Symantec Mail Security for Smtp 4.0 (10228818) for PC, Unix
Contents
1. What you can do with Symantec Mail Security for SMTP Symantec Mail Security for SMTP handles messages and attachments according to your antivirus anti spam and content filtering policies You set your policies through the Symantec Mail Security for SMTP administrative interface from either the physical server on which the software is installed or from any workstation on the network See Setting your antivirus policy on page 71 See Setting your anti spam policy on page 81 See Setting your filtering policy on page 93 You can configure Symantec Mail Security for SMTP so that users on the network become aware of its operation only if a virus or content violation is detected You can also configure Symantec Mail Security for SMTP to send alerts to administrators in the case of system events and send notifications to administrators and senders when there is virus activity See Configuring alerts on page 61 You also use the administrative interface to set relay settings Filter email messages Your filtering policy is determined by how you configure Symantec Mail Security for SMTP to filter messages You can specify what criteria to use to filter messages and attachments and how those filtered messages and attachments should be handled See Setting your filtering policy on page 93 18 Introducing Symantec Mail Security for SMTP What you can do with Symantec Mail Security for SMTP Identify spam2. ad After Dark screen saver file ade Microsoft Access Project extension adp Microsoft Access Project asp Active Server Pages file bas Visual Basic Class module bat Batch file chm Compiled HTML Help File cmd Win32 command script com MS DOS application cpl Control Panel extension crt Security certificate exe Win32 application hlp Windows Help file hta HTML application inf Setup information file ins Internet communication settings isp Internet communication settings js JScript file jse JScript encoded script file Ink Shortcut mdb Microsoft Access database mde Microsoft Access MDE database 98 Setting your filtering policy Blocking by content Table 6 2 Default extension blocking list Peace Cees msc Microsoft common console document msi Windows installer package msp Windows installer patch mst Visual test source file ped Photo CD image pif Shortcut to MS DOS program reg Registration entries scr Screen saver sct Windows script component shb Document shortcut file shs Shell scrap object url Internet shortcut Uniform Resource Locator vb VBScript file vbe VBScript encoded script file vbs VBScript script file vsd Visio drawing file VSS Visual SourceSafe file yst Targa bitmap file VSW Visio workspace file ws WordStar file WSC Windows scri
3. Queue file save Queue file save setting Disable SMTP conversation logging Inbound Logging Outbound Logging Conversation leag Disa Deae evel For a log level of Save Jog on error retain the conversation log if the all SMTP errors S All SMTP errors x selected type of SMTP error occurs Level of DATA stream logging contents of Ignore DATA stream 7 lgnore DATA stream x message Help Save Changes Configuring SMTP conversation logging You can configure SMTP protocol conversation logging logs the incoming and or outgoing SMTP protocol conversation when accepting or delivering a message If inbound logging is enabled one conversation log is generated for each inbound connection If outbound logging is enabled one log is generated for each message delivery attempt The conversation log files are saved to the diagnostic files directory that is defined during installation The default location is lt InstallDir gt queues diagnosticfiles where lt InstallDir gt is the path of the top level installation directory such as var opt SMSSMTP or C Program Files Symantec SMSSMTP Warning The default for the SMTP Conversation Logging is Disable Do not change this setting unless you are instructed by Symantec Technical Support to do so 70 Configuring Symantec Mail Security for SMTP Configuring queue file save and SMTP conversation logging To configure conversation logging 1 On t
4. See Integrating Symantec Mail Security for SMTP with SESA on page 121 Configuring Symantec Mail Security for SMTP 67 Configuring logging options Once enabled Symantec Mail Security for SMTP logs the following local events to SESA m Logon m Subjects blocked m Logoff m Scan error m Definitions updated m Sender blocked m Object modified m Attachment deleted m Protocol violation m Spam list block m Messages rejected m Heuristic spam detection m Messages dropped m Message statistics m Messages bounced m Spam rule violations m Delivery failed Content rule violations m Virus logged m Messages held m Files repaired m Encrypted content violations m Files deleted See Generating detail reports on page 115 No data is retained while logging is disabled so you cannot generate reports unless logging is enabled To configure logging options 1 Onthe Symantec Mail Security for SMTP administrative interface in the left pane click Configuration Hold Scan Accounts Setup Queue Policy Routing Alerts Notifications Logging Diagnostics Local logging M Enable local logging Delete logs after 6 months SESA logging I Enable SESA logging Agent host 127 0 0 1 Port 8086 Help Save Changes 68 Configuring Symantec Mail Security for SMTP Configuring queue file save and SMTP conversation logging N QO oO A On the Logging tab under Local logging check or uncheck Enable local logging In the De
5. Symantec Mail Security for SMTP can be configured to filter messages based on the following m Message size m Subject line m Filename m Container limits m Encrypted container m Characters in email addresses m Content rules Your anti spam policy is determined by how you configure Symantec Mail Security for SMTP to identify spam You can specify which criteria to use to identify spam and how those messages should be handled See Setting your anti spam policy on page 81 Symantec Mail Security for SMTP can be configured to identify spam based on the following m Sender address m Real time blacklist anti spam lists m Heuristic detection m Spam rules Respond to viruses Your antivirus policy is determined by how you configure Symantec Mail Security for SMTP to handle email messages for example which file types to scan which messages to quarantine and when to notify administrators and senders if viruses are found or virus outbreaks occur See Setting your antivirus policy on page 71 Introducing Symantec Mail Security for SMTP 19 What you can do with Symantec Mail Security for SMTP Table 1 3 shows options for handling infected attachments Table 1 3 Options for handling infected attachments Repair The virus within the attachment is repaired if possible Delete No repair is attempted The attachment is deleted from the message Log only No repair is attempted The incident of a virus is logge
6. specifically licensed for a specific type of network attached storage device under a License Module D If the Software You have licensed is Symantec Mail Security for a corresponding third party product or platform You may only use that Software for the corresponding product or platform You may only use the Software for the number of units e g desktops mailboxes nodes servers etc specified in the License Module E If the Software You have licensed is Symantec Client Security this Software utilizes the Standard Template Library a C library of container classes algorithms and iterators Copyright c 1996 1999 Silicon Graphics Computer Systems Inc Copyright c 1994 Hewlett Packard Company Contents Technical support Chapter 1 Chapter 2 Introducing Symantec Mail Security for SMTP About Symantec Mail Security for SMTP ou ecsecsesssesseeseseseseeesseeeseeeeees 13 What s new in Symantec Mail Security for SMTP ceceseseseseseeeseeeeeeeeees 14 Components of Symantec Mail Security for SMTP ou ceeseeseseseeeeesesesees 14 How Symantec Mail Security for SMTP works cceeseseesesessseeeseseseseeseeeeees 15 What you can do with Symantec Mail Security for SMTP cceeeeeeees 17 Filter email Messages cccccssecesssseseseseecesceeesesesceseeeceseeeeeeseeesaeeesaeseseeas UES ot a a gtcy of Wav pes pe ene rele eeprom Respond to viruses ccceeeee Configure relay setting
7. Symantec Mail Security for SMTP Ss symantec Symantec Mail Security for SMTP The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement Documentation version 4 0 PN 10228901 Copyright Notice Copyright 2004 Symantec Corporation All Rights Reserved Any technical documentation that is made available by Symantec Corporation is the copyrighted work of Symantec Corporation and is owned by Symantec Corporation NO WARRANTY The technical documentation is being delivered to you AS IS and Symantec Corporation makes no warranty as to its accuracy or use Any use of the technical documentation or the information contained therein is at the risk of the user Documentation may include technical or other inaccuracies or typographical errors Symantec reserves the right to make changes without prior notice No part of this publication may be copied without the express written permission of Symantec Corporation 20330 Stevens Creek Blvd Cupertino CA 95014 Trademarks Symantec the Symantec logo and Norton AntiVirus are U S registered trademarks of Symantec Corporation and its subsidiaries Symantec AntiVirus Symantec Web Security LiveUpdate Bloodhound Symantec Antivirus Research Center SARC Symantec Security Response and Symantec pcAnywhere are trademarks of Symantec Corporation and its subsidiaries Sun Sun Microsystems the Sun logo and
8. The terms AND and OR cannot be mixed within a single filtering statement Multiple NOT operators are allowed within a single filtering statement AND can also be delimited by a comma By selecting All of these terms or Any of these terms from the menu the operators are determined All of these terms AND Any of these terms OR To block by custom spam rules 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Anti spam Policy 2 Inthe Spam Rules window on the Status tab select Enable message body scanning for both Spam and Content Violation Rules 3 Click Save Changes Status Spam Spam filtering rules Single click a rule before choosing edit or delete wl Add Edit Delete Take the following action when any Spam filtering rule is activated Drop message C Log only C Forward message To email address ee o ooo Subject optional Help Save Changes 4 On the Spam tab under Spam filtering rules click Add 5 Under Custom filtering rule definition select Enable this custom filtering rule 92 Setting your anti spam policy Blocking by custom spam rules In the drop down list select either All of these terms or Any of these terms In the Identify messages that contain box type one or more terms to be used for filtering Separate all terms with commas If entering phrases type all words in the phrase without commas between them Terms are not case sensitiv
9. wildcard character blocks any 1 exactly 1 character For example hot would block any subject line that contains those three letters consecutively in the line For example any line that contains the word shotgun would be blocked The wildcard string hot would block the subject line shots but not hot hots or a line that contains any of those words Using the wildcard character to match a high ASCII character does not result in a block Subject line blocking is not case sensitive Fw and Re are added automatically by the software 4 Under Take the following action when a subject line violation occurs select one of the following m Drop message m Log only m Forward message 5 If you selected Forward message in the To email address box type one address to which the blocked message will be forwarded and then in the Subject line box type the subject line of the rejected message to be forwarded 6 Click Save Changes Blocking by file name Setting your filtering policy 97 Blocking by content You can configure Symantec Mail Security for SMTP to block email by file name You can delete file names from the default list or add more file names to be blocked Table 6 2 shows the extensions with as a wildcard character that Symantec Mail Security for SMTP blocks by default when you enable blocking by file name Table 6 2 Default extension blocking list
10. Your computer and retain the original for archival purposes C use the Software on a network provided that You have a licensed copy of the Software for each computer that can access the Software over that network D use the Software in accordance with any written agreement between You and Symantec and E after written consent from Symantec transfer the Software on a permanent basis to another person or entity provided that You retain no copies of the Software and the transferee agrees in writing to the terms of this license You may not A copy the printed documentation that accompanies the Software B sublicense rent or lease any portion of the Software reverse engineer decompile disassemble modify translate make any attempt to discover the source code of the Software or create derivative works from the Software C use the Software as part of a facility management timesharing service provider or service bureau arrangement D use a previous version or copy of the Software after You have received and installed a disk replacement set or an upgraded version Upon upgrading the Software all copies of the prior version must be destroyed E use a later version of the Software than is provided herewith unless You have purchased corresponding maintenance and or upgrade insurance or have otherwise separately acquired the right to use such later version F use if You received the software distributed on media contai
11. pe Change Password Administration settings M Enable Report only Administrator account Administrator timeout 5 minutes Administrator email addresses one per line administratori brightcorp com administrator2 brightcorp com Help Save Changes 2 On the Accounts tab under Administration Passwords under Report only Administrator password in the New password box type a password for the report only administrator Ensure that the password is different from that of the Administrator Passwords are case sensitive and have a 32 character limit 3 Inthe Confirm box type the password again 4 Click Change Password 42 Configuring Symantec Mail Security for SMTP Configuring administrator settings To enable the report only administrator account 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration On the Accounts tab under Administration Settings check Enable Report only Administrator account Click Save Changes The report only administrator password must be set before enabling the account To set the administrator timeout 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration On the Accounts tab under Administration Settings in the Administrator timeout box type the number of minutes that will elapse without activity before a new logon is required Five minutes is the default The admin
12. IP address to specify allowed hosts For example someplace com 12 37 12 1 If Do not allow is selected and no hosts are listed Symantec Mail Security for SMTP rejects all email with a non local destination 4 Click Save Changes Setting your filtering policy 105 Blocking by custom content rules Blocking by characters in email addresses You can configure Symantec Mail Security for SMTP to reject messages with email addresses that contain characters that are commonly associated with spam relaying such as and To block by characters in email addresses 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Filtering Policy 2 Inthe Anti Relay window under Blocking by characters in email addresses check Reject messages with email addresses that contain any of the following characters 3 In the text box type one or more characters for which Symantec Mail Security for SMTP will search for email addresses to block Do not insert spaces or commas between the entries 4 Click Save Changes Blocking by custom content rules You can create content rules to be used for processing The operators that are allowed to separate terms are AND OR and NOT NOT implies AND NOT The terms AND and OR cannot be mixed within a single filtering statement Multiple NOT operators are allowed within a single filtering statement AND can also be delimited by a comma By selecting All of these terms or
13. License 2 Onthe License Management page under License installation follow steps 1 2 and 3 on the administrative interface to acquire license files from Symantec 3 On the administrative interface in step 3 do one of the following m Type the fully qualified path to the License File and then click Install License If the License File does not reside on the same computer you can specify a mapped drive or UNC path to the file m Click Browse select the License File and then click Install License If the License File does not reside on the same computer you can locate the file using My Network Places 34 Installing Symantec Mail Security for SMTP Post installation tasks Routing scanned messages for delivery You must add a routing list entry for each serviced email domain on your network If the Symantec Mail Security for SMTP server is not the last hop before the Internet you might need to use default routing See Configuring default routing on page 56 To route scanned messages for delivery 1 Open Symantec Mail Security for SMTP 2 Onthe Symantec Mail Security for SMTP administrative interface in the left pane click Configuration 3 On the Routing tab under Local Routing List click Add 4 Under Routing list entry in the Host or Domain box type the domain of your mail server for example brightcorp com 5 Under Destination relay in the Host box type the fully qualified domain name or IP addres
14. Solaris are trademarks or registered trademarks of Sun Microsystems Inc in the United States and other countries Sendmail is a trademark of Sendmail Inc SPARC is a registered trademark of SPARC International Inc Products bearing SPARC trademarks are based on an architecture developed by Sun Microsystems Inc VeriSign is a registered trademark of VeriSign in the United States and other countries Microsoft Windows Windows NT Visual Basic MS DOS JScript Visio and the Windows logo are registered trademarks or trademarks of Microsoft Corporation in the United States and other countries Netscape Navigator is a registered trademark of Netscape Communications Corporation in the United States and other countries Intel and Pentium are registered trademarks of Intel Corporation Adobe Acrobat and Reader are registered trademarks of Adobe Systems Incorporated in the United States and other countries THIS PRODUCT IS NOT ENDORSED OR SPONSORED BY ADOBE SYSTEMS INCORPORATED PUBLISHERS OF ADOBE ACROBAT Other brands and product names mentioned in this manual may be trademarks or registered trademarks of their respective companies and are hereby acknowledged Printed in the United States of America 10 9 8 765 43 2 1 Technical support As part of Symantec Security Response the Symantec global Technical Support group maintains support centers throughout the world The Technical Support group s primary role is to respond to specific question
15. a registered customer in order to receive CD replacements FOR CD REPLACEMENT Please send me CD Replacement s Name Company Name Street Address No P O Boxes Please City State Zip Postal Code ee Country Daytime Phone Software Purchase Date This offer limited to U S Canada and Mexico Outside North America contact your local Symantec office or distributor Briefly describe the problem CD Replacement Price 10 00 SALES TAX TABLE AZ 5 CA 7 25 CO 3 CT 6 DC 5 75 FL 6 GA 4 Sales Tax See Table IA 5 IL 6 25 IN 5 KS 4 9 LA 4 MA 5 MD 5 ME 6 MI 6 Shipping amp Handling 9 95 MN 6 5 MO 4 225 NC 6 NJ 6 NY 4 OH 5 OK 4 5 PA 6 SC TOTAL DUE 5 TN 6 TX 6 25 VA 4 5 WA 6 5 WI 5 Please add local sales tax as well as state sales tax in AZ CA FL GA MO NY OH OK SC TN TX WA WI FORM OF PAYMENT Check One ___ Check Payable to Symantec Amount Enclosed Visa Mastercard AMEX Credit Card Number Expires Name on Card please print Signature U S Dollars Payment must be made in U S dollars drawn on a U S bank MAIL YOUR CD REPLACEMENT ORDER TO Symantec Corporation Attention Order Processing 555 International Way Springfield OR 97477 800 441 7234 Please allow 2 3 weeks for delivery within the U S Symantec and Symantec Mail Security are trademarks of Symantec Corpora
16. following types of issues Questions regarding product licensing or serialization Product registration updates such as address or name changes General product information features language availability local dealers Latest information on product updates and upgrades Information on upgrade insurance and maintenance contracts Information on Symantec Value License Program Advice on Symantec s technical support options Nontechnical presales questions Missing or defective CD ROMs or manuals Symantec Corporation Software License Agreement SYMANTEC CORPORATION AND OR ITS SUBSIDIARIES SYMANTEC IS WILLING TO LICENSE THE SOFTWARE TO YOU AS AN INDIVIDUAL THE COMPANY OR THE LEGAL ENTITY THAT WILL BE UTILIZING THE SOFTWARE REFERENCED BELOW AS YOU OR YOUR ONLY ON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS OF THIS LICENSE AGREEMENT READ THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE THIS IS A LEGAL AND ENFORCEABLE CONTRACT BETWEEN YOU AND THE LICENSOR BY OPENING THIS PACKAGE BREAKING THE SEAL CLICKING ON THE AGREE OR YES BUTTON OR OTHERWISE INDICATING ASSENT ELECTRONICALLY OR LOADING THE SOFTWARE YOU AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS CLICK ON THE I DO NOT AGREE NO BUTTON OR OTHERWISE INDICATE REFUSAL AND MAKE NO FURTHER USE OF THE SOFTWARE 1 License The software an
17. heuristic anti spam engine You can activate the heuristic anti spam engine in order to detect spam The heuristic anti spam engine performs an analysis on the entire incoming email message looking for key characteristics of spam It weighs its findings against key characteristics of legitimate email and assigns a spam score 1 100 to show how certain it is that the message is spam The higher the spam score the more probable it is that the message is spam This score in conjunction with the engine sensitivity level 1 low 5 high determines whether a message is considered spam Note The default sensitivity level for the heuristic anti spam engine is 1 Increasing the sensitivity level may result in more false positives You can configure the handling of spam based on this score on the Anti spam Policy gt Heuristic Detection gt Handling detected spam tab You initially set the engine sensitivity level and spam score values and may need to adjust these settings after a period of time during which you analyze your results 90 Setting your anti spam policy Identify suspected spam messages by the heuristic anti spam engine To identify suspected spam messages by the heuristic anti spam engine 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Anti spam Policy Heuristic antispam engine M Enable heuristic spam detection Engine sensitivity level 3 7 Prepend text to subject line of susp
18. in the Local Routing list a name by itself or the name on the left side of an arrow will be forwarded to the server on your network that is listed in the Default Routing box If this box is not filled in any email that is not addressed to a name in the Local Routing list will be delivered to the appropriate SMTP server on the Internet Configuring Symantec Mail Security for SMTP 57 Configuring routing options To configure default routing 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration Hold Scan Accounts Setup Queue Policy Routing Alerts Notifications Logging Diagnostics Default routing Destination host or domain to which email is forwarded after scanning If this server is the last hop before the Internet sending email directly to the Internet this field should be left blank Default relay port is 25 Host or domain mailer brightcorp com Port 25 Save Local routing list Specify cases where mail destined for a specific hast or domain should be routed to a different host or domain Add Edit Delete Her 2 On the Routing tab under Default Routing in the Host box type the fully qualified host name or IP address of your mail server 3 Inthe Port box type the port number of your mail server The default port number is 25 4 Click Save Mail that was destined for your SMTP server goes to Symantec Mail Security for SMTP for processing and t
19. information should appear m Date on which the private key was installed This was done automatically when you generated your request Date on which the certificate was installed m Date on which the certificate expires Expiration information is displayed only when SSL is enabled Acting as your own Certificate Authority If you are able to act as your own Certificate Authority you need only install a signed certificate created from the request generated by Symantec Mail Security for SMTP and enable SSL encryption for logons See To install the returned certificate on Symantec Mail Security for SMTP on page 48 See To enable SSL encryption on page 49 Configuring a custom disclaimer You can include text up to 1000 characters in every scanned message that is not destined to domains in the local routing list You should use only ASCII characters to ensure proper display Other characters such as DBCS may not display properly To configure a custom disclaimer 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration 2 On the Setup tab under Custom disclaimer select Enter text to be included in every scanned message 3 Inthe text box type your message 4 Click Save Changes 50 Configuring Symantec Mail Security for SMTP Configuring connection and delivery options Configuring the local time zone You can change the local time zone region that is used to f
20. is 8043 The port number must be exclusive to Symantec Mail Security for SMTP and must not already be in use by any other program or service Click Certificate Management In the Certificate Management window under Request in the Common Name box type the IP address or resolvable host name of the computer that is running Symantec Mail Security for SMTP for example smart brightschool com Check the Web site of the Certificate Authority to which the request will be submitted to see if there are format restrictions For example some Certificate Authorities require a resolvable host name instead of an IP address Some require that the state or province name be spelled out In the Organization box type your organization s name for example Bright School In the Organization Unit box type your business s main function for example Education 48 Configuring Symantec Mail Security for SMTP Configuring connection and delivery options 10 11 In the City Locality box type your city or locality In the State Province box type your state or province If you do not have a state or province you must type something in this field On the Country Region drop down list select your country or region In the E mail Address box type your email address The certificate will be sent to the email address that is typed in this box Click Create Request The certificate request is displayed in the Certificate Management Request
21. or missiles capable of delivering such weapons 7 General If You are located in North America or Latin America this Agreement will be governed by the laws of the State of California United States of America Otherwise this Agreement will be governed by the laws of England and Wales This Agreement and any related License Module is the entire agreement between You and Symantec relating to the Software and i supersedes all prior or contemporaneous oral or written communications proposals and representations with respect to its subject matter and ii prevails over any conflicting or additional terms of any quote order acknowledgment or similar communications between the parties This Agreement shall terminate upon Your breach of any term contained herein and You shall cease use of and destroy all copies of the Software The disclaimers of warranties and damages and limitations on liability shall survive termination Software and documentation is delivered Ex Works California U S A or Dublin Ireland respectively ICC INCOTERMS 2000 This Agreement may only be modified by a License Module that accompanies this license or by a written document that has been signed by both You and Symantec Should You have any questions concerning this Agreement or if You desire to contact Symantec for any reason please write to i Symantec Customer Service 555 International Way Springfield OR 97477 U S A ii Symantec Enterprise Cust
22. other to obtain the latest definitions for both products See To schedule Automatic LiveUpdate on page 78 Installing Symantec Mail Security for SMTP 25 System requirements System requirements You must have root or administrator level privileges to install Symantec Mail Security for SMTP You should install Symantec Mail Security for SMTP on its own server The system requirements for Solaris and Windows 2000 Server are as follows m Solaris UltraSPARC based server Windows 2000 Server Intel Pentium or compatible m Solaris 8 or 9 Windows 2000 Server with Service Pack 4 m 256 MB RAM 512 MB or more recommended for optimal performance m 50 MB to install 500 MB minimum after installation for email processing m Static IP address for the computer that will run Symantec Mail Security for SMTP m TCP IP Internet connection m Appropriately configured DNS to include Address A Pointer PTR and Mail eXchange MX records for your servers DNS zone for your site that is configured to support reverse name lookup m Netscape Navigator version 7 02 or later or Microsoft Internet Explorer version 6 01 or later m Java 1 3 1 or higher needed for LiveUpdate and SESA This version of Java is located on the product CD Installing Symantec Mail Security for SMTP Note You should install Symantec Mail Security for SMTP on a separate server from your SMTP server so that there is no significant impact on network
23. resources You need root or administrator level privileges to install Symantec Mail Security for SMTP A static IP address is required If you decide to install Symantec Mail Security for SMTP on the same computer as your SMTP server you must configure Symantec Mail Security for SMTP to listen on the port to which mail clients will deliver messages Because port 25 is the port to which most servers send email connection requests you will most likely want to have Symantec Mail Security for SMTP listen on port 25 If your 26 Installing Symantec Mail Security for SMTP Installing Symantec Mail Security for SMTP mail server is currently listening on port 25 you must change your server to listen on a different port On Solaris if another process is running on port 25 Symantec Mail Security for SMTP automatically attempts to disable it A record that the process has been disabled is placed in the log directory If another process is disabled because it is running on port 25 there is an on screen option during installation that lets you stop the installation process and change the port for the existing process or allow Symantec Mail Security for SMTP to disable the process and continue the installation on port 25 Note If another process that is running on port 25 is disabled you must configure the disabled software to run on another port Complete the following tasks in the order in which they are listed to install Symantec Ma
24. return codes will be blocked If no return codes are listed any address response from the blacklist is considered as on the list To handle anti spam list violations 1 Onthe Symantec Mail Security for SMTP administrative interface in the left pane click Anti spam Policy 2 Inthe Anti Spam window under Blocking by real time blacklist anti spam lists under Do the following when a real time blacklist anti spam list violation occurs select one of the following m Drop message m Log only m Forward message 3 If you selected Forward message in the To email address box type one address to which the message will be forwarded and in the Subject line box type the subject line to appear for the subject of the forwarded message 4 Click Save Changes Blocking by a custom blacklist You can configure Symantec Mail Security for SMTP to block email by a custom blacklist which contains the sender s address or domain It searches both the envelope From and message From headers to determine string matches An exact address match triggers a block first If the exact address is not found Symantec Mail Security looks for the wildcard representation of the domain If the wildcard representation of the domain is not found it looks for the specific domain If the specific domain is not found Symantec Mail Security for SMTP strips the first portion of the domain and the remaining portion is checked This process continues until a match is f
25. time of the block and the sender address Attachment deleted Shows the matching file name date and time that an attachment was deleted From To information SMTP ID number the name of the deleted file and the reason for the file being deleted Spam list block Shows the date and time that the block how the message was handled From To information SMTP ID and the reason for the block 120 Logging and reporting Generating reports Table 7 7 Blocking actions Heuristic spam Shows the date and time that the message was detected by the heuristic anti spam engine the IP address of the client that accepted the email from Symantec Mail Security for SMTP From To information subject size of message in bytes SMTP ID Info Message is considered to be spam the spam definitions date and the spam score If a spam message is also malformed the event will be reported only as malformed The report will not show a heuristic spam event for the message Mass Mailer cleanup Shows the date and time that the cleanup occurred the sending client From To information subject size SMTP ID virus name file name and matching entry in MMC list Content rule violation Shows the date and time that the violation occurred the sending client From To information subject size SMTP ID and information on which rule was triggered Spam rule violation Shows the date and time that the violation occurred the sending client From To i
26. window To submit the certificate request to a recognized Certificate Authority 1 In the Certificate Management Request window copy the entire request including the header and footer to your clipboard or to a text file Click OK Submit the clipboard contents or the copied text file to a recognized Certificate Authority for example VeriSign by pasting it on the Certificate Authority s site as they direct The Certificate Authority sends your certificate by email to the address that you typed on the Certificate Request page To install the returned certificate on Symantec Mail Security for SMTP 1 Copy the entire certificate including the header and footer that you received from the Certificate Authority On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration On the Setup tab under HTTP HTTPS click Certificate Management In the Certificate Management window under Install paste the copied certificate including the header and footer Click Install Certificate Configuring Symantec Mail Security for SMTP 49 Configuring connection and delivery options To enable SSL encryption 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration 2 On the Setup tab under HTTP HTTPS check Enable SSL amp encryption for logons 3 Click Save Changes In the Certificate Management window under Status the following
27. 30 To configure logging to SESA you must complete the following steps m Configure SESA to recognize Symantec Mail Security for SMTP In order for SESA to receive events from Symantec Mail Security for SMTP you must run the SESA Integration Wizard that is specific to Symantec Mail Security for SMTP on each computer that is running the SESA Manager The SESA Integration Wizard installs the appropriate integration components for identifying the individual security product in this case Symantec Mail Security for SMTP to SESA See Configuring SESA to recognize Symantec Mail Security for SMTP on page 123 m Install a local SESA Agent on the computer that is running Symantec Mail Security for SMTP The local SESA Agent handles the communications between Symantec Mail Security for SMTP and SESA See Installing the local SESA Agent using the Agent Installer on page 124 Integrating Symantec Mail Security for SMTP with SESA 123 Configuring logging to SESA m Configure Symantec Mail Security for SMTP through the administrative interface to communicate with the local SESA Agent and to log events to SESA See Configuring Symantec Mail Security for SMTP to log events to SESA on page 129 Configuring SESA to recognize Symantec Mail Security for SMTP To configure SESA to receive events from Symantec Mail Security for SMTP run the SESA Integration Wizard that is specific to Symantec Mail Security for SMTP on each computer
28. 50 Configuring SMTP options The port numbers for SMTP HTTP or HTTPS must be unique To change more than one port number to a port number that is used by another application you must change one port number at a time If you change more than one port number at a time and you switch for example the port number that is used for HTTP with the port number that is used for HTTPS you will receive an error message because Symantec Mail Security for SMTP recognizes those port numbers as already being in use SMTP options apply to the Symantec Mail Security for SMTP server which receives email messages for scanning and then forwards the messages for delivery 44 Configuring Symantec Mail Security for SMTP Configuring connection and delivery options To configure SMTP settings 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration On the Setup tab under SMTP in the SMTP port number box type the port number for the port on which Symantec Mail Security for SMTP listens The default is 25 If the SMTP port is reset to another port only email messages that arrive at the other port will be processed If a port number is entered that is already used the SMTP port number reverts to the previously assigned port number and a warning message is displayed On the Maximum number of outgoing connections drop down list select the number of simultaneous connections for outgoing email The d
29. Any of these terms from the menu the operators are determined All of these terms AND Any of these terms OR To create a custom content rule 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Filtering Policy 2 Inthe Content Rules window on the Status tab check Enable message body scanning for both Spam and Content Violation Rules 106 Setting your filtering policy Blocking by custom content rules 3 Click Save Changes Status Content Content violation filtering rules Single click a rule before choosing edit or delete a Ty wh Add Edit Delete Take the following action when any Content Violation filtering rule is activated Drop message C Log only C Forward message To email address o o ooo Subject optional Help Save Changes On the Content tab under Content filtering rules click Add Under Custom filtering rule definition check Enable this custom filtering rule In the drop down list select either All of these terms or Any of these terms In the Identify messages that contain box type one or more terms to be used for filtering Separate all terms with commas If entering phrases type all words in the phrase without commas between them Terms are not case sensitive by default All characters including whitespace are matched literally except for the following matches 0 or more characters matches exactly one character escapes
30. ESA is configured to use anonymous SSL the default setting type the IP address of the primary SESA Manager If SESA is configured to use authenticated SSL type the host name of the primary SESA Manager for example computer company com m Type the port number on which the SESA Manager listens The default port number is 443 If you are running a Secondary SESA Manager that is to receive events from Symantec Mail Security for SMTP do the following m Type the IP address or host name of the computer on which the Secondary SESA Manager is running m Type the port number on which the Secondary SESA Manager listens The default port number is 443 128 Integrating Symantec Mail Security for SMTP with SESA Configuring logging to SESA 10 11 Type the organizational unit distinguished name to which the Agent will belong If the organizational unit is unknown or not yet configured you can leave this setting blank Use the format shown in the example ou Europe ou Locations dc SES o symc_ses The domain s dc portion of the path should correspond to the domain that is managed by the selected SESA Management Server Type one of the following to indicate whether the SESA Agent should start automatically on system boot my The SESA Agent starts automatically on system boot m n You must manually restart the SESA Agent after each system boot Type one of the following to indicate whether the SESA Agent should start immediately
31. LS OF ITS ESSENTIAL PURPOSE IN NO EVENT WILL SYMANTEC BE LIABLE TO YOU FOR ANY SPECIAL CONSEQUENTIAL INDIRECT OR SIMILAR DAMAGES INCLUDING ANY LOST PROFITS OR LOST DATA ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE EVEN IF SYMANTEC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN NO CASE SHALL SYMANTEC S LIABILITY EXCEED THE PURCHASE PRICE FOR THE SOFTWARE The disclaimers and limitations set forth above will apply regardless of whether or not You accept the Software 5 U S Government Restricted Rights RESTRICTED RIGHTS LEGEND All Symantec products and documentation are commercial in nature The software and software documentation are Commercial Items as that term is defined in 48 C F R section 2 101 consisting of Commercial Computer Software and Commercial Computer Software Documentation as such terms are defined in 48 C F R section 252 227 7014 a 5 and 48 C F R section 252 227 7014 a 1 and used in 48 C F R section 12 212 and 48 C F R section 227 7202 as applicable Consistent with 48 C F R section 12 212 48 C F R section 252 227 7015 48 C F R section 227 7202 through 227 7202 4 48 C F R section 52 227 14 and other relevant sections of the Code of Federal Regulations as applicable Symantec s computer software and computer software documentation are licensed to United States Government end users with only those rights as granted to all other end users according to the terms and condit
32. Messages Completed 8 Infection Summary Infections Lagged 0 Infections Repaired 1 Infections Deleted 31 Total 32 Infections Quarantined 0 Viruses Found Name Count Dir ILA 10 Cascade 1 12 Bloodhound WordMacro 10 Message Summary Shows totals for messages handled See About message summaries on page 114 Infection Summary Shows totals for infections handled See About infection summaries on page 115 Logging and reporting Generating reports 113 114 Logging and reporting Generating reports When there is data logged for these types of events the report displays the following Viruses Found Shows the virus name the number of times that the virus was encountered during the designated time period and the total number of viruses that were encountered Selecting a virus name takes you to the Symantec Security Response Web site where you can view specific data about the virus Subjects Blocked Appears only when messages have been rejected due to blocked subject lines It shows the subject line that triggered the block during the designated time period a total for each blocked subject line and a grand total If a message meets more than one subject line blocking criteria if the message is to be dropped due to the subject violation Symantec Mail Security for SMTP reports each subject violation in the detail report Attachments Deleted Shows the file names for attachments that were delet
33. P protocol violation was detected by the server HTTP protocol During communication a Subject HTTP Protocol violation protocol violation withthe HTTP Violation server has been detected Body An HTTP protocol violation was detected by the server Frequent failed Three unsuccessful logon Subject Frequent Failed Logon logon attempts attempts have been made An alert is sent on the third attempt and one is sent for every unsuccessful attempt thereafter The counter is reset upon correct logon Attempts Body Several failed logon attempts have been made to the server SMTP connection failure The SMTP server that Symantec Mail Security for SMTP is trying to contact is not available Subject SMTP Connection Failure Body A connection failure was encountered by the server Unauthorized attempt to access product interface Users including Report only administrators have attempted to access the administrative interface without appropriate permissions Subject Unauthorized Attempt to Access Product Interface Body An unauthorized attempt to access the server interface was detected 63 64 Configuring Symantec Mail Security for SMTP Configuring notifications Table 3 2 Events that trigger alerts Suspect message On the third attempt to send a Subject Suspect Message message that crashes Symantec Body A suspect message was Mail Security for SMTP or a received by the server message that t
34. Security for SMTP administrative interface in the left pane click Configuration On the Hold Queue tab click Drop Messages In the Dropping Hold Queue Messages window click Yes All messages that are in the hold queue are dropped from your system and are not delivered To forward messages that are in the hold queue 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration On the Hold Queue tab click Forward Messages In the Forwarding Hold Queue Messages window click Yes In the Subject box type the subject for the forwarded email messages 54 Configuring Symantec Mail Security for SMTP Configuring scan options 5 Inthe Email address box type one email address to which email messages in the hold queue are to be forwarded 6 Click Forward Copies of messages in the hold queue are forwarded Copies are not scanned Originals remain in the hold queue until they are dropped Configuring scan options Part of setting your antivirus policy is setting a scan policy determining what types of files are to be scanned and how to handle files that cannot be processed By default all files are scanned regardless of extension For maximum security do not change the default setting However processing efficiency may be increased by identifying specific file types to scan You can specify in the Include list those file types that are commonly at risk of infection If the Includ
35. TP such as bounce messages delivery failure notifications and configured notifications m Forwarded Number of messages that have been forwarded successfully to the administrator addresses See To set administrator email addresses for notifications and alerts on page 42 m Dropped Number of messages dropped because the software is configured to drop messages in any of the following cases attachments are not repaired or deleted subject lines are disallowed container limit has been exceeded encrypted container has been detected disallowed sender s address has been detected block by anti spam list scan error scan failure m Held Number of messages that have been added to the hold queue since the last restart including those dropped by the administrator m Quarantined Number of files that have been added to the Quarantine m Mass mailers deleted Total number of messages dropped due to detection of mass mailer worm infection Infections m Repaired Number of files that had viruses repaired m Deleted Number of files that had viruses deleted m Logged Number of files that had viruses logged only Attachments m Number of top level attachments that have been stripped from a message m Number of encryptions deleted m Number of encryptions logged Queue status m Number of messages currently in fast queue m Number of messages currently in slow queue m Number of messages currently in hold queue 112 Logging and reporting Generat
36. after the installation finishes m y The SESA Agent starts immediately after installation m n You must manually start the SESA Agent after installation The installer proceeds from this point with the installation Unless you indicated otherwise during the installation the SESA Agent starts automatically when the installation is complete You may need to stop and restart the SESA Agent A transcript of the installation is saved as var log SESAAGENT install log for later review Installing the SESA Agent manually by command line As an alternative to using the SESA Agent Installer you can install the SESA Agent by command line Install the SESA Agent manually by command line To install the SESA Agent you do the following Prepare to install the SESA Agent Install the SESA Agent by command line To prepare to install the SESA Agent 1 On the computer on which Symantec Mail Security for SMTP is installed create a folder for the SESA Agent files For example C Agent Insert the SESA CD1 SESA Manager into the CD ROM drive Copy the files from the Agent folder on the CD and paste them in the newly created folder on the Symantec Mail Security for SMTP computer 6 Integrating Symantec Mail Security for SMTP with SESA 129 Configuring logging to SESA In a text editor open the Agent settings file For example C Agent Agent settings Change the value of the mserverip setting to the IP address of the SESA Manage
37. ail software products that are running on other local mail servers After processing messages Symantec Mail Security for SMTP relays the messages to mail servers according to how you have configured your relay settings See Configuring routing options on page 56 By establishing anti relay settings Symantec Mail Security for SMTP prevents the relaying of spam by an external host See Preventing relaying on page 103 Notify senders and administrators of policy violations Symantec Mail Security for SMTP lets you customize notifications for administrators and senders when any of the following occur Virus repaired Virus not repaired Content deleted Content not deleted Container limit dropped Encrypted container altered or deleted Installing Symantec Mail Security for SMTP Before you This chapter includes the following topics m Before you install m System requirements m Installing Symantec Mail Security for SMTP Post installation tasks m Uninstalling Symantec Mail Security for SMTP install You must perform the following pre installation tasks when appropriate m Install and configure the operating system See Installing and configuring the operating system on page 22 m Upgrade from earlier versions of Symantec Mail Security for SMTP See Upgrading from earlier versions on page 22 m Configure DNS See Configuring DNS on page 23 m Prevent conflicts with other SMTP serve
38. ally detect new and unknown viruses Note For information about the latest virus threats and other information about viruses visit the Symantec Security Response Web site at www sarc com Setting your antivirus policy 73 Configuring antivirus settings To enable virus scanning 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Antivirus Policy Antivirus scanning M Enable virus scanning Bloodhound sensitivity level to detect new viruses Medium The service must be restarted for new Bloodhound settings to take effect Infected file handling When a virus is detected Repair x If unable to repair Delete x M When an attachment is deleted add the following text to the message File attachment FILE NAME A file attached to this email was removed because it was infected with a virus When infected attachment is not repaired or deleted Drop message z Mass Mailer cleanup zi M Enable Mass Mailer cleanup Quarantine What to quarantine Nothing x Central Quarantine Server host or IP address Port Quarantine server receives copies of the messages Originals are delivered unless repaired or deleted Help Save Changes 2 Inthe Antivirus Settings window under Antivirus scanning ensure that Enable virus scanning is checked 3 Inthe Bloodhound sensitivity level to detect new viruses drop down list select one of the following off Low M
39. any special meaning for and only The maximum number of terms within a single rule is 50 10 11 Setting your filtering policy Blocking by custom content rules Click Save On the Content tab select the action to take when a content violation filtering rule is activated Supply an email address Subject is optional if Forward message is selected Click Save Changes 107 108 Setting your filtering policy Blocking by custom content rules Logging and reporting This chapter includes the following topics m About the Status page m Generating reports About the Status page When you log on to Symantec Mail Security for SMTP the Status page is displayed This page shows system metrics that were calculated from the time of the most recent startup At the bottom of the window you can click Refresh to update the display to reflect current real time status Note Symantec Mail Security for SMTP attempts a separate delivery for each recipient and the results are tracked individually On the Status page the number of Messages Delivered is often greater than the number of Messages Accepted because of multiple recipients 110 Logging and reporting About the Status page Table 7 1 shows the information that appears on the Status page Table 7 1 Status page information System status m Server and port number for Symantec Mail Security for SMTP m Version number of the product lt product license status Va
40. as stopped Subject Service Stop Body The service has been stopped Low disk space The disk space in the logging email scanning or mail queuing directory is less than 10 percent Subject Low Disk Space Threshold Exceeded Body The directory is running dangerously low on disk space where is either logging email or mail queuing Low memory Less than 10 percent of memory remains Subject Low Memory Threshold Exceeded Body The memory available on the server is running dangerously low LiveUpdate session complete LiveUpdate has successfully completed a virus definitions update Subject LiveUpdate Completed Body The system completed a LiveUpdate operation Application configuration change The software has been reconfigured in some way Subject Configuration Change Body A configuration change was made Table 3 2 Configuring Symantec Mail Security for SMTP Events that trigger alerts Configuring alerts Scan error The engine that handles Subject Decomposition error decomposition of files has Body An error occurred encountered an error during during message scanning decomposition Encrypted containers are not considered scan errors They are handled separately based on product configuration SMTP protocol During communication a Subject SMTP Protocol violation protocol violation between SMTP Violation servers has been detected Body An SMT
41. at is sent to a particular user at a domain such as user somewhere com is resolved by a DNS server MX record to a host name such as mailer somewhere com Then the A record resolves the name mailer somewhere com to an IP address By adding a higher priority MX record for the Symantec Mail Security for SMTP host all messages that are destined for the mail server arrive at Symantec Mail Security for SMTP first After processing Symantec Mail Security for SMTP forwards the message to the mail server for delivery Contact your administrator or Internet service provider ISP if you are unsure of how to configure DNS records Note You may also choose to modify DNS so that the MX record points to the firewall in which case the firewall would route traffic internally In this scenario changes are made to the firewall rather than to the MX record 24 Installing Symantec Mail Security for SMTP Before you install Preventing conflicts with other SMTP servers Because Symantec Mail Security for SMTP is an SMTP server it must have exclusive access to the TCP IP port that corresponds to that service No other SMTP servers can be running on the same port on the same server on which Symantec Mail Security for SMTP is installed You must stop these conflicting services before installing Symantec Mail Security for SMTP Note When you install Symantec Mail Security for SMTP on a Solaris server the installation program may detect confli
42. by any other program or service Because the built in HTTP server is not a general purpose Web server do not use port number 80 the default port number for general purpose Web servers Unless you have a compelling reason to do otherwise you should use the default port number of 8003 If you select a port number other than the default remember which port number you selected Click Save Changes Configuring Symantec Mail Security for SMTP 47 Configuring connection and delivery options Configuring HTTPS options During installation you must identify the port number for your HTTPS server You can define an HTTPS server connection between computers on your network and Symantec Mail Security for SMTP to encrypt passwords during logon sessions and password changes using SSL encryption Note You must have an SSL Web server certificate installed before you enable SSL encryption for logons Configure HTTPS options You must do the following to configure HTTPS options Generate an SSL certificate request Submit the certificate request to a recognized Certificate Authority Install the certificate that is returned from the Certificate Authority Enable SSL encryption To generate an SSL certificate request 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration On the Setup tab in the HTTPS port number box type the port number of the HTTPS server The default port number
43. c product that you are using Licensing and registration If the product that you are implementing requires registration and or a license key the fastest and easiest way to register your service is to access the Symantec licensing and registration site at www symantec com certificate Alternatively you may go to www symantec com techsupp ent enterprise html select the product that you wish to register and from the Product Home Page select the Licensing and Registration link Contacting Technical Support Customers with a current support agreement may contact the Technical Support group via phone or online at www symantec com techsupp Customers with Platinum support agreements may contact Platinum Technical Support via the Platinum Web site at www secure symantec com platinum When contacting the Technical Support group please have the following Customer Service Product release level Hardware information Available memory disk space NIC information Operating system Version and patch level Network topology Router gateway and IP address information Problem description m Error messages log files m Troubleshooting performed prior to contacting Symantec m Recent software configuration changes and or network changes To contact Enterprise Customer Service online go to www symantec com select the appropriate Global Site for your country then choose Service and Support Customer Service is available to assist with the
44. configure Symantec Central Quarantine to automatically send files that it cannot repair to Symantec Security Response for analysis and repair For more information see the Symantec Central Quarantine Administrator s Guide on the CD Java 1 3 1 During installation Symantec Mail Security checks for the correct version of Java and stops the installation if it is not present This version of Java or a higher version is needed for LiveUpdate and SESA Adobe Acrobat Reader This is the software that makes it possible to read documentation in PDF format How Symantec Mail Security for SMTP works In a typical configuration Symantec Mail Security for SMTP operates as an SMTP server that accepts incoming email from the Internet processes the email based on the configuration of the product and delivers the email to another SMTP server for further processing and delivery It also receives outgoing email from your SMTP server and processes it based on the configuration of Symantec Mail Security for SMTP Figure 1 1 shows how Symantec Mail Security for SMTP is typically configured on a network 15 16 Introducing Symantec Mail Security for SMTP How Symantec Mail Security for SMTP works Figure 1 1 Typical processing path Symantec Mail Security for SMTP D ANA Internet Symantec Mail Security SMTP server Workstations for SMTP server When Symantec Mail Security for SMTP receives an email message with an attachment fro
45. contact a LiveUpdate server to determine if new updates are available 80 Setting your antivirus policy Setting up your own LiveUpdate server Setting up your own LiveUpdate server The LiveUpdate Administration Utility lets you set up an intranet HTTP FTP or LAN server or a directory on a standard file server to handle LiveUpdate operations for your network The LiveUpdate Administration Utility is provided on the Symantec Mail Security for SMTP product CD For more information see the LiveUpdate Administrator s Guide on the Symantec Mail Security for SMTP product CD If you set up your own LiveUpdate server you will need to edit the LiveUpdate configuration for Symantec Mail Security for SMTP to point to the local LiveUpdate server Contact Symantec Service and Support for more information Setting your anti spam policy This chapter includes the following topics About your anti spam policy Creating a custom whitelist Activating and managing an auto generated whitelist Blocking by real time anti spam blacklists Blocking by a custom blacklist Identify suspected spam messages by the heuristic anti spam engine Blocking by custom spam rules 82 Setting your anti spam policy About your anti spam policy About your anti spam policy Your anti spam policy is determined by how you configure Symantec Mail Security for SMTP to handle spam Symantec Mail Security for SMTP can handle spam as follows Real tim
46. cting programs that are commonly found on Solaris such as the Solaris Sendmail program which runs on port 25 If such programs are detected Symantec Mail Security for SMTP will stop the installation Therefore you may want to stop the conflicting programs before installing Symantec Mail Security for SMTP Preventing conflicts with other software You must stop any other antivirus software on the server on which Symantec Mail Security for SMTP will be installed After installation reenable the antivirus protection If another antivirus product is installed on the Symantec Mail Security for SMTP server the competing product may try to scan and delete Symantec Mail Security for SMTP files that are placed in the Queues directory and temporary directory during its scanning process Note If you are running a desktop antivirus product on the server on which you will install Symantec Mail Security for SMTP you must configure the desktop product not to scan the Queues directory and the temporary directory that will be used by Symantec Mail Security for SMTP Scanning these directories will cause significant operational problems with the software Preventing conflicts with Symantec Web Security Solaris only If Symantec Web Security and Symantec Mail Security for SMTP are installed on the same Solaris server LiveUpdate must be run independently for each product to avoid a conflict Run LiveUpdate first for one product then for the
47. d and the message is delivered Table 1 4 shows options for handling unrepairable infected attachments Table 1 4 Options for handling unrepairable infected attachments Delete The attachment is deleted from the message Log only The incident of a virus is logged and the message is delivered Table 1 5 shows options for handling attachments that are not repaired or deleted Table 1 5 Options for handling attachments that are not repaired or deleted Drop message Email messages that contain unrepairable infected attachments that were not deleted are dropped Log only A record of the incident is logged and the message is delivered Table 1 6 shows quarantine options for infected messages Table 1 6 Quarantine options Quarantine nothing No files are quarantined Quarantine Messages that contain attachments that cannot be repaired are messages containing quarantined VATEpaNS Note This option is available only if you have scanning enabled in infections Symantec Mail Security for SMTP 20 Introducing Symantec Mail Security for SMTP What you can do with Symantec Mail Security for SMTP Table 1 6 Quarantine options Quarantine all All infected messages are quarantined messages containing Note attachments This option is available only if you have scanning enabled in Symantec Mail Security for SMTP Configure relay settings Symantec Mail Security for SMTP works in conjunction with em
48. d documentation that accompanies this license collectively the Software is the proprietary property of Symantec or its licensors and is protected by copyright law While Symantec continues to own the Software You will have certain rights to use the Software after Your acceptance of this license This license governs any releases revisions or enhancements to the Software that the Licensor may furnish to You Except as may be modified by an applicable Symantec license certificate license coupon or license key each a License Module that accompanies precedes or follows this license and as may be further defined in the user documentation accompanying the Software Your rights and obligations with respect to the use of this Software are as follows You may A use the number of copies of the Software as have been licensed to You by Symantec under a License Module If the Software is part of a suite containing multiple Software titles the number of copies You may use may not exceed the aggregate number of copies indicated in the License Module as calculated by any combination of licensed Software titles Your License Module shall constitute proof of Your right to make such copies If no License Module accompanies precedes or follows this license You may make one copy of the Software You are authorized to use ona single computer B make one copy of the Software for archival purposes or copy the Software onto the hard disk of
49. d revision number of the updates Object modified Shows the screen that was modified date that information was changed through the administrative interface what was modified which user modified it and from which client and the type of modification that was made Service started Shows the date and time that the Symantec Mail Security for SMTP service started Service start failed Shows the date and time that the Symantec Mail Security for SMTP service failed to start Service stopped Shows the date and time that the Symantec Mail Security for SMTP service stopped Reordering started Shows the date and time that queue reordering started Reordering stopped Shows the date and time that queue reordering stopped the number of messages moved to the front of the queue and the number of seconds spent performing a queue reorder About SMTP actions Table 7 5 shows the SMTP actions Table 7 5 SMTP actions Connection from Shows the date and time that any mail client attempted to connect to the Symantec Mail Security for SMTP server the result of the connection Succeeded Failed the client s IP address and the connection ID Connected to Shows the date and time that Symantec Mail Security for SMTP server attempted to connect to any mail server the result of the connection Succeeded Failed the connection ID and connection information Actual Cached Disconnected Shows which client or mail s
50. d shows examples Table 3 3 Notification metatags MSGINFO Tag in Policy Violation notification to sender and administrator Contains From To information m From somebody domain com m To someone domain com DISPOSITION Tag in Policy Violation notification to administrator Contains information about how the message was handled The message was dropped CONTENTINFO Tag in Policy Violation notification to administrator and sender Contains content filter specific data for the following m Subject line blocked m Container limit exceeded m File name blocked m Subject lt specified by user gt Matching Subject lt subject line matched gt m The extracted attachment depth exceeded set limits m File lt list of blocked file names gt Matching file name lt file name matched gt VIRUSINFO Tag in Policy Violation notification to sender and administrator Contains virus specific data such as virus name and signature number Virus scan results follow lt list of specific virus information gt ENCRYPTINFO Contains information about encrypted container detection Message contained an encrypted container 66 Configuring Symantec Mail Security for SMTP Configuring logging options Configuring notifications You can configure Symantec Mail Security for SMTP to send administrator and sender notifications when the following is detected m Infected file m Outbr
51. e Administrator timeout The administrator timeout applies to both the administrator and the report only administrator accounts Administrator email The addresses to which notifications and alerts are sent addresses for when policy violations occur notifications and alerts To change an administrator password through the administrative interface 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration 2 Onthe Accounts tab under Administration Passwords under Administrator password in the New password box type a password for the administrator Passwords are case sensitive and have a 32 character limit You do not need to set a password through the administrative interface unless you want to change the password that you set during installation Configuring Symantec Mail Security for SMTP 41 Configuring administrator settings 3 Inthe Confirm box type the password again 4 Click Change Password To set a report only administrator password through the administrative interface 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration Hold Scan Accounts Setup Queue Policy Routing Alerts Notifications Logging Diagnostics Administration passwords Administrator password 32 character max New password l Confirm Change Password Report only Administrator password 32 character max New password reene Confirm
52. e with unrepairable file is delivered 4 Ifyou want to delete infected attachments check When an attachment is deleted add the following text to the message to add a notification message to the email message You can retain the default message text or modify it 5 Inthe When infected attachment is not repaired or deleted drop down list select one of the following Drop message Processing of the message stops and the message is dropped m Log only Incident of the infection is logged and the message and infected file is delivered 6 Click Save Changes Setting your antivirus policy 75 Configuring antivirus settings Enabling mass mailer cleanup You can configure Symantec Mail Security for SMTP to delete mass mailer worm infected messages These types of messages are spread by mailing themselves to names and addresses in users address books This feature causes all email messages that are detected as mass mailer worms to be dropped When the mass mailer cleanup function is enabled in the administrative interface Symantec Mail Security for SMTP searches for a match between virus name patterns and the signatures that are returned by the antivirus scan The match is made based on the configuration parameter m used by Symantec Security Response to name mass mailer viruses If a match is detected then the message is dropped Even when the mass mailer cleanup function is disabled messages that have detectable v
53. e SMTP ID and the last response of the server Delivered Shows the date and time that a message was delivered From To information the client IP address the connection ID and the SMTP ID Completed Shows the date and time of the end of processing of a message the client IP address and the SMTP ID Delivery suppressed Shows the date and time that a message was not delivered From To information and the SMTP ID Logging and reporting 119 Generating reports Table 7 6 Message actions Held Shows the date and time that a message was placed in the hold queue the sending client To From information subject size SMTP ID and the reason that the message was held Quarantined Shows the date that the file was quarantined and the file name About blocking actions Table 7 7 shows the blocking actions Table 7 7 Blocking actions Virus logged Shows the date that the virus was logged From To information and the virus name Files repaired Shows the date that the file was repaired From To information and the virus name Files deleted Shows the date that the file was deleted From To information and the virus name Subjects blocked Shows the date that the subject was blocked From information subject and which word or phrase was matched in the subject Scan error Shows the date of the scan error From To information and a description of the scan error Sender blocked Shows the date and
54. e Agent from the Symantec Mail Security for SMTP distribution CD onto the computer 3 Run the exe file 4 Indicate that you agree with the terms of the Symantec license agreement and then click Next If you indicate No the installation is cancelled 5 From the list of products to register with SESA select Symantec Mail Security for SMTP You can register only one product at a time If you are installing the SESA Agent to work with more than one Symantec product you must run the installer again for each product 6 Under Choose Destination Location select the location in which to install the local Agent and then click Next The default location is C Program Files Symantec SESA If the SESA Agent is already installed on the same computer this option does not display 7 Inthe Primary SESA Manager IP address or host name box type the IP address or host name of the computer on which the primary SESA Manager is running If SESA is configured to use anonymous SSL the default setting type the IP address of the primary SESA Manager If SESA is configured to use authenticated SSL type the host name of the primary SESA Manager for example computer company com 126 Integrating Symantec Mail Security for SMTP with SESA Configuring logging to SESA 10 11 12 In the Primary SESA Manager port number box type the port number on which the SESA Manager listens The default port number is 443 If you are running a Secondar
55. e Web server During the installation process you are prompted for the TCP IP port number on which this built in HTTP server will listen The number that you specify becomes the port number in the URLs that you will use to access the Symantec Mail Security for SMTP interface The port number that you specify must be different from the HTTPS and SMTP port numbers exclusive to Symantec Mail Security for SMTP and not already in use by any other program or service Installing Symantec Mail Security for SMTP 31 Post installation tasks Because the built in HTTP server is not a general purpose Web server do not use port number 80 the default port number for general purpose Web servers Unless you have a compelling reason to do otherwise you should use the default port number of 8003 If you select a port number other than the default remember which port number you selected Selecting an HTTPS server port HTTPS stands for HTTP via Secure Sockets Layer SSL With HTTP all information is sent in clear text with no authentication between client and server With HTTPS there is client and server authentication using a certificate that has been signed by a Certificate Authority Once a legitimate Web certificate is installed on the server that is running Symantec Mail Security for SMTP the server and client share a common key that lets them encrypt and decrypt messages that they send to each other In Symantec Mail Security for SMTP secure con
56. e blacklisting List of mail servers from which mail is rejected Custom blacklisting List of sender email addresses and domains that are blocked Heuristic spam detection Scan engine that uses an accuracy rating to detect spam Custom spam rules Terms that when found in messages result in spam handling based on product configuration You can also create custom and auto generated whitelists in order to have Symantec Mail Security for SMTP bypass heuristic and blacklist processing for designated domains and email addresses Spam rules still apply Creating a custom whitelist You can create a custom whitelist of domains so that email messages from those domains are excluded from spam processing no spam processing including the heuristic anti spam engine applies If both real time blacklisting and anti spam whitelist exclusion are activated Symantec Mail Security for SMTP checks the anti spam whitelist first when spam processing begins after which the real time blacklists are queried If the envelope sender matches a domain that is entered in the anti spam whitelist the email message is allowed If it does not match real time blacklists are checked If there is a match the email message is blocked Email from domains that are listed in the whitelist are still processed for content violations including spam rule violations and viruses Setting your anti spam policy 83 Activating and managing an auto generated whitelist To crea
57. e by default All characters including whitespaces are matched literally except for the following matches 0 or more characters matches exactly one character escapes any special meaning for and only The maximum number of terms within a single rule is 50 If desired in the None of these terms box type the terms to be used to identify that a message is not spam If a term is in the Not field and a message is sent that has all of the blocked terms AND OR portion of rule but also has a Not term the message will not be in violation of the rule It will not be considered spam Click Save Setting your filtering policy This chapter includes the following topics m About your filtering policy m Blocking by content m Blocking by container file limits m Blocking if an encrypted container is detected m Preventing relaying m Blocking by custom content rules About your filtering policy Your filtering policy is determined by how you configure Symantec Mail Security for SMTP to filter messages what criteria to use to block messages and attachments and how those blocked messages and attachments can be handled Table 6 1 shows criteria that you can use to filter messages and attachments and how those filtered messages and attachments can be handled Table 6 1 Filtering criteria Message size Email messages that exceed the size that is specified in megabytes are not accepted at the SMTP server Not blocking messa
58. e installer to register Symantec Mail Security for SMTP The local SESA Agent is preconfigured to listen on IP address 127 0 0 1 and port number 8086 Symantec Mail Security for SMTP uses this information to communicate with the Agent If you must change the IP address or port number for the Agent you must do so through the SESA Console Once an Agent is installed it is controlled through the SESA Console even though it is running on the same computer that is running the security product You must also update through the Symantec Mail Security for SMTP administrative interface the Integrating Symantec Mail Security for SMTP with SESA 125 Configuring logging to SESA information that Symantec Mail Security for SMTP uses to contact the local SESA Agent For more information see the SESA documentation See Configuring Symantec Mail Security for SMTP to log events to SESA on page 129 Install the SESA Agent using the SESA Agent Installer To install the SESA Agent using the SESA Agent installer that Symantec Mail Security for SMTP provides run the Installer on all computers on which Symantec Mail Security for SMTP 4 0 is installed See Uninstalling the local SESA Agent on page 131 To install the SESA Agent on Windows 2000 Server 1 Logon to the computer on which you have installed Symantec Mail Security for SMTP as administrator or as a user with administrator rights 2 Copy the executable exe file to install th
59. e interface in the left pane click Antivirus Policy I Send an email alert if the system detects 5 infected messages in a 3 minute period If an outbreak alert is triggered send the following email Recipient addresses one per line E Email Virus outbreak subject Email Virus outbreak alert threshold message lhas been exceeded There is a possible virus outbreak eA Help Save Changes 2 Inthe Outbreak Alert window check Send an email alert if the system detects infected messages in a minute period 3 Type in the number of infected messages and the period of time in which those messages must be sent 4 Type the email addresses one per line to which the alert should be sent 5 If desired change the default text in the subject and message boxes 6 Click Save Changes 78 Setting your antivirus policy Updating virus and spam definitions files Updating virus and spam definitions files Symantec Mail Security for SMTP relies on up to date information to detect and eliminate viruses Symantec supplies updated virus definitions files which contain information about newly discovered viruses to ensure that your virus protection is current as well as spam definition files used for heuristic detection of spam Updated virus definitions files are provided at least once per week and whenever a new virus threat is discovered and spam definitions are updated approximately once per quarter When new
60. e list includes zip and exe but not cmd and a container file for example test zip contains test exe and test cmd only test exe is scanned The Exclude list can be used to identify file types that are unlikely to carry viruses for example gif jpeg or jpg All container files in the Exclude list are decomposed and the files within them are scanned for viruses For example if test zip contains test exe and test doc and zip is in the Exclude list the exe and doc files are scanned and repaired or deleted because they did not match the zip entry If only zip is in the Include list and test zip is sent no files are scanned since the zip file has been decomposed and Symantec Mail Security is looking for zip files Configuring Symantec Mail Security for SMTP 55 Configuring scan options To configure scan options 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration Accounts Setup ical te Routing Alerts Notifications Logging Diagnostics File types to be scanned Allfiles regardless of extension Only those with extensions in Include list C All except those with extensions in Exclude list Scanning all files regardless of extension provides the maximum protection against viruses and unwanted content Extension lists one per line Include Exclude Ei Messages that cant be processed Drop Help Save Changes 2 On the Scan Policy tab select one of t
61. e sensitive If no actions are checked the report contains all of the entries from the log Click Generate Report or Write to CSV The following are types of actions that can be included in a detail report System Associated with the operation of the Symantec Mail Security for SMTP server See About system actions on page 116 SMTP Associated with the transmission of mail between the server that is running Symantec Mail Security for SMTP and other mail transfer agents MTAs See About SMTP actions on page 117 Message Associated with email processing See About message actions on page 118 Blocking Associated with blocking messages See About blocking actions on page 119 About system actions Table 7 4 shows the system actions Table 7 4 System actions Logon Shows the date and time of logon the logon result Succeeded Failed the user who logged on and the user s client IP address Logoff Shows the date and time of logoff the logoff result Succeeded Failed the user who logged off and the user s client IP address LiveUpdate Shows the date and time of the last LiveUpdate session and the LiveUpdate result Succeeded Failed Logging and reporting 117 Generating reports Table 7 4 System actions Definitions updated Shows the date and time of the last virus definitions and spam definitions updates the result of the updates Succeeded Failed and the date an
62. eady in the auto generated whitelist messages that come from this domain will not be added to the auto generated list 3 Click Save Changes Blocking by real time anti spam blacklists The most common way of preventing spam is to reject mail that comes from mail servers known or believed to send spam To limit potential spam Symantec Mail Security for SMTP can support up to three real time anti spam blacklists Real time blacklists are DNS based blocking lists that are generated to limit spam You may choose to use these lists to drop forward or log mail from certain sources based on criteria that are determined by the list operators Real time blacklisting depends on an actively maintained DNS server with a database 86 Setting your anti spam policy Blocking by real time anti spam blacklists of IP addresses that are associated with Internet mail servers that are judged to be abusive on one or more spam related criteria Symantec Mail Security for SMTP queries the real time blacklist for the IP address of a sending mail host If the query response indicates that the address is listed in the real time blacklist database then Symantec Mail Security for SMTP refuses the connection attempt Symantec Mail Security for SMTP lets administrators specify up to three domains to query against Note If the check box for the real time blacklist service is not checked Symantec Mail Security for SMTP does not attempt to use the service ev
63. eak alert configured on the Antivirus Policy gt Outbreak Alert tab Content violation m Container limit violation m Encrypted container Note Notifications are not sent for anti spam content or spam rule violations To configure notifications 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration 2 Onthe Notifications tab under Violation notifications select Administrator Sender or both 3 If you selected to notify the administrator under Message for administrator either accept the default Subject and Body text or delete the default text and type your own 4 Ifyou selected to notify the sender under Message for sender either accept the default Subject and Body text or delete the default text and type your own 5 Click Save Changes Do not alter the metatags MSGINFO for example Metatags act as placeholders for information that will be included in notifications Configuring logging options The following types of logging are available in Symantec Mail Security for SMTP local logging and SESA logging Local logging logging of activity to the computer on which Symantec Mail Security for SMTP is running is enabled by default For local logging you can specify how long old logs should be retained from one week to never delete SESA logging logging of activity to the SESA Console is not enabled by default See To configure logging options on page 67
64. eating a custom whitelist 82 Activating and managing an auto generated whitelist 83 Blocking by real time anti spam blacklists 85 Blocking by a custom blacklist 0 0 cc cccsssssesesesseceseeeeseseeeeseeeeeseeeeseeeeseseeees 87 Identify suspected spam messages by the heuristic anti spam engine 89 Blocking by custom spam rules ccccecccessssesesseceseeceseeeeeeseeecseseseeseeeeseeeeseseeees 91 Chapter 6 Chapter 7 Chapter 8 Contents Setting your filtering policy About your filtering policy cccccccsesesesssseceseseseseseseessseseesscsesesessssseeeeeseesens Blocking D cont ent 2 e r R rE r Eaa da OEE EEEE Blocking by message size Blocking by subject line ernn EREEREER Blocking by file NAME 0 cesesesesssesesesesseesesssssecesesesesesesessesseeseseseseseeees Blocking by container file limits 0 ccc ecessssssesececeseceseseeseesssseeseecseseeees 100 Blocking if an encrypted container is detected 0 eeessssessseseseeeseeeeesesees 102 Preventing relaying s ce ccceie keine cee SS 103 Configuring external relay restrictions ceeseseseseseseceeeseseeseeeeees 103 Blocking by characters in email addresses ccccesseesesseceseeseseseeeees 105 Blocking by custom content rules 0 ccceessssesesseceseeeeseseeceseeseseseeeeseeneeaeeees 105 Logging and reporting About the Status page s 026 cia cnndedacaunietisaennnvinudiacduniiesiins 109 Generati
65. ected spam messages Spam I Insert X Bulk header Handling detected spam All messages tagged as spam will be delivered unless one or both of the following rules are enabled I Drop messages that have a spam score greater than or equal to I Forward messages that have a spam score greater than or equal to p To email address Help Save Changes 2 Inthe Anti Spam window under Activating the heuristic anti spam engine check Enable heuristic anti spam detection and then select the engine sensitivity level 3 Accept the default or type text that will prepend the subject line of suspected spam messages 4 Check Insert X bulk header to add a default header name X Bulk lt space gt spam score to the MIME headers of all messages that have been detected as spam 5 Under Handling detected spam select one or both of the following rules and supply scores in one or both of the following boxes m Drop messages that have a spam score greater than or equalto__ m Forward messages that have a spam score greater than or equalto___ The spam score for Forward must be less than the score for Drop if both are enabled 6 Type an email address if the forward option is enabled 7 Click Save Changes Setting your anti spam policy 91 Blocking by custom spam rules Blocking by custom spam rules You can create spam rules to be used for processing The operators that are allowed to separate terms are AND OR and NOT NOT implies AND NOT
66. ed during the designated time period a total for each file name and a grand total About message summaries Table 7 2 includes message summary information Table 7 2 Message summary information Messages accepted Number of messages that were added to the fast queue Data accepted KB Cumulative size of messages Messages rejected Number of messages that were rejected because the software is configured to reject messages disallowed characters are in an email address an anti relay violation occurs the configured message size has been exceeded Messages bounced Number of incoming messages that were bounced Messages dropped Number of incoming messages that were dropped Messages delivered Number of outgoing messages that were delivered Message delivery failures Number of outgoing messages that were returned due toa delivery error Messages completed Number of messages that were processed by Symantec Mail Security for SMTP Encrypted files deleted Number of encrypted files that were deleted Logging and reporting 115 Generating reports Table 7 2 Message summary information Messages quarantined Number of messages that were quarantined About infection summaries Table 7 3 includes infection summary information Table 7 3 Infection summary information pe Infections logged Number of files logged Infections repaired Number of files that had viruses that were repaired Infec
67. edium High Medium is the default setting If you set the Bloodhound sensitivity level to High resource demand increases performance may decrease and occasional false positive detections may be generated 74 Setting your antivirus policy Configuring antivirus settings 4 Click Save Changes Symantec Mail Security for SMTP must be stopped and restarted for Bloodhound changes to take effect Handling infected files Symantec Mail Security for SMTP can handle infected files in a number of ways Scanning must be enabled and files must be specified for scanning in order for files to be processed See Enabling virus scanning on page 72 See Configuring scan options on page 54 To handle infected files 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Antivirus Policy 2 Inthe Antivirus Settings window under Infected file handling in the When a virus is detected drop down list select one of the following m Repair An attempt is made to repair the virus and if successful the message is delivered m Delete The infected file is deleted and the message is delivered m Log only Incident of the virus is logged and the message and the infected file is delivered 3 Inthe If unable to repair drop down list select one of the following m Delete The infected file is deleted and the message is delivered m Log only Incident of the unrepairable virus is logged and the messag
68. efault is 30 Increasing the default augments the resources that are required by the program and diminishes performance Unless you have a compelling reason to do otherwise accept the default Additional connections are queued when the system is already processing the maximum number of connections that are allowed Multiprocessor computers can effectively use more connections than single processors On the Maximum number of incoming connections menu select the number of simultaneous connections for incoming email The default is 15 Unless you have a compelling reason to do otherwise accept the default Setting the number of connections too high can slow processing Additional connections are queued when the system is already processing the maximum number allowed In the Alert Notification From box type the text that you want to appear in the From field when Symantec Mail Security for SMTP notifications are sent The default is Symantec_Mail Security_for_SMTP The From field accepts one user name or fully qualified domain address which means that the From field can be set to a real account In this case recipients of Symantec Mail Security for SMTP generated messages alerts and notifications can reply to that account Click Save Changes Configuring Symantec Mail Security for SMTP 45 Configuring connection and delivery options Configuring delivery options During a virus outbreak you may want to pause de
69. en if a domain name is entered for a spam service To block by real time anti spam blacklists 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Anti spam Policy Blocking by real time blacklist anti spam lists You may be required to obtain the rights to use these lists from each specific real time blacklist service you enter Enter real time blacklist domains to use for lookups to identify spam violations M Real time blacklist domain awal I Identify spam by return codes I Real time blacklist domain feel I Real time blacklist domain mell Do the following when a real time blacklist anti spam list violation occurs Drop message C Log only C Forward message To email address Subject optional Help Save Changes 2 Inthe Anti Spam window under Real time Blacklist check Real time blacklist domain name Setting your anti spam policy 87 Blocking by a custom blacklist 3 Inthe Real time blacklist domain name box type the domain of the blacklist service that you request A check box will appear to let you identify spam by return codes If desired select the box and a box will appear to let you type return codes to identify email as spam Return codes are provided by the blacklist provider 4 Type one return code per line provided by the blacklist provider to identify email as spam Identifying return codes means that only the email associated with the entered
70. ent is installed as a Windows 2000 service and is listed as SESA AgentStart Service in the Services Control Panel Integrating Symantec Mail Security for SMTP with SESA 127 Configuring logging to SESA To install the SESA Agent on Solaris 1 Log on as root to the computer on which you have installed Symantec Mail Security for SMTP Do one of the following m Copy the shell sh file to install the Agent from the Symantec Mail Security for SMTP distribution CD onto the computer and change directories to the location where you copied the file m Run the Agent Installer file from the Symantec Mail Security for SMTP distribution CD Type sh sesa_agent_installer sh and then press Enter Indicate that you agree with the terms of the Symantec license agreement and then press Enter If you indicate No the installation is cancelled From the list of products to register with SESA select Symantec Mail Security for SMTP You can register only one product at a time If you are installing the Agent to work with more than one Symantec product you must run the installer again for each product Select the location in which to install the SESA Agent and then click Next The default location is opt Symantec sesa If the SESA Agent is already installed on the same computer this option does not display Do one of the following m Type the IP address or host name of the computer on which the primary SESA Manager is running If S
71. erver was disconnected the client ID and the date and time of the disconnection 118 Logging and reporting Generating reports Table 7 5 SMTP actions Connection closed Shows the date and time that the connection was closed the IP address of the server that connected to the Symantec Mail Security for SMTP server the connection ID the last command sent and the last response sent by the disconnecting server Protocol violation Shows which client committed the violation the connection ID information about the protocol violation and the date and time of the violation Rejected Shows that a message was rejected which client it was rejected from the date and time of the rejection and the reason for the rejection About message actions Table 7 6 shows the message actions Table 7 6 Message actions Accepted Shows the date and time that a message was accepted the From To information the subject the client IP address the connection ID and the SMTP ID Dropped Shows the date and time that a message was dropped From To information the reason for the drop and the SMTP ID Forwarded Shows the date and time that a message was forwarded From To information the reason for the forward and the SMTP ID Bounced Shows the date and time that a message was bounced To information the reason for the bounce and the SMTP ID Delivery failed Shows the date and time that a message was delivered th
72. eseeseeeeseteeseeeeeeseeeeees 32 Routing scanned messages for delivery cccccceeseseseessessesseeeeseseeesesees 34 Stopping and restarting Symantec Mail Security for SMTP 34 Uninstalling Symantec Mail Security for SMTP oo cessessseseseseeeeesesesesees 35 10 Contents Chapter 3 Chapter 4 Chapter 5 Configuring Symantec Mail Security for SMTP Configuring administrator settings ccccsesessceseseesesssseseseeseeseseseseseeeeeees 40 Configuring connection and delivery options Configuring SMTP options ceeeeseseseeeteeeeees Configuring delivery options Configuring HTTP connections Configuring HTTPS options Configuring a custom disclaimer Configuring the local time zone Changing the temporary files directory location ccccceesetseeeeeeees 50 Processing messages in the hold queue cceecseesesseceseeseseseeeeseeeeeeseeeeeesees 52 Configuring scan options 0 ccsesesssesesesesesssssssseseeesesesesessessssseseesscseseseseeseees 54 Configuring routing options cccecsecseseessssssesseeeescsesesesesesseseessceeseseseseseees 56 Configuring default routing oo cesesesssssecesesesesesstsesssseessseseseseseeeeees 56 Configuring local routing rerasan ia eea EREE K LEE EA aS 58 Configuring alerts c cccccccesesesessssesssssessscsesesesssssssssessesceeseseseeseesessssseseseseseeeees 61 Configuring notifications mana E E EEEE EO EEE 64 Understa
73. essing messages in the hold queue Messages are placed in the hold queue in one of the following ways If a message causes a system crash three times it is moved to the hold queue If Symantec Mail Security for SMTP is configured to hold messages that cannot be processed those messages are sent to the hold queue See To configure scan options on page 55 Process messages in the hold queue You can configure Symantec Mail Security for SMTP to reprocess drop or forward a copy of messages in the hold queue Warning Reprocessing messages is not recommended Reprocessing a message that has caused a system crash will likely result in another system crash Configuring Symantec Mail Security for SMTP 53 Processing messages in the hold queue To reprocess messages that are in the hold queue 1 2 3 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration Hold Scan Accounts Setup Queue Policy Routing Alerts Notifications Logging Diagnostics There are O messages in the hold queue Click a button below to handle messages currently in the hold queue Reprocess Messages Drop Messages Forward Messages Help Save Changes On the Hold Queue tab click Reprocess Messages In the Reprocessing Hold Queue Messages window click Yes All messages that are in the hold queue are reprocessed To drop messages that are in the hold queue 1 On the Symantec Mail
74. ges based on size is the default 94 Setting your filtering policy About your filtering policy Table 6 1 Filtering criteria Subject line Email messages with specified subject lines may be dropped logged or forwarded Not identifying subject lines is the default File name Email messages with specified file names may be delivered with their attachments deleted Not deleting attachments based on file names is the default though a suggested extension list is provided Container limit Email messages that exceed any of the specified container limits may be dropped Blocking messages that exceed container limits is the default Encrypted container Email messages that are encrypted or password protected have their containers deleted and the messages delivered the messages and containers dropped the incidents logged and the messages with containers delivered or the messages and containers forwarded to a specified address Deleting the containers and delivering the messages is the default Anti relay settings Email messages with non local destinations are handled according to how you configure Symantec Mail Security for SMTP Do not allow except for listed hosts is the default Content rules Email messages in which content violation filtering rules are detected are handled according to how the product is configured Setting your filtering policy 95 Blocking by content Blocking by content Symantec Mail Sec
75. gnated in the Host box under Destination relay In the Port box type the port number for the mail server The default port number is 25 Click Save To edit a local routing list entry 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration On the Routing tab under Local Routing List select the case that you want to edit Click Edit Make the changes that you want Click Save To delete a local routing list entry 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration On the Routing tab under Local Routing List select the case you want to delete Click Delete Configuring Symantec Mail Security for SMTP 61 Configuring alerts Configuring alerts You can configure Symantec Mail Security for SMTP to send alerts for system events to one or more administrators If you do not provide an administrator email address Symantec Mail Security for SMTP prompts you to attempt to save any changes Alerts will not be delivered despite being enabled until an address is specified See To set administrator email addresses for notifications and alerts on page 42 Note Sending alerts increases the load of the server On a heavily used mail server you may select to limit the number of alerts enabled To configure alerts 1 On the Symantec Mail Security for SMTP administrative interface in the left pane c
76. he Symantec Mail Security for SMTP administrative interface in the left pane click Configuration On the Diagnostics tab under SMTP Conversation Logging in the logging drop down lists select one of the following for the conversation logging level m Disable No conversation logging is performed m Save log on error Conversation logs are saved only if an SMTP error occurs during the message transmission m Log all inbound or outbound traffic All conversation logs are saved for inbound and or outbound conversations On the Diagnostics tab under SMTP Conversation Logging in the logging drop down lists select one of the following to determine error type triggers m All SMTP errors All SMTP errors are logged Communication error Network and socket errors are logged m Protocol error Failures to follow defined SMTP protocols such as a command out of sequence or bad syntax are logged m Local processing error Application defined errors such as a message that exceeds defined size limits are logged m Unsupported operation Requests for unsupported operations such as TURN are logged On the Diagnostics tab under SMTP Conversation Logging on the logging drop down lists choose one of the following to determine the level of DATA stream logging m Ignore DATA stream Only the DATA command is logged m Summarize DATA stream A line count and byte count summary of the DATA stream is logged m Echo DATA stream The en
77. he following m All files regardless of extension m Only those with extensions in Include list m All except those with extensions in Exclude list 3 If Only those with extensions in Include list or All except those with extensions in Exclude list is selected in the appropriate box type one extension per line using the following format ttt Extensions must be preceded by a period Extensions are not case sensitive 56 Configuring Symantec Mail Security for SMTP Configuring routing options 4 On the Messages that can t be processed drop down list select one of the following m Deliver m Drop You should drop messages that cannot be processed due to scan errors Most messages that cannot be processed have malformed MIME formatting or corrupted content that cannot be expanded for scanning m Hold 5 Click Save Changes Configuring routing options After it scans for viruses Symantec Mail Security for SMTP routes email messages to your existing hosts for delivery The routing configurations are as follows m Default routing See Configuring default routing on page 56 m Local routing See Configuring local routing on page 58 Configuring default routing Setting default routing is not required in most environments but must be done if no local routing is set See Preventing relaying on page 103 If the Default Routing box is filled in any email message that is not addressed to a host or domain
78. hen is forwarded to the specified SMTP server for delivery 58 Configuring Symantec Mail Security for SMTP Configuring routing options Configuring local routing Note You must set a routing list entry for each email domain on your network with the domain for example brightcorp com as the Routed host or domain and your mail server as the Destination relay Setting local routing is required in most environments and is essential if you are not using default routing The typical setting for most environments is an email domain routed to an SMTP server The local routing list has the following purposes m It defines special rules for relaying scanned email messages m It identifies which domains and hosts are considered local The types of local routing entries are as follows m An entry host name domain or IP address by itself An entry by itself means that Symantec Mail Security for SMTP treats email messages that are addressed to that host name domain or IP address as local It does a DNS lookup for the address and delivers it to the address that is specified in the MX record m An entry host name domain or IP address followed by another entry An entry followed by another entry means that when Symantec Mail Security for SMTP receives and processes email messages that are addressed to the host name IP address or domain of the first mail server it should use the second entry to relay the mail For example if you ty
79. il Security for SMTP m Verify that DNS is properly configured for your network See Verifying DNS on the Symantec Mail Security for SMTP server on page 26 m Run the installation script or setup program to install See Running the installation script or setup program on page 28 m Specify locations for installation directories See Specifying locations for installation directories on page 28 m Select an HTTP server port See Selecting an HTTP server port on page 30 m Select an HTTPS server port See Selecting an HTTPS server port on page 31 Verifying DNS on the Symantec Mail Security for SMTP server Your server must be configured as a DNS client before installing Symantec Mail Security for SMTP Verify and test DNS settings To verify DNS settings you must check the TCP IP properties for your server To test your DNS server use the Name Server Lookup NSLookup utility To verify DNS settings on Windows 2000 Server 1 Open Local Area Connection Properties 2 Click Internet Protocol TCP IP Installing Symantec Mail Security for SMTP 27 Installing Symantec Mail Security for SMTP 3 Click Properties 4 Click Advanced 5 On the DNS tab specify the domain suffix and verify that at least one valid DNS server is listed in the DNS server addresses list The host name is the Computer name that is entered in System Properties on the Network Identification tab Contact your administrator or In
80. iles are included on the installation CD For Solaris you must be logged on as root For Windows 2000 Server you must be logged on with administrator privileges To run the Symantec Mail Security for SMTP installation script on Solaris 1 Change cd to the location of the installation files 2 Type the following command to run the installation script sh smssmtp sh 3 Follow the on screen instructions Atranscript of the installation is saved as var log SMSSMTP install log for later review if necessary 4 Verify that the software is running by viewing the Status page The Date server started field should be current See About the Status page on page 109 To run the Symantec Mail Security for SMTP setup program on Windows 2000 Server 1 Change cd to the location of the installation files 2 Run Setup exe 3 Follow the on screen instructions 4 Verify that the software is running by viewing the Status page The Date server started field should be current See About the Status page on page 109 Specifying locations for installation directories Symantec Mail Security for SMTP is organized into directories that each contain specific kinds of files The location of each directory can be specified during installation during which a default location is shown Unless you have a compelling reason to do otherwise you should accept the default location Installing Symantec Mail Security for SMTP 29 Installing Sy
81. iles from the containers and attempts to repair the files If a virus is detected Symantec Mail Security for SMTP inserts text in the body of the message that specifies which virus was found and where it is located You can configure Symantec Mail Security for SMTP to forward infected messages to a Central Quarantine Server and configure the Central Quarantine Server to automatically submit virus samples to Symantec Security Response for analysis After blocking and scanning messages Symantec Mail Security for SMTP delivers them If the message cannot be delivered it is moved to the slow queue Introducing Symantec Mail Security for SMTP 17 What you can do with Symantec Mail Security for SMTP so as not to backlog the fast queue Once the message is in the slow queue a message is sent to the original message sender indicating that Symantec Mail Security for SMTP will continue to attempt delivery of the message Symantec Mail Security for SMTP reorders messages in the slow queue Messages that cannot be delivered are moved to the rear of the queue Queue messages that are destined to the same host on the next hop are moved to the front of the queue if those hosts are accepting delivery If the message is not able to be delivered within the specified number of days Symantec Mail Security for SMTP returns a reason for example wrong domain user name doesn t exist to the original message sender and the file is deleted from the slow queue
82. ill not block attachments with those file names unless you check Delete attachments with the following file names 3 Type one file name per line that you want blocked using the following format badnews doc You can use for the file name or the extension 4 To delete a default file name select and delete the file name 5 Check Ifan attachment is deleted add the following text to the message You can customize the message if needed 6 Click Save Changes Blocking by container file limits You can configure Symantec Mail Security for SMTP to protect against denial of service attacks that are associated with overly large container files that take a long time to decompose or with files that contain multiple compressed files Note Each message is treated as a container meaning that the settings apply on a per message basis instead of on a per attachment basis Also remember when setting container files limits that MIME headers are considered files Setting your filtering policy 101 Blocking by container file limits To block by container file limit 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Filtering Policy Drop messages that exceed any selected container limit M Attachments that take more than 60 seconds to extract M Attachments that contain more than j 0 levels of nested containers M Attachments where one file extracts to more than j 00 MBs in size IZ Attach
83. ing reports Table 7 1 Status page information Anti spam m Number of spam messages detected by the heuristic anti detections spam engine m Number of spam messages detected by the custom blacklist m Number of spam messages detected by the real time blacklist Generating reports Symantec Mail Security for SMTP generates the following types of reports Summary Shows totals for message infection and virus activity When viruses are found it includes links to more information about the viruses See Generating summary reports on page 112 m Detail Shows detailed information about message infection and virus activity to include dates of occurrences and client IP addresses for example See Generating detail reports on page 115 Generating summary reports The summary report lists totals for virus infections and message processing as well as the specific viruses detected To generate a summary report 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Reporting 2 On the Summary Report tab in the From and To drop down lists select the date and time range for the report 3 The report is organized as follows Click Generate Report Summary Report 11 Jul 2002 00 00 00 12 Jul 2002 00 00 00 Message Summary Messages Accepted 13 Data Accepted KB 341 Messages Blocked by Size 3 Messages Bounced 1 Messages Delivered 6 Message Delivery Failures 2
84. installation directory locations Table 2 2 Installation directories for Windows Install Contains the Symantec Mail ProgramFiles Symantec Security for SMTP program files SMSSMTP and read only data files At least 1200 MB disk space required Queues Contains SMTP queue files At ProgramFiles Symantec least 500 MB disk space SMSSMTP queues recommended Local Contains server specific ProgramFiles Symantec configuration files At least 1 MB SMSSMTP local disk space required Logs Contains log files that record ProgramFiles Symantec Symantec Mail Security for SMSSMTP logs SMTP activity At least 600 MB disk space recommended Diagnostic Contains files that can help ProgramFiles Symantec Symantec technicians address SMSSMTP queues issues that may arise with the diagnosticfiles software At least 34 MB disk space recommended Docs Contains the readme file license Program agreement and a PDF of the Files Symantec SMSSMTP implementation guide At least docs lt language gt 1MB disk space recommended Selecting an HTTP server port The Symantec Mail Security for SMTP software is managed through a Web based interface This interface is provided through a built in Hypertext Transfer Protocol HTTP server that is included with Symantec Mail Security for SMTP This HTTP server is independent of any existing HTTP server that already may be installed on your server and is not a general purpos
85. ions contained in this license agreement Manufacturer is Symantec Corporation 20330 Stevens Creek Blvd Cupertino CA 95014 United States of America 6 Export Regulation Certain Symantec products are subject to export controls by the U S Department of Commerce DOC under the Export Administration Regulations EAR see www bxa doc gov Violation of U S law is strictly prohibited You agree to comply with the requirements of the EAR and all applicable international national state regional and local laws and regulations including any applicable import and use restrictions Symantec products are currently prohibited for export or re export to Cuba North Korea Iran Iraq Libya Syria and Sudan or to any country subject to applicable trade sanctions Licensee agrees not to export or re export directly or indirectly any product to any country outlined in the EAR nor to any person or entity on the DOC Denied Persons Entities and Unverified Lists the U S Department of State s Debarred List or on the U S Department of Treasury s lists of Specially Designated Nationals Specially Designated Narcotics Traffickers or Specially Designated Terrorists Furthermore Licensee agrees not to export or re export Symantec products to any military entity not approved under the EAR or to any other entity for any military purpose nor will it sell any Symantec product for use in connection with chemical biological or nuclear weapons
86. iruses in the outer MIME container that is the message itself not the attachments within it will be dropped This is because Symantec Mail Security for SMTP believes that the message is infected in a way that is not repairable and not deletable To enable mass mailer cleanup 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Antivirus Policy 2 Inthe Antivirus Settings window under Mass Mailer cleanup select Enable Mass Mailer cleanup This option is enabled by default 3 Click Save Changes Forwarding infected files to the Central Quarantine Symantec Mail Security for SMTP can forward messages that contain infected attachments and files within attachments to a separately installed Central Quarantine server The Central Quarantine must be installed on a Windows 2000 Server computer Typically heuristically detected viruses that cannot be repaired by the current set of virus definitions are forwarded to the Central Quarantine and isolated so that the viruses cannot spread A copy of each message that contains a virus is forwarded to the Quarantine server If more than one virus is found within one message two copies of the message are forwarded one containing the first virus the other with the second 76 Setting your antivirus policy Configuring antivirus settings From the Central Quarantine these items are submitted to Symantec Security Response for analysis If a new virus is ide
87. istrator timeout applies to both the administrator and the report only administrator Click Save Changes To set administrator email addresses for notifications and alerts 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration On the Accounts tab under Administration Settings in the Administrator email addresses box type the email addresses to which notifications and alerts will be sent Type one email address per line Click Save Changes In addition to setting an email address for notifications and alerts you must configure Symantec Mail Security for SMTP correctly to have it send notifications and alerts This is done through the Notifications and Alerts tabs Configuring Symantec Mail Security for SMTP 43 Configuring connection and delivery options Configuring connection and delivery options You may configure the following in Symantec Mail Security for SMTP SMTP connection See Configuring SMTP options on page 43 Delivery options See Configuring delivery options on page 45 HTTP connection See Configuring HTTP connections on page 46 HTTPS connection See Configuring HTTPS options on page 47 Custom disclaimer See Configuring a custom disclaimer on page 49 Local time zone See Configuring the local time zone on page 50 Temporary directory location See Changing the temporary files directory location on page
88. lete logs after drop down list select the time period to retain log files Under SESA logging check or uncheck Enable SESA logging In the Agent host box type the IP address on which the Agent listens In the Port box type the port number on which the Agent listens Click Save Changes Configuring queue file save and SMTP conversation logging Diagnostic files are located on Windows and Solaris in the queues diagnostic files directory If you contact Symantec Technical Support for assistance you may be instructed to configure the Queue File Save or conversation logging setting Warning The default for the Queue File Save setting is Disable Do not change this setting unless you are instructed by Symantec Technical Support to do so Changing the setting can result in undesirable system behavior To configure queue file save 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration On the Diagnostics tab under Queue File Save on the Queue File Save setting drop down list select the setting that Symantec Technical Support tells you to select Configuring Symantec Mail Security for SMTP 69 Configuring queue file save and SMTP conversation logging 3 Click Save Changes Hold Scan Accounts Setup Queue Policy Routing Alerts Notifications Logging Diagnostics These features are intended for short term diagnostic use only at the recommendation of technical support
89. licensing 32 LiveUpdate 78 80 local SESA Agent installing 124 logging configuring options 66 SESA 121 N notifications 64 Q queue file save 68 R reports detail 115 summary 112 routing default 56 local 58 S scan policy 54 scanning 72 Secure Sockets Layer SSL Symantec Mail Security for SMTP 131 SESA Agent installing for Symantec Mail Security for SMTP 128 SESA Integration Wizard installing 123 SESA logging to about 123 configuring 122 event logging 129 installing the local Agent 124 running the SESA Integration Wizard 123 SMTP configuring 43 servers conflicts with 24 134 Index spam blocking 82 preventing relay of 103 status page 109 system requirements 25 T temporary files 50 U uninstalling SESA Agent 131 SESA Integration Package Symantec Mail Security for SMTP 130 Symantec Mail Security for SMTP Gateways 130 Symantec Event Manager for Antivirus Symantec Mail Security for SMTP 130 Symantec Mail Security for SMTP 35 V virus definitions 78 W whitelist auto generated 83 custom 82 135 Symantec Mail Security for SMTP CD Replacement Form CD REPLACEMENT After your 60 Day Limited Warranty if your CD becomes unusable fill out and return 1 this form 2 your damaged CD and 3 your payment see pricing below add sales tax if applicable to the address below to receive replacement CD DURING THE 60 DAY LIMITED WARRANTY PERIOD THIS SERVICE IS FREE You must be
90. lick Configuration Hold Scan Accounts Setup Queue Policy Routing Alerts Notifications Logging Diagnostics Select the events below that will trigger alert messages to the administrator I Serice start I Scan error I Serice start after improper shutdown SMTP protocol violation I Serice stop HTTP protocol violation I Low memory SMTP connection failure Unauthorized atternpt to access product interface r r I Low disk space I Frequent failed logon attempts O I LiveUpdate session complete r r I Application configuration change Suspect message Help Save Changes 2 On the Alerts tab select the events that will trigger alerts to the administrator The alerts will be sent to the email addresses that you designated when configuring administrative settings 3 Click Save Changes 62 Configuring Symantec Mail Security for SMTP Configuring alerts Table 3 2 shows system events that trigger alerts their descriptions and examples of alerts Table 3 2 Events that trigger alerts ServiceStart The service has started Subject Service Start Body The service has been started Service start after improper shutdown The service has started after a shutdown that did not allow services to run normal shutdown scripts for example a forced reboot of the server Subject Service Start After Improper Shutdown Body The service has been started after an improper shutdown Service stop The service h
91. lid or Invalid gt Content license status Valid or Expired m Date on which the server was last started Amount of time that the server has been running since it was last started m Status of virus scanning Enabled or Disabled m Status of Quarantine forwarding All Files Unrepairable Files or Disabled m Total number of megabytes that have been received for processing since the server was last started m Message delivery mode Delivery or Pause m Incoming message status Accept or Reject m Date of last virus definitions update and latest revision number m Date of last spam definitions update and latest revision number m Date on which the SSL certificate was installed or Not installed Total number of repaired deleted and logged viruses Total number of spam messages detected Total number of auto generated whitelist entries Total number of policy violations Table 7 1 Logging and reporting 111 About the Status page Status page information Messages m Accepted Number of messages added to the fast queue since the server was last started m Rejected Number of messages rejected because the software is configured to reject messages disallowed characters are in an email address an anti relay violation occurs or the configured message size has been exceeded m Delivered Number of outgoing messages that have been delivered including messages spawned internally by Symantec Mail Security for SM
92. lists To manage auto generated whitelists 1 Onthe Symantec Mail Security for SMTP administrative interface in the left pane click Anti spam Policy 2 Inthe Whitelist window under List management select one or more entries and then choose the appropriate action button Add to Custom Whitelist Add to Exclusion List or Delete 3 To sort the list click Sort by 2nd Level Domain or Sort by Frequency When you sort by 2nd level domain those domains for example something com are listed alphabetically based on the root domain When the root domain is the same but the second level domain is different alphabetizing continues using the lower level domains When you sort by frequency domains from which email is most frequently received appear at the top of the list A frequency count is listed for each domain 4 Click Save Changes To manually add domains to the whitelist 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Anti spam Policy 2 Inthe Whitelist window on the Auto Generated tab under List management in the Exclusion list box type the domains one per line that you do not want the auto generated whitelist to track Precede each domain with a period to signify a wildcard match Even if a domain is in the auto generated whitelist any additional messages that come from that domain will not increase the frequency count If a domain is added to the Exclusion list that is not alr
93. livery of messages or reject incoming messages You can also specify the number of days to attempt to deliver messages that cannot be delivered on the first attempt Configure delivery options Follow these instructions to pause delivery reject incoming messages and set the number of days to attempt message delivery To pause delivery of messages 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration 2 Onthe Setup tab under Delivery check Pause message delivery While this is checked messages are still received and placed in the fast queue but no messages are delivered Once it is unchecked the stored messages are processed as usual 3 Click Save Changes To reject incoming messages 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration 2 On the Setup tab under Delivery check Reject incoming messages While this is checked no incoming messages are accepted and the sending server receives notification that the service is not available Once it is unchecked incoming messages are accepted and processed as usual 3 Click Save Changes To set the number of days to attempt message delivery 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration 2 On the Setup tab under Delivery on the Number of days drop down list select the number of days that Symantec Mail Securi
94. m an Internet or internal network source it decodes and decompresses the message It sends the message to the fast queue a logical queue with a large number of dedicated threads to be processed Symantec Mail Security for SMTP first looks for messages to block before scanning for viruses You can configure Symantec Mail Security for SMTP to notify senders and administrators when messages are blocked After blocking messages Symantec Mail Security for SMTP uses several antivirus technologies to scan remaining messages for viruses It looks for known viruses by comparing file segments to the sample code inside of a virus definitions file The virus definitions file contains nonmalicious bits of code or virus definitions for thousands of viruses If Symantec Mail Security for SMTP finds a match the file is considered infected and the email is handled repaired deleted or logged and delivered according to how you have configured the software To protect your network from new viruses you can configure regular virus definitions file updates See Updating virus and spam definitions files on page 78 By default when Symantec Mail Security for SMTP detects a virus in an email attachment that is not a container file it attempts to repair the infected attachment If Symantec Mail Security for SMTP cannot repair the attachment it deletes the attachment by default With container files Symantec Mail Security for SMTP removes the infected f
95. mantec AntiVirus for SMTP Gateways installation that had file extension entries that were not preceded by a period Symantec Mail Security for SMTP automatically adds the period For example if exe was in the Include list of the previous version Symantec Mail Security for SMTP would change it to exe to the force the configuration into compliance with the standard for extension format Installing Symantec Mail Security for SMTP 23 Before you install Configuring DNS Symantec Mail Security for SMTP works in conjunction with other SMTP mail servers By properly configuring your site s domain name system DNS messages that are destined for your existing mail server arrive at Symantec Mail Security for SMTP first After scanning for viruses Symantec Mail Security for SMTP forwards the message to your SMTP server for delivery The DNS zone for your site must be configured to support reverse name lookup which is used to verify the IP address of the host or domain that you are trying to resolve Symantec Mail Security for SMTP processing is affected when you modify DNS records The following types of records are involved in the delivery of messages m A record A mapping of host names to IP addresses For example the host name www somewhere com might map to the specific IP address 192 168 23 10 m PTR record A mapping of IP addresses to host names m MX record A mapping of domains to mail exchange host names Any message th
96. mantec Mail Security for SMTP Table 2 1 shows the default installation directory locations for Solaris Table 2 1 Installation directories for Solaris InstallDir Contains the Symantec Mail Security for SMTP program files and read only data files At least 1200 MB disk space required opt SMSSMTP Antivirus and anti spam files at opt SMSSMTP CSAPI AntiVirus or AntiSpam MailDir Contains SMTP queue files At least 500 MB disk space recommended var opt SMSSMTP queues LocalDir Contains server specific configuration files At least 1 MB disk space required var opt SMSSMTP local LogDir Contains log files that record Symantec Mail Security for SMTP activity At least 600 MB disk space recommended var opt SMSSMTP logs DiagDir Contains files that can help Symantec technicians address issues that may arise with the software At least 34 MB disk space recommended var opt SMSSMTP queues diagnosticfiles ScanDir Contains temporary files that are created during Symantec Mail Security for SMTP scanning At least 100 MB disk space recommended Note Files in the ScanDir are deleted after scanning tmp smssmtptemp DocsDir Contains the readme file At least 1 MB disk space recommended var opt SMSSMTP manuals lt language gt Installing Symantec Mail Security for SMTP Installing Symantec Mail Security for SMTP Table 2 2 shows the Windows default
97. mantec Mail Security for SMTP There are different instructions for uninstalling Symantec Mail Security for SMTP from Solaris and Windows Uninstall Symantec Mail Security for SMTP from Solaris If Symantec Mail Security for SMTP was permitted to automatically disable conflicting services when it was installed an attempt will be made during the uninstallation process to reenable those services There may be files and registry entries that are not removed when you uninstall Symantec Mail Security for SMTP You must manually delete those files and entries Warning If you are running other Symantec products certain shared files such as registry files should not be deleted To uninstall Symantec Mail Security for SMTP from Solaris Type the following command pkgrm SYMCsmtp 36 Installing Symantec Mail Security for SMTP Uninstalling Symantec Mail Security for SMTP To manually delete files and registry entries that are left behind after uninstallation Type the following commands rm r tmp smssmtptemp rm r var opt SMSSMTP rm r opt Symantec rm f etc Symantec conf rm f etc symantec reg rm f etc liveupdate conf rm f var log SYMANTEC error rm f var log SMSSMTP install log These commands are based on default directory locations If you changed the default directory locations modify the commands to use the appropriate directories Uninstall Symantec Mail Security for SMTP from Windows 2000 Serve
98. ments where the cumulative size of all extracted files exceeds 200 MBs IZ Attachments where the number of files extracted exceeds 5000 Help Save Changes 2 Inthe Container Limits window select the container limit descriptors that you want to use for determining exceeded container limits 3 Type the maximum allowable number for each enabled descriptor or keep the defaults Do not type a zero 0 for the value 4 Click Save Changes 102 Setting your filtering policy Blocking if an encrypted container is detected Blocking if an encrypted container is detected You can configure Symantec Mail Security for SMTP to handle encrypted container files To block if an encrypted container is detected 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Filtering Policy If an encrypted container is detected do the following Delete container and deliver message C Drop message C Log only C Forward message To email address ee o ooo Subject optional penet o ooo M When an encrypted container is deleted add the following text to the message File attachment FILE_NAME The file attached to this email was removed because the file is encrypted or password protected Z Help Save Changes 2 Inthe Encrypted Container window select one of the following Delete container and deliver message Drop message Log only Forward message 3 Ifyou selected Forward me
99. mputer If you are using authenticated SSL instead of SESA default anonymous SSL you must enter the host name of the SESA Directory computer For example mycomputer com For more information on SESA default anonymous SSL and upgrading to authenticated SSL see the Symantec Enterprise Security Architecture Installation Guide SSL Port The number of the SESA Directory secure port The default port number is 636 4 Follow the on screen instructions to install the appropriate SESA Integration Package and complete the SESA Integration Wizard 5 Repeat steps 1 through 6 on each SESA Manager computer to which you are forwarding Symantec Mail Security for SMTP events Installing the local SESA Agent using the Agent Installer The local SESA Agent handles the communications between Symantec Mail Security for SMTP and SESA and is installed on the same computer that is running Symantec Mail Security for SMTP The local SESA Agent is provided as part of the software distribution package for Symantec Mail Security for SMTP A separate installation package for installing the Agent is located on the distribution CD for Symantec Mail Security for SMTP If you have more than one SESA enabled product installed on a single computer these products can share a local SESA Agent However each product must register with the Agent Thus even if an Agent has already been installed on the computer for another SESA enabled security product you must run th
100. nding notifications cccccesesesesessssesessceceseseseseesesssesesesesesesees 64 Understanding notification metatags ccccessesessssessseeeseseseseseseeeees 65 Configuring notifications 0 0 ceeesessssessseceseseseseeeessseseesseseseseteeeeees 66 Configuring logging options ccccccceseesesesesssseseseessesesesesesesesseseessceeseseseseseess 66 Configuring queue file save and SMTP conversation logging 008 68 Setting your antivirus policy About your antivirus Policy cceccccssesesesseceseeceseseeseseeeeseseeeeseeecseseeeeseeeeseees 71 Configuring antivirus settings 00 sessssesesesecesesesesessesesseeseseseseseseetseeeees 72 Enabling virus SCANNING ee eeeescessseseesesececeseecescseeceseseeseseeeesensesesesees 72 Handling infected files 0 ce sssesssesssssesescsesessesssssesescsesescsesseesesssasscaeeees 74 Enabling mass mailer cleanup cccceecesesseseseeceseseeeeseeeeseseeceseseeeeseeeesees 75 Forwarding infected files to the Central Quarantine ccceeees 75 Configuring outbreak alerts c cccceescsesessssssssscesesesesesesesssseeesessseeeseseseeeseees 77 Updating virus and spam definitions files esesssseseseeeceeeseseseseeeeees 78 Setting up your own LiveUpdate server cececeessesesesseceseeseseseeeeseteeseseeeesees 80 Setting your anti spam policy About your anti spam policy cccccccccsscsesessesesseeesceceseseeeeseeeeeseneeseseeeeseeeeseees 82 Cr
101. nections are used for the logon and password changing portions of the administrative interface when they are enabled During installation you must identify the TCP IP port number on which the HTTPS server will listen The port number that you specify must be different from the HTTP and SMTP port numbers exclusive to Symantec Mail Security for SMTP and not already in use by any other program or service The default HTTPS port number is 8043 Unless you have a compelling reason to do otherwise you should select the default Note You must identify an HTTPS port number during installation even if you do not enable SSL Post installation tasks You must perform the following post installation tasks when appropriate m Access the administrative interface See Accessing the administrative interface on page 32 m Apply a product and content license See Applying product and content licenses on page 32 m Route scanned email for delivery See Routing scanned messages for delivery on page 34 m Stop and restart Symantec Mail Security for SMTP See Stopping and restarting Symantec Mail Security for SMTP on page 34 32 Installing Symantec Mail Security for SMTP Post installation tasks Accessing the administrative interface You must access the administrative interface to configure Symantec Mail Security for SMTP Access the Symantec Mail Security for SMTP administrative interface You can access Syma
102. nformation subject size SMTP ID and information on which rule was triggered Integrating Symantec Mail Security for SMTP with SESA This chapter includes the following topics About SESA About SESA Configuring logging to SESA Interpreting Symantec Mail Security for SMTP events in SESA Uninstalling the SESA Integration Package Uninstalling the local SESA Agent In addition to using standard local logging for Symantec Mail Security for SMTP you can also choose to log events to the Symantec Enterprise Security Architecture SESA SESA is an underlying software infrastructure and a common user interface framework It integrates multiple Symantec Enterprise Security products and third party products to provide a central point of control of security within an organization It provides a common management framework for SESA enabled security products such as Symantec Mail Security for SMTP that protect your IT infrastructure from malicious code intrusions and blended threats SESA helps you increase your organization s security posture by simplifying the task of monitoring and managing the multitude of security related events and products that exist in today s corporate environments SESA includes an event management system that employs data collection services for events generated 122 Integrating Symantec Mail Security for SMTP with SESA Configuring logging to SESA on computers that are managed by Symantec security p
103. ng reports rsa a a a a aaah 112 Generating summary reports e ssssssesessssrsesessesesserersrsrerersesesesrsrseseeeset 112 Generating detail reports oo cccssesessseeseseseeseseseeseseseeseeeeseeseeseeeeeeaes 115 Integrating Symantec Mail Security for SMTP with SESA Abot SESA a A a A a E 121 Configuring logging to SESA cccccecssssssssssssssssesesesessssessseseseseseseseseseeeseeeseneees 122 Configuring SESA to recognize Symantec Mail Security f r SMTP marisae E E ee ra 123 Installing the local SESA Agent using the Agent Installer 124 Installing the SESA Agent manually by command line 128 Configuring Symantec Mail Security for SMTP to log events to SESA oeren e EEEE EERE ERE EEEE E RE 129 Interpreting Symantec Mail Security for SMTP events in SESA 130 Uninstalling the SESA Integration Package ccceesseseessceteeeeseteeeeseeees 130 Uninstalling the local SESA Agent cccececeessssesesceceseeeeseeeeeseeeseeseneeaeeees 131 CD Replacement Form 11 12 Contents Introducing Symantec Mail Security for SMTP This chapter includes the following topics About Symantec Mail Security for SMTP What s new in Symantec Mail Security for SMTP Components of Symantec Mail Security for SMTP How Symantec Mail Security for SMTP works What you can do with Symantec Mail Security for SMTP About Symantec Mail Security for SMTP Symantec Mail Security for SMTP is a Simple Mail T
104. ning multiple Symantec products any Symantec software on the media for which You have not received permission in a License Module nor G use the Software in any manner not authorized by this license 2 Content Updates Certain Software utilize content that is updated from time to time including but not limited to the following Software antivirus software utilize updated virus definitions content filtering software utilize updated URL lists some firewall software utilize updated firewall rules and vulnerability assessment products utilize updated vulnerability data these updates are collectively referred to as Content Updates You shall have the right to obtain Content Updates for any period for which You have purchased maintenance except for those Content Updates that Symantec elects to make available by separate paid subscription or for any period for which You have otherwise separately acquired the right to obtain Content Updates Symantec reserves the right to designate specified Content Updates as requiring purchase of a separate subscription at any time and without notice to You provided however that if You purchase maintenance hereunder that includes particular Content Updates on the date of purchase You will not have to pay an additional fee to continue receiving such Content Updates through the term of such maintenance even if Symantec designates such Content Updates as requiring separate purchase This License doe
105. nt to you by email if that method has been requested The format of a serial number is a letter followed by 10 digits for example F2430482013 Installing Symantec Mail Security for SMTP 33 Post installation tasks A content license is necessary to receive the latest virus definition updates When a content license expires a new license must be installed to renew the subscription When no content license is installed neither virus nor spam definitions are downloaded to keep protection current If you have questions about licensing contact Symantec Customer Service at 800 721 3934 or your reseller to check the status of your order To install the license files 1 Onthe Symantec Mail Security for SMTP administrative interface in the left pane click Licensing Status License Fulfillment ID 16411 11 Product License Status Valid Product License Expiration Never Content License Status Valid Content License Expiration Tuesday October 19 2004 4 00 00 AM GMT License installation You must install a product license and a content license Step 1 Complete the license form located at https licensing symantec com License Files will be emailed to you as attachments Step 2 Save the attachments Step 3 For each license browse to the location where you saved the attachment and click Install License Browse If you require assistance contact Symantec Service and Support Email Info symantec com Help Install
106. ntec Mail Security for SMTP through a browser window from the Start menu or by clicking the desktop icon if it is running on Windows To access the Symantec Mail Security for SMTP administrative interface through a browser window 1 Open your browser 2 Type the Symantec Mail Security for SMTP IP address or host name using the following format http lt IP address or host name of the computer that is running the software gt lt port gt For example use either of these formats http smssmtp somewhere com 8003 http 198 0 0 1 8003 3 Logon using the password that you set during installation Passwords are case sensitive To access the Symantec Mail Security for SMTP administrative interface through the Start menu 1 On the Windows taskbar click Start gt Programs 2 Click Symantec Mail Security for SMTP Applying product and content licenses You must install a product license and a content license A license file is required for both licenses in order to activate them To install a product license and a content license you must have the serial numbers one for product one for content that are required for activation The serial numbers are printed on the product certificate The product certificate is mailed separately from the software and is needed to request a license file and to register for support The product certificate should arrive at approximately the same time that you receive the software It may be se
107. ntified updated virus definitions are returned using LiveUpdate See Updating virus and spam definitions files on page 78 Warning If you configure Symantec Mail Security for SMTP to forward infected messages to the Central Quarantine and the Central Quarantine is not running files accumulate in the quarantine directory and may severely degrade performance To establish quarantine settings 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Antivirus Policy 2 Inthe Antivirus Settings window under Quarantine on the What to quarantine menu select one of the following m Nothing m Messages containing unrepaired infections See Handling infected files on page 74 m Messages containing any infections 3 Inthe Central Quarantine Server host or IP address box type the host name or IP address of the server that is running the Central Quarantine 4 Inthe Port box type the port number for the Central Quarantine 5 Click Save Changes Setting your antivirus policy 77 Configuring outbreak alerts Configuring outbreak alerts You can configure Symantec Mail Security for SMTP to send notifications to one or more email addresses in cases of virus outbreaks Note You must enter recipient addresses on the Antivirus Policy gt Outbreak Alert tab in order for this function to work To configure outbreak alerts 1 On the Symantec Mail Security for SMTP administrativ
108. omer Service PO BOX 5689 Dublin 15 Ireland or iii Symantec Customer Service 1 Julius Ave North Ryde NSW 2113 Australia 8 Additional Uses and Restrictions A If the Software You have licensed is a specified Symantec AntiVirus tm for a corresponding third party product or platform You may only use that specified Software with the corresponding product or platform You may not allow any computer to access the Software other than a computer using the specified product or platform In the event that You wish to use the Software with a certain product or platform for which there is no specified Software You may use Symantec AntiVirus Scan Engine B If the Software you have licensed is Symantec AntiVirus utilizing Web Server optional licensing as set forth in the License Module the following additional use s and restriction s apply i You may use the Software only with files that are received from third parties through a web server ii You may use the Software only with files received from less than 10 000 unique third parties per month and iii You may not charge or assess a fee for use of the Software for Your internal business C If the Software You have licensed is Symantec AntiVirus Corporate Edition You may not use the Software on or with devices on Your network running embedded operating systems specifically supporting network attached storage functionality without separately licensing a version of such Software
109. ormat the date and time for logging and reporting purposes If the selected time zone does not match the local time zone of the server all report times will be offset to the server local time To configure the local time zone 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration 2 On the Setup tab under Local time zone on the Region drop down list select a region 3 Onthe Country City drop down list select a country or city 4 Click Save Changes Changing the temporary files directory location During installation you select the locations for all directories Through the administrative interface you can change the location for the directories that contain temporary files that are created during Symantec Mail Security for SMTP scanning Configuring Symantec Mail Security for SMTP 51 Configuring connection and delivery options To change the temporary files directory location 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration Hold Scan Accounts Setup Queue Policy Routing Alerts Notifications Logging Diagnostics SMTP SMTP port number 25 Maximum number of outgoing connections 15 x Maximum number of incoming connections 15 i Alert Notification From address Symantec_Mail_ Security for SMTP You may enter a fully qualified domain address Delivery I Pause message delivery no messages will be delive
110. ound or until the entire domain is parsed 88 Setting your anti spam policy Blocking by a custom blacklist Domain names must begin with either or a period You can use wildcard characters in the user name portion of the address Note If you configure Symantec Mail Security for SMTP to block a subdomain server company com for example it blocks only that subdomain and not the full domain company com for example To block by a custom blacklist 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Anti spam Policy 2 Inthe Custom Blacklist window under Blocking by sender s address check Identify messages from the following email addresses or domains as violations one per line 3 Inthe text box type the email addresses and domains to be blocked Use only one entry per line Wildcard characters and are allowed in the user name portion of an address 4 Under Do the following when a violation occurs select one of the following m Drop message m Log only m Forward message 5 If you selected Forward message in the To email address box type the email address to which the message will be forwarded and in the Subject line box type the subject that will appear in the subject line of the forwarded message 6 Click Save Changes Setting your anti spam policy 89 Identify suspected spam messages by the heuristic anti spam engine Identify suspected spam messages by the
111. our local routing list are captured in a whitelist Symantec Mail Security for SMTP stores a maximum of 2000 entries in the auto generated whitelist before it removes the top 50 84 Setting your anti spam policy Activating and managing an auto generated whitelist Activate and manage an auto generated whitelist You can choose domains from the auto generated whitelist to add to your custom whitelist add to your exclusion list or delete from the list To activate an auto generated whitelist 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Anti spam Policy Custom Auto Generated Status List State Entries Auto generated Disabled 0 Exclusion Disabled 0 Auto generated whitelist I Enable whitelist generator List management Auto generated whitelist Select one or more entries then click the appropriate action button a Add to Custom Whitelist Add to Exclusion List cl wil Delete Sort by 2nd Level Domain Exclusion list manual addition Exclude the following domains from the auto generated whitelist one per line Precede the domain with a period to signify a wildcard match For example domain com domain com Help Save Changes 2 Inthe Whitelist window on the Auto Generated tab under Auto generated whitelist check Enable whitelist generator 3 Click Save Changes Setting your anti spam policy 85 Blocking by real time anti spam black
112. pe brightcorp com in the Routed host or domain box and mailer brightcorp com in the Destination relay box after Symantec Mail Security for SMTP processes email messages that are addressed to brightcorp com user brightcorp com it forwards the email message to mailer brightcorp com for delivery In both cases the first or only entry is considered local The second entry if any is not Local routing rules always have priority over the Default Routing setting Designating a host as local is significant for the relay restrictions See Preventing relaying on page 103 Configuring Symantec Mail Security for SMTP 59 Configuring routing options Configure local routing You can create edit and delete local routing list entries To create local routing entries 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration Hold Scan Queue Policy Routing Alerts Notifications Logging Diagnostics Accounts Setup Default routing Destination host or domain to which email is forwarded after scanning If this server is the last hop before the Internet sending email directly to the Internet this field should be left blank Default relay port is 25 Host or domain mailer brightcorp com Port 25 Save Local routing list Specify cases where mail destined for a specific host or domain should be routed to a different host or domain Add Edit Delete Routing list ent
113. pt component wsf Windows script file wsh Windows scripting host settings file Note Typing only or will generate an error message Setting your filtering policy 99 Blocking by content To block by file name 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Filtering Policy Blocking by message size M Reject messages that are greater than j 5 megabytes Blocking by subject line I Identify the following subject lines one per line as content violations The and wildcards can be used for example Make Money Fast or lll Take the following action when a subject line violation occurs Drop message Log only Forward message To email address Subject pe Blocking by file name I Delete attachments with the following file names one per line The and wildcards can be used for example invoice xI or vbs I When an attachment is deleted add the following text to the message File attachment FILE_ NAME The file attached to this email was removed because the file name is not allowed H Help Save Changes 100 Setting your filtering policy Blocking by container file limits 2 Inthe Content window under Blocking by file name check Delete attachments with the following file names one per line Even though the blocking list is populated with default file names to be blocked Symantec Mail Security for SMTP w
114. r There may be files and registry entries that are not removed when you uninstall Symantec Mail Security for SMTP You must manually delete those files and entries Warning If you are running other Symantec products certain shared files including registry files should not be deleted To uninstall Symantec Mail Security for SMTP from Windows Do one of the following m Inthe Windows Control Panel double click Add Remove Programs click Symantec Mail Security for SMTP 4 0 and then click Remove m From the Start menu select Programs gt SMSSMTP gt Uninstall SMSSMTP To manually delete files that are left behind after uninstallation 1 2 3 Go to C Program Files Symantec SMSSMTP Delete the SMSSMTP folder In the Add Remove Programs list delete LiveUpdate If you are running other Symantec antivirus products certain shared files including registry files should not be deleted Installing Symantec Mail Security for SMTP 37 Uninstalling Symantec Mail Security for SMTP To manually delete registry entries that are left behind after uninstalling 1 2 3 4 ol On the Windows taskbar click Start gt Run In the Run window type regedit Click OK In the Registry Editor window under My Computer double click HKEY_LOCAL_ MACHINE Double click SOFTWARE Right click the Symantec folder and then click Delete In the Confirm Key Delete window click Yes Do not delete registry events if you are r
115. r to which Symantec Mail Security for SMTP will forward events Save and close the Agent settings file To install the SESA Agent by command line 1 On the computer on which Symantec Mail Security for SMTP is installed at the command prompt change to the folder in which the SESA Agent files reside For example C Agent At the command prompt type the following java jar agentinst jar a3067 3067 is a unique product ID to install the Agent for Symantec Mail Security for SMTP To remove the SESA Agent you must use the same product ID parameter for Symantec Mail Security for SMTP 3067 Optionally you can append any of the following parameters debug Writes logging information to the screen log Turns off the installation log and instructs the SESA Agent to write logging information to the Agntinst log file in the local Temp directory Configuring Symantec Mail Security for SMTP to log events to SESA After you have installed the local SESA Agent to handle communications between Symantec Mail Security for SMTP and SESA you must configure Symantec Mail Security for SMTP to communicate with the Agent by specifying the IP address and port number on which the Agent listens You must also ensure that logging to SESA has been activated These settings are located on the Symantec Mail Security for SMTP administrative interface To configure Symantec Mail Security for SMTP to log events to SESA 1 On the Symantec Mail Securit
116. ransfer Protocol SMTP server that processes email before sending it to a local mail server for delivery It can be configured to protect your network in the following ways Block unwanted email messages Scan and repair infected email attachments files appended to email messages and infected files within attachments Block spam Prevent the relaying of spam for another host The email gateway is only one way that a virus can penetrate your network For comprehensive virus protection install both Symantec Mail Security for SMTP and appropriate workstation or server versions of antivirus protection on every computer at your site For a complete listing of Symantec antivirus products visit www symantec com 14 Introducing Symantec Mail Security for SMTP What s new in Symantec Mail Security for SMTP What s new in Symantec Mail Security for SMTP Symantec Mail Security for SMTP maintains all of the functionality of past Symantec antivirus products and includes the new features of Symantec Mail Security for SMTP which are described in Table 1 1 Table 1 1 New features of Symantec Mail Security for SMTP Enhanced anti spam Custom and auto generated whitelists functionality Custom X bulk header m Drop and Forward message handling based on spam probability threshold m Message body scans with custom spam filtering rules m Enhanced anti spam heuristics Enhanced antivirus m Mass mailer cleanup functionali
117. red I Reject incoming messages no messages will be accepted for deliver Number of days to attempt to deliver a message 5 HTTP HTTPS HTTP port number e003 I Enable SSL amp encryption for logons Certificate Management HTTPS port number e043 Custom disclaimer Enter text to be included in every scanned message 1000 character limit Local time zone Current time zone location for date time display GMT To change the local time zone region used to format the date and time for logging and reporting purposes select a new time zone region and country city combination Region Select a new Region gt Country City Select a new Country City gt Other Directory for temporary files used during scanning CAProgram Files Symantec SMSSMTP queue The service must be restarted for the new directory setting to take effect Help Save Changes 52 Configuring Symantec Mail Security for SMTP Processing messages in the hold queue On the Setup tab under Other in the Directory for temporary files used during scanning box type the directory path where temporary files will be stored during scanning The Windows default is Program Files Symantec SMSSMTP queues Temp The Solaris default is tmp smssmtptemp When a nondefault directory is set a subdirectory named SMSSMTP is created in the nondefault location Click Save Changes The service must be restarted for the new directory setting to take effect Proc
118. riggers a Cannot Scan error the message is considered suspect and moved to the hold queue Configuring notifications You can configure Symantec Mail Security for SMTP to send notifications to administrators and senders when antivirus and blocking policies have been violated If you do not enter an administrator email address Symantec Mail Security for SMTP prompts you to enter one each time the Notifications screen is saved Administrator notifications will not be delivered despite being enabled until an address is specified See To set administrator email addresses for notifications and alerts on page 42 Understanding notifications Violation notifications have the following text m Subject SMSSMTP Policy Violation m Message The following message sent by this account has violated system policy MSGINFO The following violations were detected VIRUSINFO CONTENTINFO ENCRYPTINFO Administrator notifications have the additional metatag DISPOSITION at the end of the message Configuring Symantec Mail Security for SMTP 65 Understanding notification metatags Within the default text of notifications there are metatags which act as placeholders for information You can change text in any notification but do not alter the metatags or you will not receive information about the event that triggered the notification Configuring notifications Table 3 3 describes all available metatags an
119. roducts The event categories and classes include antivirus content filtering network security and systems management The range of events varies depending on the Symantec applications that are installed and managed by SESA You can monitor and manage these security related events through the SESA Console The SESA Console is the common user interface that provides manageable integration of security technologies Symantec or otherwise Symantec Security Services and Symantec Security Response You can query filter and sort data to reduce the security related events that you see through the SESA Console which allows you to focus on threats that require your attention You can configure alert notifications in response to events and generate save and print tabular and graphical reports of event status based on filtered views that you have created SESA must be installed and working properly before you can configure Symantec Mail Security for SMTP to log events to SESA For more information see the SESA documentation Configuring logging to SESA The logging of events to SESA is in addition to the standard local logging features for Symantec Mail Security for SMTP Logging to SESA is activated independently of standard local logging If you have purchased SESA you can send a subset of the events that are logged by Symantec Mail Security for SMTP to SESA See Interpreting Symantec Mail Security for SMTP events in SESA on page 1
120. rs See Preventing conflicts with other SMTP servers on page 24 22 Installing Symantec Mail Security for SMTP Before you install m Prevent conflicts with other software See Preventing conflicts with other software on page 24 m Prevent conflicts with Symantec Web Security See Preventing conflicts with Symantec Web Security Solaris only on page 24 Installing and configuring the operating system The operating system software and applicable updates must be installed configured and working correctly on your server before you install Symantec Mail Security for SMTP Consult your server s documentation for more information Installation of your operating system software and updates is outside the scope of this guide Upgrading from earlier versions To upgrade from Symantec AntiVirus for SMTP Gateways 3 0 or 3 1 install Symantec Mail Security for SMTP 4 0 over the existing software This lets you retain settings from the previous version Version 4 0 does not support high ASCII or DBCS characters in directory names If names of directories used by the product contain high ASCII or DBCS characters rename those directories before installing Symantec Mail Security for SMTP The pipe symbol is no longer allowed in the Include Exclude and Attachment Stripping lists when configuring scan options Symantec Mail Security for SMTP removes the symbol during the upgrade Note If you are installing over a Sy
121. ry Routed host or domain Host name IP address or domain of mail server to which SMS for SMTP continues delivery of email after scanning for viruses Host or Domain brightcorp com Destination relay optional Host name IP address or domain of a different mail server to which scanned email addressed to the specified mail server will be relayed for delivery Default relay port is 25 Host or Domain mailer brightcorp cam Port 25 Save Cancel Her 2 On the Routing tab under Local Routing List click Add 3 Under Routing list entry type the host name IP address or domain of a mail server to which email should be routed Wildcard characters may be used in routing list entries If you type only the first entry and no destination relay email that is addressed to a user who receives mail at that host will be relayed using that host 60 Configuring Symantec Mail Security for SMTP Configuring routing options 6 Under Destination relay in the Host box type the host name IP address or domain of the mail server to which email that is destined for the server that is designated under Routed host or domain should be routed In most cases using an IP address is preferable to using a host name because a host name needs to be resolved If you type a destination host email that is addressed to a user who is receiving mail at the host that is listed under Routed host or domain will be relayed using the host that is desi
122. s Notify senders and administrators of policy violations 00 20 Installing Symantec Mail Security for SMTP Before you install sisii inini E ATOT REA 21 Installing and configuring the operating system cccccseseseeeeeeees 22 Upgrading from earlier versions Configuring DNS 0 eccccceesesesesssscsesesesesesescsesesesesescseseseseseseseeeeeecseaeaeeeeeees Preventing conflicts with other SMTP servers ccccsssessseceseseeeeeeees 24 Preventing conflicts with other software Preventing conflicts with Symantec Web Security Solaris only 24 System requirements oo eee ccceseeceesesceseeseeseseeseeseeseseeseeseeseeaeseeseeseeaeeseeeeaeeaeees 25 Installing Symantec Mail Security for SMTP ou eseseessssssseeeseseseseeeseeeeees 25 Verifying DNS on the Symantec Mail Security for SMTP server 26 Running the installation script or setup program cceeeeeeeeeees 28 Specifying locations for installation directories ccceesessseeeeeeeees 28 Selecting an HTTP server Port cccccccscecssssssseseeceseseeseseeeeseeeeesesesseseseees 30 Selecting an HTTPS server port c cccccscesssssssseseeseseseeceseeeeseseeeeseeeseeseeees 31 Post installationtasks 15 65cd lccheisscscsissciealesstessasicsioascosscuescascieasiaicvssnesadyecsaces 31 Accessing the administrative interface ccccccscsessceseetetseeeeteeeeeesenes 32 Applying product and content licenses 0 ceecese
123. s not otherwise permit the licensee to obtain and use Content Updates 3 Limited Warranty Symantec warrants that the media on which the Software is distributed will be free from defects for a period of sixty 60 days from the date of delivery of the Software to You Your sole remedy in the event of a breach of this warranty will be that Symantec will at its option replace any defective media returned to Symantec within the warranty period or refund the money You paid for the Software Symantec does not warrant that the Software will meet Your requirements or that operation of the Software will be uninterrupted or that the Software will be error free TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW THE ABOVE WARRANTY IS EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES WHETHER EXPRESS OR IMPLIED INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS YOU MAY HAVE OTHER RIGHTS WHICH VARY FROM STATE TO STATE AND COUNTRY TO COUNTRY 4 Disclaimer of Damages SOME STATES AND COUNTRIES INCLUDING MEMBER COUNTRIES OF THE EUROPEAN ECONOMIC AREA DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES SO THE BELOW LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW AND REGARDLESS OF WHETHER ANY REMEDY SET FORTH HEREIN FAI
124. s of your mail server 6 Inthe Port box type the port number of your mail server 7 Click Save All mail that was previously destined for your SMTP server goes to Symantec Mail Security for SMTP for processing and then is forwarded to your SMTP server for delivery Stopping and restarting Symantec Mail Security for SMTP You may need to stop and restart Symantec Mail Security for SMTP Stopping and restarting the service results in a lost connection to client applications that may be submitting a file for scanning or delivery The client application must reestablish the connection and resubmit the file for scanning and delivery Note If messages are being processed when the service is stopped the processing of those messages stops and resumes when the service is restarted Stopping and restarting Symantec Mail Security for SMTP Instructions for stopping and restarting Symantec Mail Security for SMTP differ depending on the operating system that you are running If you are running Symantec Mail Security for SMTP on Windows 2000 Server stop and restart the service in the Services Control Panel Installing Symantec Mail Security for SMTP 35 Uninstalling Symantec Mail Security for SMTP To stop Symantec Mail Security for SMTP on Solaris Type the following command etc rc2 d S87smssmtp stop To restart Symantec Mail Security for SMTP on Solaris Type the following command etc rc2 d S87smssmtp start Uninstalling Sy
125. s on product feature function installation and configuration as well as to author content for our Web accessible Knowledge Base The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion For example the Technical Support group works with Product Engineering as well as Symantec Security Response to provide Alerting Services and Virus Definition Updates for virus outbreaks and security alerts Symantec technical support offerings include m A range of support options that give you the flexibility to select the right amount of service for any size organization m Telephone and Web support components that provide rapid response and up to the minute information m Upgrade insurance that delivers automatic software upgrade protection m Content Updates for virus definitions and security signatures that ensure the highest level of protection m Global support from Symantec Security Response experts which is available 24 hours a day 7 days a week worldwide in a variety of languages for those customers enrolled in the Platinum Support Program m Advanced features such as the Symantec Alerting Service and Technical Account Manager role offer enhanced response and proactive security support Please visit our Web site for current information on Support Programs The specific features available may vary based on the level of support purchased and the specifi
126. ssage in the To email address box type the email address to which the message with the encrypted container should be forwarded and in the Subject box type the subject that will appear in the subject line of the forwarded message 4 Click Save Changes Setting your filtering policy 103 Preventing relaying Preventing relaying You can configure relay restrictions within Symantec Mail Security for SMTP so that it refuses to deliver email that has a source outside of the organization email for which the sender or recipient is not local Another way that Symantec Mail Security for SMTP prevents relaying is by rejecting messages to recipients with addresses that contain specific characters such as and Configuring external relay restrictions The following relay options are available m Allow Relay restrictions are turned off for external hosts Email from any remote host can be relayed through Symantec Mail Security for SMTP to remote hosts Do not allow except for listed hosts one per line Relay restrictions are enabled for external hosts Only email from explicitly named hosts and domains can be relayed to remote hosts Do not allow except for listed hosts one per line is the default The source of a message is the computer that contacts Symantec Mail Security for SMTP not the From address The destination is the host portion of the recipient s address If the source or destination is considered local the Do no
127. t allow setting does not apply See To configure external relay restrictions on page 104 A source is considered local if Symantec Mail Security for SMTP is running in Allow mode or if the host is listed in the Do not allow list except for listed hosts list A destination is considered local if it is listed in the Local Routing list See Configuring local routing on page 58 104 Setting your filtering policy Preventing relaying To configure external relay restrictions 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Filtering Policy Restrictions for email with a non local destination Allow Do not allow except for listed hosts one per line Leave box blank to have all email with a non local destination rejected someplace com nnn nnn nnn PE Blocking by characters in email addresses M Reject messages with email addresses that contain any of the following characters no spaces or commas between entries 1 Help Save Changes 2 Inthe Anti Relay window select one of the following m Allow Donot allow except for listed hosts one per line 3 If desired type one host name IP address or domain per line for mail servers from which email will be allowed Domain name entries in this box will work only if the hosts have appropriate PTR records You can use the wildcard character as the first element of a domain name or the last element of an
128. te a custom whitlist 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Anti spam Policy Custom Auto Generated Custom whitelist I Bypass heuristic and blacklist detection for the following domains or email addresses one per line For example user domain com or domain com Precede the domain with a period to signify a wildcard match for dornain only entries For example domain com Help Save Changes 2 Inthe Whitelist window on the Custom tab under Custom whitelist check Bypass heuristic and blacklist detection for the following addresses one per line Number of domains addresses 0 3 Inthe exclusion box type domains one per line to be excluded from regular spam processing Domain names must begin with either or a period where a period specifies a wildcard match for any sender at the domain For example company com would match mail company com You can add fully qualified addresses for example user company com to the custom whitelist to exclude email to that user from heuristic and blacklist processing You must check Bypass heuristic and blacklist detection for the following addresses one per line in order for the domains to bypass spam processing Spam rule processing still applies Activating and managing an auto generated whitelist If the auto generated whitelist functionality is activated all email domains of outgoing messages that are not in y
129. tempt and the frequency of attempts LiveUpdate runs on each selected day at the same time For example selecting Tuesday and Thursday 06 00 AM and Once every four hours causes LiveUpdate to run only on Tuesdays and Thursdays at 6 00 AM 10 00 AM 2 00 PM 6 00 PM and 10 00 PM Because LiveUpdate considers midnight the end of the day it would run for the last time at 10 00 PM and would not run again until 6 00 AM which is designated as the first attempt 5 Click Save Changes To update virus definitions manually 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click LiveUpdate Status Last LiveUpdate attempt Monday March 22 2004 11 00 00 AM GMT Virus definitions version revision 2004 03 18 25 Last virus definitions LiveUpdate status Successful Spam definitions version revision 2004 01 13 1 Last spam definitions LiveUpdate status Successful Schedule M Enable schedule To schedule automatic definitions updates select one or more weekdays time of day for the first attempt and the frequency of attempts LiveUpdate runs on each selected day at the same times M Sunday M Monday M Tuesday M Wednesday M Thursday M Friday M Saturday First attempt 12 00 AM Frequency Once every six hours Initiate LiveUpdate now Help Save Changes 2 Inthe LiveUpdate window under Initiate click LiveUpdate now Do not resubmit a LiveUpdate request It may take a few minutes to
130. ternet service provider ISP if you are unsure of the values to use To verify DNS settings on Solaris 1 Open the following file etc resolv conf The file should contain lines similar to the following domain somewhere com nameserver 192 168 1 2 nameserver 192 168 9 7 Verify that the specific domain name and name server addresses are correct for your site Contact your administrator or Internet service provider ISP if you are unsure of the values to use 2 Make any necessary changes If the etc resolv conf file does not exist on your server create it using the example in step 1 as a template Replace the domain name and name server addresses with values that are correct for your site To test your DNS server Run the NSLookup command using the following format nslookup lt IP address or server name gt For example nslookup 155 55 55 55 The IP address should resolve to your server name and the server name should resolve to your IP address Note You should run NSLookup twice once in the format nslookup lt host name gt and once as nslookup lt IP address gt 28 Installing Symantec Mail Security for SMTP Installing Symantec Mail Security for SMTP Running the installation script or setup program You must run the installation script Solaris or setup program Windows 2000 Server to install Symantec Mail Security for SMTP Run the installation script or setup program The Symantec Mail Security for SMTP f
131. that is running the SESA Manager The SESA Integration Wizard installs the appropriate integration components for identifying Symantec Mail Security for SMTP to SESA You must run the SESA Integration Wizard for each SESA Manager computer to which you are forwarding events from Symantec Mail Security for SMTP Each product that interfaces with SESA has a unique set of integration components The integration components for all products that interface with SESA are available in the Symantec Mail Security for SMTP software distribution package See Uninstalling the SESA Integration Package on page 130 To configure SESA to recognize Symantec Mail Security for SMTP 1 On the computer on which the SESA Manager is installed insert the product CD 2 At the command prompt type java jar setup jar The SESA Integration Wizard starts 3 Inthe SESA Domain Administrator Information window type the specific information about the SESA Domain Administrator and the SESA Directory SESA Domain Administrator The name of the SESA Directory Domain Name Administrator account SESA Domain Administrator The password for the SESA Directory Domain Password Administrator account 124 Integrating Symantec Mail Security for SMTP with SESA Configuring logging to SESA IP Address of SESA Directory The IP address of the computer on which the SESA Directory is installed may be the same as the SESA Manager IP address if both are installed on the same co
132. time ranges when specific recipients are notified and custom data to accompany the notification messages For more information on interpreting events in SESA and on the event management capabilities of SESA see the SESA documentation Uninstalling the SESA Integration Package To uninstall the SESA Integration Package you must run the SESA Integration Wizard on each SESA Manager computer that is receiving events from Symantec Mail Security for SMTP 4 0 To uninstall the SESA Integration Package 1 On the SESA Manager computer insert the product CD 2 Type the following command to launch the SESA Integration Wizard java jar setup jar uninstall 3 Follow the on screen instructions until you see the SESA Domain Administrator Information window Integrating Symantec Mail Security for SMTP with SESA 131 Uninstalling the local SESA Agent 4 Inthe SESA Domain Administrator Information window do the following SESA Domain Administrator Type the name of the SESA Domain Administrator Name account SESA Domain Administrator Type the password for the SESA Domain Password Administrator account Host Name or IP Address of Type one of the following SESA Directory If SESA is using default anonymous SSL communications the IP address of the computer on which the SESA Directory is installed may be the same as the SESA Manager IP address if they are both installed on the same computer If SESA is using authenticated SSL communica
133. tion Other brands and products are trademarks of their respective holder s 2004 Symantec Corporation All rights reserved Printed in the U S A 9 symantec 136
134. tion the host name of the SESA Directory computer For example mycomputer com For more information on the SESA default anonymous SSL and upgrading to authenticated SSL see the Symantec Enterprise Security Architecture Installation Guide Secure Directory Port Type the number of the SESA Directory SSL port by default 636 5 The SESA Integration Wizard removes the Symantec Mail Security for SMTP Integration Package for Symantec Mail Security for SMTP Uninstalling the local SESA Agent The local SESA Agent is automatically uninstalled when you uninstall Symantec Mail Security for SMTP If more than one product is using the Agent the uninstall script removes only the Symantec Mail Security for SMTP registration and leaves the Agent in place If no other security products are using the Agent the uninstallation script will uninstall the Agent as well 132 Integrating Symantec Mail Security for SMTP with SESA Uninstalling the local SESA Agent A administrative interface 32 administrator settings 40 alerts outbreak 77 system 61 B blacklist custom 87 real time anti spam 85 blocking by container file limits 100 by encrypted container detection 102 by message criteria 95 c Central Quarantine 75 D delivery 45 directories installation 28 DNS 23 26 H heuristic anti spam engine 89 hold queue 52 HTTP 30 46 HTTPS 31 47 l installing SESA Agent 124 Symantec Mail Security for SMTP 25 28 L
135. tions deleted Number of files that contained viruses that were deleted Total infections Number of viruses that were detected repaired deleted and logged only Generating detail reports A detail report contains all of the events in the Symantec Mail Security for SMTP log You can configure Symantec Mail Security for SMTP to log entries for various lengths of time See Configuring logging options on page 66 You can save the report in a comma delimited CSV file format for import into spreadsheets or other graphical display software The CSV report is saved in the log directory that was specified during installation by default the Windows location is Program Files Symantec SMSSMTP logs and the Solaris location is var opt SMSSMTP logs The report file name is SMSSMTPyyyymmddhhmm CsV which indicates the date and time of creation Note There are legacy fields Mailbox and Mailbox ID that are in the CSV report that are no longer used and are always empty 116 Logging and reporting Generating reports To generate a detail report 1 5 On the Symantec Mail Security for SMTP administrative interface in the left pane click Reporting On the Detail Report tab in the From and To drop down lists specify the date and time range for the report Check the actions to include in the report In the Search box you can type a single search term or string to narrow the output of the report The search is not cas
136. tire DATA stream is logged For outbound messages the DATA stream is buffered the line count and byte count of the DATA stream for outbound messages will not match the line count and byte count for inbound messages Setting your antivirus policy This chapter includes the following topics About your antivirus policy Configuring antivirus settings Configuring outbreak alerts Updating virus and spam definitions files Setting up your own LiveUpdate server About your antivirus policy Your antivirus policy is determined by how you configure Symantec Mail Security for SMTP to handle email which file types to scan which files to quarantine and when to notify administrators and senders if viruses are found or virus outbreaks occur 72 Setting your antivirus policy Configuring antivirus settings Configuring antivirus settings The antivirus settings in Symantec Mail Security for SMTP let you do the following m Scan for viruses See Enabling virus scanning on page 72 m Handle infected files See Handling infected files on page 74 m Clean up mass mailer messages See Enabling mass mailer cleanup on page 75 m Quarantine files See Forwarding infected files to the Central Quarantine on page 75 Enabling virus scanning You must enable virus scanning and set the Bloodhound sensitivity level through the administrative interface Bloodhound is the technology Symantec uses to heuristic
137. ty Enhanced content filtering m Message body scans with custom content filtering functionality rules m Custom disclaimer Components of Symantec Mail Security for SMTP Symantec Mail Security for SMTP consists of several components that work together to protect your network Table 1 2 lists Symantec Mail Security for SMTP components and their descriptions Table 1 2 Symantec Mail Security for SMTP components Symantec Mail Security for This is the software that you install to protect network SMTP servers and workstations It protects computers from viruses in email attachments blocks unwanted content and prevents spam and spam relaying Introducing Symantec Mail Security for SMTP How Symantec Mail Security for SMTP works Table 1 2 Symantec Mail Security for SMTP components LiveUpdate Administration LiveUpdate lets Symantec products download program Utility and virus definitions files updates directly from Symantec or from an intranet LiveUpdate server With the LiveUpdate Administration Utility you can configure one or more intranet FTP HTTP or LAN servers to act as internal LiveUpdate servers For more information see the LiveUpdate Administrator s Guide on the CD Symantec Central Quarantine You can configure Symantec Mail Security for SMTP to automatically forward infected attachments from local quarantine servers to Symantec Central Quarantine a central repository for infected attachments You can
138. ty for SMTP will attempt to deliver a message If a message cannot be delivered it is sent to the slow queue where Symantec Mail Security for SMTP continues to attempt delivery If a message cannot be delivered after the set number of days it is returned to the sender and deleted from the slow queue and from the system 3 Click Save Changes 46 Configuring Symantec Mail Security for SMTP Configuring connection and delivery options Configuring HTTP connections The Symantec Mail Security for SMTP software is managed through a Web based interface This interface is provided through a built in Hypertext Transfer Protocol HTTP server that is included with the software This HTTP server is independent of any existing HTTP server that is already installed on your server and is not a general purpose Web server The HTTP port number is set during installation but it can be changed through the administrative interface To configure HTTP connections 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Configuration On the Setup tab under HTTP HTTPS in the HTTP port number box type the port number on which the built in HTTP server will listen The number that you specify becomes the port number in the URLs that you will use to access the Symantec Mail Security for SMTP administrative interface The port number must be exclusive to Symantec Mail Security for SMTP and must not already be in use
139. unning other Symantec products 38 Installing Symantec Mail Security for SMTP Uninstalling Symantec Mail Security for SMTP Configuring Symantec Mail Security for SMTP This chapter includes the following topics Configuring administrator settings Configuring connection and delivery options Processing messages in the hold queue Configuring scan options Configuring routing options Configuring alerts Configuring notifications Configuring logging options Configuring queue file save and SMTP conversation logging 40 Configuring Symantec Mail Security for SMTP Configuring administrator settings Configuring administrator settings The following types of administrator accounts can be set in Symantec Mail Security for SMTP m Administrator Oversees administration of Symantec Mail Security for SMTP m Report only administrator Has privileges only to run reports on Symantec Mail Security for SMTP Note The report only administrator password must be different from that of the administrator Configure administrator settings Table 3 1 shows administrator settings that you can configure through the administrative interface Table 3 1 Administrator settings Administrator password The administrator password is set during installation and can be changed through the administrative interface Report only The report only administrator password can be set only administrator password through the administrative interfac
140. urity for SMTP can be configured to block messages based on the following content Message size See Blocking by message size on page 95 Subject line See Blocking by subject line on page 96 File name See Blocking by file name on page 97 Blocking by message size You can configure Symantec Mail Security for SMTP to block email by message size To block by message size 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click Filtering Policy In the Content window under Blocking by message size check Reject messages that are greater than megabytes The default is 50 In the text box type the number of megabytes that must be exceeded for a message to be rejected Do not use a decimal Click Save Changes 96 Setting your filtering policy Blocking by content Blocking by subject line You can configure Symantec Mail Security for SMTP to block email by subject line To block by subject line 1 Onthe Symantec Mail Security for SMTP administrative interface in the left pane click Filtering Policy 2 Inthe Content window under Blocking by subject line check Identify the following subject lines one per line as content violations 3 Inthe subject line box type the subject lines one per line that Symantec Mail Security for SMTP should block You can use the and wildcard characters The wildcard character matches 0 or more of any character The
141. virus definitions files are available the LiveUpdate technology automatically downloads the proper files and installs them in the proper location Note To update virus and spam definitions for Symantec Mail Security for SMTP you must run LiveUpdate in the product Running LiveUpdate in other Symantec products will not update your definitions for Symantec Mail Security for SMTP For more information on Intelligent Updater see the Readme file on the Symantec Mail Security for SMTP CD You can configure Symantec Mail Security for SMTP to perform regular updates of virus and spam definitions files using LiveUpdate or you can set up your own LiveUpdate Server See Setting up your own LiveUpdate server on page 80 Update virus and spam definitions files You can configure Symantec Mail Security for SMTP to run LiveUpdate one or more days per week You can change the time of day for the first attempt and the frequency of attempts You can also update virus and spam definitions manually at any time To schedule Automatic LiveUpdate 1 On the Symantec Mail Security for SMTP administrative interface in the left pane click LiveUpdate 2 Inthe LiveUpdate window under Schedule check Enable schedule Uncheck this option to disable a scheduled LiveUpdate 3 Select one or more days on which you want LiveUpdate to run Setting your antivirus policy 79 Updating virus and spam definitions files 4 Select the time of the first at
142. y SESA Manager that is to receive events from Symantec Mail Security for SMTP do the following m Inthe Secondary SESA Manager IP address or host name box type the IP address or host name of the computer on which the Secondary SESA Manager is running m Inthe Secondary SESA Manager port number box type the port number on which the Secondary SESA Manager listens The default port number is 443 In the Organizational unit distinguished name box type the organizational unit distinguished name to which the Agent will belong If the organizational unit is unknown or not yet configured you can leave this setting blank Use the format shown in the example ou Europe ou Locations dc SES o symc_ses The domain s dc portion of the path should correspond to the domain that is managed by the selected SESA Management Server Select one of the following m Start SESA Agent Automatically The SESA Agent starts automatically whenever the computer is restarted m Start SESA Agent Manually You must manually restart the SESA Agent each time that the computer is restarted Check Check box here if you want the SESA Agent to start at installation completion if you want the SESA Agent to start immediately after the installation finishes If you do not check the check box you must manually start the SESA Agent after the installation is complete The installer proceeds from this point with the installation When the installation is complete the Ag
143. y for SMTP administrative interface in the left pane click Configuration On the Logging tab under SESA logging check Enable SESA logging In the SESA agent host box type the IP address on which the local SESA Agent listens The default setting is 127 0 0 1 the loopback interface which restricts connections to the same computer 130 Integrating Symantec Mail Security for SMTP with SESA Interpreting Symantec Mail Security for SMTP events in SESA 4 Inthe Port number box type the TCP IP port number on which the local SESA Agent listens The port number that you type here must match the port number on which the local SESA Agent listens The default port is 8086 5 Click Save Changes Interpreting Symantec Mail Security for SMTP events in SESA SESA provides extensive event management capabilities such as common logging of normalized event data for SESA enabled security products like Symantec Mail Security for SMTP The event categories and classes include antivirus content filtering network security and systems management SESA also provides centralized reporting capabilities including graphical reports The events that are forwarded to SESA by Symantec Mail Security for SMTP take advantage of the existing SESA infrastructure for events You can create alert notifications for certain events Notifications include pagers SNMP traps email and operating system event logs You can define the notification recipients day and
Download Pdf Manuals
Related Search