manualshive.com logo in svg

Symantec Mail Security, Administration Manual

Get complete control over your email security with Symantec Mail Security. Seamlessly safeguard your organization from threats with our powerful solution. Explore our Administration Manual, download it for free from our website, and ensure your email system is protected by industry-leading technology.

Share
Download
background image

88 Configuring email filtering

Creating virus, spam, and compliance filter policies

Adding conditions to compliance policies

Refer to the following tables when creating your compliance policy.

Table 4-7

 describes the conditions available when creating a compliance policy.

Table 4-7

Compliance conditions

Condition

Test against

Examples

Any part of the 
message

Dictionary. See

“Configuring 

dictionaries”

 on page 112.

Profanity

Attachment content

Text within an attachment file.

Find all attachments that 
contain the word 
“discount” more than 
three times.

Attachment type

An attachment list, file name, or MIME 
type. See

“Configuring attachment 

lists”

 on page 110.

script.vbs
application/octet-stream

Bcc: address

Bcc:

 (blind carbon copy) message 

header.

jane
example.com
[email protected]

Body

Contents of the message body. This 
component test is the most processing 
intensive, so you may want to add it as 
the last condition in a filter to 
optimize the filter.

You already may have 
won

Cc: address

Cc:

 (carbon copy) message header.

jane
example.com
[email protected]

Envelope HELO

SMTP HELO domain in message 
envelope.

example.com

Envelope recipient

Recipient in message envelope.

jane
example.com
[email protected]

Envelope sender

Sender in message envelope.

jane
example.com
[email protected]

Summary of Contents for Mail Security

Page 1: ...Symantec Mail Security for SMTP Administration Guide ...

Page 2: ...ent may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors if any THE DOCUMENTATION IS PROVIDED AS IS AND ALL EXPRESS OR IMPLIED CONDITIONS REPRESENTATIONS AND WARRANTIES INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE OR NON INFRINGEMENT ARE DISCLAIMED EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS AR...

Page 3: ...t Updates for virus definitions and security signatures that ensure the highest level of protection Global support from Symantec Security Response experts which is available 24 hours a day 7 days a week worldwide in a variety of languages for those customers enrolled in the Platinum Support Program Advanced features such as the Symantec Alerting Service and Technical Account Manager role offer enh...

Page 4: ...es Troubleshooting performed prior to contacting Symantec Recent software configuration changes and or network changes Customer Service To contact Enterprise Customer Service online go to www symantec com select the appropriate Global Site for your country then choose Service and Support Customer Service is available to assist with the following types of issues Questions regarding product licensin...

Page 5: ...ting Scanners 28 Configuring LDAP settings 29 Replicating data to Scanners 37 Starting and stopping replication 38 Replication status information 38 Troubleshooting replication 39 Configuring Control Center settings 40 Control Center administration 41 Control Center certificate 42 Configuring enabling and scheduling Scanner replication 42 SMTP host 44 System locale 44 Chapter 3 Configuring email s...

Page 6: ...70 About precedence 71 Creating groups and adding members 72 Assigning filter policies to a group 75 Selecting virus policies for a group 75 Selecting spam policies for a group 77 Selecting compliance policies for a group 78 Enabling and disabling end user settings 79 Allowing or blocking email based on language 80 Managing Group Policies 81 Creating virus spam and compliance filter policies 82 Cr...

Page 7: ...129 Configuring the user and distribution list notification digests 130 Configuring the Spam Quarantine Expunger 135 Specifying Spam Quarantine message and size thresholds 136 Troubleshooting Spam Quarantine 137 Chapter 6 Working with Suspect Virus Quarantine About Suspect Virus Quarantine 143 Accessing Suspect Virus Quarantine 143 Checking for new Suspect Virus Quarantine messages 144 Suspect Vir...

Page 8: ... week 176 Processed message count recorded per message not per recipient 176 Recipient count equals message count 177 Deferred or rejected messages are not counted as received 177 Reports limited to 1 000 rows 177 Printing saving and emailing reports 177 Scheduling reports to be emailed 178 Chapter 10 Administering the system Getting status information 181 Overview of system information 182 Messag...

Page 9: ...g options 206 Appendix B Spam foldering and the Symantec Outlook Spam Plug in About foldering and the plug in 209 Installing the Symantec Outlook Spam Plug in 210 Usage scenarios 210 End user experience 210 Software requirements 212 Configuring automatic spam foldering 217 Configuring the Symantec Spam Folder Agent for Exchange 217 Configuring the Symantec Spam Folder Agent for Domino 218 Enabling...

Page 10: ...dix D Editing antivirus notification messages Modifying notification files 231 Changing the notification file character set 232 Editing messages in the notification file 232 Notification file contents 233 Glossary Index ...

Page 11: ...g Antispam technology Symantec s state of the art spam filters assess and classify email as it enters your site Antivirus technology Virus definitions and engines protect your users from email borne viruses Content Compliance These features help administrators enforce corporate email policies reduce legal liability and ensure compliance with regulatory requirements Group policies and filter polici...

Page 12: ...m system logs and extensive customizable reporting Use it to configure both system wide and host specific details The Control Center provides the Setup Wizard for initial configuration of all Symantec Mail Security for SMTP instances at your site and also the Add Scanner Wizard for adding new Scanners It also hosts the Spam and Suspect Virus Quarantines for storage of spam and virus messages respe...

Page 13: ...or the sake of discussion our sample message passes through the Filtering Engine to the Transformation Engine without being rejected The incoming connection arrives at the inbound MTA via TCP IP The inbound MTA accepts the connection and moves the message to its inbound queue The Filtering Hub accepts a copy of the message for filtering ...

Page 14: ... filtering results and configurable Group Policies Where to get more information In addition to this Administration Guide your Symantec Mail Security for SMTP product comes with the following documentation Symantec Mail Security for SMTP Installation Guide Symantec Mail Security for SMTP Planning Guide Symantec Mail Security for SMTP Getting Started Symantec Mail Security also includes a comprehen...

Page 15: ...SMTP Where to get more information Provides access to the Virus Encyclopedia which contains information about all known threats information about hoaxes and access to white papers about threats www symantec com avcenter global index html ...

Page 16: ...16 About Symantec Mail Security for SMTP Where to get more information ...

Page 17: ...certificates using the Certificate Settings page The two types of certificates are as follows MTA TLS certificate This is the TLS certificate used by the MTAs in each Scanner Every Scanner has separate MTAs for inbound messages outbound messages and message delivery Assign this certificate from the Inbound Mail Settings and Outbound Mail Settings portions of the SMTP tab on the Settings Hosts page...

Page 18: ...ate type drop down list choose Self Signed Certificate 4 Complete the information on the Add Certificate page 5 Click Create To add a Certification Authority Signed certificate to the list 1 In the Control Center click Settings Certificates 2 Click Add 3 In the Certificate type drop down list choose Certificate Authority Signed 4 Fill in the information on the Add Certificate page 5 Click Request ...

Page 19: ... to read the certificate 4 Click Delete to remove the certificate To assign an MTA TLS certificate 1 In the Control Center click Settings Hosts 2 Select a host and click Edit 3 Click the SMTP tab 4 Check Accept TLS encryption as appropriate 5 Choose the TLS certificate from the Certificate drop down list for the inbound or outbound MTA 6 Click Save To assign a user interface HTTPS certificate 1 In...

Page 20: ...TA IP address in the settings for the Control Center In addition you can configure individual Scanner replication and MTA settings that can help you take a Scanner offline on this page Work with the services page Use the following procedures from the Services page to manage individual Scanner services replication and stop the flow of messages through a Scanner To start and stop services 1 In the C...

Page 21: ... Scanner to edit 3 Click Edit 4 On the MTA Operation portion of the page check Do not accept incoming messages All messages in Scanner queues are processed as needed but no new messages will be received 5 Click Save to store your changes HTTP proxies The Conduit and Symantec LiveUpdate run on each Scanner and receive filter updates from Symantec If you need to add proxy and or other security setti...

Page 22: ...or outbound SMTP filtering rather than using Content Compliance filters you can save resources because messages that do not meet the SMTP criteria will be rejected before content filtering begins To modify SMTP settings for a Scanner 1 In the Control Center click Settings Hosts 2 Check the Scanner to edit 3 Click Edit 4 Click SMTP 5 As appropriate complete the SMTP definition for the scanner The f...

Page 23: ...omains Indicates that only the addresses or domain names entered in the checked IP Address Domains box are accepted If you specify one or more IP addresses you must include the IP address of the Control Center so that Spam Quarantine and Suspect Virus Quarantine can release messages After you add the first entry the IP address of the Control Center is added automatically and selected If you are us...

Page 24: ... so that Spam Quarantine and Suspect Virus Quarantine can release messages After you add the first entry the IP address of the Control Center is added automatically and selected If you are using a different IP address for the Control Center or have the Control Center and Scanner installed on different machines you must add the new IP address and disable the one that was added automatically If you ...

Page 25: ...l connections for the same IP address will be rejected The default is 20 You can also limit the number of connections from a single IP address per time period Click Policies Attacks in the Control Center Maximum message size in bytes Sets the maximum size of a message before it is rejected The default is 10 485 760 bytes Maximum number of recipients per message Sets the maximum number of recipient...

Page 26: ...en headers are stripped message looping can occur depending on the settings of other MTAs When unchecked RECEIVED headers remain in the message during outbound processing The RECEIVED header for outbound SMTP processing remains in the message when Insert a RECEIVED header and Strip pre existing RECEIVED headers from outbound messages are checked Enable reverse DNS lookup Causes the system to perfo...

Page 27: ...d internal mail servers Any additional connection attempts are rejected The default is 100 internal mail server connections Maximum number of connections per single internal mail server Sets the maximum number of connections to one internal mail server Any additional attempt to make a connection is rejected The default is 50 connections Minimum retry interval Sets the smallest interval the SMTP se...

Page 28: ...elete an internal mail host 1 From the Control Center click Settings Hosts 2 Check the Scanner you want to configure 3 Click Edit 4 Click the Internal Mail Hosts tab 5 Select an internal mail host 6 Click Delete 7 Click Save to store the information Testing Scanners After adding or editing a Scanner you can quickly test that the Scanner is operating and that the Agent is able to make a connection ...

Page 29: ...st expansion and dropping messages for invalid recipients User and group data is read from the LDAP server and cached in the Control Center and Scanners but not written back to the LDAP server Symantec Mail Security for SMTP supports the following LDAP directory types Windows 2000 Active Directory Windows 2003 Active Directory Sun Directory Server 5 2 formerly known as the iPlanet Directory Server...

Page 30: ... servers restart your LDAP synchronization components Windows users use the Services control panel to first stop SMS Virtual Directory then start SMS Sync Server Dependencies are automatically restarted Alternatively the host can be rebooted Linux Solaris users issue the following command etc init d sms_ldapsync restart Then follow the above steps again The following table describes the available ...

Page 31: ...DN such as cn Administrator cn Recipients ou mysite o myorg rather than a shortened form such as cn Administrator to ensure detection of all change events and guarantee full authentication by the LDAP server For an Active Directory server the full DN or logon name with User Principal Name suffix can be required Password Password information that allows you to access the LDAP server Test Login Veri...

Page 32: ...ies mailbox Login query Finds users based on their Login attributes Test Attempts to execute the query as defined Note For Exchange 5 5 the user directory Name rdn must be the same as the alias uid for that user Synchronization Configuration Allows for the following definitions governing synchronization behavior Synchronize every Specifies how often scheduled synchronization occurs You can specify...

Page 33: ...l for the naming contexts of the directory Reduce the received list of DN s brought into the field by Auto Fill to a single DN or write your own DN based on the provided list Custom query start Allows for the addition of a customized query User query Finds users in the LDAP server Group query Finds LDAP groups in the LDAP server Distribution list query Finds Distribution Lists in the LDAP Server B...

Page 34: ...5 server be sure to use the full DN such as cn Administrator cn Recipients ou mysite o myorg rather than a shortened form such as cn Administrator to ensure detection of all change events and guarantee full authentication by the LDAP server For an Active Directory server the full DN or logon name with User Principal Name suffix can be required Password Password information that allows you to acces...

Page 35: ...person Primary email attribute Finds users based on the attribute which represents a mailbox Email alias attribute Finds users based on the attribute representing an alternative address for entities mailbox Login query Finds users based on their Login attributes Test Attempts to execute the query as defined Synchronization Configuration Allows for the following definitions governing synchronizatio...

Page 36: ...l Center click Status LDAP Synchronization The following information is displayed Item Description Status Information about synchronization activity Status can be any of the following Idle Nothing is happening Starting A synchronization request was issued either by the Control Center or through a replication request from a Scanner Cancelled Either the LDAP synchronization was cancelled manually vi...

Page 37: ...modified in the Control Center based on synchronization server information Deleted The number of entries deleted from the Control Center based on synchronization server information Rejected The number of directory entries from the LDAP server rejected by the synchronization server A number of LDAP transactions can be rejected when an attempt to add a group entry fails because one or more of the gr...

Page 38: ...ally Start or stop replication Start and stop replication using the following procedures To start a manual replication cycle 1 In the Control Center click Status Scanner Replication 2 Click Replicate Now To stop a replication in progress 1 In the Control Center click Status Scanner Replication 2 Click Cancel Replication Replication status information When LDAP data is replicated from the Control C...

Page 39: ...he Status column for a Success message For additional information about synchronization status see Synchronization status information on page 36 To check replication status 1 In the Control Center click Status Scanner Replication Item Description Status Status can be any of the following Idle Nothing is happening Started A replication request has been issued Cancelled Either the LDAP synchronizati...

Page 40: ...ol Center database to a Scanner database 3 If you see the message No scanners configured for replication make sure you have successfully added an LDAP synchronization server that the initial synchronization service has completed successfully that you have enabled global replication via Settings Replication Settings and that replication is enabled on at least one attached and enabled Scanner via th...

Page 41: ...trol Center See the procedure below for help resolving this situation Specify Control Center access or reset Control Center access Follow these instructions to specify Control Center access or to regain access to the Control Center To specify Control Center access 1 In the Control Center click Settings Control Center 2 Check All hosts to allow any host access to the Control Center 3 Check Only the...

Page 42: ...example com for the same IP address In this case the Control Center will see the dhcp23 example com name whenever the client connects so that is the name that should be entered into the host access control list in the Control Center This situation happens more frequently on private networks than on the public Internet Control Center certificate Through the Control Center you can designate a user i...

Page 43: ... interval of time between replications Available choices are hours and days The replication schedule should begin at a different time than the synchronization schedule to avoid schedule conflicts For instance if you have replication set to every 12 hours setting the LDAP synchronization schedule to 53 minutes will help prevent one from starting while the other is in progress 4 Click Replicate Now ...

Page 44: ...s and port To specify where the Control Center should send alerts reports and quarantined messages 1 In the Control Center click Settings Control Center 2 In the Control Center Settings section of the page fill in the Host and Port values for the MTA 3 Click Save to store the current settings System locale The Control Center can be configured for single and double byte character sets and for relat...

Page 45: ...s behind the mail gateway by assigning replacement values to them Symantec Mail Security for SMTP lets you implement address masquerading on inbound mail outbound mail or both Manage masqueraded entries Follow these steps to add or edit masqueraded entries To add a masqueraded entry 1 In the Control Center click Settings Address Masquerading 2 Click Add 3 Specify an address or domain to masquerade...

Page 46: ... a combination of spaces and tabs Commas or semi colons are not valid delimiters The masquerade address definition consists of the following Original entry Specifies the original email address or domain name to be masqueraded Replacement entry Specifies the replacement email address or domain name Apply to Indicates the direction to which masquerading is applied Available choices are Inbound messa...

Page 47: ...venient shortcut for typing a long list of recipients An alias can also translate addresses from one top level domain to another such as from example com to example internetsecurity com Email addressed to kyi example com for example would be delivered to kyi example internetsecurity com Note The alias functionality available on the Settings Aliases page is separate from LDAP aliases Note the follo...

Page 48: ... the new address or domain is different the message is routed to the new address or domain in the address masquerade list not the aliases list Manage aliases Follow these steps to add or edit aliases To add an alias 1 In the Control Center click Settings Aliases 2 Click Add 3 In the Add Aliases page type the alias in the Alias domain or email address box 4 Type a domain or one or more destination ...

Page 49: ... are not valid delimiters In the import file each line must contain an alias address followed by one or more destination addresses Following is a sample import file oak example com quercus symantec internetsecurity com ops example com tla example com bmi example com noadsorspam com blocksads com To import aliases 1 In the Control Center click Settings Aliases 2 Click Import 3 On the Import Aliases...

Page 50: ...t to which the domain or email address is routed via the Optional Destination Host field You can specify both host name and port for the destination host as well as enable MX lookup Note If you do not specify a destination host here the domain or email address is routed to the Inbound Relay you configure on the SMTP Settings page See SMTP Scanner settings on page 22 4 Click Save to add the domain ...

Page 51: ...t name is enclosed in brackets smtp destination domain com MX lookup is not performed for the destination host Here is a sample import file local1 domain com smtp local1 com local2 domain com smtp local2 com 20 local3 domain com smtp local3 com 30 local4 domain com smtp local4 com local5 com smtp 192 168 248 105 local6 com smtp 192 168 248 106 60 To import a list of local domains 1 In the Control ...

Page 52: ...y Symantec For example assume that you have configured your suspected spam scoring range to encompass scores from 80 through 89 If an incoming message receives a spam score of 83 Symantec Mail Security for SMTP will consider this message to be suspected spam and will apply the action you have in place for suspected spam messages such as Modify the Message tagging the subject line Messages that sco...

Page 53: ...re can operate Doing so will increase your need for system memory Software acceleration is turned on by default Configuring spam settings You can use the Spam Settings page to configure settings for suspected spam language identification and software acceleration To configure spam settings 1 In the Control Center click Settings Spam 2 Under Do you want messages to be flagged as suspected spam clic...

Page 54: ...s start LiveUpdate and schedule LiveUpdate to run automatically To view LiveUpdate status 1 Click Settings Virus The top portion of the LiveUpdate tab shows the time of the last update attempt its status and the update version number 2 Click View Manifest to view a complete list of virus definitions contained in this update To initiate a LiveUpdate 1 Click Settings Virus 2 Click LiveUpdate 3 Click...

Page 55: ... Installing non default definitions Symantec Mail Security for SMTP employs the Intelligent Updater in order to update virus definitions You can also update antivirus files with any other Symantec definitions downloaded to the computer running Symantec Mail Security for SMTP To enable installation of non default definitions Click the box Check for and install non default definitions Excluding file...

Page 56: ...hments that meet stringent prerequisites In most cases Bloodhound can determine in microseconds whether a message or attachment is likely to be infected If it determines that a file is not likely to be infected it moves to the next file Lower heuristic levels may miss viruses but consume less processing power potentially speeding incoming mail processing Higher heuristic levels may catch more viru...

Page 57: ...cks Directory Harvest Attack page is a less extreme measure To configure invalid recipient handling 1 In the Control Center click Settings Invalid Recipients 2 Do one of the following Uncheck Drop messages for invalid recipients to return bounce messages to the sender for invalid addresses Check Drop messages for invalid recipients to drop invalid messages from the mail stream and return no bounce...

Page 58: ... or you could be vulnerable to denial of service attacks or zip bombs in which huge amounts of data are zipped into very small files 3 Specify a number in the Maximum time to open container box and click Seconds Minutes or Hours A container is unscannable for viruses if the specified time elapses when scanning containers such as zip files Use this setting to detect containers that don t exceed the...

Page 59: ...so impact the system load and slow down email filtering To check attachments that are not plain text against your dictionaries 1 Click Settings Scanning 2 In Content Filtering Settings check Enable searching of non plain text attachments for words in dictionaries This can decrease system efficiency 3 Click Save ...

Page 60: ...60 Configuring email settings Configuring scanning settings ...

Page 61: ...ons taken on spam and viruses to suit your requirements Content filtering and Email Firewall policies offer further methods of managing mail flow into and out of your organization Symantec Mail Security for SMTP provides a wide variety of actions for filtering email and allows you to either set identical options for all users or specify different actions for distinct user groups You can specify gr...

Page 62: ...mantec virus filters Mass mailing worm Email is flagged because it contains a mass mailing worm based on current virus filters from Symantec Unscannable for viruses Email is flagged because it exceeds the container limits configured on the Scanning Settings page or because it is unscannable for other reasons such as malformed MIME attachments Encrypted attachment Email is flagged because it contai...

Page 63: ...mail is flagged based on the text in the To Cc or Bcc address From To Cc Bcc Address Email is flagged based on the text in the From To Cc or Bcc address Envelope Sender Email is flagged because its envelope contains a particular sender address Envelope Recipient Email is flagged because its envelope contains a particular recipient address Envelope HELO Email is flagged because its envelope contain...

Page 64: ...l message and forward a copy to the designated SMTP address and optionally host Bounce the message Return the message to its From address with a custom response and deliver it to the recipient Optionally the original message can be included Clean the message Delete unrepairable virus infections and repair repairable virus infections Defer SMTP connection Using a 4xx SMTP response code tell the sen...

Page 65: ...DAP synchronization and Scanner replication before enabling this feature Route the message Route the message using the designated SMTP host Save to disk Save the message to a standard location on the Scanner computer On Solaris or Linux you must specify a writable directory Send notification Deliver the original message and send a predefined notification to designated SMTP address es with or witho...

Page 66: ...ction s specified in the domain based Allowed Senders List Applies even if the domain based Allowed Senders List is disabled and applies to inbound messages only Treat as a virus Process the message using the action s specified in the associated virus policy The message is delivered normally if the virus policy is disabled or does not apply because of message direction Treat as spam Process the me...

Page 67: ...directory By default inbound and outbound messages containing a virus or mass mailing worm and unscannable messages including malformed MIME messages will be deleted You may want to change the default setting for unscannable messages if you are concerned about losing important messages See Table 4 5 Virus categories and default actions on page 75 Multiple actions You can create compound actions pe...

Page 68: ...ete the message Deliver message normally Hold the message in Spam Quarantine Strip and delay No Delete the message Bounce Message Send Notification Archive No Deliver message normally Any except Delay message delivery Delete the message Quarantine the message and Strip and delay No Deliver the message to the recipient s Spam folder Any except Delete the message No Forward the message Any except De...

Page 69: ...ication Any except Delete the message No Strip and hold message in Suspect Virus Quarantine Any except Delete the message Deliver message normally Hold the message in Spam Quarantine Delay message delivery No Strip attachments Any except Delete the message Yes Treat as a blocked sender Can t be used with other actions No Treat as a mass mailing worm Can t be used with other actions No Treat as an ...

Page 70: ...tegories of security risks that Symantec Mail Security for SMTP detects Each of these risks can cause a verdict of spyware or adware Table 4 4 Security risk categories included in spyware or adware verdict Category Description Adware Stand alone or appended programs that gather personal information through the Internet and relay it back to a remote computer without the user s knowledge Adware migh...

Page 71: ...irst in the precedence list takes precedence Although a verdict can call for multiple actions only one verdict determines the actions that are taken on a message Actions called for by lower precedence verdicts are not applied Order of precedence Virus attack Worm Virus Spyware or adware Suspicious attachment suspected virus Unscannable Encrypted attachment End user defined Allowed Senders List End...

Page 72: ...end user defined lists have precedence over all other lists This may affect your decision regarding whether to enable end user preferences Also lists that you create have precedence over lists created by Symantec However third party DNS blacklists do not have priority over all Symantec lists In the event of a conflict between Open Proxy Senders and an entry from a DNS blacklist Open Proxy Senders ...

Page 73: ...cy 1 In the Control Center click Policies Group Policies 2 Click the underlined name of the Group Policy you want to edit 3 Ensure that the Members tab is displayed and click Add 4 Specify members using one or both of the following methods Type email addresses domain names or both in the box To specify multiple entries separate each with a comma semicolon or space However do not use a comma and a ...

Page 74: ...ck Save on the Edit Group page To import Group Policy members from a file 1 On the Members tab of the Add Group page click Import 2 Enter the appropriate path and filename or click Browse to locate the file on your hard disk and then click Import Separate each domain or email address in the plain text file with a newline Below is a sample file ruth example com rosa example com ben example com exam...

Page 75: ...ported If you export from a group that includes LDAP groups the LDAP groups will be omitted from the export Assigning filter policies to a group By default groups you create are assigned the default filter policies for spam and viruses there is no default for compliance policies Follow the steps in the sections below to assign different filter policies to groups You may first want to create your o...

Page 76: ... group to enable the following six virus policies for incoming email 5 Select the desired policy from each of the following drop down lists Inbound virus policy Inbound mass mailing worm policy Inbound unscannable message policy Inbound encrypted message policy Inbound suspicious attachment message policy Inbound spyware adware message policy 6 If desired check Enable outbound virus scanning for t...

Page 77: ...ked up with Spam at the beginning of subject lines and inbound and outbound suspected spam will be marked with Suspected Spam Both types of spam will not be deleted by default To select spam policies for a group 1 In the Control Center click Policies Group Policies 2 On the Group Policies page click the group for which you want to select spam policies 3 Click the Spam tab 4 If desired check Enable...

Page 78: ...Policies page click the group for which you want to select compliance policies 3 Click the Compliance tab 4 Check Enable Inbound Content Compliance for this group 5 Select the desired policy from the Content Compliance Policies drop down list If desired click View to see a summary of the compliance policy and then click OK to return As you add compliance policies from the drop down list they are d...

Page 79: ...ers Lists The Specify language settings check box enables or disables user access to the language identification offered by Symantec Mail Security for SMTP not the Symantec Outlook Spam Plug in If the Symantec Outlook Spam Plug in is installed and enabled end users can set their language preferences using the Options dialog box accessible from the Symantec Outlook Spam Plug in toolbar Note The lan...

Page 80: ...owed and Blocked Senders Lists 6 If desired check Specify language settings 7 Click Save Allowing or blocking email based on language Using the language identification offered by Symantec Mail Security for SMTP you can block or allow messages written in specified languages for a group For example you can choose to only allow English and Spanish messages or block messages in English and Spanish and...

Page 81: ...Policy membership and actions Enable and disable Group Policies Delete Group Policies View Group Policy information for particular users For information on adding members to groups and importing or exporting lists of group members see Creating groups and adding members on page 72 Manage Group Policies The following sections describe common administrative tasks for Group Policies To set Group Polic...

Page 82: ... the Edit Group page click Find User 2 Type an email address or domain name in the Email address box 3 Click Find User The Control Center lists the first enabled group in which the specified user exists searching in the order that groups are listed on the Group Policies page Creating virus spam and compliance filter policies Use filter policy pages to combine a message characteristic such as virus...

Page 83: ...sages This determines where this virus policy is available on the Virus tab when configuring a Group Policy For example if you choose Inbound messages and the mass mailing worm condition on this page this virus policy is only available in the Inbound mass mailing worm policy drop down list when configuring a Group Policy 5 Under Groups check one or more groups to which this policy should apply You...

Page 84: ...ats By default these messages are held in the Suspect Virus Quarantine for 6 hours You can vary the number of hours on the Settings Quarantine page Virus tab Changing default virus actions By default inbound and outbound messages containing a virus or mass mailing worm and unscannable messages including malformed MIME messages will be If a message is unscannable for viruses A message can be unscan...

Page 85: ...r Apply to choose where this spam policy should be available Inbound messages Outbound messages Inbound and Outbound messages This determines where this spam policy is available on the Spam tab when configuring a Group Policy For example if you choose Inbound messages and the spam condition this spam policy is only available in the Inbound spam policy drop down list when configuring a Group Policy...

Page 86: ...pliance policies Compliance policies can be used to Eliminate messages with specific content or specific file attachment types or filenames Control message volume and preserve disk space by filtering out oversized messages Block email from marketing lists that generate user complaints or use up excessive bandwidth Block messages containing certain keywords or regular expressions in their headers b...

Page 87: ... addresses or domains of innocent people or companies Use care when creating filters against spam you ve received The following considerations apply to keyword text string searches For details on regular expression searches see Using Perl compatible regular expressions in conditions on page 91 All tests for words and phrases are case insensitive meaning that lowercase letters in your conditions ma...

Page 88: ...an three times Attachment type An attachment list file name or MIME type See Configuring attachment lists on page 110 script vbs application octet stream Bcc address Bcc blind carbon copy message header jane example com jane example com Body Contents of the message body This component test is the most processing intensive so you may want to add it as the last condition in a filter to optimize the ...

Page 89: ...aders jane example com jane example com Message header Message header specified in the accompanying text field A header is case insensitive Don t type the trailing colon in a header Reply To reply to Message ID Message size Size of the message in bytes kilobytes or megabytes including the header and body is less than or greater than the specified value 2 200 2000 Subject Subject message header 100...

Page 90: ... from the drop down list and type a word frequency in the box Attachment type Choose one of three options Click the first radio button and choose an attachment list Click the second radio button and type a filename Click the third radio button and type a MIME type This condition will also flag attachments that are within container files For all messages No additional information is needed This con...

Page 91: ...ww perl com doc manual html pod perlre html Ends with does not end with Equivalent to text wildcard test using matches exactly Matches exactly does not match exactly Exact match for the supplied text not available for the message body Notes All text tests are case insensitive Some tests are not available for some components Table 4 10 Sample Perl compatible regular expressions Character Descriptio...

Page 92: ...ly to choose where this compliance policy should be available Inbound messages Outbound messages Inbound and Outbound messages 5 Under Groups check one or more groups to which this policy should apply You can also add a compliance policy to a group on the Compliance tab of the Edit Group page 6 Under Conditions click a condition See Table 4 7 Compliance conditions on page 88 For some conditions yo...

Page 93: ...ce 2 Check the box next to a compliance policy 3 Click Move Up or Move Down Enabling and disabling compliance policies After you create compliance policies they are automatically enabled and put to use For testing or other administrative purposes you may need to enable or disable one or more filters without having to delete them By disabling filters filters become inactive but are displayed in the...

Page 94: ...the checked attack types To configure directory harvest spam and virus attack recognition 1 In the Control Center click Policies Attacks 2 Click Directory Harvest Attack Spam Attack or Virus Attack Directory harvest attacks Spammers employ directory harvest attacks to find valid email addresses at the target site A directory harvest attack works by sending a large quantity of possible email addres...

Page 95: ...page 79 Alternatively you can deploy the Symantec Outlook Spam Plug in With the Symantec Outlook Spam Plug in users can easily create personal lists of blocked and allowed senders from within their Outlook mail client The Plug in imports information from the Outlook address book to populate the personal Allowed Senders List See Installing the Symantec Outlook Spam Plug in on page 210 Minimum perce...

Page 96: ...on Service Symantec monitors hundreds of thousands of email sources to determine how much email sent from these IP addresses is legitimate and how much is spam The service currently includes the following lists of IP addresses which are continuously compiled updated and incorporated into Symantec Mail Security for SMTP filtering processes at your site Open Proxy Senders IP addresses that are eithe...

Page 97: ...ng mail server is queried against the list similar to a DNS query If the sending mail server is on the list the mail is flagged as spam If your mail volume is sufficiently high running incoming mail through a third party database could hamper performance because of the requisite DNS lookups Symantec recommends that you use the Sender Reputation Service lists instead of enabling third party lists T...

Page 98: ...omain in the From header You can use wildcards in the pattern to match any portion of this value If you choose to identify messages by address or domain name see Table 4 12 for examples An individual is sending unwanted mail to people in your organization Add the specific email address to the domain based Blocked Senders List Joe unwanted getmail com Numerous people from a specific range of IP add...

Page 99: ... expands example com to include biz example com and more generally example com to ensure that any possible subdomains are allowed or blocked as appropriate Logical connections and internal mail servers non gateway deployments When deployed at the gateway Symantec Mail Security for SMTP can reliably obtain the physical or peer IP connection for an incoming message and compare it to connections spec...

Page 100: ... Save on the Edit Sender Group page Adding senders to Allowed Senders Lists To ensure that messages from specific email addresses domains and connections are not treated as spam you can add them to your Allowed Senders Lists To add domain based IP based and Third Party Services entries to your Allowed Senders Lists 1 In the Control Center click Policies Sender Groups 2 Click one of the Allowed Sen...

Page 101: ...r Allowed Sender groups depending on the list that you want to work with 3 In the list of senders click the check box next to the sender whose information you want to modify and then click Edit You can also click an underlined sender name to automatically jump to the corresponding edit page 4 Make any changes and then click Save 5 Click Save on the Edit Sender Group page Enabling or disabling send...

Page 102: ...en import the file This section describes how to format that file Maximum number of entries in an allowed and blocked sender file Be aware of the following limitations when importing senders The maximum number of sender lines per file when importing senders is 500 000 To add more up to the limit noted below divide senders into multiple files and import multiple times The maximum number of total al...

Page 103: ...follow RS rejectedspammer example com RS rejectedspammer2 example com Table 4 13 lists the attributes and the syntax for the values Table 4 13 Syntax for imported Allowed and Blocked Sender Lists Attribute Description Examples AC Allowed connection or network Specify a numerical IP address numerical IP address and network mask or Classless Inter Domain Routing CIDR IP address AC 76 86 37 45 AC 76 ...

Page 104: ...mantec Mail Security for SMTP merges data from the imported list with the existing sender information 5 Click Save Exporting sender information You can export to a single file all the information in your Allowed Senders Lists and Blocked Senders Lists To export sender information from your Blocked Senders Lists or Allowed Senders Lists 1 In the Control Center click Policies Sender Groups 2 Click a...

Page 105: ...m all three lists comprising the Sender Reputation Service To enable or disable Proxy Senders Safe Senders and Suspect Spammers lists 1 In the Control Center click Policies Sender Groups 2 Check or uncheck the boxes for the desired lists 3 Click Enable or Disable Configuring Sender Authentication Symantec Mail Security for SMTP can check incoming email for authenticity using the Sender Policy Fram...

Page 106: ...on Types check Sender Policy Framework SPF Sender ID or both 4 To choose domains to authenticate click Authenticate only the following domains or to authenticate all domains skip to step 6 5 Click Add type a domain name and click Save to add domains to the list Optionally you can click on a domain or check the domain and click Edit to edit the spelling of a domain you already added You can also ch...

Page 107: ...es Note the following additional information about annotations An annotation can contain up to 10 000 individual words Up to 100 distinct annotations are allowed Don t use HTML structure tags such as body or html in the HTML box When adding an annotation you can specify the character set encoding to use If the encoding you choose is different than the encoding used by the original message either t...

Page 108: ...s the name that appears on the Annotations page and in the annotations list in the Actions section when configuring a policy 4 In the Plain text box type the annotation text 5 Choose a character encoding for the plain text annotation ISO 8859 1 and UTF 8 are appropriate for European languages SHIFT JIS and ISO 2022 JP are appropriate for Japanese 6 If desired type annotation text in the HTML box Y...

Page 109: ...re message markup such as modifying the subject line To set the archive email address destination 1 In the Control Center click Policies Archive 2 In the Archive email address box type a complete email address such as kyi example com 3 Optionally specify a computer to which to relay archived messages in the Archive server host box 4 Optionally specify a port for the archive server host in the Arch...

Page 110: ...emicolon 3 Choose encoding for the archive tag ISO 8859 1 and UTF 8 are appropriate for European languages SHIFT JIS EUC JP and ISO 2022 JP are appropriate for Japanese 4 Click Add Action 5 Finish configuring the policy Configuring attachment lists Attachment lists provide a way to match against specific types of email attachments For example you could create an attachment list that matches messag...

Page 111: ...en click on the classes or Table 4 15 Attachment characteristics for attachment lists Characteristic Description Examples True file type Specifies an attachment type based on direct inspection of the type of file You can use this to match files whose extensions may not accurately reflect their true file types Each file type is a member of a specific file class Microsoft Word for Windows True file ...

Page 112: ...d more conditions as desired If needed you can click on a condition in the list and click Delete to delete that condition 7 Click Save Configuring dictionaries A dictionary is a list of words phrases or both that messages are checked against when you choose the Any part of the message condition in a compliance policy Symantec Mail Security for SMTP evaluates matches to a dictionary using substring...

Page 113: ... In the Dictionary name box type a name for the dictionary This is the name that appears on the Dictionaries page and in the drop down list for the Any part of the message condition when configuring a compliance policy 4 Type a keyword or phrase in the Enter a word or phrase box 5 Click Add to add the keyword or phrase to the list at the bottom of the page 6 Repeat steps 4 and 5 to add more keywor...

Page 114: ...n certain system problems occur such as low disk space See Configuring alerts and logs on page 155 Note that the original message is delivered to the original recipients unless you specify an additional action that prevents this To add a new notification 1 In the Control Center click Policies Notifications 2 Click Add 3 In the Notification description box type a name for the notification This is t...

Page 115: ...P and ISO 2022 JP are appropriate for Japanese 9 In the Message body box type the text for the body of the notification message 10 Optionally check Attach the original message to attach the original message to the notification message 11 Click Save Sender Check this box to send the notification to sender listed in the message envelope not the sender listed in the From header Recipients Check this ...

Page 116: ...116 Configuring email filtering Managing policy resources ...

Page 117: ... Quarantine for user populations of 30 000 users or less Delivering messages to Spam Quarantine To use Spam Quarantine check that your system is configured as follows One or more groups must have an associated filter policy that quarantines messages For example you could create a suspected spam policy called Spam Quarantine that quarantines suspected spam messages and set it as the inbound suspect...

Page 118: ...will be unable to make changes to those settings Users access Spam Quarantine by logging into the Control Center using the user name and password required by the type of LDAP server employed at your company For users the Spam Quarantine message list page is displayed after logging in Checking for new Spam Quarantine messages New messages that have arrived since logging in and checking quarantined ...

Page 119: ...se to redeliver the message to the intended recipient This also removes the message from Spam Quarantine Depending on how you configured Spam Quarantine a copy of the message may also be sent to an administrator email address such as yourself Symantec or both This allows the email administrator or Symantec to monitor the effectiveness of Symantec Mail Security for SMTP To delete individual message...

Page 120: ...e check boxes in the original page is not preserved For example if you select three messages in the first page of messages and then move to the next page when you return to the first page all the message check boxes are cleared again The To column in the message list page indicates the intended recipient of each message as listed in the message envelope When you display the contents of a single me...

Page 121: ...e access to Spam Quarantine not the rest of the Control Center Administrator message details page When you click on the subject line of a message in the message list page this page displays the contents of individual quarantined messages The user message details page is very similar See Differences between the administrator and user message pages on page 123 Note the following message details page...

Page 122: ...w you configured Spam Quarantine a copy of the message may also be sent to an administrator email address such as yourself Symantec or both This allows the email administrator or Symantec to monitor the effectiveness of Symantec Mail Security for SMTP To delete the message To delete the message currently being viewed click Delete When you delete a message the page refreshes and displays the next m...

Page 123: ...e not the rest of the Control Center Searching messages Click Show Filters on the message list page to display the search fields Type in one or more boxes or choose a time range to display matching messages in the administrator Spam Quarantine The search results are displayed in a page similar to the message list page The user search page is very similar See Differences between the administrator a...

Page 124: ...r any part of a display name or email address The search is limited to the visible message From header which in spam messages is usually forged The visible message From header may contain different information than the message envelope To search subject headers Type in the Subject box to search the Subject header in all messages for the text you typed To search the Message ID header Type in the Me...

Page 125: ...t quote marks around search text that contains spaces Searches match exact whole words only in To From Subject and Message ID searches A word is considered a group of letters numbers or underscores For example if you searched for finance the search would not find refinance Also if you searched for user_name example com the search is interpreted as user_name OR example Since com is three characters...

Page 126: ...h Results page users can only delete their own quarantined messages Quarantine administrators can delete all users quarantined messages Configuring Spam Quarantine Most Spam Quarantine settings are accessed by clicking Quarantine Settings on the Settings tab then clicking on the Spam tab if necessary Delivering messages to Spam Quarantine from the Scanner Use the Group Policies filtering actions t...

Page 127: ...or incoming email By default Spam Quarantine accepts quarantined messages from the Scanner on port 41025 To specify a different port In the Control Center click Settings Quarantine and type the new port in the Spam and suspect virus quarantine port box You don t need to change any Scanner settings to match the change in the Spam and Virus Quarantine Port box To disable the Quarantine port type 0 i...

Page 128: ...strator only Quarantine 3 Click Save Configuring the Delete Unresolved Email setting By default quarantined messages sent to non existent email addresses based on LDAP lookup will be deleted If you clear the check box for Delete messages sent to unresolved email addresses these messages will be stored in the Spam Quarantine postmaster mailbox Undeliverable quarantined messages go to Spam Quarantin...

Page 129: ...flagged by content compliance filters you should copy a local administrator who can review the misidentified messages and make appropriate changes to the content compliance filters Unless you are quarantining spam you should not copy Symantec Security Response Symantec Security Response will take no action on submissions of suspected spam or content compliance policy violations To configure recipi...

Page 130: ...sections below describe how to change the notification digest frequency and format Notification for distribution lists aliases If Spam Quarantine is enabled a spam message sent to an alias with a one to one correspondence to a user s email address is delivered to the user s normal quarantine mailbox For example if tom is an alias for tomevans quarantined messages sent to tom or to tomevans all arr...

Page 131: ...ned mktng messages by clicking on the View link in the notification digests If the Include Release link box is also selected then ruth fareed and darren can redeliver the any quarantined mktng message by clicking on the Release button in the notification digest If ruth clicks on the Release button for a quarantined mktng message the message is delivered to the normal inboxes of ruth fareed and dar...

Page 132: ..._DAYS days To review the complete text of these messages go to QUARANTINE_URL and log in NEW QUARANTINE MESSAGES NEW_QUARANTINE_MESSAGES In the notification digest sent to users the variables in Table 5 1 are replaced with the information described in the Description column You can reposition each variable in the template or remove it Table 5 1 Notification Message Variables Variable Description N...

Page 133: ...tings will be the same for both the user notification template and distribution list notification template 6 Edit the user notification template distribution list notification template or both See Table 5 1 Notification Message Variables on page 132 Don t manually insert breaks if you plan to send notifications in HTML 7 Click Save to save your changes to the template and close the template editin...

Page 134: ...e View and Release links do not appear next to each message in the text version of the summary message HTML only Send notification messages in MIME type text html only Text only Send notification messages in MIME type text plain only If you choose Text only the View and Release links do not appear next to each message in the summary message 4 Check the Include View link box to include a View link ...

Page 135: ...our system s disk space However a shorter retention period increases the chance that users may have messages deleted before they have been checked The default retention period is 7 days By default the Expunger runs at 1 a m every day to delete messages older than the retention period Each time the process runs at most 10 000 messages can be deleted Increase the expunger frequency if your organizat...

Page 136: ...f quarantine database Maximum amount of disk space used for quarantined messages for all users When a new message arrives after the threshold has been reached a group of the oldest messages are deleted and the new message is kept Maximum size per user Maximum amount of disk space used for quarantine messages per user When a new message arrives after the threshold has been reached a group of the ol...

Page 137: ...pam Quarantine page while viewing email messages in Spam Quarantine The operation could not be performed If this happens check the error log as described in Checking the Control Center error log on page 194 Can t log in due to conflicting LDAP and Control Center accounts If there is an account in your LDAP directory with the user name of admin you won t be able to log in to Spam Quarantine as admi...

Page 138: ...pl DatabaseSQLManager handleUpdate Unknown Source at com brightmail dl jdbc impl DatabaseSQLManager handleUpdate Unknown Source at com brightmail dl jdbc impl DatabaseSQLTransaction create Unknown Source at com brightmail bl bo impl SpamManager create Unknown Source at com brightmail service smtp impl SmtpConsumer run Unknown Source Error in log file cannot release mail from Spam Quarantine This c...

Page 139: ...ay messages sent to the postmaster mailbox 1 Log into the Control Center as an administrator with full privileges or Manage Quarantine rights 2 Click Quarantine 3 Click Show Filters 4 In the To box type postmaster 5 Specify additional filters as needed 6 Click Display Filtered or Display All Error in log file due to running out of disk space If you check log file as described in Checking the Contr...

Page 140: ...hat the nCName attribute is replicated to the Global Catalog To replicate the nCName attribute to the Global Catalog using the Active Directory Schema snap in 1 Click Start Run type regsvr32 schmmgmt dll and click OK 2 Click Start Run type mmc and click OK 3 Click File Add Remove Snap in 4 Click Add and select Active Directory Schema from the list 5 In the left pane expand Active Directory Schema ...

Page 141: ... Note If you don t set any Spam Quarantine thresholds and your system has adequate capacity there is a 1 TB terabyte MySQL limit on the number of messages that can be stored in Spam Quarantine the same message sent to multiple recipients counts as one message For more information about Spam Quarantine thresholds see Specifying Spam Quarantine message and size thresholds on page 136 Copies of misid...

Page 142: ...142 Working with Spam Quarantine Configuring Spam Quarantine ...

Page 143: ... associated with one or more groups Quarantined messages and associated databases are stored on the Control Center To use Suspect Virus Quarantine configure your system such that one or more groups has an associated filter policy that both enables virus scanning for messages and that delays or strips and delays messages containing suspicious attachments For example you can create a policy called p...

Page 144: ... arrived messages are not displayed in Suspect Virus Quarantine Suspect Virus Quarantine messages page The Suspect Virus Quarantine messages page provides a summary of the messages in Suspect Virus Quarantine Virus message quarantine procedures The following steps describe how to perform some common tasks on the Virus Message quarantine page To get to the virus message quarantine page From the Con...

Page 145: ...h message to select a message for deletion 2 When you ve selected all the messages on the current page that you want to delete click Delete To delete all messages Click Delete All to delete all the messages in Suspect Virus Quarantine including those on other pages To release all messages Click Release All to release all the messages in Suspect Virus Quarantine including those on other pages To se...

Page 146: ...pe information is displayed which is often forged by spammers Searching messages Click Show Filters on the message list page to display the search fields Type in one or more boxes or choose a time range to display matching messages in the Suspect Virus Quarantine The search results are displayed in a page similar to the message list page If you search for multiple characteristics only messages tha...

Page 147: ...ble message From header which in spam messages is usually forged The visible message From header may contain different information than the message envelope To search subject headers Type in the Subject box to search the Subject header in all messages for the text you typed To search using time range Choose a time range from the Time Range list to show all messages from that time range Search deta...

Page 148: ...t Virus Quarantine Configuring Suspect Virus Quarantine port for incoming email By default Suspect Virus Quarantine accepts quarantined messages from the Scanner on port 41025 To specify a different port type it in the Spam and Suspect Virus Quarantine Port box located at Settings Quarantine You don t need to change any Scanner settings to match the change in the Spam and Suspect Virus Quarantine ...

Page 149: ...e Configuring Suspect Virus Quarantine To configure the size for your Suspect Virus Quarantine 1 Click Settings Quarantine 2 Specify your desired values for the options provided in Maximum size of suspect virus quarantine The default is 10 GB ...

Page 150: ...150 Working with Suspect Virus Quarantine Configuring Suspect Virus Quarantine ...

Page 151: ...els for additional tests that you can perform periodically Verifying normal delivery You can verify whether the Windows SMTP Service or your installed MDA is working properly with the Scanner to deliver legitimate mail by sending an email to a user To test delivery of legitimate mail 1 Send an email with the subject line Normal Delivery Test to a user 2 Verify that the test message arrives correct...

Page 152: ... spam to the same account used in step 5 8 In the Control Center click Status Overview after several minutes have passed The Spam counter on the Overview page increases by one if filtering is working Testing antivirus filtering You can verify that antivirus filtering is working correctly by sending a test message containing a pseudo virus This is not a real virus To test Antivirus filtering 1 Usin...

Page 153: ...sage list and displayed in accordance with the sorting order Symantec Mail Security for SMTP must be configured to forward spam messages to Spam Quarantine If the default configuration is not changed Symantec Mail Security inserts Spam in the subject line of spam messages and delivers them to users normal inbox rather than to Spam Quarantine Any antispam message category can be configured via poli...

Page 154: ...http www example com url 1 blocked 4 Send the message 5 Send a message to the same account that is not spam and that does not contain any viruses 6 In the Control Center click the Spam Quarantine tab and click Search 7 Search under Subject for a message with the subject Test Spam Message ...

Page 155: ...end from The email address that will appear in the notification s From header System detected n viruses in the past interval An alert is sent because the system detects that the number of virus outbreaks occurring over a certain time period exceeds a set limit Spam filters are older than An alert is sent because of the age of your spam filters Spam filters update periodically at different interval...

Page 156: ...ata from the Control Center to attached and enabled Scanners Only messages that log at the error level cause alerts Antivirus license expired An alert is sent when your antivirus license has expired Contact your Symantec sales representative for assistance Antispam license expired An alert is sent when your antispam license has expired Contact your Symantec sales representative for assistance SSL ...

Page 157: ... 2 Under Notification Sender enter an email address in the Send from field To specify alert conditions 1 Under Alert Conditions check the alert conditions for which alerts are to be sent Specify duration or size parameters where necessary using the appropriate boxes and drop down lists 2 Click Save Viewing logs The View Logs page lets you view various performance logs for Scanners the Control Cent...

Page 158: ...r or Quarantine Log type drop down Select a log type from the list Scanner logs record the workings of Scanner components including the filter hub conduit LiveUpdate Client and Scheduler and MTA Control Center logs show information on the Control Center the database and LDAP Quarantine Release logs indicate which mail messages were released from the Quarantine and when Log actions drop down Select...

Page 159: ...n Configuring logs You can configure log settings for Symantec Mail Security for SMTP components on each Scanner in your system The severity of errors you want written to the log files can be chosen for the following components Conduit Filter Engine LiveUpdate Scheduler Mail Transfer Agent The superset of logging options is shown in Table 8 3 Table 8 3 Log Settings page Local Log Type Item Descrip...

Page 160: ...a numeric value in Maximum number of days to retain The default is seven 8 Under Log Expunger choose a frequency and a start time when the Control Center runs the Log Expunger to delete log data The default is once per day 9 To trace the path of particular messages through the mail flow click Enable message logs Mail Transfer Agent Set the logging level for the Mail Transfer Agent Apply to All Hos...

Page 161: ...he Remote tab 3 Click Enable Syslog to enable remote system logging On Solaris remote logs are written to Syslog On Windows they are written to System Event Viewer Note If you are running the product on Solaris you must configure syslogd to accept remote syslog messages via UDP 4 In the Host field specify the Syslog server s IP address 5 In the Port field specify the port on the Syslog server that...

Page 162: ...162 Configuring alerts and logs Configuring logs ...

Page 163: ...on Printing saving and emailing reports Scheduling reports to be emailed About reports Symantec Mail Security for SMTP reporting capabilities provide you with information about filtering activity at your site including the following features Analyze consolidated filtering performance for all Scanners and investigate spam and virus attacks targeting your organization Create pre defined reports that...

Page 164: ...uter rather than the external Internet address you might expect Affected reports are all Top Sender HELO Domains reports all Top Sender IP Connections reports Top Succeeded Connections SMTP report Top Failed Connections SMTP report and Top Rejected Connections SMTP report Table 9 1 Available Message reports Report Type Displays Required Report Data Storage Options Reports Settings Page Overview A ...

Page 165: ...fied time range Sender HELO domains Top Sender IP Connections IP addresses from which the most messages have been processed For each IP address the total processed and number of virus and spam messages are listed Specify the maximum number of IP addresses to list for the specified time range Sender IP connections Top Recipient Domains Recipient domains for which the most messages have been process...

Page 166: ...der domains Specific Senders Number of virus messages detected from a sender email address that you specify For each grouping the virus to total processed percentage total processed and number of virus worm and unscannable messages are listed Senders Sender domains Top Sender HELO Domains SMTP HELO domain names from which the most virus messages have been detected For each HELO domain the virus to...

Page 167: ...ttings Page Overview A summary of total detected spam messages spam blocked allowed and suspected spam messages None Top Sender Domains Domains from which the most spam messages have been detected For each domain the spam to total processed percentage total processed and number of spam suspected spam blocked and allowed messages are listed Specify the maximum number of senders to list for the spec...

Page 168: ...pected spam blocked and allowed messages are listed Specify the maximum number of recipient domains to list for the specified time range Recipient Domains Top Recipients Email addresses for which the most spam messages have been detected For each email address the spam to total processed percentage total processed and number of spam suspected spam blocked and allowed messages are listed Specify th...

Page 169: ...essages processed and number and percentage of content compliance policies triggered are listed Specify the maximum number of IP addresses to list for the specified time range Sender IP connections Top Recipient Domains Recipient domains for which the most compliance matches have been detected For each recipient domain the total messages processed and number and percentage of content compliance po...

Page 170: ...ost spam attacks have been detected For each IP address the total messages processed and number and percentage of spam attacks versus messages processed are listed Sender IP connections Table 9 6 Available Sender Authentication reports Report Type Displays Required Report Data Storage Options Reports Settings Page Overview Total messages processed and number and percentage of sender authentication...

Page 171: ... Displays Required Report Data Storage Options Reports Settings Page Overview Number and percentage of SMTP connections attempted successful failed rejected and deferred None Top Succeeded Connections IP addresses from which the most successful SMTP connections were detected Sender IP connections Top Failed Connections IP addresses from which the most failed SMTP connections were detected Sender I...

Page 172: ...e data storage requirements for some reports can be high refer to Setting the retention period for report data on page 173 to learn how to keep the report data manageable In particular the sender statistics usually consume a large amount of disk space To enable data tracking for reports 1 In the Control Center click Settings Reports 2 Under Report Data select the report data you want to track 3 Cl...

Page 173: ...report data stored to date 4 Click Save Running reports Provided that report data exists to generate a given report type you can run an ad hoc report to get a summary of filtering activity The results will display in the browser window To run a report 1 Ensure that you have configured Symantec Mail Security for SMTP to track the appropriate data for the report See Selecting report data to track on...

Page 174: ...n check the columns you want to include 11 Click Run Report If there is data available the report you selected appears in the browser window Depending on how much data is available for the report you selected this may take up to several minutes Saving and editing Favorite Reports You can save a report for quick access later and also edit saved reports Save and edit Favorite Reports Follow these st...

Page 175: ...isplay the following message No data is available for the report type and time range specified If you received this message verify the following Data exists for the filter you specified For example perhaps you specified a recipient address that received no mail during the specified period for a Specific Recipients report Symantec Mail Security for SMTP is configured to keep data for that report ty...

Page 176: ... 7 hours behind GMT Assume that a Scanner receives and marks a message as spam at 5 30pm local time on April 23 Friday 12 30am April 24 Saturday GMT When generating the report Symantec Mail Security for SMTP determines what day the email belongs to based on where the report is being generated If the Control Center is in Greenwich the resulting report will count it in GMT the local time zone so it ...

Page 177: ... 2 Deferred or rejected messages are not counted as received For reports that list the number of recipients if a spam or virus message is deferred or rejected it is not counted as received If 100 messages are deferred or rejected the recipient count for those messages is 0 Reports limited to 1 000 rows The maximum size for any report including a scheduled report is 1 000 rows Printing saving and e...

Page 178: ...on the save dialog box To email reports 1 After creating and running a report as described in Running reports on page 173 type an email address such as r1b3s example com in the box next to Email 2 Click Email Scheduling reports to be emailed You can schedule some reports to run automatically at specified intervals You can specify that scheduled reports be emailed to one or more recipients Note You...

Page 179: ... format Check Chart Table or both See About charts and tables on page 172 CSV formats the report in comma separated values format Note To view a CSV file containing double byte characters in Microsoft Excel specify a comma delimited UTF 8 file in the MS Excel Text Import Wizard 9 Under Report Addresses type an email address such as r1b3s example com in the Send from the following email address box...

Page 180: ...duling reports to be emailed 4 Click Save To delete a scheduled report 1 In the Control Center click Reports Scheduled Reports 2 Check the box next to the scheduled report that you want to delete and then click Delete 3 Click Save ...

Page 181: ...ehensive means of checking and displaying system host and message status Status information is combined with options for changing what is displayed as well as with actions you can take based on the information shown LDAP synchronization and Scanner replication management facilities are also available within the status area Status and management control facilities are available to inform you about ...

Page 182: ...urs graph displays data for the past 24 hours not including the current hour The Last 30 Days graph displays data for the past 30 days not including today At the next hour data from 00 to 59 minutes will be displayed in the Last 24 Hours graph At midnight data from the last day will be displayed in the Last 30 Days graph Message status The following sections provide information about messages that...

Page 183: ... view messages from the message queues on a specified host The following message queues are available for selection Inbound Outbound Delivery Work with a message Queue The following steps describe how to perform some common tasks on the Message Queues page To view message queue information In the Control Center click Status Message Queues To tailor information on a message queue 1 On the Message Q...

Page 184: ...ure before any tracking information is available for viewing or searching It is important to realize that logs for message tracking can become large and searching the logs can create high demand for Scanner processing time To enable message tracking 1 In the Control Center click Settings Logs 2 Select the host on which to enable message tracking 3 Under Message Tracking Logs check Enable message l...

Page 185: ...mime A dropdown list of disposition choices is provided Action taken What happened to the message A dropdown list of actions is provided Connection IP Connection IP used to receive the message Target IP IP address of the message destination Group policy Name of the group policy applied to the message Filter policy Name of the filter policy applied to the message Virus Name of a virus attached to t...

Page 186: ...bed in Searching for a message on page 184 4 Click Display Filtered Host status The following sections provide you status information on your hosts Host details You can view details about the status of components on selected hosts The following information categories can be available for the selected host Control Center Scanner Work with the Host Details page The following steps describe some comm...

Page 187: ...lowing steps describe how to perform some common tasks on the LDAP Synchronization page To view information about LDAP synchronization In the Control Center click Status LDAP Synchronization To synchronize fewer than 1 000 directory entries before the next update On the LDAP Synchronization page check the box next to the source to synchronize and click Synchronize Changes Note The Synchronize Chan...

Page 188: ...steps describe how to perform some common tasks on the Scanner Replication page To view the status of replication for a host In the Control Center click Status Scanner Replication To perform an immediate unscheduled replication From the Scanner Replication page click Replicate Now Version Information You can check the versions of your installed software by going to http prefix yourcompany com port...

Page 189: ...proxy settings Define SMTP settings Define internal mail servers for your site For more details on these categories see Configuring host Scanner settings on page 20 To edit a Scanner alternative method 1 In the Control Center click Status Host Details 2 Select a host from the drop down list 3 Click Configure Host 4 Make any changes to the host or its included components and services See To edit a ...

Page 190: ...g Disable The Scanner list updates to reflect your choice Clicking Enable for an enabled Scanner or Disable for a disabled Scanner has no effect on the Scanner To enable a Scanner 1 In the Control Center click Settings Hosts A red x in the Enabled column indicates that the Scanner is disabled A green check mark in the Enabled column indicates that the Scanner is enabled 2 To enable a Scanner that ...

Page 191: ...s Follow these steps to add edit or delete administrators To add an administrator 1 In the Control Center click Administration Administrators 2 Click Add 3 Type the user name and password and confirm the password 4 Enter the email address of the administrator 5 If this Administrator is to receive system alerts check Receive alert notifications 6 Choose the administrative rights you want to assign ...

Page 192: ...nses determine which features are enabled in your system To view and add licenses through the Control Center 1 In the Control Center click Administration Licenses 2 Review the license information for Symantec Mail Security for SMTP Next to each licensed entry a status of Licensed is shown For an unlicensed product ask your Symantec representative about getting a license file through which to regis...

Page 193: ...Tomcat and related processes such as the Expunger and Notifier on Windows use the Control Panel Services window to start Tomcat On Linux or Solaris log in as root or use sudo to run the following command etc init d bcc start To start MySQL on Windows use the Control Panel Services window to start MySQL On Linux or Solaris log in as root or use sudo to run the following command etc init d smssmtp_m...

Page 194: ...ql jdbc MysqlIO sqlQueryDirect MysqlIO java 1109 at com mysql jdbc Connection execSQL Connection java 2030 at com mysql jdbc PreparedStatement executeUpdate PreparedStatement ja va 1750 at com mysql jdbc PreparedStatement executeUpdate PreparedStatement ja va 1596 at org apache commons dbcp DelegatingPreparedStatement executeUpdate DelegatingPreparedStatement java 207 at com brightmail dl jdbc imp...

Page 195: ...perties 2 Find the following line log4j rootLogger WARN file 3 Change the word WARN to DEBUG 4 Find the following line log4j appender file MaxFileSize 5MB 5 Change the 5MB to the desired number such as 10MB 6 Find the following line log4j appender file MaxBackupIndex 10 7 Change the number after MaxBackupIndex to the desired number such as 40 This setting determines the number of saved BrightmailL...

Page 196: ...can t be stopped using the Control Center Starting and stopping Windows services Table 10 1 describes the Windows services of Symantec Mail Security for SMTP Table 10 1 Windows services Servicedisplay name Service short name Process in Task Manager Description SMS Active Directory Notification Agent SMSADCNASVC AD_CNA exe Tracks changes in Active Directory for SyncService SMS Agent BMIAGENTSVC bma...

Page 197: ...the name of the service and then click End Process Tree Note Be sure to use End Process Tree option not the End Process option SMS IPlanet Notification Agent SMSIPLANETCNASVC iPlanet_CNA exe Tracks changes in iPlanet Sun ONE for SyncService SMS Live Update Controller BMIJLUSVC jlu controller exe Downloads updated virus definitions SMS SMTP MySQL SMS SMTP MySQL mysqld nt exe Retrieves data stored i...

Page 198: ...tenance System maintenance of the Symantec software should be done as part of your regular server maintenance schedule including the tasks below Backing up logs data In general there is no reason to store stale logs For troubleshooting purposes logs that are not set to Information which provides the most detail have Table 10 2 UNIX services Service Description bcc Serves Control Center pages via H...

Page 199: ...instructions in this section replace the value PASSWORD with the following text on Solaris or Linux cat opt Symantec SMSSMTP brightmailuser On Windows open the following file in a text editing application and use the file contents as the value of PASSWORD C Program Files Symantec SMSSMTP brightmailuser Back up and restore Quarantine database information Use the following procedures for backing up ...

Page 200: ...ser password PASSWORD opt brightmail settings_quarantine day_zero_message host 127 0 0 1 virus_quarantine sql To restore Suspect Virus Quarantine tables from backup mysql user brightmailuser password PASSWORD host 127 0 0 1 brightmail virus_quarantine sql Maintaining adequate disk space Use standard file system monitoring tools to verify that you have adequate disk space Remember that the storage ...

Page 201: ...f Symantec Mail Security for SMTP You will also find familiar features in many cases improved and expanded In some cases the names of features are the same in some cases the names have changed and the changes are noted in this appendix Note By default inbound and outbound messages containing a virus or mass mailing worm and unscannable messages including malformed MIME messages will be deleted You...

Page 202: ...tent controls True file type recognition for content compliance filtering Automatically detects file types without relying on file name extensions or MIME types Keywords filtering within attachments keyword frequency filtering Scan within attachments to find keywords from dictionaries you create or edit Specify a number of occurrences to look for Regular expression filtering Use regular expression...

Page 203: ...tegory Features Description Table A 2 New features for Symantec Mail Security for SMTP users Category Features Description Flexible mail management Centralized Web based administration Use the Control Center to manage all aspects of email management and spam virus and content filtering across all servers with one interface Group Policies Create separate inbound and outbound policies for an unlimit...

Page 204: ... 3 provides a cross reference between selected Symantec Mail Security for SMTP 4 1 features and Symantec Mail Security for SMTP 5 0 features that have different names Discontinued features The following Symantec Mail Security for SMTP 4 1 features are not included in Symantec Mail Security for SMTP 5 0 Auto generated whitelist Logging of SMTP conversations Hold Queue automatic reordering of the Sl...

Page 205: ...ing LiveUpdate support for virus definitions list of file types to exclude from virus scanning expanded container limit controls Outbound filtering Provides spam virus and content compliance filtering on outbound email messages Specify different outbound and inbound policies for each user group Flexible mail management More flexible Group Policies Use LDAP groups to populate groups for Group Polic...

Page 206: ...ollows Email Scanning Settings Settings determine system wide policies for handling email These include Address Masquerading Aliases Spam Settings Virus Settings Invalid Recipients Local Domains Scanning including Container Limits Filter Policies Specific sets of conditions that identify categories of email and specific sets of actions to take on those messages You can specify multiple filter poli...

Page 207: ...an employ policy resources when you create filter policies Policy resources include Annotations called Custom Disclaimers in Version 4 1 Add custom text to the beginning or end of the message body Archive Send messages to a specific email address for storage Attachment Lists Specify lists of attachment types for use in filtering based on file naming or on the true type of each file or use any of f...

Page 208: ...208 Feature Cross Reference About email filtering and message handling options ...

Page 209: ... Outlook Spam Plug in and spam foldering agents for Microsoft Exchange and Lotus Domino users The Symantec Outlook Spam Plug in is an alternative to the personal Allowed Senders and Blocked Senders Lists and language preferences offered by the Control Center For a comparison of the native language processing offered by Symantec Mail Security for SMTP and the Symantec Outlook Spam Plug in see Choos...

Page 210: ...antec Outlook Spam Plug in also gives users the option to administer their own Blocked Senders and Allowed Senders Lists as well as to specify languages in which they do or do not wish to receive email Usage scenarios You can use Symantec Outlook Spam Plug in with the following other components Symantec Spam Folder Agent for Exchange Spam Quarantine Both Symantec Spam Folder Agent for Exchange and...

Page 211: ...ton to submit the message to Symantec and move it from their Spam folder to their Inbox Empty Spam Folder Users click this button to empty their Spam folder if configured Spam Quarantine Users click this button to launch Spam Quarantine in their default Web browser if configured Symantec By choosing an item from this pull down menu users can get information on using the plug in view a report if co...

Page 212: ...Plug in Follow these procedures to enable your users to install the Symantec Outlook Spam Plug in To set up the Symantec Outlook Spam Plug in 1 Navigate to the folder containing the Symantec Outlook Spam Plug in software 2 Copy all the files in the Plugin Outlook folder to a network directory that is accessible to your users 3 If desired modify the setup ini file to configure optional system wide ...

Page 213: ...mdLine attribute in the Startup section at the beginning of the setup ini file The settings will be added as values for the following Windows Registry key HKLM Software Brightmail OutlookPlugin 2 Change the settings in Table B 1 as desired Example CmdLine SPAM_FOLDER Junk ADMIN_FALSE_ADDRESS admin false my company com 3 Save your changes to the setup ini file These settings will be used during eac...

Page 214: ...s directly to the Spam folder If a message sender is in the user s Allowed Senders List or optionally Outlook Contacts list or if ANY of the message s recipients are in the user s Allowed Recipients List the message is moved to the Inbox Otherwise it stays in the Spam folder If set to 0 messages are delivered normally to the Inbox CHECK_BLOCKED If set to 1 the default or any non zero value move me...

Page 215: ...s to delete the contents of their Spam folders HIDE_NOT_SPAM Specifies whether the This is Not Spam button is hidden The default is 0 displayed Any non zero value including an empty value will cause the button to be hidden HIDE_SPAM Specifies whether the This is Spam button is hidden The default is 0 displayed Any non zero value including an empty value will cause the button to be hidden MANUAL_AL...

Page 216: ...the message to the Spam folder The default is Normal SINGLE_CONFIRM_MSG The confirmation message for a single successful submission The default value for this string is Thank you for submitting a message to Symantec for review We appreciate your help in improving our antispam service This will be your only acknowledgement SPAM_FOLDER The name of the Spam folder The default is Spam SPAM_QUARANTINE_...

Page 217: ... click I accept the terms of this license agreement and then click Next 4 Choose a setup type and then click Next Setup options include Complete and Custom The Complete option installs all software in a predefined set of folders and files The Custom option allows you to tailor installation options 5 Under Service Account specify an account to be used by the Symantec Spam Folder Agent for Exchange ...

Page 218: ...tion process 12 Click Finish The Installer configures the Symantec Spam Folder Agent for Exchange as a Windows service that will run automatically For information on how to change this default configuration see Enabling automatic spam foldering on page 221 Configuring the Symantec Spam Folder Agent for Domino To enable automatic foldering of spam for your Lotus Domino users install the Symantec Sp...

Page 219: ...anel is displayed 8 Select the option s you wish to configure and click Next The Configuring Spam Folder Information panel is displayed Note This screen appears only if you chose to configure spam foldering 9 Under Spam Folder specify the name of the folder in each end user s mailbox where spam will be sidelined and then click Next The default is Spam 10 Specify a spam expiration between 1 and 365...

Page 220: ...change to the template on the user s home mail server The nightly Design process runs on the user s home mail server The user reopens his or her mail file after installation This only applies if the user s mail file was open when its design was refreshed The Symantec Spam Folder Agent for Domino will take effect when the design is refreshed though the folder will not be visible See the Lotus Notes...

Page 221: ...y Uninstalled panel is displayed 4 Click Finish Enabling automatic spam foldering Follow these steps to enable automatic spam foldering for Exchange 5 5 Exchange 2000 Exchange 2003 or Lotus Domino To deliver spam messages to users spam folders 1 In the Control Center click Policies Spam 2 Click Add 3 Under Policy Name type Folder or a descriptive name of your choice 4 Under Apply to click Inbound ...

Page 222: ...ling language identification Enabling language identification Symantec Mail Security for SMTP must be configured to work with the client side language processing offered by the Symantec Outlook Spam Plug in See Enabling and disabling end user settings on page 79 ...

Page 223: ...ts and third party products to provide a central point of control of security within an organization It provides a common management framework for Information Manager enabled security products such as Symantec Mail Security for SMTP that protect your IT infrastructure from malicious code intrusions and blended threats The Information Manager increases your organization s security posture by simpli...

Page 224: ...nt The Knowledge Base also suggests tasks that you can assign to a help desk ticket for resolution Symantec Security Information Manager is purchased and installed separately The appliance must be installed and working properly before you can configure Symantec Mail Security to log events to the SSIM For more information see the Symantec Security Information Manager documentation Interpreting even...

Page 225: ...more information refer to the Symantec Security Information Manager documentation Table C 1 Settings for Message statistics Setting Value Type Message stats Path for Linux Solaris opt Symantec SMSSMTP scanner stats Path for Windows c Program Files Symantec SMSSMTP scanner stats Filename bmi_eng_stats Configure as Monitor in Real Time Table C 2 Settings for Firewall statistics Setting Value Type Fi...

Page 226: ...Value Table C 4 Firewall events that are sent to the Information Manager Event ID SES_EVENT_ Unique ID Severity Event class Rule description Reason sent SES_EVENT_CONNECTION_ACCEPTED 512000 Informational symc_firewall_network Connection Permitted SES_DETAIL_CONNECTION_REJECTED 517242 Informational symc_firewall_network Connection Rejected SES_DETAIL_CONNECTION_REJECTED 517247 Informational symc_fi...

Page 227: ...ent ID SES_EVENT_ Unique ID Severity Event class Rule Description Reason sent Table C 6 Message events that are sent to the Information Manager Event ID SES_EVENT_ Unique ID Severity Event class Rule Description Reason sent SES_EVENT_VIRUS 122000 Informational symc_data_virus_incident Virus message SES_EVENT_UNSCANNABLE_VIOL ATION 112056 Informational symc_data_incident Unscannable violation SES_E...

Page 228: ...on User login successful SES_EVENT_HOST_INTRUSION 1032000 Informational symc_host_intrusion User logout successful SES_EVENT_HOST_INTRUSION 1032000 Warning symc_host_intrusion User login failed SES_EVENT_CONFIGURATION_CHANGE 92008 Informational symc_config_update Enable add host SES_EVENT_CONFIGURATION_CHANGE 92008 Informational symc_config_update Disable remove host SES_EVENT_HOST_INTRUSION 10320...

Page 229: ...imported SES_EVENT_CONFIGURATION_CHANGE 92008 Informational symc_config_update Group policy members imported SES_EVENT_CONFIGURATION_CHANGE 92008 Informational symc_config_update Component is not active SES_EVENT_CONFIGURATION_CHANGE 92008 Informational symc_config_update Administrator account change SES_EVENT_VIRUS 122000 Major symc_config_update Virus outbreak Table C 7 Administration events tha...

Page 230: ...230 Integrating Symantec Mail Security with Symantec Security Information Manager Interpreting events in the Information Manager ...

Page 231: ... and that the original message is included unless it has been deleted as uncleanable Although it is not necessary for you to edit these messages you can do so if you wish This section explains the format of the file that contains the messages and the procedure for modifying it Modifying notification files The notification files are located at The notification file used by Symantec Mail Security fo...

Page 232: ...e notification file The notification messages can be edited In the XML file each notification message is constructed with an advisory tag There are several advisory tags each containing a block of information depending on the disposition of the message For example after Symantec Mail Security for SMTP successfully cleans a message it retrieves text from the cleaned_sentence advisory shown in the n...

Page 233: ...ected with the malicious virus t name virus_name and has been deleted because the file cannot be cleaned advisory advisory name deleted_cant_replace_sentence t name file_name was infected with the malicious virus t name virus_name and has been deleted because the Symantec decomposer cannot modify its container advisory advisory name deleted_too_large_sentence t name file_name was deleted because i...

Page 234: ...o large advisory advisory name scan_error_sentence t name file_name was not scanned for viruses because of the error t name error advisory advisory name too_many_levels_sentence t name file_name was not scanned for viruses because too many nested levels of files were found advisory advisory name too_complex_sentence The message was not scanned for viruses because the maximum time for scanning was ...

Page 235: ...l CDATA HTML BODY P ERROR During the processing of this email an error occurred Contact the sender of this message so he or she can resend it to you BR BR P BODY HTML advisory advisory name sender_text The message you sent has been processed by Symantec AntiVirus t name file_actions You may want to install or update antivirus software on your computer For more information on antivirus tips and tec...

Page 236: ...sed by Symantec AntiVirus BR BR PRE t name file_actions CDATA PRE BR You may want to install or update antivirus software on your computer br For more information on antivirus tips and technology visit A HREF http www symantec com http www symantec com A BR BR P p Headers of infected message PRE t name message_headers CDATA PRE BODY HTML advisory advisory list ...

Page 237: ...roups of recipients You can use this feature to automate email disclaimers antivirus A subcategory of a security policy that pertains to computer viruses API application programming interface The specific methodology by which a programmer writing an application program can make requests of the operating system or another application archive An action that can be performed on email messages by Syma...

Page 238: ...identity CAs are a critical component in data security and electronic commerce because they guarantee that the two parties exchanging information are really who they claim to be certificate A file that is used by cryptographic systems as proof of identity It contains a user s name and public key Certificate Authority signed SSL A type of Secure Sockets Layer SSL that provides authentication and da...

Page 239: ...A network added between a protected network and an external network to provide an additional layer of security Sometimes called a perimeter network DNS Domain Name Server proxy An intermediary between a workstation user and the Internet that allows the enterprise to ensure security and administrative control DNS Domain Name System A hierarchical system of host naming that groups TCP IP hosts into ...

Page 240: ...ension A suffix consisting of a period followed by several letters at the end of a file that by convention indicates the type of the file false positive A piece of legitimate email that is mistaken for spam and classified as spam by Symantec Mail Security for SMTP filter A method for analyzing email messages used to determine what action to take on each message Symantec Mail Security for SMTP uses...

Page 241: ...n the Internet HTTP is an application protocol HTTPS Hypertext Transfer Protocol Secure A variation of HTTP that is enhanced by a security mechanism which is usually Secure Sockets Layer SSL IP Internet Protocol The method or protocol by which data is sent from one computer to another on the Internet Each computer known as a host on the Internet has at least one address that uniquely identifies it...

Page 242: ...ent that sends inbound and outbound messages that have already been filtered to their required destinations To do this the delivery MTA uses the filtering results and the configuration settings for relaying inbound and outbound mail Inbound MTA The component that receives inbound mail and forwards it to the Filtering Hub for processing Outbound MTA The component that receives outbound mail and for...

Page 243: ...string of characters that a user types as an identification code to restrict access to computers and sensitive files The system compares the code against a stored list of authorized passwords and users If the code is legitimate the system allows access at the security level approved for the owner of the password phishing An attempt to illegally gather personal and financial information by sending ...

Page 244: ...n uses the FTP protocol to transfer files the TCP protocol to manage connections and the IP protocol to deliver data proxy An application or agent that runs on the security gateway and acts as both a server and client accepting connections from a client and making requests on behalf of the client to the destination server There are many types of proxies each used for specific purposes See also gat...

Page 245: ...rized access As the Internet becomes a more fundamental part of doing business computer and information security are assuming more importance in corporate planning and policy sender group A category of email senders that Symantec Mail Security for SMTP manages using the Email Firewall feature Sender groups can be based upon IP addresses domains third party lists or Symantec lists You can configure...

Page 246: ...lows access to those messages In Symantec Mail Security for SMTP Spam Quarantine is located on the Control Center computer and provides users with Web access to their spam messages Users can browse search and delete their spam messages and can also redeliver misidentified messages to their inbox An administrator account provides access to all quarantined messages Spam Quarantine can also be config...

Page 247: ...actions to take on messages from each sender group Suspect Virus Quarantine In Symantec Mail Security for SMTP a database that temporarily holds messages suspected of containing viruses Messages with suspicious attachments can be held in Suspect Virus Quarantine for a number of hours then filtered again with updated filters if available This processing delay capability enables Symantec Mail Securi...

Page 248: ...ssues Symantec Security Response helps provide its customers with fully integrated protection as it combines the collective expertise of hundreds of security specialists to bring updates and security intelligence to the full range of Symantec s products and services Symantec has research and response centers located around the world Symantec Spam Folder Agent for Domino An application designed to ...

Page 249: ...ernet to exchange different types of information using different applications threat A circumstance event or person with the potential to cause harm to a system in the form of destruction disclosure modification of data or denial of service TLS Transport Layer Security A protocol that provides communications privacy over the Internet by using symmetric cryptography with connection specific keys an...

Page 250: ...r A client program that uses the Hypertext Transfer Protocol HTTP to make requests of Web servers throughout the Internet on behalf of the browser user worm A special type of virus A worm does not attach itself to other programs like a traditional virus but creates copies of itself which create even more copies WWW World Wide Web An application on the Internet that allows for the exchange of docum...

Page 251: ... end user lists via Symantec Outlook Spam Plug in 210 export data from 104 import data for 104 reasons to use 97 annotate messages 106 antispam filters creating antispam policies 85 language based 80 sender authentication 105 Spam Quarantine 117 verify filtering 151 verify filtering to Spam Quarantine 153 antivirus filters create antivirus policies 83 Suspect Virus Quarantine 143 test 152 architec...

Page 252: ...ect Virus Quarantine 145 test delivery of legitimate mail 151 to user Spam folders 221 undeliverable quarantined messages 139 verify normal delivery 151 deployment email firewall policies 99 dictionaries create 112 disk space maintenance 200 distribution lists See aliases and distribution lists does Not Match and Match tests 91 domains add to Allowed Senders Lists 100 add to Blocked Senders Lists ...

Page 253: ... members from file 74 manage 81 H headers display full or brief Spam Quarantine 123 search From headers in Spam Quarantine 124 search From headers in Suspect Virus Quarantine 147 search Message ID header in Spam Quarantine 124 search Subject headers in Spam Quarantine 124 search Subject headers in Suspect Virus Quarantine 147 search To headers in Spam Quarantine 124 search To headers in Suspect Vi...

Page 254: ...83 messages add HTML text 107 add plain text 107 annotate 106 archive 109 configure misidentified message submissions 129 configure Spam Quarantine message and size thresholds 136 configure Spam Quarantine message retention period 135 delete Spam Quarantine messages 119 delete Suspect Virus Quarantine messages 145 delete unresolved email setting 135 drop invalid recipients 56 duplicate Spam Quaran...

Page 255: ...182 proxy add information 21 edit settings 21 proxy settings add or edit 21 Q queue details status 183 tailor information on 183 R Rapid Response See LiveUpdate recipients drop invalid ones 56 redeliver misidentified messages Spam Quarantine 119 122 registration 192 Scanners Control Center 192 regular expressions use in Content Compliance policies 91 replication check status of 39 configure settin...

Page 256: ...147 To headers in Spam Quarantine 124 To headers in Suspect Virus Quarantine 147 self signed certificate add 18 sender authentication 105 Sender Reputation Service 105 configure 105 customize 105 select lists 105 senders delete from lists 101 disable enable 101 edit senders in lists 101 export data from senders lists 104 how identified details 98 identifying senders methods for 98 import sender in...

Page 257: ...issions configure recipients for misidentified messages 129 redeliver misidentified messages 119 122 145 Suspect Virus Quarantine 143 access 143 administer 193 delete messages 145 message navigation 145 message redelivery 145 message sorting 144 search messages 145 146 147 tables restore 200 tables saving 200 suspected spam configure 52 Suspected Spammers enable 105 suspicious attachments determin...

Page 258: ... 147 shown on reports 176 TLS certificate assignment 19 To headers search in Spam Quarantine 124 To headers search in Suspect Virus Quarantine 147 totals information 182 Transformation Engine 13 troubleshoot replication 39 Spam Quarantine 137 status message 40 synchronization 39 U undeliverable Spam Quarantine messages 139 unresolved email setting configure delete 128 configure Spam Quarantine Exp...

Reviews:

No comments

Related manuals for Mail Security

HotBrick VPN 800 User Manual preview
VPN 800
Brand: HotBrick Pages: 89
IBM Proventia Network GX4004 Getting Started Manual preview
Proventia Network GX4004
Brand: IBM Pages: 3
Barracuda Networks NextGen X Series Manual preview
NextGen X Series
Brand: Barracuda Networks Pages: 4
Alcatel-Lucent VPN Firewall Portfolio Brochure preview
VPN Firewall Portfolio
Brand: Alcatel-Lucent Pages: 4
Fortinet FortiSandbox 1000F Quick Start Manual preview
FortiSandbox 1000F
Brand: Fortinet Pages: 13
Juniper NS-2G24FE Manual preview
NS-2G24FE
Brand: Juniper Pages: 17
Fortinet FortiGate FortiGate-5001FA2 Security System Manual preview
FortiGate FortiGate-5001FA2
Brand: Fortinet Pages: 34
Edge-Core SAF51003I Quick Start Manual preview
SAF51003I
Brand: Edge-Core Pages: 4

Brands by name

Popular brands

Load more brands