1. Manuals
  2. Brands
  3. Symantec Manuals
  4. Software
  5. 11105111 - SYM MAIL SEC SMTP 5.0 SMS PORT MEDIA CD...
  6. User manual

Symantec 11105111 - SYM MAIL SEC SMTP 5.0 SMS PORT MEDIA CD EN User Manual

User guide
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Symantec Mail Security™
for SMTP

Advertisement

Table of Contents
loading

Related Manuals for Symantec 11105111 - SYM MAIL SEC SMTP 5.0 SMS PORT MEDIA CD EN

Summary of Contents for Symantec 11105111 - SYM MAIL SEC SMTP 5.0 SMS PORT MEDIA CD EN

  • Page 1 Symantec Mail Security™ for SMTP...
  • Page 2 NO WARRANTY. The technical documentation is being delivered to you AS-IS, and Symantec Corporation makes no warranty as to its accuracy or use. Any use of the technical documentation or the information contained therein is at the risk of the user.

  • Page 3: Technical Support

    Technical support As part of Symantec Security Response, the Symantec global Technical Support group maintains support centers throughout the world. The Technical Support group’s primary role is to respond to specific questions on product feature/ function, installation, and configuration, as well as to author content for our Web-accessible Knowledge Base.

  • Page 4: Customer Service

    Recent software configuration changes and/or network changes ■ Customer Service To contact Enterprise Customer Service online, go to www.symantec.com, select the appropriate Global Site for your country, then choose Service and Support. Customer Service is available to assist with the following types of issues: Questions regarding product licensing or serialization ■...
  • Page 5 (each a “License Module”) that media containing multiple Symantec products, any accompanies, precedes, or follows this license, and as Symantec software on the media for which You have may be further defined in the user documentation not received permission in a License Module; nor accompanying the Software, Your rights and G.

  • Page 6: Limited Warranty

    Software to You. Your sole remedy in the event of a through 227.7202-4, 48 C.F.R. section 52.227-14, and breach of this warranty will be that Symantec will, at other relevant sections of the Code of Federal its option, replace any defective media returned to...
  • Page 7 IBM License are offered by Symantec alone and not by any other party. 8. Additional Uses and Restrictions: A. If the Software You have licensed is Symantec Mail Security for a corresponding third party product or platform, You may only use that Software for the corresponding product or platform.

  • Page 9: Table Of Contents

    What’s new in Symantec Mail Security for SMTP .......... 14 Components of Symantec Mail Security for SMTP ........15 How Symantec Mail Security for SMTP works ..........16 What you can do with Symantec Mail Security for SMTP ......18 Filter email messages .................. 18 Identify spam ....................19 Respond to viruses ..................
  • Page 10 Accessing the administrative interface ........... 37 Activating product and content licenses ..........38 Routing scanned messages for delivery ........... 40 Stopping and restarting Symantec Mail Security for SMTP ....41 Uninstalling Symantec Mail Security for SMTP ..........41 Chapter 3 Configuring Symantec Mail Security for SMTP Configuring administrator settings ..............
  • Page 11 Blocking by real-time antispam blacklists ............94 Blocking by a custom blacklist ................96 Identifying spam messages using the heuristic antispam engine ....97 Identifying spam using Symantec Premium AntiSpam ........ 99 Configuring Symantec Premium AntiSpam ..........100 Enabling language identification ............104 Configuring the spam quarantine ..............104...
  • Page 12 About SESA ......................155 Configuring logging to SESA ................156 Configuring SESA to recognize Symantec Mail Security for SMTP .. 157 Installing the local SESA Agent using the SESA Agent Installer ..158 Installing the SESA Agent manually by command line ....... 162 Configuring Symantec Mail Security for SMTP to log events to SESA ...................

  • Page 13: Introducing Symantec Mail Security For Smtp

    ■ About Symantec Mail Security for SMTP Symantec Mail Security for SMTP is a Simple Mail Transfer Protocol (SMTP) server that processes email before sending it to a local mail server for delivery. It can be configured to protect your network in the following ways: Block unwanted email messages.

  • Page 14: What's New In Symantec Mail Security For Smtp

    14 Introducing Symantec Mail Security for SMTP What’s new in Symantec Mail Security for SMTP What’s new in Symantec Mail Security for SMTP Table 1-1 lists the new features in Symantec Mail Security for SMTP. Table 1-1 New features in Symantec Mail Security for SMTP Feature...

  • Page 15: Components Of Symantec Mail Security For Smtp

    Introducing Symantec Mail Security for SMTP Components of Symantec Mail Security for SMTP Components of Symantec Mail Security for SMTP Symantec Mail Security for SMTP consists of several components that work together to protect your network. Table 1-2 describes each component.

  • Page 16: How Symantec Mail Security For Smtp Works

    SMTP server for further processing and delivery. It also receives outgoing email from your SMTP server and processes it based on the configuration of Symantec Mail Security for SMTP.
  • Page 17 “Updating virus and spam definitions files” on page 84. By default, when Symantec Mail Security for SMTP detects a virus in an email attachment (that is not a container file), it attempts to repair the infected attachment. If Symantec Mail Security for SMTP cannot repair the attachment, it deletes the attachment by default.

  • Page 18: What You Can Do With Symantec Mail Security For Smtp

    “Setting your filtering policy” on page 125. You can configure Symantec Mail Security for SMTP so that users on the network become aware of its operation only if a virus or content violation is detected. You can also configure Symantec Mail Security for SMTP to send alerts to administrators in the case of system events, and send notifications to administrators and senders when there is virus activity.

  • Page 19: Identify Spam

    Security for SMTP to identify spam. You can specify which criteria to use to identify spam and how those messages should be handled. “Setting your antispam policy” on page 89. Symantec Mail Security for SMTP can be configured to identify spam based on the following: Symantec Premium AntiSpam Service ■...
  • Page 20 20 Introducing Symantec Mail Security for SMTP What you can do with Symantec Mail Security for SMTP Table 1-4 lists the options for handling unrepairable infected attachments. Table 1-4 Options for handling unrepairable infected attachments Option Description Delete The attachment is deleted from the message.

  • Page 21: Configure Relay Settings

    Symantec Mail Security for SMTP works with other email software products that are running on other local mail servers. After processing messages, Symantec Mail Security for SMTP relays the messages to mail servers according to how you have configured your relay settings.
  • Page 22 22 Introducing Symantec Mail Security for SMTP What you can do with Symantec Mail Security for SMTP...

  • Page 23: Installing Symantec Mail Security For Smtp

    You must perform the following pre-installation tasks when appropriate: Install and configure the operating system. ■ “Installing and configuring the operating system” on page 24. Upgrade from earlier versions of Symantec Mail Security for SMTP. ■ “Upgrading from previous versions” on page 24. Configure DNS.

  • Page 24: Installing And Configuring The Operating System

    Symantec Mail Security for SMTP automatically adds the period. For example, if exe was in the Include list of the previous version, Symantec Mail Security for SMTP changes it to .exe to the force the configuration into compliance with the...

  • Page 25: Preserving Configuration Settings From Previous Versions That Use High Ascii Or Dbcs Directories

    Version 4.1 does not support high ASCII or DBCS characters in directory names. If you have used high ASCII or DBCS characters for directories in your previous version of Symantec Mail Security for SMTP, you must back up the configuration file for the previous version and copy the file into version 4.1.

  • Page 26: Preventing Conflicts With Other Smtp Servers

    MX record. Preventing conflicts with other SMTP servers Because Symantec Mail Security for SMTP is an SMTP server, it must have exclusive access to the TCP/IP port that corresponds to that service. No other SMTP servers can be running on the same port on the same server on which Symantec Mail Security for SMTP is installed.

  • Page 27: Preventing Conflicts With Other Software

    Installing Symantec Mail Security for SMTP Before you install Preventing conflicts with other software You must stop any other antivirus software on the server on which Symantec Mail Security for SMTP will be installed. After installation, reenable the antivirus protection.

  • Page 28: System Requirements

    System requirements You must have root or local administrator-level privileges to install Symantec Mail Security for SMTP. You should install Symantec Mail Security for SMTP on its own server. The system requirements for Solaris and Windows 2000/2003 Server are as...

  • Page 29: Installing Symantec Mail Security For Smtp

    You need root or administrator-level privileges to install Symantec Mail Security for SMTP. A static IP address is required. If you decide to install Symantec Mail Security for SMTP on the same computer as your SMTP server, you must configure Symantec Mail Security for SMTP to listen on the port to which mail clients deliver messages.

  • Page 30: Verifying And Testing Dns Settings

    30 Installing Symantec Mail Security for SMTP Installing Symantec Mail Security for SMTP Verifying and testing DNS settings Your server must be configured as a DNS client before installing Symantec Mail Security for SMTP. Verify and test DNS settings To verify DNS settings, you must check the TCP/IP properties for your server.

  • Page 31: Running The Installation Script Or Setup Program

    Server) to install Symantec Mail Security for SMTP. Run the installation script or setup program The Symantec Mail Security for SMTP files are included on the installation CD. For Solaris, you must be logged on as root. For Windows 2000/2003 Server, you must be logged on with administrator privileges.

  • Page 32: Specifying Locations For Installation Directories

    32 Installing Symantec Mail Security for SMTP Installing Symantec Mail Security for SMTP To run the Symantec Mail Security for SMTP setup program on Windows 2000/2003 Server Change (cd) to the location of the installation files. Run Setup.exe. Follow the on-screen instructions.
  • Page 33 Installing Symantec Mail Security for SMTP Installing Symantec Mail Security for SMTP Table 2-1 Installation directories for Solaris Directory Description Default location ScanDir Contains temporary files that are /tmp/smssmtptemp created during Symantec Mail Security for SMTP scanning. At least 100 MB disk space is recommended.

  • Page 34: Selecting An Http Server Port

    HTTP server will listen. The number that you specify becomes the port number in the URLs that you use to access the Symantec Mail Security for SMTP interface. The port number that you specify must be different from the HTTPS and SMTP port numbers, exclusive to Symantec Mail Security for SMTP, and not already in use by any other program or service.

  • Page 35: Selecting An Https Server Port

    You can install the plug-in from the Symantec Mail Security for SMTP CD. The plug-in adds a toolbar to the Outlook window from which users can access the help system.

  • Page 36: Installing The Symantec Spam Folder Agent

    You can install the Symantec Spam Folder Agent from the Symantec Mail Security for SMTP CD. Note: You must install the agent on the server on which Symantec Mail Security is installed. To install the Symantec Spam Folder Agent On the product CD, click Install Spam Folder Agent.

  • Page 37: Post-Installation Tasks

    Security for SMTP. Access the Symantec Mail Security for SMTP administrative interface You can access Symantec Mail Security for SMTP through a browser window, from the Start menu, or by clicking the desktop icon (if it is running in Windows).

  • Page 38: Activating Product And Content Licenses

    SMTP. Activating product and content licenses You must install a license file on each server that is running Symantec Mail Security for SMTP in order to activate your product and content licenses. The product license is required to activate Symantec Mail Security for SMTP scanning operations.
  • Page 39 If you have questions about licensing, contact Symantec Customer Service at 800-721-3934 or your reseller to check the status of your order. To activate product and content licenses On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Licensing.

  • Page 40: Routing Scanned Messages For Delivery

    You must add a routing list entry for each serviced email domain on your network. If the Symantec Mail Security for SMTP server is not the last hop before the Internet, you might need to use default routing. “Configuring default routing”...

  • Page 41: Stopping And Restarting Symantec Mail Security For Smtp

    Uninstalling Symantec Mail Security for SMTP Stopping and restarting Symantec Mail Security for SMTP You may need to stop and restart Symantec Mail Security for SMTP. Stopping and restarting the service results in a lost connection to client applications that may be submitting a file for scanning or delivery.
  • Page 42 Uninstall Symantec Mail Security for SMTP from Windows 2000/2003 Server There may be files and registry entries that are not removed when you uninstall Symantec Mail Security for SMTP. You must manually delete those files and entries. Warning: If you are running other Symantec products, certain shared files, including registry files, should not be deleted.
  • Page 43 In the Registry Editor window, under My Computer, double-click HKEY_LOCAL_MACHINE. Double-click SOFTWARE. Right-click the Symantec folder, and then click Delete. Do not delete the folder or any shared files from the folder if you are running other Symantec products. In the Confirm Key Delete window, click Yes.
  • Page 44 44 Installing Symantec Mail Security for SMTP Uninstalling Symantec Mail Security for SMTP...

  • Page 45: Configuring Symantec Mail Security For Smtp

    Chapter Configuring Symantec Mail Security for SMTP This chapter includes the following topics: Configuring administrator settings ■ Configuring connection and delivery options ■ Processing messages in the hold queue ■ Configuring scan options ■ Configuring routing options ■ Configuring alerts ■...

  • Page 46: Configuring Administrator Settings

    46 Configuring Symantec Mail Security for SMTP Configuring administrator settings Configuring administrator settings The following types of administrator accounts can be set in Symantec Mail Security for SMTP: Administrator: Oversees administration of Symantec Mail Security for ■ SMTP Report-only administrator: Has privileges only to run reports on Symantec ■...
  • Page 47 Configuring Symantec Mail Security for SMTP Configuring administrator settings To change an administrator password through the administrative interface On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Configuration. On the Accounts tab, under Administration Passwords, under Administrator password, in the New password box, type a password for the administrator.
  • Page 48 In the Confirm box, type the password again. Click Change Password. To enable the report-only administrator account On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Configuration. On the Accounts tab, under Administration Settings, check Enable Report- only Administrator account.

  • Page 49: Configuring Connection And Delivery Options

    Symantec Mail Security for SMTP recognizes those port numbers as already being in use. SMTP options apply to the Symantec Mail Security for SMTP server, which receives email messages for scanning and then forwards the messages for delivery.
  • Page 50 Configuration. On the Setup tab, under SMTP, in the SMTP port number box, type the port number for the port on which Symantec Mail Security for SMTP listens. The default is 25. If the SMTP port is reset to another port, only email messages that arrive at the other port will be processed.

  • Page 51: Configuring Delivery Options

    Configuration. On the Setup tab, under Delivery, in the Number of days drop-down list, select the number of days that Symantec Mail Security for SMTP will attempt to deliver a message. If a message cannot be delivered, it is sent to the slow queue where Symantec Mail Security for SMTP continues to attempt delivery.

  • Page 52: Configuring Http Connections

    Configuring connection and delivery options Configuring HTTP connections The Symantec Mail Security for SMTP software is managed through a Web- based interface. This interface is provided through a built-in Hypertext Transfer Protocol (HTTP) server that is included with the software. This HTTP server is independent of any existing HTTP server that is already installed on your server and is not a general-purpose Web server.

  • Page 53: Configuring Https Options

    On the Setup tab, in the HTTPS port number box, type the port number of the HTTPS server. The default port number is 8043. The port number must be exclusive to Symantec Mail Security for SMTP and must not already be in use by any other program or service. Click Certificate Management.
  • Page 54 The Certificate Authority sends your certificate by email to the address that you typed on the Certificate Request page. To install the returned certificate on Symantec Mail Security for SMTP Copy the entire certificate, including the header and footer, that you received from the Certificate Authority.

  • Page 55: Configuring A Custom Disclaimer

    Acting as your own Certificate Authority If you are able to act as your own Certificate Authority, you need only install a signed certificate that is created from the request that is generated by Symantec Mail Security for SMTP and enable SSL encryption for logons.

  • Page 56: Configuring The Local Time Zone

    To configure the local time zone On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Configuration. On the Setup tab, under Local time zone, in the Region drop-down list, select a region.
  • Page 57 Configuring Symantec Mail Security for SMTP Configuring connection and delivery options To change the temporary files directory location On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Configuration.

  • Page 58: Processing Messages In The Hold Queue

    If a message causes a system crash three times, it is moved to the hold ■ queue. If Symantec Mail Security for SMTP is configured to hold messages that ■ cannot be processed, those messages are sent to the hold queue.
  • Page 59 Configuring Symantec Mail Security for SMTP Processing messages in the hold queue To reprocess messages that are in the hold queue On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Configuration. On the Hold Queue tab, click Reprocess Messages.

  • Page 60: Configuring Scan Options

    .zip entry. If only .zip is in the Include list and test.zip is sent, no files are scanned because the zip file has been decomposed, and Symantec Mail Security is looking for .zip files.
  • Page 61 Configuring Symantec Mail Security for SMTP Configuring scan options To configure scan options On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Configuration. On the Scan Policy tab, select one of the following: All files regardless of extension ■...

  • Page 62: Configuring Routing Options

    Hold ■ Click Save Changes. Configuring routing options After it scans for viruses, Symantec Mail Security for SMTP routes email messages to your existing hosts for delivery. The routing configurations are as follows: Default routing ■...
  • Page 63 In the Port box, type the port number of your mail server. The default port number is 25. Click Save. Mail that was destined for your SMTP server goes to Symantec Mail Security for SMTP for processing and then is forwarded to the specified SMTP server for delivery.

  • Page 64: Configuring Local Routing

    An entry (host name, domain, or IP address) by itself ■ An entry by itself means that Symantec Mail Security for SMTP treats email messages that are addressed to that host name, domain, or IP address as local. It does a DNS lookup for the address and delivers it to the address that is specified in the MX record.
  • Page 65 You can create, edit, and delete local routing list entries. To create local routing entries On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Configuration. On the Routing tab, under Local Routing List, click Add.
  • Page 66 The default port number is 25. Click Save. To edit a local routing list entry On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Configuration. On the Routing tab, under Local Routing List, select the case that you want to edit.

  • Page 67: Configuring Alerts

    Configuring Symantec Mail Security for SMTP Configuring alerts Configuring alerts You can configure Symantec Mail Security for SMTP to send alerts for system events to one or more administrators. If you do not provide an administrator email address, Symantec Mail Security for SMTP prompts you to save any changes.
  • Page 68 68 Configuring Symantec Mail Security for SMTP Configuring alerts Table 3-2 lists the system events that trigger alerts, their descriptions, and examples of alerts. Table 3-2 Events that trigger alerts Event Description Alert text ServiceStart The service has started. Subject: Service Start Body: The service has been started.
  • Page 69 Configuring Symantec Mail Security for SMTP Configuring alerts Table 3-2 Events that trigger alerts Event Description Alert text Scan error The engine that handles Subject: Decomposition error decomposition of files has Body: An error occurred encountered an error during during message scanning.

  • Page 70: Configuring Notifications

    If you do not enter an administrator email address, Symantec Mail Security for SMTP prompts you to enter one each time the Notifications screen is saved. Administrator notifications will not be delivered, despite being enabled, until an address is specified.

  • Page 71: Understanding Notification Metatags

    Configuring Symantec Mail Security for SMTP Configuring notifications Understanding notification metatags Within the default text of notifications, there are metatags, which act as placeholders for information. You can change text in any notification, but do not alter the metatags, or you will not receive information about the event that triggered the notification.

  • Page 72: Configuring Notifications

    Configuring logging options Symantec Mail Security for SMTP lets you send logging events to the local computer or to SESA. Local logging (logging of activity to the computer on which Symantec Mail Security for SMTP is running) is enabled by default. For local logging, you can specify how long old logs should be retained, from one week to never delete.
  • Page 73 Configuring Symantec Mail Security for SMTP Configuring logging options Once enabled, Symantec Mail Security for SMTP logs the following local events to SESA: Logon Subjects blocked ■ ■ Logoff Scan error ■ ■ Definitions updated Sender blocked ■ ■ Object modified Attachment deleted ■...

  • Page 74: Configuring Queue File Save And Smtp Conversation Logging

    Warning: The default for the Queue File Save setting is Disable. Do not change this setting unless you are instructed by Symantec Technical Support to do so. Changing the setting can result in undesirable system behavior. To configure queue file save On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Configuration.
  • Page 75 <InstallDir> is the path of the top-level installation directory, such as var/opt/SMSSMTP or C:\Program Files\Symantec\SMSSMTP. Warning: SMTP Conversation Logging is disabled by default. Do not change this setting unless you are instructed by Symantec Technical Support to do so.
  • Page 76 76 Configuring Symantec Mail Security for SMTP Configuring queue file save and SMTP conversation logging To configure conversation logging On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Configuration. On the Diagnostics tab, under SMTP Conversation Logging, in the logging...

  • Page 77: Setting Your Antivirus Policy

    ■ About your antivirus policy Your antivirus policy is determined by how you configure Symantec Mail Security for SMTP to handle email (which file types to scan, which files to quarantine, and when to notify administrators and senders if viruses are found...

  • Page 78: Configuring Antivirus Settings

    78 Setting your antivirus policy Configuring antivirus settings Configuring antivirus settings The antivirus settings in Symantec Mail Security for SMTP let you do the following: Scan for viruses ■ “Enabling virus scanning” on page 78. Handle infected files ■ “Handling infected files”...
  • Page 79 Setting your antivirus policy Configuring antivirus settings To enable virus scanning On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Antivirus Policy. In the Antivirus Settings window, under Antivirus scanning, ensure that Enable virus scanning is checked.

  • Page 80: Handling Infected Files

    Bloodhound changes to take effect. Handling infected files Symantec Mail Security for SMTP can handle infected files in a number of ways. Scanning must be enabled and files must be specified for scanning in order for files to be processed.

  • Page 81: Enabling Mass Mailer Cleanup

    When the mass mailer cleanup function is enabled in the administrative interface, Symantec Mail Security for SMTP searches for a match between virus name patterns and the signatures that are returned by the antivirus scan. The match is made based on the configuration parameter @m (used by Symantec Security Response to name mass mailer viruses).

  • Page 82: Forwarding Infected Files To The Central Quarantine

    “Updating virus and spam definitions files” on page 84. Warning: If you configure Symantec Mail Security for SMTP to forward infected messages to the Central Quarantine, and the Central Quarantine is not running, files accumulate in the quarantine directory and may severely degrade performance.

  • Page 83: Configuring Outbreak Alerts

    Configuring outbreak alerts Configuring outbreak alerts You can configure Symantec Mail Security for SMTP to send notifications to one or more email addresses in cases of virus outbreaks. Note: You must enter recipient addresses on the Antivirus Policy > Outbreak Alert tab in order for this function to work.

  • Page 84: Updating Virus And Spam Definitions Files

    87. Update virus and spam definitions files You can configure Symantec Mail Security for SMTP to run LiveUpdate one or more days per week. You can change the time of day for the first attempt and the frequency of attempts. You can also update virus and spam definitions manually.
  • Page 85 Click Save Changes. To update virus definitions manually On the Symantec Mail Security for SMTP administrative interface, in the left pane, click LiveUpdate. In the LiveUpdate window, under Initiate, click LiveUpdate now. Do not resubmit a LiveUpdate request. It may take a few minutes to contact...

  • Page 86: Enabling Virus Definitions Updates Through Intelligent Updater

    Enabling virus definitions updates through Intelligent Updater By default, Symantec Mail Security for SMTP does not support updating virus definitions through Intelligent Updater. To enable updating through Intelligent Updater, you must run a setup script for your platform. This lets multiple Symantec products that run on the same system share virus definitions updates.

  • Page 87: Setting Up Your Own Liveupdate Server

    Symantec Mail Security for SMTP product CD. If you set up your own LiveUpdate server, you must edit the LiveUpdate configuration for Symantec Mail Security for SMTP to point to the local LiveUpdate server. For more information, contact Symantec Service and Support.
  • Page 88 88 Setting your antivirus policy Setting up your own LiveUpdate server...

  • Page 89: Setting Your Antispam Policy

    Blocking by real-time antispam blacklists ■ Blocking by a custom blacklist ■ Identifying spam messages using the heuristic antispam engine ■ Identifying spam using Symantec Premium AntiSpam ■ Configuring Symantec Premium AntiSpam ■ Configuring the spam quarantine ■ Accessing the spam quarantine ■...

  • Page 90: About Antispam Policy

    Terms that, when found in messages, identify whether a message is spam You can also create custom and auto-generated whitelists to let Symantec Mail Security for SMTP bypass heuristic and blacklist processing for designated domains and email addresses. (Spam rules still apply.)
  • Page 91 Setting your antispam policy Creating a custom whitelist To create a custom whitelist On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Anti-spam Policy. In the Whitelist window, on the Custom tab, under Custom whitelist, check Bypass heuristic and blacklist detection for the following domains or email addresses.

  • Page 92: Activating And Managing An Auto-Generated Whitelist

    If you activate the auto-generated whitelist feature, the email domains of all outgoing messages that are not in your local routing list are captured in a whitelist. Symantec Mail Security for SMTP stores a maximum of 2000 entries in the auto-generated whitelist. When the maximum number of entries is exceeded, it removes the top 50.
  • Page 93 Enable whitelist generator. Click Save Changes. To manage auto-generated whitelists On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Anti-spam Policy. In the Whitelist window, under List management, select one or more entries, and then select one of the following actions: Add to Custom Whitelist ■...

  • Page 94: Blocking By Real-Time Antispam Blacklists

    Blocking by real-time antispam blacklists The most common way of preventing spam is to reject mail that comes from mail servers known or believed to send spam. To limit potential spam, Symantec Mail Security for SMTP can support up to three real-time antispam blacklists.
  • Page 95 You must check this checkbox to enable this feature. If you do not check this checkbox, Symantec Mail Security for SMTP will not attempt to use this service, even if you type a domain name for the spam service.

  • Page 96: Blocking By A Custom Blacklist

    Blocking by a custom blacklist Blocking by a custom blacklist You can configure Symantec Mail Security for SMTP to block email by a custom blacklist (which contains the sender’s address or domain). It searches both the envelope From and message From headers to determine string matches.

  • Page 97: Identifying Spam Messages Using The Heuristic Antispam Engine

    You may need to adjust these settings after you analyze your results over a period of time. To identify suspected spam messages using the heuristic antispam engine On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Anti-spam Policy.
  • Page 98 98 Setting your antispam policy Identifying spam messages using the heuristic antispam engine In the Anti-Spam window, under Activating the heuristic antispam engine, check Enable heuristic anti-spam detection, and then select the engine sensitivity level. Accept the default or type the text that you want to prepend the subject line of suspected spam messages.

  • Page 99: Identifying Spam Using Symantec Premium Antispam

    Identifying spam using Symantec Premium AntiSpam In addition to providing real-time blacklisting and sender and recipient whitelisting, Symantec Premium AntiSpam uses the following to identify and handle spam: Reputation service Symantec monitors email sources to determine how much of the mail that is sent from those sources is legitimate.

  • Page 100: Configuring Symantec Premium Antispam

    “Enabling language identification” on page 104. Configuring Symantec Premium AntiSpam After you activate your Symantec Premium AntiSpam license, you must enable and configure the service to identify and handle spam and suspected spam. “Activating product and content licenses” on page 38.
  • Page 101 Setting your antispam policy Configuring Symantec Premium AntiSpam To configure Symantec Premium AntiSpam On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Anti-spam Policy. In the Premium AntiSpam window, on the General tab, under Enablement,...
  • Page 102 102 Setting your antispam policy Configuring Symantec Premium AntiSpam To identify suspected spam On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Anti-spam Policy. In the Premium AntiSpam window, on the General tab, under Suspected spam scoring, check Treat messages that have a spam score between [ ] and 89 as suspected spam.
  • Page 103 Click Save Changes. To configure suspected spam handling On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Anti-spam Policy. In the Premium AntiSpam window, on the General tab, under “Suspected Spam” disposition, select one of the following: Drop message ■...

  • Page 104: Enabling Language Identification

    The plug-in is available on the Symantec Mail Security for SMTP installation CD. To enable language identification On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Anti-spam Policy. In the Premium AntiSpam window, on the Spam Quarantine tab, check Enable Language Identification.
  • Page 105 Spam Quarantine settings, in the Quarantine host, type the IP address of the spam quarantine server. The quarantine host should be the server on which Symantec Mail Security for SMTP is installed. In the Port box, type the port number of the spam quarantine server.

  • Page 106: Creating Administrator Information

    106 Setting your antispam policy Configuring the spam quarantine Go to http://<QuarantineServer>:41080/brightmail/settings/ ■ advanced/editAdvancedSettings.do Under Global Attributes, copy the reinsertion key. ■ Click Save Changes. Creating administrator information You can create one or more administrator accounts through the Brightmail spam quarantine user interface. To access the Brightmail spam quarantine user interface ◆...
  • Page 107 Setting your antispam policy Configuring the spam quarantine Click Add. In the Add Administrator window, in the User name box, type a name for the administrator. In the Password box, type a password. In the Confirm password box, type the password again. In the Email address box, type the email address for the administrator.

  • Page 108: Configuring Alerts

    108 Setting your antispam policy Configuring the spam quarantine Configuring alerts An alert is sent to administrators when the spam quarantine has low disk space. You can also specify users to receive the alert. This information is configured through the Brightmail spam quarantine user interface. To access the Brightmail spam quarantine user interface On the Internet, go to http://<QuarantineServer>:41080/brightmail/ ◆...
  • Page 109 Setting your antispam policy Configuring the spam quarantine To configure LDAP settings for Active Directory On the Internet, go to http://<QuarantineServer>:41080/brightmail/ viewLogin.do User name is admin. Password is brightmail. On the Settings tab, in the left pane, under System Settings, click LDAP. In the LDAP window, under LDAP Server, in the Server box, type the fully qualified domain name or IP address of an Active Directory domain controller, such as dc.example.com.
  • Page 110 110 Setting your antispam policy Configuring the spam quarantine Under LDAP Server Login, select Anonymous bind or Use the following to specify a user name and password. Unless you have configured Active Directory to allow anonymous access, the Anonymous bind setting does not usually have adequate authentication privileges for the spam quarantine to access the necessary Active Directory information.
  • Page 111 Setting your antispam policy Configuring the spam quarantine 14 If the test query was unsuccessful, verify the following information: Query filter Ensure that the query filter includes the values from User login name attribute, Primary email attribute, and Email alias attribute as wildcard searches.
  • Page 112 112 Setting your antispam policy Configuring the spam quarantine In the Password box, type the password for the account. Logon credentials are required. If you do not want to type a user name and password, you must select Anonymous Bind. Click Test Login to verify that the spam quarantine can authenticate against LDAP using the information that you have supplied.
  • Page 113 Setting your antispam policy Configuring the spam quarantine 14 Click Save. 15 Attempt to log on to the spam quarantine. To configure quarantine settings On the Internet, go to http://<QuarantineServer>:41080/brightmail/ viewLogin.do User name is admin. Password is brightmail. On the Settings tab, in the left pane, under System Settings, click Quarantine.

  • Page 114: Editing The Notification Templates

    114 Setting your antispam policy Configuring the spam quarantine In the Quarantine Settings window, under Quarantine System Type, check Administrator-only Quarantine. When administrator-only access is enabled, you can still perform all administrator tasks, which includes redelivering misidentified messages to local users. However, notification of new spam messages is disabled when administrator-only access is enabled.
  • Page 115 Setting your antispam policy Configuring the spam quarantine To edit the notification templates Beside Notification templates, click Edit to edit the template. In the Send from box, type the email address from which the ■ notification digests should appear to be sent. You should type an address to which users can send questions about the notification digests.
  • Page 116 116 Setting your antispam policy Configuring the spam quarantine Edit the user notification template, the distribution lists notification template, or both using the following variables: %NEW_MESSAGE_COUNT% Number of new messages in the user’s spam quarantine since the last notification message was sent. %NEW_QUARANTINE_MESSAGES% List of messages in the user’s quarantine since the last notification was sent.
  • Page 117 Release links, will not be available. Under Misidentified Messages, check Brightmail Logistics and Operations Center (BLOC) to report misidentified messages to Symantec. The BLOC analyzes message submissions to determine if the filters need to be changed. The BLOC will not send confirmation of the misidentified message submission to the administrator or the user who submits the message.
  • Page 118 The Web page should be accessible from any computer where users will log on to the spam quarantine. If you leave this box empty, when a user clicks Need help logging in, online help from Symantec is displayed in a new window.

  • Page 119: Accessing The Spam Quarantine

    In the Port box, type the port number of the computer on which Symantec Mail Security for SMTP listens. Click Save.
  • Page 120 120 Setting your antispam policy Accessing the spam quarantine To sort messages On the Internet, go to http://<QuarantineServer>:41080/brightmail/ quarantine/viewInbox.do Click the column heading on which you want to sort. A triangle appears in the selected column that indicates ascending or descending sort order.
  • Page 121 In the To column, check the check box to the left of a misidentified message. Click This is not Spam. If the reinsertion key has been entered in Symantec Mail Security for SMTP, when an administrator clicks This is not Spam, the message is removed from the spam quarantine and delivered to the intended recipient.

  • Page 122: Blocking By Custom Spam Rules

    (All of these terms=AND. Any of these terms=OR.) To block by custom spam rules On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Anti-spam Policy. In the Spam Rules window, on the Status tab, select Enable message body scanning for both Spam and Content Violation Rules.
  • Page 123 Setting your antispam policy Blocking by custom spam rules If desired, in the None of these terms box, type the terms to be used to identify that a message is not spam. If a term is in the Not field and a message is sent that has all of the blocked terms (AND/OR portion of rule) but also has a Not term, the message will not be in violation of the rule.
  • Page 124 124 Setting your antispam policy Blocking by custom spam rules...

  • Page 125: Setting Your Filtering Policy

    Chapter Setting your filtering policy This chapter includes the following topics: About your filtering policy ■ Blocking by content ■ Blocking by container file limits ■ Blocking if an encrypted container is detected ■ Preventing relaying ■ Blocking by custom content rules ■...

  • Page 126: About Your Filtering Policy

    About your filtering policy About your filtering policy Your filtering policy is determined by how you configure Symantec Mail Security for SMTP to filter messages (which criteria to use to block messages and attachments and how those blocked messages and attachments should be handled).

  • Page 127: Blocking By Content

    Setting your filtering policy Blocking by content Blocking by content Symantec Mail Security for SMTP can be configured to block messages based on the following content: Message size ■ “Blocking by message size” on page 127. Subject line ■ “Blocking by subject line”...

  • Page 128: Blocking By File Name

    128 Setting your filtering policy Blocking by content In the subject line box, type the subject lines (one per line) that Symantec Mail Security for SMTP should block. You can use the * and ? wildcard characters. The * wildcard character matches 0 or more of any character.
  • Page 129 Setting your filtering policy Blocking by content Table 6-2 Default extension blocking list File extension Description *.asp Active Server Pages file *.bas Visual Basic® Class module *.bat Batch file *.chm Compiled HTML Help file *.cmd Win32 command script *.com MS-DOS® application *.cpl Control Panel extension *.crt...
  • Page 130 130 Setting your filtering policy Blocking by content Table 6-2 Default extension blocking list File extension Description *.sct Windows script component *.shb Document shortcut file *.shs Shell scrap object *.url Internet shortcut (Uniform Resource Locator) *.vb VBScript file *.vbe VBScript encoded script file *.vbs VBScript script file *.vsd...
  • Page 131 Setting your filtering policy Blocking by content To block by file name On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Filtering Policy.

  • Page 132: Blocking By Container File Limits

    Click Save Changes. Blocking by container file limits You can configure Symantec Mail Security for SMTP to protect against denial- of-service attacks that are associated with overly large container files that take a long time to decompose, or with files that contain multiple compressed files.
  • Page 133 Setting your filtering policy Blocking by container file limits To block by container file limits On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Filtering Policy. In the Container Limits window, select the container limit descriptors that you want to use for determining exceeded container limits.

  • Page 134: Blocking If An Encrypted Container Is Detected

    134 Setting your filtering policy Blocking if an encrypted container is detected Blocking if an encrypted container is detected You can configure Symantec Mail Security for SMTP to handle encrypted container files. To block if an encrypted container is detected On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Filtering Policy.

  • Page 135: Preventing Relaying

    “To configure external relay restrictions” on page 136. A source is considered local if Symantec Mail Security for SMTP is running in Allow mode or if the host is listed in the Do not allow list, except for listed hosts list.
  • Page 136 IP address to specify allowed hosts. For example: *.someplace.com 1.2.3.* 1.2.* If Do not allow is selected, and no hosts are listed, Symantec Mail Security for SMTP rejects all email with a non-local destination. Click Save Changes.

  • Page 137: Blocking By Characters In Email Addresses

    Reject messages with email addresses that contain any of the following characters. In the text box, type one or more characters for which Symantec Mail Security for SMTP will search for email addresses to block. Do not insert spaces or commas between the entries.
  • Page 138 138 Setting your filtering policy Blocking by custom content rules Click Save Changes. On the Content tab, under Content filtering rules, click Add. Under Custom filtering rule definition, check Enable this custom filtering rule. In the drop-down list, select one of the following: All of these terms ■...
  • Page 139 Setting your filtering policy Blocking by custom content rules In the Identify messages that contain box, type one or more terms to be used for filtering. Separate all terms with commas. If you want to add phrases, type all words in the phrase without commas between them.
  • Page 140 140 Setting your filtering policy Blocking by custom content rules...

  • Page 141: Logging And Reporting

    Generating reports ■ About the Status page When you log on to Symantec Mail Security for SMTP, the Status page is displayed. This page shows system metrics that were calculated from the time of the most recent startup. At the bottom of the window, you can click Refresh to update the display to reflect current, real-time status.
  • Page 142 Status page. Table 7-1 Status page information Topic Information System status Server and port number for Symantec Mail Security for ■ SMTP. Version number of the product <product license status:Valid ■ or Invalid>.
  • Page 143 Delivered: Number of outgoing messages that have been ■ delivered (including messages spawned internally by Symantec Mail Security for SMTP, such as bounce messages, delivery failure notifications, and configured notifications). Forwarded: Number of messages that have been forwarded ■...

  • Page 144: Generating Reports

    Spam, Suspected Spam, and Reputation Spam. Generating reports Symantec Mail Security for SMTP generates the following types of reports: Summary: Shows totals for message, infection, and virus activity. When ■ viruses are found, it includes links to more information about the viruses. If the Symantec Premium AntiSpam license is valid, the summary report shows totals for spam, suspected spam, and reputation spam.

  • Page 145: Generating Summary Reports

    Shows the virus name, the number of times that the virus was encountered during the designated time period, and the total number of viruses that were encountered. Selecting a virus name takes you to the Symantec Security Response Web site, where you can view specific data about the virus. Subjects Blocked Appears only when messages have been rejected due to blocked subject lines.
  • Page 146 146 Logging and reporting Generating reports To generate summary reports On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Reporting. On the Summary Report tab, in the From and To drop-down lists, select the date and time range for the report.
  • Page 147 Message delivery failures Number of outgoing messages that were returned due to a delivery error Messages completed Number of messages that were processed by Symantec Mail Security for SMTP Encrypted files deleted Number of encrypted files that were deleted Messages quarantined...

  • Page 148: Generating Detail Reports

    Number of viruses that were detected, repaired, deleted, and logged only Generating detail reports A detail report contains all of the events in the Symantec Mail Security for SMTP log. You can configure Symantec Mail Security for SMTP to log entries for various lengths of time.
  • Page 149 To generate a detail report On the Symantec Mail Security for SMTP administrative interface, in the left pane, click Reporting. On the Detail Report tab, in the From and To drop-down lists, specify the date and time range for the report.
  • Page 150 Service started Shows the date and time that the Symantec Mail Security for SMTP service started Service start failed Shows the date and time that the Symantec Mail Security for...
  • Page 151 Connection closed Shows the date and time that the connection was closed, the IP address of the server that connected to the Symantec Mail Security for SMTP server, the connection ID, the last command sent, and the last response sent by the disconnecting server...
  • Page 152 152 Logging and reporting Generating reports About message actions Table 7-8 lists the message actions. Table 7-8 Message actions Action Description Accepted Shows the date and time that a message was accepted, the From/To information, the subject, the client IP address, the connection ID, and the SMTP ID Dropped Shows the date and time that a message was dropped, From/To...
  • Page 153 If a spam message is also malformed, the event will be reported only as malformed. (The report will not show a heuristic spam event for the message). Note: This setting will not display if the Symantec Premium AntiSpam license is valid. Mass Mailer cleanup...
  • Page 154 154 Logging and reporting Generating reports Table 7-9 Blocking actions Action Description Content rule violation Shows the date and time that the violation occurred, the sending client, From/To information, subject, size, SMTP ID, and information for which the rule was triggered. Spam rule violation Shows the date and time that the violation occurred, the sending client, From/To information, subject, size, SMTP ID,...

  • Page 155: Integrating Symantec Mail Security For Smtp With Sesa

    About SESA In addition to using standard local logging for Symantec Mail Security for SMTP, you can also choose to log events to the Symantec Enterprise Security Architecture (SESA). SESA is an underlying software infrastructure and a common user interface framework. It integrates multiple Symantec Enterprise Security products and third-party products to provide a central point of control of security within an organization.

  • Page 156: Configuring Logging To Sesa

    Symantec Mail Security for SMTP. Logging to SESA is activated independently of standard local logging. If you have purchased SESA, you can send a subset of the events that are logged by Symantec Mail Security for SMTP to SESA.

  • Page 157: Configuring Sesa To Recognize Symantec Mail Security For Smtp

    Integrating Symantec Mail Security for SMTP with SESA Configuring logging to SESA Install a local SESA Agent on the computer that is running Symantec Mail ■ Security for SMTP. The local SESA Agent handles the communications between Symantec Mail Security for SMTP and SESA.

  • Page 158: Installing The Local Sesa Agent Using The Sesa Agent Installer

    The local SESA Agent handles the communications between Symantec Mail Security for SMTP and SESA and is installed on the same computer that is running Symantec Mail Security for SMTP. The local SESA Agent is provided as part of the software distribution package for Symantec Mail Security for SMTP.
  • Page 159 164. Install the local SESA Agent using the SESA Agent Installer To install the SESA Agent using the SESA Agent installer that Symantec Mail Security for SMTP provides, run the Installer on all computers on which Symantec Mail Security for SMTP 4.1 is installed.
  • Page 160 160 Integrating Symantec Mail Security for SMTP with SESA Configuring logging to SESA In the Primary SESA Manager IP address or host name box, type the IP address or host name of the computer on which the primary SESA Manager is running.
  • Page 161 Configuring logging to SESA To install the SESA Agent on Solaris Copy the bin (.bin) file to install the Agent from the Symantec Mail Security for SMTP distribution CD onto the computer, and change directories to the location where you copied the file.

  • Page 162: Installing The Sesa Agent Manually By Command Line

    162 Integrating Symantec Mail Security for SMTP with SESA Configuring logging to SESA 10 If you are running a Secondary SESA Manager that is to receive events from Symantec Mail Security for SMTP, do the following: Type the IP address or host name of the computer on which the ■...
  • Page 163 At the command prompt, type the following: java -jar agentinst.jar -a3067 3067 is a unique product ID to install the Agent for Symantec Mail Security for SMTP. To remove the SESA Agent, you must use the same product ID parameter (for Symantec Mail Security for SMTP, 3067).

  • Page 164: Configuring Symantec Mail Security For Smtp To Log Events To Sesa

    SESA also provides centralized reporting capabilities, including graphical reports. The events that are forwarded to SESA by Symantec Mail Security for SMTP take advantage of the existing SESA infrastructure for events. You can create alert notifications for certain events. Notifications include pagers, SNMP traps, email, and operating system event logs.

  • Page 165: Uninstalling The Sesa Integration Package

    Integrating Symantec Mail Security for SMTP with SESA Uninstalling the SESA Integration Package Uninstalling the SESA Integration Package To uninstall the SESA Integration Package, you must run the SESA Integration Wizard on each SESA Manager computer that is receiving events from Symantec Mail Security for SMTP 4.1.

  • Page 166: Uninstalling The Local Sesa Agent

    Symantec Mail Security for SMTP events. Uninstalling the local SESA Agent The local SESA Agent is automatically uninstalled when you uninstall Symantec Mail Security for SMTP. If more than one product is using the Agent, the uninstall script removes only the Symantec Mail Security for SMTP registration and leaves the Agent in place.

  • Page 167: Index

    HTTP 34, 52 scan policy 60 HTTPS 35, 53 scanning 78 SESA Agent, installing 162 SESA Integration Wizard 157 SESA, logging to installing about 157 SESA Agent 158 configuring 156 Symantec Mail Security for SMTP 29, 31 event logging 164...
  • Page 168 102 Spam Folder Agent 36 spam quarantine accessing 119 configuring 104 status page 141 system requirements 28 temporary files 56 uninstalling SESA Integration Package 165 Symantec Mail Security for SMTP 41 virus definitions 84 whitelist auto-generated 92 custom 90...

  • Page 169: Cd Replacement Form

    Country* __________________ Daytime Phone _____________ _ __________________________________________________ Software Purchase Date_____ _ _________ _ ___________________ _ __________________________________________________ *This offer limited to U.S., Canada, and Mexico. Outside North America, contact your local Symantec office or distributor. Briefly describe the problem: __________ _ ___________________ _ __________________________________________________ CD Replacement Price $ 10.00...

This manual is also suitable for:

Mail security for smtp

Table of Contents