background image

19

Planning your deployment

General deployment considerations

For information on using LDAP SyncService, see the 

Symantec Mail Security for 

SMTP Administration Guide

Load balancing 

Symantec Mail Security for SMTP is not intended to be used for load balancing. 
Administrators can associate only one host name or IP address as the MTA to 
which email is relayed. You must implement multiple Scanners to perform load 
balancing. 

Adjusting MX records

When you implement Symantec Mail Security for SMTP in front of a separate 
MTA that receives inbound messages, you must to change the DNS mail 
exchange (MX) records. The records must point incoming messages to the 
system. Symantec Mail Security for SMTP should have a higher priority than 
the existing MTA.

However, if you simply list Symantec Mail Security for SMTP as a higher- 
weighted MX record in addition to the existing MX record, spammers can look 
up the previous MTA’s MX record. This allows them to send spam directly to the 
old server, bypassing your spam filtering. To prevent spammers from 
circumventing the new spam-filtering servers, you should do one of the 
following: 

Remove the previous MTA’s MX record from DNS.

Block off the MTA from the Internet using a firewall. 

Modify the firewall’s network address translation (NAT) tables to route 
external IP addresses to internal non-routable IP addresses. You can then 
map from the old server to Symantec Mail Security for SMTP.

When naming Symantec Mail Security for SMTP, ensure that the name you 
choose does not imply its function. For example, antispam.yourdomain.com, 
symantec.yourdomain.com, or antivirus.yourdomain.com are not good 
choices.

Adjusting RAM and MySQL threads

The Control Center is a combination of Tomcat and MySQL applications. Tomcat 
provides the Web-based interface, and MySQL is the database storage. Their 
default configuration performs well in installations with a single Scanner and 
low volume email traffic. In installations where multiple Scanners or large 
amounts of spam are processed, increasing the amount of RAM allocated to 

Содержание 10765539 - Mail Security For SMTP

Страница 1: ...Symantec Mail Security for SMTP Planning Guide...

Страница 2: ...by any means without prior written authorization of Symantec Corporation and its licensors if any THE DOCUMENTATION IS PROVIDED AS IS AND ALL EXPRESS OR IMPLIED CONDITIONS REPRESENTATIONS AND WARRANT...

Страница 3: ...rade insurance that delivers automatic software upgrade protection Content Updates for spam and virus definitions and security signatures that ensure the highest level of protection Global support fro...

Страница 4: ...leshooting performed prior to contacting Symantec Recent software configuration changes and or network changes Customer Service To contact Enterprise Customer Service online go to http www symantec co...

Страница 5: ...Chapter 2 Planning your deployment General deployment considerations 17 MTA usage 17 Configuring Scanners 17 Positioning with other filtering products 18 Filtering internal deliveries 18 LDAP compatib...

Страница 6: ...e requirements 27 Minimum hardware requirements 27 Minimum software requirements 28 Reserved ports 31 Factors that affect performance 32 Hardware components that affect performance 32 Environmental fa...

Страница 7: ...rehensive gateway based email security solution through the following Antispam technology Symantec s state of the art spam filters assess and classify email as it enters your site Antivirus technology...

Страница 8: ...r system system logs and extensive customizable reporting Use it to configure both system wide and host specific details The Control Center provides the Setup Wizard for initial configuration of all S...

Страница 9: ...Architecture Architecture Your Symantec Mail Security for SMTP installation processes a email message as follows For the sake of discussion our sample message passes through the Filtering Engine to th...

Страница 10: ...cked against end user defined Language settings The Transformation Engine performs actions per recipient based on filtering results and configurable Group Policies New features for all users Table 1 1...

Страница 11: ...supported LDAP servers Expanded variety of actions and combinations More than two dozen actions that can be taken on messages with many combinations of multiple actions available Expanded mail contro...

Страница 12: ...ross all servers with one interface Group Policies Create separate inbound and outbound policies for an unlimited number of groups of users You can specify groups of users based on email addresses dom...

Страница 13: ...cklists Configurable administrator timeout for the management interface Changes for Symantec Brightmail Antispam users Although the product name has changed if you were a Symantec Brightmail Antispam...

Страница 14: ...policies for each user group Flexible mail management More flexible Group Policies Use LDAP groups to populate groups for Group Policies Multiple actions Specify more than one action to take on specif...

Страница 15: ...for more information about your product The following online resources are available Provides access to the technical support Knowledge Base newsgroups contact information downloads and mailing list s...

Страница 16: ...16 Introducing Symantec Mail Security for SMTP Where to get more information...

Страница 17: ...filtering activities Note Symantec Mail Security for SMTP provides neither mailbox access for end users nor message storage it is not suitable for use as the only MTA in your email infrastructure Con...

Страница 18: ...data from your company s LDAP accessible directories with its own database SyncService lets Symantec Mail Security for SMTP re normalize and index the data to fit the needs of Scanner Control Center a...

Страница 19: ...ord This allows them to send spam directly to the old server bypassing your spam filtering To prevent spammers from circumventing the new spam filtering servers you should do one of the following Remo...

Страница 20: ...ng Secure Email Services and relaying mail to other relay layers or to the user facing mail server layer On all configured server computers port 443 must be configured to permit outbound connections t...

Страница 21: ...cannot be installed on the server running Exchange Multi tier gateway deployment Note This model may be implemented with one or more Scanner hosts The following figure shows Symantec Mail Security for...

Страница 22: ...s to take individual Scanners offline for maintenance without incurring downtime This scenario enables load balancing of filtered mail across multiple downstream MTAs Considerations This approach requ...

Страница 23: ...TAs downstream Figure 2 3 Post Gateway deployment Advantages If you have a customized MTA or specific business needs then running this configuration may outweigh the extra overhead and loss of functio...

Страница 24: ...24 Planning your deployment Deployment models...

Страница 25: ...roup of actions to perform given a particular verdict Each category of unwanted email includes one or more verdicts conclusions reached on a message by the filtering process Symantec Mail Security for...

Страница 26: ...mantec Mail Security for SMTP Administration Guide for more information Deployment considerations The following table lists deployment considerations for select actions Table 3 1 Deployment considerat...

Страница 27: ...tion gives detailed requirements for each supported platform Minimum hardware requirements Hardware requirements vary depending on the number of email users and the amount of email traffic The minimum...

Страница 28: ...cessor or compatible 1 GB RAM minimum 2 GB or more recommended 512 MB disk space minimum 2 GB or more recommended Solaris UltraSPARC processor 1 GB RAM minimum 2 GB or more recommended 512 MB disk spa...

Страница 29: ...Security for SMTP component on that computer After installation The subfolder where Symantec Mail Security for SMTP is installed and its subdirectories are created with the default permissions relativ...

Страница 30: ...ity for SMTP Installation Guide for more information Alias Create a mail alias for the mailwall account so that all mail sent to mailwall is read by an administrator Domain name A fully qualified doma...

Страница 31: ...y bound ports Port Component or function 22 Control Center to internal server connection 3306 MySQL database connection 11000 11004 LDAP sync 11011 11013 LDAP sync 41025 Spam Quarantine 41000 BMI clie...

Страница 32: ...age but powerful CPUs and memory especially if virus scanning is enabled Disk space The Control Center likely needs much more disk space depending on the volume of logging reporting and quarantined me...

Страница 33: ...documentation for more information External MTA performance If appropriate determine the performance of the MTA sending incoming email to your MTA and the performance of your gateway MTAs and message...

Страница 34: ...ons refer to the Symantec Mail Security for STMP Administration Guide Control Center performance considerations The Control Center is used to start and stop servers view logs and reports set configura...

Страница 35: ...per day into Spam Quarantine The more messages placed in the Spam Quarantine the larger the database and the more processing required Reduce the maximum size of the Spam Quarantine database by deletin...

Страница 36: ...36 Understanding system requirements Factors that affect performance...

Страница 37: ...Symantec Mail Security for SMTP new or changed features 11 filtering intra enterprise 18 performance considerations 33 Filtering Engine 10 Filtering Hub 10 filters email categories for 25 verdicts 25...

Страница 38: ...arantine 35 ports reserved 31 positioning with other filtering products 18 post gateway deployment 23 advantages 23 considerations 23 R requirements 27 28 reserved ports 31 S Scanners 8 configuring 17...

Отзывы: