Symantec 10744983 - Mail Security 8320 Скачать руководство пользователя страница 119 | Manualshive

Страница: 119 / 249

Symantec 10744983 - Mail Security 8320 Скачать руководство пользователя страница 119

Symantec monitors hundreds of thousands of email sources to determine how
much email sent from these addresses is legitimate and how much is spam. Email
from given email sources can then be blocked or allowed based on the source's
reputation value as determined by Symantec. By default, Symantec Mail Security
is configured to incorporate the source information from all three lists comprising
the Sender Reputation Service.

To enable or disable Proxy Senders, Safe Senders, and Suspect Spammers lists

1

In the Control Center, click Policies > Sender Groups.

2

Check or uncheck the boxes for the desired lists.

3

Click Enable or Disable.

Configuring Sender Authentication

Symantec Mail Security can check incoming email for authenticity using the
Sender Policy Framework (SPF) or the Sender ID standard. This can reduce spam
because spammers often attempt to forge the mail server name to evade discovery.

Symantec Mail Security checks the sending IP address against the published DNS
record for the named mail server. If the DNS record includes a hard outbound
email policy (one that requires compliance), and it does not match the sending IP
address, the specified action is taken on the message. If the IP address matches,
or the domain publishes only an informational policy, or does not publish a policy,
no action is taken.

For more information about SPF, see: http://www.openspf.org/

For more information about Sender ID, see: http://www.microsoft.com/senderid

If you add Sender Authentication domains, it's best to specify the highest level
domain possible, such as example.com, because subdomains of the specified
domain will also be tested for compliance.

Warning:

Authenticating all domains can lead to significant unnecessary processing

load. Many domains do not publish an outbound email policy, or publish only an
informational policy. Attempting authentication on these domains does not lead
to any action, and will use processing resources, at times excessively.
Authentication is most effective for domains that publish hard policies that are
frequently spoofed in phishing attacks.

To enable sender authentication

1

In the Control Center, click Policies > Sender Authentication.

2

Check Enable Sender Authentication.

119

Configuring email filtering

Configuring Sender Authentication

«
...
117
118
119
120
121
...
»

Содержание 10744983 - Mail Security 8320

Страница 1: ...Symantec Mail Security Administration Guide...

Страница 2: ...ing its use copying distribution and decompilation reverse engineering No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation a...

Страница 3: ...c software upgrade protection Global support that is available 24 hours a day 7 days a week worldwide Support is provided in a variety of languages for those customers that are enrolled in the Platinu...

Страница 4: ...e following URL www symantec com techsupp ent enterprise html Select your region or language under Global Support and then select the Licensing and Registration page Customer service Customer service...

Страница 5: ...y Enterprise services that are available include the following These solutions provide early warning of cyber attacks comprehensive threat analysis and countermeasures to prevent attacks before they o...

Страница 6: ...To access more information about Enterprise services please visit our Web site at the following URL www symantec com Select your country or language from the site index...

Страница 7: ...cense Agreement Symantec Mail Security or SMTP 1 License You may You may not 2 Limited Warranty 3 Disclaimer of Damages 4 U S Government Restricted Rights 5 Export Regulation 6 General 7 Additional Us...

Страница 8: ......

Страница 9: ...r settings 27 Configuring Default SMTP Settings 31 Configuring internal mail hosts 35 Testing Scanners 35 Configuring LDAP settings 36 Configure LDAP settings 37 Synchronization status information 43...

Страница 10: ...anning settings 66 Configuring container settings 66 Configuring content filtering settings 67 Chapter 4 Configuring email filtering About email filtering 69 Notes on filtering actions 78 Multiple act...

Страница 11: ...figuring Spam Quarantine 140 Delivering messages to Spam Quarantine from the Scanner 140 Configuring Spam Quarantine port for incoming email 141 Configuring Spam Quarantine for administrator only acce...

Страница 12: ...out charts and tables 188 Setting the retention period for report data 188 Running reports 189 Saving and editing Favorite Reports 190 Running and deleting favorite reports 190 Troubleshooting report...

Страница 13: ...the amount of information in BrightmailLog log 211 Starting and stopping UNIX and Windows services 213 Starting and stopping Windows services 213 Starting and stopping UNIX services 215 Periodic syste...

Страница 14: ...Glossary Index Contents 14...

Страница 15: ...Antispam technology Symantec s state of the art spam filters assess and classify email as it enters your site Antivirus technology Virus definitions and engines protect your users from email borne vi...

Страница 16: ...d virus definitions if available This feature tcan be effective in defeating virus attacks before conventional signatures are available View a list of available virus definition updates Improved virus...

Страница 17: ...More than 50 graphical reports that you can generate ad hoc or on a scheduled basis Reports can be exported for offline analysis and emailed Extensive set of pre built reports scheduled reporting and...

Страница 18: ...he status of all Symantec Mail Security hosts in your system including system logs and extensive customizable reports Use the Control Center to configure both system wide and host specific details The...

Страница 19: ...the Symantec Mail Security filters Architecture Figure 1 1 shows how a Symantec Mail Security installation processes an email message assuming the sample message passes through the Filtering Engine t...

Страница 20: ...ssage is spam At this point the message may also be checked against end user defined Language settings The Transformation Engine performs actions per recipient based on filtering results and configura...

Страница 21: ...tact Symantec License Administration www enterprisesecurity symantec com Provides product news and updates www symantec com security_response Provides access to the Virus Encyclopedia which contains i...

Страница 22: ...About Symantec Mail Security Where to get more information 22...

Страница 23: ...ssages outbound messages and message delivery Assign this certificate from the Inbound Mail Settings and Outbound Mail Settings portions of the SMTP tab on the Settings Hosts Edit Host Configuration p...

Страница 24: ...y or use a domain name to be sure 5 Click Create To add a Certification Authority Signed certificate to the list 1 In the Control Center click Settings Certificates 2 Click Add 3 In the Certificate ty...

Страница 25: ...ryption as appropriate 5 Choose the TLS certificate from the Certificate drop down list for the inbound or outbound MTA 6 Click Save To assign a user interface HTTPS certificate 1 In the Control Cente...

Страница 26: ...the following procedures from the Services tab to manage individual Scanner services replication and stop the flow of messages through a Scanner Replication synchronizes Scanner directory data with L...

Страница 27: ...and receive filter updates from Symantec If you need to add proxy and or other security settings to your server definition follow the steps below To change or add proxy information 1 In the Control C...

Страница 28: ...ompliance policies resulting in fewer messages filtered through Content Compliance policies To modify SMTP settings for a Scanner 1 In the Control Center click Settings Hosts 2 Check the Scanner to ed...

Страница 29: ...ains box are accepted Click Add to add an entry or Remove to delete one If you specify one or more IP addresses you must include the IP address of the Control Center so that Spam Quarantine and Suspec...

Страница 30: ...must include the IP address of the Control Center so that Spam Quarantine and Suspect Virus Quarantine can release messages After you add the first entry the IP address of the Control Center is added...

Страница 31: ...lable on Windows systems Sets the maximum number of simultaneous inbound connections allowed from a single IP address Additional connections for the same IP address will be rejected The default is 20...

Страница 32: ...t domain for sender addresses with no domain Places a RECEIVED header in the message during outbound SMTP processing when checked When unchecked no RECEIVED header is inserted during outbound SMTP pro...

Страница 33: ...er of connections per single internal mail server Sets the smallest interval the SMTP server waits before trying to deliver a message again The default is 15 minutes Minimum retry interval Sets the ti...

Страница 34: ...ins from which you may require encryption Check the names of those domains from which information must currently be encrypted Leave unchecked to currently except listed domains from this requirement P...

Страница 35: ...lick Save to store the information To delete an internal mail host 1 From the Control Center click Settings Hosts 2 Check the Scanner you want to configure 3 Click Edit 4 Click the Internal Mail Hosts...

Страница 36: ...er authenticates users by checking their user name and password data directly against the LDAP source Authentication LDAP user and group data is used to apply group policies recognize directory harves...

Страница 37: ...lly as shown on the LDAP Synchronization page and the number of rejected entries is 0 or stays constant after successive synchronization changes If synchronization has not completed successfully a sta...

Страница 38: ...s server definition Authentication Synchronization Authentication and Synchronization LDAP Server Anonymous bind Allows you to login to an LDAP server without providing specific user ID and password i...

Страница 39: ...the fields for you to modify as needed You can have only one authentication server defined in the Control Center Specify the queries to use You have the following options when selecting what authentic...

Страница 40: ...the point in the directory from which to start searching for entries with email addresses aliases or groups To use this field begin by clicking Auto Fill for the naming contexts of the directory Reduc...

Страница 41: ...nd guarantee full authentication by the LDAP server For an Active Directory server the full DN or logon name with User Principal Name suffix may be required Password Password information that allows y...

Страница 42: ...ization is checked for Usage It allows for the following definitions governing synchronization behavior Synchronize every Specifies how often scheduled synchronization occurs You can specify a number...

Страница 43: ...the Control Center you wish to cancel To delete an LDAP server 1 In the Control Center click Status Synchronization Check to be sure that no synchronization is processing You cannot delete a synchron...

Страница 44: ...on server and the process is under way Success The synchronization has completed successfully Failed The synchronization has failed Consult your logs to identify possible causes Status The time at whi...

Страница 45: ...ile error log X where X is a number Rejected Replicating data to Scanners After an LDAP server has been defined to the Control Center and after the synchronization of LDAP data between the LDAP server...

Страница 46: ...tion status information In the Control Center click Status Scanner Replication The following information is displayed Description Item Status can indicate any of the following states Idle Nothing is h...

Страница 47: ...s occurred 2 If a successful synchronization has occurred check your replication status and take one or more of the actions described below To verify that synchronization has completed successfully 1...

Страница 48: ...om the Control Center database to a Scanner database 3 If you see the message No scanners configured for replication make sure you have successfully added an LDAP synchronization server that the initi...

Страница 49: ...ify Control Center access or to regain access to the Control Center To specify Control Center access 1 In the Control Center click Settings Control Center 2 Check All hosts to allow any host access to...

Страница 50: ...ation happens more frequently on private networks than on the public Internet Control Center certificate Through the Control Center you can designate a user interface HTTPS certificate This enhances t...

Страница 51: ...12 hours setting the LDAP synchronization schedule to 53 minutes will help prevent one from starting while the other is in progress 4 Click ReplicateNow to have LDAP data replicated to all attached a...

Страница 52: ...address or fully qualified domain name of a computer that has a working MTA on it Change this information from the default if the Control Center doesn t have a working Scanner Specify the port to use...

Страница 53: ...e mail gateway by assigning replacement values to them Symantec Mail Security lets you implement address masquerading on inbound mail outbound mail or both A typical use of address masquerading is to...

Страница 54: ...s or a combination of spaces and tabs Commas or semicolons are not valid delimiters Note You cannot import a file with extended ASCII or non ASCII characters you can only import files encoded in US AS...

Страница 55: ...il address that translates to one or more other email addresses Windows users may understand this concept as a distribution list You can add an alias as a convenient shortcut for typing a long list of...

Страница 56: ...message To and Cc headers are ignored and not changed Inbound address masquerading has precedence over aliases If the same original email address or domain exists in both the address masquerading lis...

Страница 57: ...s page modify the text in the Aliasdomainoremailaddress box as desired 4 Modify the text in the Domainoremailaddressesforthisalias box as desired 5 Click Save Importing aliases Aliases can be imported...

Страница 58: ...Configuring local domains On the Local Domains page you can view add edit and delete local domains and email addresses for which inbound messages are accepted When adding or editing a local domain yo...

Страница 59: ...l as enable MX lookup If you do not specify a destination host here the domain or email address is routed to the Inbound Relay you configure on the SMTP Settings page See SMTP Scanner settings 4 Click...

Страница 60: ...com smtp 192 168 248 105 local6 com smtp 192 168 248 106 60 To import a list of local domains 1 In the Control Center click Settings Local Domains 2 Click Import 3 On the Import Local Domains page en...

Страница 61: ...will consider this message to be suspected spam and will apply the action you have in place for suspected spam messages such as Modify the Message tagging the subject line Messages that score 90 or a...

Страница 62: ...ngs for suspected spam language identification and software acceleration To configure spam settings 1 In the Control Center click Settings Spam 2 Under Do you want messages to be flagged as suspected...

Страница 63: ...On the LiveUpdate tab click Enable Rapid Response updates Symantec Mail Security checks every 10 minutes after this setting is saved 3 Click Save Working with LiveUpdate Follow these procedures to vie...

Страница 64: ...ch as Sound File Format 6 If you choose to exclude specific file classes you can also select the types of files in that class to be excluded in the File Type list 7 Click the Add File Classes or Add F...

Страница 65: ...ymantec Mail Security generates a bounce message for the recipient Upon receiving the bounce message the sender can resend the original message with the correct address However messages with invalid r...

Страница 66: ...Symantec Mail Security processes certain zip files and other types of compressed files these files can expand to the point where they deplete system memory Such container files are often referred to a...

Страница 67: ...filesizewhenopened box and click KB MB or GB A container is unscannable for viruses if any individual component of the container when unpacked exceeds the size specified 5 Specify a number in the Maxi...

Страница 68: ...Configuring email settings Configuring scanning settings 68...

Страница 69: ...d viruses to suit your requirements Content filtering and Email Firewall policies offer further methods of managing mail flow into and out of your organization Symantec Mail Security provides a wide v...

Страница 70: ...d because it contains a virus based on current Symantec virus filters Virus Virus Email is flagged because it contains a mass mailing worm based on current virus filters from Symantec Mass mailing wor...

Страница 71: ...hments Attachment content Email is flagged based on the text in the Subject line Subject Email is flagged based on the text in the From address From Address Email is flagged based on the text in the T...

Страница 72: ...escribes the filtering actions available for each verdict Table 4 2 Filtering actions by verdict Verdict Description Action Content Compliance Spam Suspected Spam Virus Virus attack Directory harvest...

Страница 73: ...message Delete the message x x x x x Deliver the message Viruses and mass mailing worms are neither cleaned nor deleted Deliver the message normally x x x x x Deliver the message to end user Spam fol...

Страница 74: ...us attachment verdict Hold message in Suspect Virus Quarantine x x x x x Add a tag to the message s Subject line Modify the Subject line x x Using a 5xx SMTP response code notify the sending MTA that...

Страница 75: ...n the Scanner computer On Solaris or Linux you must specify a writable directory Save to disk x x x x x Return the message to its From address with a custom response and deliver it to the recipient Op...

Страница 76: ...t is six hours Message is released and then rescanned after configured number of hours Only available for the suspicious attachment verdict Strip and hold in Suspect Virus Quarantine x x x Remove all...

Страница 77: ...message direction Treat as a mass mailing worm x Process the message using the action s specified in the domain based Allowed Senders List Applies even if the domain based Allowed Senders List is disa...

Страница 78: ...y if the suspected spam policy is disabled or does not apply because of message direction Treat as suspected spam Notes on filtering actions When using Table 4 2 consider the following limitations All...

Страница 79: ...multiple actions for a particular verdict An example follows 1 Defining a virus policy the administrator selects the Virus verdict and then assigns the actions Clean Add annotation and Send notificat...

Страница 80: ...s Spam folder Yes Any except Delete the message Forward the message No Any except Hold message in Suspect Virus Quarantine Deliver the message normally Delete the message Strip and delay If used with...

Страница 81: ...ns Treat as a mass mailing worm No Can t be used with other actions Treat as an allowed sender No Can t be used with other actions Treat as a virus No Can t be used with other actions Treat as spam No...

Страница 82: ...rdict Description Category Stand alone or appended programs that gather personal information through the Internet and relay it back to a remote computer without the user s knowledge Adware might monit...

Страница 83: ...ject the one of those verdicts that appears first in the precedence list see below takes precedence If no matching verdict calls for an action of defer or reject then the matching verdict that appears...

Страница 84: ...ble end user preferences Also lists that you create have precedence over lists created by Symantec However third party DNS blacklists do not have priority over all Symantec lists In the event of a con...

Страница 85: ...p Policy you want to edit 3 Ensure that the Members tab is displayed and click Add 4 Specify members using one or both of the following methods Type email addresses domain names or both in the box To...

Страница 86: ...rom a file 1 On the Members tab of the Add Group page click Import 2 Enter the appropriate path and filename or click Browse to locate the file on your hard disk and then click Import Separate each do...

Страница 87: ...d compliance filter policies on page 94 Selecting virus policies for a group Virus policies determine what to do with inbound and outbound messages that contain any of six categories of threats Table...

Страница 88: ...nbound virus policy Inbound mass mailing worm policy Inbound unscannable message policy Inbound encrypted message policy Inbound suspicious attachment message policy Inbound spyware adware message pol...

Страница 89: ...ncoming email 5 Select the desired policy from each of the following drop down lists Inbound spam policy Inbound suspected spam policy 6 If desired check Enable outbound spam scanning for this group t...

Страница 90: ...dit Group page Although you can add existing policies to the lists on this page you cannot add new compliance policies from this page See Creating compliance policies on page 98 Enabling and disabling...

Страница 91: ...s Lists and block or allow email in specified languages At least one LDAP SyncService server must be configured and enabled In Settings LDAP settings an LDAP source configured for Authentication or Au...

Страница 92: ...uage identification set Language Identification to No on the Spam Settings page That will make the Language tab accessible See Choosing language identification type on page 61 To allow or block email...

Страница 93: ...cy is always the last Group Policy in the list You cannot change the precedence of the Default Group Policy To edit an existing Group Policy On the Group Policy page click the policy name or check the...

Страница 94: ...r Policies Filter Policies contains a table that indicates the status of defined virus spam or compliance policies Table 4 6 describes the options available on the Policy status page Table 4 6 Policy...

Страница 95: ...onditions select one of the following six conditions The message contains a virus If a message contains a virus The message contains a mass mailing worm a worm that propagates itself to other systems...

Страница 96: ...s until a later time when updated virus definitions may be available This provides enhanced protection against new and emerging virus threats By default these messages are held in the Suspect Virus Qu...

Страница 97: ...ups check one or more groups to which this policy should apply You can also add a spam policy to a group on the Spam tab of the Edit Group page 6 Under Conditions select one of the following three con...

Страница 98: ...n keywords that match regular expressions in their headers bodies or attachments Actions specified for custom filter matches will not override actions resulting from matches in your Blocked Senders Li...

Страница 99: ...ant to set your policies so that messages that are matched by compliance policies are quarantined or modified instead of deleted When you are sure the compliance policies are working correctly you can...

Страница 100: ...If you tested that the subject contains this string inkjet Inkjet INKJET Then any message subject containing these strings would be matched INKJET If you tested that a subject contains this string ink...

Страница 101: ...ind all attachments that contain the word discount more than three times Text within an attachment file Attachment content script vbs application octet stream An attachement list file name or MIME typ...

Страница 102: ...ditions For all messeges jane example com jane example com From message header From address jane example com jane example com From To Cc andBcc message headers From To Cc Bcc address Reply To reply to...

Страница 103: ...s or does not match and type a regular expression Attachment content Bcc address Body Cc address Envelope HELO Envelope recipient Envelope sender From address From To Cc Bcc address Subject To address...

Страница 104: ...nt to text wildcard test using matches exactly Starts with does not start with Equivalent to text wildcard test using matches exactly Ends with does not end with Exact match for the supplied text Matc...

Страница 105: ...period b b Match an asterisk 18 18 Match a plus character 18 18 Match a forward slash 123 45 6789 0 9 3 0 9 2 0 9 4 Match any numeral n times for example match a social security number 0 9 n Note Syma...

Страница 106: ...additional information in fields that appear below the condition 7 Click Add Condition and add additional conditions if desired 8 Under Perform the following action click an action For some actions yo...

Страница 107: ...be checked against Open Proxy Senders Suspected Spammers and Safe Senders lists maintained by Symantec Sender authentication provides a way to block forged email Configuring attack recognition Symant...

Страница 108: ...ect all attack types 3 Click Enable to enable the checked attack types or click Disable to disable the checked attack types To configure directory harvest spam and virus attack recognition 1 In the Co...

Страница 109: ...es sent from trusted senders will be treated as spam or filtered in any way Define allowed senders Symantec Mail Security supports a number of actions for mail from a sender or connection in a Blocked...

Страница 110: ...ist that now contains it then add it to the other list Similar entries If you have two entries such as a b com and b com in the two different lists the list with higher precedence wins See About prece...

Страница 111: ...dividual is sending unwanted mail to people in your organization 218 187 0 0 255 255 0 0 After analyzing the received headers to determine the sender s network and IP address add the IP address and ne...

Страница 112: ...t example org Third party services Specify sender addresses or domain names Symantec Mail Security checks the following characteristics of incoming mail against those in your lists MAIL FROM address i...

Страница 113: ...d your network Your network is based on the internal address ranges that you supply to Symantec Mail Security when setting up your Scanners This is why it is important that you accurately identify all...

Страница 114: ...ssage normally if desired 7 Click Save on the Edit Sender Group page Deleting senders from lists Follow the steps below to delete senders To delete senders from your Blocked Senders Lists or Allowed S...

Страница 115: ...2 Click one of the Blocked or Allowed Sender groups depending on the list that you want to work with A red x in the Enabled column indicates that the entry is currently disabled A green check in the...

Страница 116: ...lation Do not change the first three uncommented lines dn cn mailwall uninvitedads com ou bmi objectclass top objectclass uiaBlackWhiteList After the header each line contains exactly one attribute al...

Страница 117: ...connection or network Specify a numerical IP address numerical IP address and network mask or CIDR IP address RC AS example com AS spammer example org AS john example com Allowed sender Specify an em...

Страница 118: ...m your Blocked Senders Lists or Allowed Senders Lists 1 In the Control Center click Policies Sender Groups 2 Click any of the Blocked Senders or Allowed Senders Lists The entries for all Blocked Sende...

Страница 119: ...udes a hard outbound email policy one that requires compliance and it does not match the sending IP address the specified action is taken on the message If the IP address matches or the domain publish...

Страница 120: ...e Managing policy resources The settings under Policy Resources are used in the conditions or actions for policies Annotating messages Annotations are phrases or paragraphs that are placed at the begi...

Страница 121: ...art annotation For messages containing both text and HTML MIME parts the configuration of each recipient s email client e g Microsoft Outlook may determine which part is displayed Annotation guideline...

Страница 122: ...ion text in the HTML box You can use HTML formatting tags if desired See How plain text and HTML text is added to messages on page 120 7 Choose a character encoding for the HTML annotation if you ve s...

Страница 123: ...he archive server host in the Archive server port box Port 25 the usual port for SMTP messages is the default 5 Check or uncheck Enable MX Lookup to enable or disable MX lookup for the archive server...

Страница 124: ...pecific types of email attachments For example you could create an attachment list that matches messages containing exe files By adding that attachment list to a policy you could strip attachments fro...

Страница 125: ...ly three letters at the end of a file that by convention indicates the type of the file Extension text plain image gif application msword application octet stream The MIME type of the attachment in th...

Страница 126: ...f the page 6 Repeat steps 4 and 5 to add more conditions as desired If needed you can click on a condition in the list and click Delete to delete that condition 7 Click Save Configuring dictionaries A...

Страница 127: ...Policies Dictionaries 2 Click Add 3 In the Dictionary name field type a name for the dictionary This is the name that appears on the Dictionaries page and in the drop down list for the Any part of the...

Страница 128: ...ts Alerts are sent automatically when certain system problems occur such as low disk space Note that the original message is delivered to the original recipients unless you specify an additional actio...

Страница 129: ...rs 6 Choose a character encoding for the Subject ISO 8859 1 and UTF 8 are appropriate for European languages Windows 31j EUC JP and ISO 2022 JP are appropriate for Japanese 7 In the Subject box type t...

Страница 130: ...Configuring email filtering Managing policy resources 130...

Страница 131: ...ontrol Center You can route spam suspected spam or both to Spam Quarantine so that administrators and users at your site can check for false positives meaning messages that have been marked as spam th...

Страница 132: ...al fashion See Notification for distribution lists aliases on page 144 Working with messages in Spam Quarantine for administrators This section describes how Spam Quarantine works for administrators O...

Страница 133: ...From Subject or Date column heading to select the column by which to sort A triangle appears in the selected column that indicates ascending or descending sort order Click on the selected column head...

Страница 134: ...ed messages To search messages Type in one of the search boxes or specify a date range to search messages for a specific recipient sender subject message ID or date range See Searching messages on pag...

Страница 135: ...ox When a Quarantine administrator clicks Release the message is delivered to the inbox of each of the intended recipients The administrator message list page includes a To column containing the inten...

Страница 136: ...message to the intended recipient This also removes the message from Spam Quarantine Depending on how you configured Spam Quarantine a copy of the message may also be sent to an administrator email ad...

Страница 137: ...only have access to Spam Quarantine not the rest of the Control Center Searching messages Type in one or more boxes or choose a time range to display matching messages in the administrator Spam Quaran...

Страница 138: ...sually forged The visible message From header may contain different information than the message envelope To search subject headers Type in the Subject box to search the Subject header in all messages...

Страница 139: ...ntics Searching for a subject with the search target in will match Lowest rate in 45 years RE re Sublime Bulletin verification Up to 85 off Ink Cartridges no shipping and Re finance at todays super lo...

Страница 140: ...isidentified messages However an SMTP mail server must be available to receive notifications and misidentified messages sent by Spam Quarantine Set this SMTP server on the Control Center Settings page...

Страница 141: ...ise quarantined messages back up in the delivery MTA queue until the expiration time elapses and then bounced back to the original sender Configuring Spam Quarantine for administrator only access If y...

Страница 142: ...in a new window You can customize the login help by specifying a custom login help page This change only affects the login help page not the rest of the online help This method requires knowledge of H...

Страница 143: ...To send copies of misidentified messages to a local administrator under Misidentified Messages click Administrator and type the appropriate email address These messages should be sent to someone who...

Страница 144: ...n digest can view all the quarantined distribution list messages If the Include Release link box is selected recipients of the notification digest can release quarantined distribution list messages If...

Страница 145: ...art time drop down lists 5 Click Save Changing the notification digest templates The notification digest templates determine the appearance of notification messages sent to users as well as the messag...

Страница 146: ...umber of days messages in Spam Quarantine will be kept After that period messages will be purged QUARANTINE_DAYS URL that the user clicks on to display the Spam Quarantine login page QUARANTINE_URL Us...

Страница 147: ...changes to the notification template and close the template editing window Cancel 8 Click Save on the Quarantine Settings page Enabling notification for distribution lists You can configure Spam Quar...

Страница 148: ...summary When a user clicks on the View link in a notification digest message the selected message is displayed in Spam Quarantine in the default browser This check box is only available if you choose...

Страница 149: ...t 10 000 messages can be deleted Increase the Expunger frequency if your organization receives a very large volume of spam messages To set the Spam Quarantine message retention period 1 In the Control...

Страница 150: ...When a new message arrives after the threshold has been reached a group of the oldest messages are deleted and the new message is kept Maximum number of messages Maximum number of quarantine messages...

Страница 151: ...sages If you check the log file as described in Checking the Control Center error log and see lines similar to those listed below the messages forwarded from the Scanner to Spam Quarantine are larger...

Страница 152: ...istribution lists aliases on page 144 Undeliverable quarantined messages go to Spam Quarantine postmaster If Spam Quarantine can t determine the proper recipient for a message received by Symantec Mai...

Страница 153: ...spam messages but others get a message saying that there are no messages to display after logging in to Spam Quarantine there may be a problem with the Active Directory LDAP configuration If the user...

Страница 154: ...messages appear in Spam Quarantine You may notice multiple copies of the same message when logged into Spam Quarantine as an administrator When you read one of the messages all of them are marked as r...

Страница 155: ...e email address make sure the email address is not an email alias The administrator email address for misidentified messages must be a primary email address including the domain name such as admin exa...

Страница 156: ...Working with Spam Quarantine Configuring Spam Quarantine 156...

Страница 157: ...examination in the Suspect Virus Quarantine for up to 24 hours Suspect Virus Quarantine functions are governed in part by specific settings and in part by defined virus filter policies associated wit...

Страница 158: ...not make changes to those settings and they cannot release or delete messages Checking for new Suspect Virus Quarantine messages New messages that have arrived since logging in and checking quarantine...

Страница 159: ...nded recipient This also removes the message from Suspect Virus Quarantine Note Releasing messages requires access to the IP address of the Control Center If you are limiting inbound or outbound SMTP...

Страница 160: ...Suspect Virus Quarantine behavior When you navigate to a different page of messages the status of the check boxes in the original page is not preserved For example if you select three messages in the...

Страница 161: ...ail Security searches only for the user name portion of user_name example com The search is limited to the envelope To which may contain different information than the header To displayed on the messa...

Страница 162: ...he amount of time required for the search is dependent on how many search boxes you filled in and the number of messages in the current mailbox Searching in the administrator mailbox will take longer...

Страница 163: ...Otherwise quarantined messages back up in the delivery MTA queue until the expiration time elapses and then bounce back to the original sender Configuring the size for Suspect Virus Quarantine You can...

Страница 164: ...Working with Suspect Virus Quarantine Configuring Suspect Virus Quarantine 164...

Страница 165: ...TP Service or your installed MDA is working properly with the Scanner to deliver legitimate mail by sending an email to a user To test delivery of legitimate mail 1 Send an email with the subject line...

Страница 166: ...account used in step 5 8 In the Control Center click Status Overview after several minutes have passed The Spam counter on the Overview page increases by one if filtering is working Testing antivirus...

Страница 167: ...y newly arrived messages are added to the message list and displayed in accordance with the sorting order Symantec Mail Security must be configured to forward spam messages to Spam Quarantine If the d...

Страница 168: ...that does not contain any viruses 6 In the Control Center click Quarantine Spam Quarantine 7 Click Show Filters and type Test Spam Message in the Subject box 8 Click Display Filtered Testing Symantec...

Страница 169: ...Table 8 1 describes the available alert settings Table 8 1 Alert settings Explanation Alert setting The email address that appears in the notification s From header Send from The number of virus outbr...

Страница 170: ...n errors have been logged These errors are caused by problems in the replication of LDAP data from the Control Center to attached and enabled Scanners Only messages that log at the error level cause a...

Страница 171: ...cations 1 In the Control Center click Settings Alerts 2 Under Notification Sender enter an email address in the Send from field To specify alert conditions 1 Under Alert Conditions check the alert con...

Страница 172: ...the Control Center the database and LDAP Quarantine Release logs indicate which mail messages were released from the Quarantine and when Log type drop down Select the type of actions to log system eve...

Страница 173: ...mation is displayed when you click Display wait a few minutes then click Display again About logs You can configure log settings for Symantec Mail Security components on each Scanner in your system an...

Страница 174: ...slog Unix Linux Enable logging to Event Viewer Syslog To configure log settings for host 1 In the Control Center click Settings Logs 2 Under System Logging choose a host from the Host drop down list 3...

Страница 175: ...e logging to System Event Viewer running on Windows or to Syslog running on Unix or Linux check Enable logging to Event Viewer Syslog 10 Click Save to save your settings Warning Because logging data f...

Страница 176: ...Configuring alerts and logs About logs 176...

Страница 177: ...nting saving and emailing reports Scheduling reports to be emailed About reports Symantec Mail Security reporting capabilities provide you with information about filtering activity at your site includ...

Страница 178: ...store report data In particular the sender statistics usually consume a large amount of disk space See Setting the retention period for report data on page 188 To enable data tracking for reports 1 In...

Страница 179: ...nd content compliance policy Overview None The average size of messages in KB Average Message Size None Total size in KB of all messages in the report and total size of each grouping Total Message Siz...

Страница 180: ...maximum number of IP addresses to list for the specified time range Top Sender IP Connections Recipient domains Recipient domains for which the most messages have been processed For each recipient do...

Страница 181: ...and unscannable messages are listed Specify the maximum number of email addresses to list for the specified time range Top Senders Senders Sender domains Number of virus messages detected from a send...

Страница 182: ...ages detected for a recipient email address that you specify For each grouping the virus to total processed percentage total processed and the number of viruses worms and unscannable messages are list...

Страница 183: ...each HELO domain the spam to total processed percentage total processed and the number of spam suspected spam blocked and allowed messages are listed Specify the maximum number of HELO domains to list...

Страница 184: ...iance reports Table 9 4 Available Content Compliance reports Required Data Storage Options Displays Report Type None Total messages processed and number and percentage of content compliance policies t...

Страница 185: ...cipient domain the total messages processed and number and percentage of content compliance policies triggered are listed Specify the maximum number of recipient domains to list for the specified time...

Страница 186: ...he total messages processed and number and percentage of spam attacks are listed Top Spam Attacks Table 9 6 describes the available Sender Authentication reports Table 9 6 Available Sender Authenticat...

Страница 187: ...thentication attempts are listed Top Failed Senders Table 9 7 describes the available SMTP connection reports Table 9 7 Available SMTP connection reports Required Data Storage Options Displays Report...

Страница 188: ...ums and averages for the entire time period listed in the overview table Chart overview Displays bar graph s for each item in the report type chosen A maximum of 20 items can be displayed in a bar gra...

Страница 189: ...ew Reports 3 Click a report in the Report drop down list See tables Table 9 1 through Table 9 8 for a description of each report 4 For reports that filter on specific recipients such as Spam Specific...

Страница 190: ...later and also edit saved reports Follow these steps to save or edit Favorite Reports To save a Favorite Report 1 Follow steps 1 through 10 in Running reports 2 Click Add to Favorites The fields unde...

Страница 191: ...ts even if you are not currently tracking data This will happen if you were collecting data in the past and then turned off data tracking The data collected are available for report generation until t...

Страница 192: ...on where the report is generated If the Control Center is in Greenwich the resulting report counts it in GMT the local time zone so it increases the spam count for April 24 If the Control Center is i...

Страница 193: ...t counted as received If 100 messages are deferred or rejected the recipient count for those messages is 0 Reports limited to 1 000 rows The maximum size for any report including a scheduled report is...

Страница 194: ...To save a report 1 After creating and running a report as described in Running reports click the desired save button 2 Choose the appropriate options on the Save dialog box To email reports 1 After cr...

Страница 195: ...nder Report Format click one of the following to specify the format HTML formats the report in HTML format Check Chart Table or both See About charts and tables on page 188 CSV formats the report in c...

Страница 196: ...so click the underlined report name to jump directly to the edit page for the report 3 Make any changes to the settings 4 Click Save To delete a scheduled report 1 In the Control Center click Reports...

Страница 197: ...e means of checking and displaying system host and message status Status information is combined with options for changing what is displayed as well as with actions you can take based on the informati...

Страница 198: ...ast 24 hours not including the current hour The Last 30 Days graph displays data for the past 30 days not including today At the next hour data from 00 to 59 minutes will be displayed in the Last 24 H...

Страница 199: ...d messages such as alerts emailed reports and messages forwarded to the Spam Quarantine To view totals information In the Control Center click Status Message Details Message queues You can view messag...

Страница 200: ...from standard scanner logging is that logged information is specifically associated with a message Note Log entries for messages are created after all policy actions applicable to a message have take...

Страница 201: ...that message searches not exceed one week Time range See Table 10 1 Mandatory filter See Table 10 2 Optional filter Table 10 1 describes the items you can choose from for your single required filter T...

Страница 202: ...he message Group policy Name of the filter policy applied to the message Filter policy Name of the virus attached to the message Virus Name of a file attached to the message Attachment Whether the mes...

Страница 203: ...le hosts 1 In the Control Center click Status Host Details 2 Choose a host to examine To view additional component information Click the plus sign where available next to any component to view additio...

Страница 204: ...he Synchronize Changes button is not available to Domino users Use Full Synchronization instead To synchronize more than 1 000 directory entries before the next update On the LDAP Synchronization page...

Страница 205: ...ication page The following steps describe how to perform some common tasks on the Scanner Replication page To view the status of replication for a host In the Control Center click Status Scanner Repli...

Страница 206: ...the Control Center click Status Host Details 2 Select a host from the drop down list 3 Click Configure Host 4 Make any changes to the host or its included components and services See To edit a Scanne...

Страница 207: ...indicates that the Scanner is enabled 2 To disable a Scanner that is currently enabled check the box next to the Scanner and click Edit 3 Click Do not accept incoming messages 4 Click Save 5 Allow mes...

Страница 208: ...he Control Center click Administration Administrators 2 Click Add 3 Type the user name and password and confirm the password 4 Enter the email address of the administrator 5 If this administrator is t...

Страница 209: ...ensed entry a status of Licensed is shown For an unlicensed product ask your Symantec representative about getting a license file through which to register the product License files must be placed on...

Страница 210: ...r use sudo to run the following command etc init d smssmtp_mysql start To stop Control Center processes 1 To stop Tomcat and related processes such as the Expunger and Notifier on Windows use the Cont...

Страница 211: ...Source at com brightmail dl jdbc impl DatabaseSQLManager handleUpdate Unknown Source at com brightmail dl jdbc impl DatabaseSQLTransaction create Unknown Source at com brightmail bl bo impl SpamManag...

Страница 212: ...10 7 Change the number after MaxBackupIndex to the desired number such as 40 This setting determines the number of saved BrightmailLog log files For example if you specify 2 BrightmailLog log contains...

Страница 213: ...f can t be stopped using the Control Center Starting and stopping Windows services Table 10 3 describes the Windows services of Symantec Mail Security Table 10 3 Windows services Description Process i...

Страница 214: ...Server Provides unified view of LDAP data to SyncService Enquire exe SMSENQUIRESVC SMS Virtual Directory Server Start or stop Windows services You can start and stop Windows services from the Service...

Страница 215: ...and antispam filters smssmtpconnector Mail transfer agent that routes email smssmtpmta Start or stop UNIX services Follow these procedures to start or stop UNIX services To start UNIX services Log in...

Страница 216: ...he Symantec software is running MySQL must be running when you perform backups For complete instructions on performing backups of MySQL data see MySQL documentation The following MySQL commands are su...

Страница 217: ...TP tomcat work Catalina localhost brightmail dzq Windows C Program Files Symantec SMSSMTP tomcat work Catalina localhost brightmail dzq To restore Spam Quarantine and Suspect Virus Quarantine tables f...

Страница 218: ...sword PASSWORD host 127 0 0 1 brightmail spam_quarantine sql To save Suspect Virus Quarantine tables 1 Type the following command mysqldump user brightmailuser password PASSWORD opt brightmail setting...

Страница 219: ...tware UNIX opt Symantec SMSSMTP tomcat work Catalina localhost brightmail dzq Windows C Program Files Symantec SMSSMTP tomcat work Catalina localhost brightmail dzq Maintaining adequate disk space Use...

Страница 220: ...Administering the system Periodic system maintenance 220...

Страница 221: ...products to provide a central point of control of security within an organization It provides a common management framework for Information Manager enabled security products such as Symantec Mail Secu...

Страница 222: ...is purchased and installed separately The appliance must be installed and working properly before you can configure Symantec Mail Security to log events to the SSIM For more information see the Symant...

Страница 223: ...sage statistics Table A 1 Settings for Message statistics Value Setting Message stats Type opt Symantec SMSSMTP scanner stats Path for Linux Solaris c Program Files Symantec SMSSMTP scanner stats Path...

Страница 224: ...ty Event ID SES_EVENT_ Unique ID Connection Permitted symc_firewall_network Informational SES_EVENT_CONNECTION_ACCEPTED 512000 Connection Rejected symc_firewall_network Informational SES_DETAIL_CONNEC...

Страница 225: ...events that Symantec Mail Security for SMTP can send to the Information Manager Table A 6 Message events that are sent to the Information Manager Rule Description Reason sent Event class Severity Eve...

Страница 226: ...SES_EVENT_HOST_INTRUSION 1032000 User login failed symc_host_intrusion Warning SES_EVENT_HOST_INTRUSION 1032000 Enable add host symc_config_update Informational SES_EVENT_CONFIGURATION_CHANGE 92008 D...

Страница 227: ...ers imported symc_config_update Informational SES_EVENT_CONFIGURATION_CHANGE 92008 Group policy members imported symc_config_update Informational SES_EVENT_CONFIGURATION_CHANGE 92008 Component is not...

Страница 228: ...Integrating Symantec Mail Security with Symantec Security Information Manager Interpreting events in the Information Manager 228...

Страница 229: ...omputer viruses API application programming interface The specific methodology by which a programmer writing an application program can make requests of the operating system or another application arc...

Страница 230: ...tificate A file that is used by cryptographic systems as proof of identity It contains a user s name and public key Certificate Authority signed SSL A type of Secure Sockets Layer SSL that provides au...

Страница 231: ...rk and an external network to provide an additional layer of security Sometimes called a perimeter network DNS Domain Name Server proxy An intermediary between a workstation user and the Internet that...

Страница 232: ...n A suffix consisting of a period followed by several letters at the end of a file that by convention indicates the type of the file false positive A piece of legitimate email that is mistaken for spa...

Страница 233: ...for exchanging files text graphic images sound video and other multimedia files on the World Wide Web Similar to the TCP IP suite of protocols the basis for information exchange on the Internet HTTP i...

Страница 234: ...etwork where mail servers are located All other mail servers are downstream from the mail servers located at the messaging gateway MIME Multipurpose Internet Mail Extensions A protocol used for transm...

Страница 235: ...ender group packet A unit of data that is formed when a protocol breaks down messages that are sent along the Internet or other networks Messages are broken down into standard sized packets to avoid o...

Страница 236: ...s Probe Network Partners Used by Symantec Security Response for the detection of spam the Probe Network has a statistical reach of over 300 million email addresses and includes over 2 million probe ac...

Страница 237: ...based on data from the Probe Network Part of the Sender Reputation Service Safe Senders is a sender group in Symantec Mail Security You can specify actions to take on messages from each sender group...

Страница 238: ...butes and descriptive text This is more precisely referred to as signature data site A collection of one or more computers hosting Symantec Mail Security in which exactly one computer hosts a Control...

Страница 239: ...y identifying the network of the local host The subnet mask is a required configuration parameter for an IP host A local bit mask set of flags that specifies which bits of the IP address specify a par...

Страница 240: ...ng the next generation of threats using its worldwide intelligence network and unmatched insight The team delivers the bi annual Internet Security Threat Report that identifies critical trends statist...

Страница 241: ...n specific keys and message integrity checks TLS provides some improvements over SSL in security reliability interoperability and extensibility See also SSL toolbar The various rows below the menu bar...

Страница 242: ...other programs like a traditional virus but creates copies of itself which create even more copies WWW WorldWideWeb An application on the Internet that allows for the exchange of documents formatted...

Страница 243: ...creating antispam policies 96 language based 92 sender authentication 119 Spam Quarantine 131 verify filtering 165 verify filtering to Spam Quarantine 167 antivirus filters create antivirus policies...

Страница 244: ...o Blocked Senders Lists 113 import local domains 59 specify routing for local domains 58 double byte character sets configure the Control Center for 52 duplicate messages in Spam Quarantine 154 E emai...

Страница 245: ...43 LDAP continued configure settings 36 delete LDAP server 43 edit LDAP server 40 initiate an LDAP synchronization cycle 42 license add manage view 209 lists Allowed Senders Lists 110 attachment list...

Страница 246: ...fication Spam Quarantine change frequency of 145 choose format 148 configuring digests 143 edit template subject address 146 for distribution lists aliases 144 notifications 128 O Open Proxy Senders e...

Страница 247: ...t data retention period 189 configure Spam Quarantine message retention period 149 retention continued data retention for report information default 192 routing specify for local domains 58 S Safe Sen...

Страница 248: ...og check 210 Expunger 149 login help page customize 142 maximum number of messages 154 message details page 136 message list page 133 message navigation 134 136 Spam Quarantine continued message redel...

Страница 249: ...hird party lists add to Allowed Senders List 114 add to Blocked Senders List 113 thresholds set Spam Quarantine message and size 150 time search Spam Quarantine using Time Range 139 search Suspect Vir...

Отзывы:

Нет отзывов

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды