prior written authorization of

Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,

REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF

MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,

ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO

BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL

OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,

PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED

IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software

as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19

"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in

Commercial Computer Software or Commercial Computer Software Documentation", as

applicable, and any successor regulations. Any use, modification, reproduction release,

performance, display or disclosure of the Licensed Software and Documentation by the U.S.

Government shall be solely in accordance with the terms of this Agreement.

Symantec Corporation

20330 Stevens Creek Blvd.

Cupertino, CA 95014

http://www.symantec.com

Technical Support

Symantec Technical Support maintains support centers globally. Technical

Support’s primary role is to respond to specific queries about product feature and

function, installation, and configuration. The Technical Support group also authors

content for our online Knowledge Base. The Technical Support group works

collaboratively with the other functional areas within Symantec to answer your

questions in a timely fashion. For example, the Technical Support group works

with Product Engineering and Symantec Security Response to provide alerting

services and virus definition updates.

Symantec’s maintenance offerings include the following:

■ A range of support options that give you the flexibility to select the right

amount of service for any size organization

■ A telephone and web-based support that provides rapid response and

up-to-the-minute information

■ Upgrade insurance that delivers automatic software upgrade protection

■ Global support that is available 24 hours a day, 7 days a week worldwide.

Support is provided in a variety of languages for those customers that are

enrolled in the Platinum Support program

■ Advanced features, including Technical Account Management

For information about Symantec’s Maintenance Programs, you can visit our Web

site at the following URL:

www.symantec.com/techsupp/

Select your country or language under Global Support. The specific features that

are available may vary based on the level of maintenance that was purchased and

the specific product that you are using.

Contacting Technical Support

Customers with a current maintenance agreement may access Technical Support

information at the following URL:

www.symantec.com/techsupp/

Select your region or language under Global Support.

Before contacting Technical Support, make sure you have satisfied the system

requirements that are listed in your product documentation. Also, you should be

at the computer on which the problem occurred, in case it is necessary to recreate

the problem.

When you contact Technical Support, please have the following information

available:

■ Product release level

■ Hardware information

■ Available memory, disk space, and NIC information

■ Operating system

■ Version and patch level

■ Network topology

■ Router, gateway, and IP address information

■ Problem description:

■ Error messages and log files

■ Troubleshooting that was performed before contacting Symantec

■ Recent software configuration changes and network changes

Licensing and registration

If your Symantec product requires registration or a license key, access our technical

support Web page at the following URL:

www.symantec.com/techsupp/

Select your region or language under Global Support, and then select the Licensing

and Registration page.

Customer service

Customer service information is available at the following URL:

www.symantec.com/techsupp/

Select your country or language under Global Support.

Customer Service is available to assist with the following types of issues:

■ Questions regarding product licensing or serialization

■ Product registration updates such as address or name changes

■ General product information (features, language availability, local dealers)

■ Latest information about product updates and upgrades

■ Information about upgrade insurance and maintenance contracts

■ Information about the Symantec Value License Program

■ Advice about Symantec's technical support options

■ Nontechnical presales questions

■ Issues that are related to CD-ROMs or manuals

Maintenance agreement resources

If you want to contact Symantec regarding an existing maintenance agreement,

please contact the maintenance agreement administration team for your region

as follows:

■ Asia-Pacific and Japan: contractsadmin@symantec.com

■ Europe, Middle-East, and Africa: semea@symantec.com

■ North America and Latin America: supportsolutions@symantec.com

Additional Enterprise services

Symantec offers a comprehensive set of services that allow you to maximize your

investment in Symantec products and to develop your knowledge, expertise, and

global insight, which enable you to manage your business risks proactively.

Enterprise services that are available include the following:

These solutions provide early warning of cyber

attacks, comprehensive threat analysis, and

countermeasures to prevent attacks before they occur.

Symantec Early Warning Solutions

These services remove the burden of managing and

monitoring security devices and events, ensuring

rapid response to real threats.

Managed Security Services

Symantec Consulting Services provide on-site

technical expertise from Symantec and its trusted

partners. Symantec Consulting Services offer a variety

of prepackaged and customizable options that include

assessment, design, implementation, monitoring and

management capabilities, each focused on establishing

and maintaining the integrity and availability of your

IT resources.

Consulting Services

Educational Services provide a full array of technical

training, security education, security certification,

and awareness communication programs.

Educational Services

To access more information about Enterprise services, please visit our Web site

at the following URL:

www.symantec.com

Select your country or language from the site index.

Technical Support

Chapter 1 Planning your deployment

General deployment considerations ................................................ 11

MTA usage ............................................................................ 11

Configuring Scanners .............................................................. 11

Positioning with other filtering products .................................... 12

Filtering internal deliveries ..................................................... 12

LDAP services ........................................................................ 12

Load balancing ...................................................................... 13

Adjusting MX records .............................................................. 13

Deployment models ...................................................................... 14

Basic gateway deployment ....................................................... 14

Multi-tier gateway deployment ................................................ 15

Post-gateway deployment ........................................................ 17

Chapter 2 Understanding system requirements

Factors that affect performance ...................................................... 19

Environmental factors that affect performance ............................ 19

Settings that affect performance ............................................... 20

Ports used by Symantec Mail Security ............................................. 21

Configuring your firewall for connections to public IM network

servers ........................................................................... 24

Chapter 3 Setting up the Symantec Mail Security Appliance

Before you set up your appliance ..................................................... 25

Compatible browsers ............................................................... 26

Configuring SSH clients to log into an appliance .......................... 26

Configuring your DNS for IM filtering ........................................ 27

How to set up the appliance ............................................................ 28

Configuring your network to include the new appliance ................. 29

Understanding key indicators and controls for rack-mounted

appliances ...................................................................... 29

Initialize your new appliance .................................................... 30

Contents

Registering your system .......................................................... 33

Updating a new appliance to the latest software ........................... 35

Setting up a Control Center with optional Scanner ........................ 35

Setting up a Scanner ............................................................... 40

Completing setup ................................................................... 44

Logging in and logging out ............................................................. 45

Having trouble logging in or out? .............................................. 49

Migrating to Symantec Mail Security 7.5 ........................................... 49

Migration considerations ......................................................... 49

Backing up existing Control Center data ..................................... 51

Running software update ......................................................... 52

Index

Contents10

Planning your deployment

This chapter includes the following topics:

■ General deployment considerations

■ Deployment models

General deployment considerations

This section provides information about integrating Symantec Mail Security into

your network.

Note: Multiple Scanner scenarios are common for organizations with system

failover needs or high mail scanning throughput requirements.

MTA usage

Symantec Mail Security contains a Message Transfer Agent (MTA), which processes

and relays messages to support filtering activities.

Note: Symantec Mail Security provides neither mailbox access for end users nor

message storage. You must provide an MTA for use in your email infrastructure.

Configuring Scanners

During installation, you can use a wizard to add a Scanner. Depending on your

filtering requirements and messaging environment, you may want to deploy

multiple Scanners. In such cases, you can dedicate Scanners to specific functions.

For example, you might want one Scanner to filter inbound mail, another to filter

outbound mail, and another to filter instant messages.

Chapter

Positioning with other filtering products

In order for Symantec Mail Security's spam and Content Compliance filters to

function properly, you should avoid placing the product behind other filtering

products (such as content filters) or MTAs that alter or remove pre-existing

message headers or modify the message body.

Filtering internal deliveries

You can force internal mail through Symantec Mail Security to avoid propagation

of viruses and spam generated by email mass-mailing worms that may have been

picked up by individuals via Web browsing or downloading.

LDAP services

LDAP (Lightweight Directory Access Protocol) is a directory name service that

allows organizations to structure email directory data according to the

organization's own structure, whether by location, business unit, department, or

other criteria. Organizations with multiple internal mail hosts rely on centralized

LDAP servers to synchronize changes made to email directories across the

organization. Symantec Mail Security supports LDAP services to authenticate

user access to Spam Quarantine and to synchronize email directory information

stored in the Control Center with LDAP directories. These services synchronize

LDAP user, alias, and group directory data with the Control Center's own directory

data stores for subsequent replication to attached and enabled Scanners. They

convert the data to formats compatible with Spam Quarantine, Scanner, and

Control Center data stores while minimizing impact on directory infrastructure.

If your organization uses an LDAP server, Symantec Mail Security must be

configured so that it can access LDAP directories and update the Control Center's

data stores.

The Control Center can use directory information from LDAP servers at your site

for any of the following purposes:

The Control Center can use data from your LDAP server to

determine whether users are allowed access to Quarantine.

The Control Center authenticates users by checking their

user-name and password data directly against the LDAP source.

Authentication

Planning your deployment

General deployment considerations

The Control Center can synchronize user and group email

address data from your LDAP server and replicate it to

Scanners. This data is then used to validate message recipients,

apply policies to groups, recognize directory harvest attacks,

and expand distribution lists (aliases). LDAP-authenticated

user and group email address data are cached in the Control

Center for subsequent replication to Scanners but are not

written back to the LDAP source.

Synchronization

The Control Center uses LDAP user and password data to route

email messages based on alias and/or transport specification

to specified domains.

Routing

Symantec Mail Security supports the following LDAP directory types:

■ Windows 2000 Active Directory

■ Windows 2003 Active Directory

■ Sun Directory Server 5.2 (formerly known as the iPlanet Directory Server)

Note: If you are using Sun Directory Server 5.2, you must update to patch 4 to

address some changelog issues that arose in patch 3.

■ Exchange 5.5

■ Lotus Domino LDAP Server 6.5

Load balancing

Symantec Mail Security is not intended to be used for load balancing.

Administrators can associate only one host name or IP address as the MTA to

which email is relayed. You must implement multiple Scanners to perform load

balancing.

Adjusting MX records

When you implement Symantec Mail Security in front of a separate MTA that

receives inbound messages, you must to change the DNS mail exchange (MX)

records. The records must point incoming messages to the system. Symantec Mail

Security should have a higher priority than the existing MTA.

However, if you simply list Symantec Mail Security as a higher-weighted MX

record in addition to the existing MX record, spammers can look up the previous

MTA's MX record. This allows them to send spam directly to the old server,

13Planning your deployment

General deployment considerations

bypassing your spam filtering. To prevent spammers from circumventing the new

spam-filtering servers, you should do one of the following:

■ The MX record should point at your Symantec Mail Security. Do not point the

MX record at downstream MTAs.

■ Remove the previous MTA's MX record from DNS.

Block off the MTA from the Internet using a firewall.

■ Modify the firewall's network address translation (NAT) tables to route external

IP addresses to internal non-routable IP addresses. You can then map from

the old server to Symantec Mail Security.

■ When naming Symantec Mail Security, ensure that the name you choose does

not imply its function. For example, antispam.yourdomain.com,

symantec.yourdomain.com, or antivirus.yourdomain.com are not good choices.

■ If you want to send mail to a downstream MTA, you can use a load balancer.

Deployment models

You can deploy Symantec Mail Security in the following ways:

■ Basic gateway deployment

■ Multi-tier gateway deployment

■ Post-gateway deployment

Basic gateway deployment

This is the simplest deployment model. Symantec Mail Security resides at the

outermost gateway layer inside the enterprise firewall. It provides Secure Email

Services by relaying inbound mail to other relay layers or to the user-facing mail

server layer. Symnatec Mail Security routes outbound mail through local relay

for delivery to local domain addresses or through the firewall to the Internet.

Inbound and outbound mail are both processed on one Ethernet NIC through a

single IP address. Inbound and outbound traffic can be logically separated by

assigning one to the physical IP and the other to a virtual IP address or by assigning

inbound and outbound traffic to separate ports (such as 25 and 26).

On all configured server computers, port 443 must be configured to permit

outbound connections to Symantec to download content updates.

Figure 1-1 shows Symantec Mail Security deployed at the gateway, behind a

firewall.

Planning your deployment

Deployment models

Figure 1-1

Basic gateway deployment

Advantages

The basic gateway deployment takes advantage of Symantec Mail Security's

proximity to the Internet.

■ Because spam emanates from the outside world, the gateway is the logical and

effective place to deploy Symantec Mail Security.

■ When you deploy the system closer to the gateway, you can minimize mail

processing and storage requirements as well as network bandwidth via Email

Firewall filtering.

Considerations

Administrators considering the basic gateway deployment should take into account

the following factors:

■ Some organizations prefer to have secure gateways with no other services

running. In these environments, all other services run behind the first gateway

layer.

■ Some smaller organizations do not have dedicated gateway servers or a gateway

layer. Instead, they deploy gateway servers and internal mail servers on the

same computers.

Multi-tier gateway deployment

Note: This model may be implemented with one or more Scanner hosts.

Figure 1-2 shows Symantec Mail Security in a multi-tier gateway deployment,

with multiple Scanners in the DMZ and a Control Center behind a second firewall.

15Planning your deployment

Deployment models

Figure 1-2

Multi-tier gateway deployment

Advantages

A multi-tier gateway deployment maximizes Symantec Mail Security's network

administration capacities.

■ This configuration meets a common security audit requirement in that all data

stores are in the second tier, including the Control Center and Spam Quarantine

databases.

■ Inbound traffic may be load balanced across multiple scanners with this model.

■ Compared with basic gateway deployment, this configuration eliminates a

single point of failure for message scanning.

■ This model allows administrators to take individual Scanners offline for

maintenance without incurring downtime.

■ This scenario enables load balancing of filtered mail across multiple

downstream MTAs.

Considerations

With its greater administrative controls, a multi-tier deployment requires higher

administrative and maintenance overhead.

■ This approach requires more administrative overhead and complex networking

than a basic gateway deployment.

■ With increased hardware and maintenance costs, this model could require a

higher total cost of operation.

Planning your deployment

Deployment models

Post-gateway deployment

Note: This model may be implemented with one or more SMTP gateway MTAs

and one or more Scanner hosts.

Figure 1-3 shows Symantec Mail Security deployed after MTAs at the firewall.

Figure 1-3

Post-Gateway deployment

MTAs at the gateway layer accept unfiltered mail from the Internet then relay it

to Symantec Mail Security. The system filters mail from the gateway layer and

relays mail to other MTAs downstream.

Advantages

Your network configuration may require that you place your Scanner hosts with

your SMTP gateway MTA in a "demilitarized zone" between two firewalls.

■ If you have a customized MTA or specific business needs, then running this

configuration may outweigh the extra overhead and loss of functionality.

Considerations

Post-gateway deployment limits the functionality of Scanners and may decrease

system throughput.

■ This configuration limits Scanner functionality as IP-based defenses are

nullified.

■ Unless the SMTP Gateway is performing filtering, all email is processed by

the gateway (read, stored, and forwarded) then sent to the system, which must

17Planning your deployment

Deployment models

then read, filter, and take some action based on the verdict. Such redundancy

may add overhead, thereby decreasing throughput.

Planning your deployment

Deployment models

Understanding system

requirements

This chapter includes the following topics:

■ Factors that affect performance

■ Ports used by Symantec Mail Security

Factors that affect performance

The performance of Symantec Mail Security appliances can be affected by many

factors. This section provides guidelines regarding those factors, and suggestions

that may improve performance.

Overall performance involves several factors, some depending on the configuration

and deployment options you choose, and others depending on external factors,

such as the percentage of your organization’s email that is spam.

Environmental factors that affect performance

Environmental factors, including historical usage patterns of your particular

deployment, will affect system performance. Prior to installation, collect

information about your environment to understand typical usage patterns:

■ Outgoing SMTP connections. This can cause additional overhead by swelling

disk queues with email destined for remote email servers which may not be

immediately accepting new email. Larger queues on disk result in reduced

MTA performance. Ideally, inbound and outbound mail streams should be

configured to work on separate appliances.

Chapter

■ External MTA performance. If appropriate, determine the performance of the

MTA sending incoming email to your MTA, and the performance of your

gateway MTAs and message store.

The characteristics of messages sent and received can impact performance. Key

parameters to identify are:

■ Average message size

■ Number of messages with attachments

■ Average attachment size

■ Types of attachments

■ Percentage of virus-infected messages in the email traffic

■ Types of end-users (ISP or enterprise)

Settings that affect performance

The choices you make when configuring Symantec Mail Security appliances affect

their performance.

Filtering performance considerations

If a message has more than one recipient, each with different group policies, then

the Scanner may need to bifurcate the message (split it into one or more messages)

for modification prior to delivery. Bifurcated messages resulting from many group

policies may degrade performance. Use group policies as necessary but be aware

that using a large number of policies can affect performance.

Control Center performance considerations

The Control Center is used to start and stop servers; view logs and reports; set

configuration options; backup, restore, and reset system software; and consolidate

statistics, report data, and logs. Consider the following regarding its configuration:

■ Number of Scanners - The number of Scanners a Control Center collects logging

and statistics from can impact the Control Center's performance. As you add

Scanners to a Control Center, monitor the Control Center's performance to

ensure that it does not degrade to unacceptable levels.

■ Log level - The higher the log levels, the more data the Control Center must

consolidate over the network. Consider keeping log levels relatively low unless

you are troubleshooting. You can also set logs to be expunged more frequently.

■ Scheduled reports - Schedule reports for times when utilization is low.

Understanding system requirements

Factors that affect performance

Page is loading ...

Symantec 10547829 - Mail Security For Smtp 5.0 Smb Installation guide

Brand: Symantec

Model: 10547829 - Mail Security For Smtp 5.0 Smb

Category: Networking

Type: Installation guide

This manual is also suitable for

Mail Security Appliance

Download PDF

report

Symantec 10547829 - Mail Security For Smtp 5.0 Smb Installation guide

This manual is also suitable for

Symantec 10547829 - Mail Security For Smtp 5.0 Smb Installation guide

Related papers

Other documents