The Control Center can synchronize user and group email
address data from your LDAP server and replicate it to
Scanners. This data is then used to validate message recipients,
apply policies to groups, recognize directory harvest attacks,
and expand distribution lists (aliases). LDAP-authenticated
user and group email address data are cached in the Control
Center for subsequent replication to Scanners but are not
written back to the LDAP source.
Synchronization
The Control Center uses LDAP user and password data to route
email messages based on alias and/or transport specification
to specified domains.
Routing
Symantec Mail Security supports the following LDAP directory types:
■
Windows 2000 Active Directory
■
Windows 2003 Active Directory
■
Sun Directory Server 5.2 (formerly known as the iPlanet Directory Server)
Note:
If you are using Sun Directory Server 5.2, you must update to patch 4 to
address some changelog issues that arose in patch 3.
■
Exchange 5.5
■
Lotus Domino LDAP Server 6.5
Load balancing
Symantec Mail Security is not intended to be used for load balancing.
Administrators can associate only one host name or IP address as the MTA to
which email is relayed. You must implement multiple Scanners to perform load
balancing.
Adjusting MX records
When you implement Symantec Mail Security in front of a separate MTA that
receives inbound messages, you must to change the DNS mail exchange (MX)
records. The records must point incoming messages to the system. Symantec Mail
Security should have a higher priority than the existing MTA.
However, if you simply list Symantec Mail Security as a higher-weighted MX
record in addition to the existing MX record, spammers can look up the previous
MTA's MX record. This allows them to send spam directly to the old server,
13
Planning your deployment
General deployment considerations