Installing Symantec Mail
Security for Microsoft
Exchange
This chapter includes the following topics:
■ Before you install
■ System requirements
■ Security and access permissions
■ Installing on a single server
■ Installing on multiple servers
■ Installing to Exchange Servers with Microsoft Clustering Service
■ Installing the user interface separately
■ Implementing SSL
34 Installing Symantec Mail Security for Microsoft Exchange Before you install
Before you install
You can use Symantec Mail Security to monitor mail security on one or more Exchange Servers.
Before you install Symantec Mail Security, ensure that all preinstallation and system requirements are met. Review the information that describes where key files are located and how security is set up. In addition, ensure that you have an installation plan that best matches your organization’s needs.
See“System requirements” on page 38.
See“Software component locations” on page 35. See“Security and access permissions” on page 40.
If you are running Symantec Brightmail™ AntiSpam on the same server on which you want to install Symantec Mail Security, you must uninstall Symantec Brightmail AntiSpam before installing Symantec Mail Security.
If you are installing Symantec Mail Security on a single Exchange Server, follow the instructions for a single-server installation.
See“Installing on a single server” on page 41.
If your organization is running multiple Exchange Servers, you can manage Symantec Mail Security from the same user interface as with a single server. See“Installing on multiple servers” on page 44.
Note: The email tools feature of Symantec AntiVirus Corporate Edition is not compatible with Microsoft Exchange or Symantec Mail Security for Microsoft Exchange and must be uninstalled prior to installing Symantec Mail Security.
Note: To install Symantec Mail Security components correctly, you must be logged on as a Windows domain administrator.
35 Installing Symantec Mail Security for Microsoft Exchange
Before you install
Software component locations
Table 2-1 lists the default location in which Symantec Mail Security software components are installed.
Table 2-1 Software component locations
Component Location
Symantec Mail Security program files
C:\Program Files\Symantec\SMSMSE\5.0\Server
Quarantined items in encrypted format
Note: You should configure all antivirus file system scanners to exclude scanning of the quarantine directory. Those system scanners may try to scan and delete Symantec Mail Security files that are placed in the quarantine directory during its quarantine process.
C:\Program Files\Symantec\SMSMSE\5.0\Server \Quarantine
Reporting data C:\Program Files\Symantec\SMSMSE\5.0\Server \Reports
Data files for reports created by user
C:\Program Files\Symantec\SMSMSE\5.0\Server \Reports\<report name>
File type can be .csv, .html, xml, or image file Report templates C:\Program Files\Symantec\SMSMSE\5.0\Server
\Reports\Templates Symantec directory that
contains matchlist files
C:\Program Files\Symantec\SMSMSE\5.0\Server \MatchLists
Symantec directory that contains heuristic antispam configuration files, allowed senders files, and Symantec Premium AntiSpam configuration files
C:\Program Files\Symantec\SMSMSE\5.0\Server \SpamPrevention
36 Installing Symantec Mail Security for Microsoft Exchange Before you install
Location where Symantec Mail Security scans items
Note: You should configure all antivirus products that scan files to exclude scanning of the Temp directory. Those system scanners may try to scan and delete Symantec Mail Security files that are placed in the Temp directory during its scanning process.
C:\Program Files\Symantec\SMSMSE\5.0\Server \Temp
Symantec directory that contains the dynamic-link libraries for Symantec Premium AntiSpam
C:\Program Files\Symantec\SMSMSE\5.0\Server \bin
Symantec directory that contains manual scan configuration data
C:\Program Files\Symantec\SMSMSE\5.0\Server \Config
Symantec directory that contains configuration files for allowed and blocked senders for Symantec Premium AntiSpam
C:\Program Files\Symantec\SMSMSE\5.0\Server \etc
Symantec directory that contains component logs for Symantec Premium AntiSpam
C:\Program Files\Symantec\SMSMSE\5.0\Server \logs
Symantec directory that contains the rule update log file for Symantec Premium AntiSpam
C:\Program Files\Symantec\SMSMSE\5.0\Server \stats
User interface files C:\Program Files\Symantec\SMSMSE\5.0\UI Component to update virus
definitions
C:\Program Files\Symantec\LiveUpdate
Symantec directory to which new virus definitions are installed
C:\Program Files\Common Files\SymantecShared \VirusDefs
Table 2-1 Software component locations (Continued)
37 Installing Symantec Mail Security for Microsoft Exchange
Before you install
Start menu shortcut
A Symantec Mail Security shortcut is placed in the following Windows Start menu groups:
Start > Programs > Symantec Mail Security for Microsoft Exchange > Server Management Console
An icon is also placed on the desktop for easy access.
In addition, a LiveUpdate properties control panel is placed in the following Windows Control Panel group to manually configure the LiveUpdate connection method, if necessary:
Start > Settings > Control Panel > Symantec LiveUpdate
Preventing conflicts with other antivirus software
You must stop any other antivirus software on the server on which you want to install Symantec Mail Security. After installation, you should re-enable the antivirus protection.
Symantec directory in which license files are stored
C:\Program Files\Common Files\SymantecShared \Licenses
Symantec directory that contains the Verity content extraction component
C:\Program Files\Symantec\SMSMSE\5.0\Server\Verity \bin
Symantec directory that contains the Symantec Mail Security web service components
C:\Program Files\Symantec\SMSMSE\5.0\Server \DExLService\bin
.NET Framework 1.1 service pack 1.1
C:\Windows\Microsoft.NET\Framework
SESA agent installation files C:\Program Files\Server\AgtInst bmi rulesets C:\Program Files\Server\
Table 2-1 Software component locations (Continued)
38 Installing Symantec Mail Security for Microsoft Exchange System requirements
If another antivirus product is installed on the Symantec Mail Security server, the competing product may try to scan and delete Symantec Mail Security for Microsoft Exchange files that are placed in the Temp and quarantine directories during its scanning process.
See“Software component locations” on page 35.
If you are running a desktop antivirus product on the server on which you want to install Symantec Mail Security, you must configure the desktop product not to scan the Temp and quarantine directories that are used by Symantec Mail Security. Scanning these directories will cause significant operational problems with the software.
You must remove Symantec AntiVirus Corporate Edition email tools prior to installing Symantec Mail Security.
You should not configure two Symantec products to update virus definitions. If you have Symantec AntiVirus Corporate Edition installed, the recommended course is to allow that product to update virus definitions.
System requirements
Symantec Mail Security runs on Microsoft Windows 2000 Server/ Server 2003 on the Intel platform. You must have domain administrator-level privileges to install Symantec Mail Security.
The server system requirements are as follows:
Operating system ■ Windows 2000 Server/Advanced Server /Data Center SP4
■ Windows Server 2003 Standard/Enterprise /Data Center (no SP required)
Exchange platform ■ Exchange 2000 Server SP3/Enterprise Server
39 Installing Symantec Mail Security for Microsoft Exchange
System requirements
If you install Symantec Mail Security on a Windows 2000 Server Domain Controller that does not allow impersonation, you will have difficulty changing settings in group view or from a remote user interface. You should run Microsoft Exchange on a computer that is not a Domain Controller. If this is not feasible, set the computer to allow impersonation by configuring the “Impersonate a client after authentication” policy for the IWAM account.
Separate user interface installation
You can install the user interface (UI) on a computer that doesn't have an Exchange Server. This lets you manage Symantec Mail Security from a
convenient location. For example, if the servers are in a computer room, you can manage Symantec Mail Security from a computer in your office. The
requirements for a separate installation are as follows:
Minimum system requirements ■ Intel® Server class 32-bit processor
■ 1 GB RAM
■ 650 MB available disk space
■ .NET Framework version 1.1 SP1
Required for the Symantec Mail Security for Microsoft Exchange Console to function properly. You must ensure that .NET Framework version 1.1 SP1 is installed for your language prior to installing Symantec Mail Security for Microsoft Exchange.
■ MDAC 2.6 or higher (will install with installation if not already installed)
■ DirectX 8.01 or higher (will install DirectX 9 with installation if not already installed)
Operating system ■ Windows 2000 SP4
■ Windows 2003 (no SP required)
40 Installing Symantec Mail Security for Microsoft Exchange Security and access permissions
Security and access permissions
By default, Symantec Mail Security creates the following user groups in Active Directory and assigns them access rights:
These user groups are domain-wide for Active Directory. Use the Active Directory Users and Computers MMC snap-in to change membership in these groups.
During the security set-up process, security is set for the Symantec Mail Security registry key and file folders.
Note: For the security setup to succeed, you must have administrator access to the local servers and domain administrator rights.
Minimum system requirements ■ Intel Server class 32-bit processor
■ 512 MBRAM
■ 250 MB available disk space
■ .NET Framework version 1.1 SP1
Required for the Symantec Mail Security for Microsoft Exchange Console to function properly. You must ensure that .NET Framework version 1.1 SP1 is installed for your language prior to installing Symantec Mail Security for Microsoft Exchange.
■ DirectX 8.01 or higher (will install DirectX 9 with installation if not already installed)
SMSMSE Admins Provides read and write access to all Symantec Mail Security components and features.
Users in this group can change settings for Symantec Mail Security through the user interface. A Windows 2000 Server/Server 2003 administrator-level account is not necessary for an SMSMSE Admins account. SMSMSE Viewers Provides read-only access to Symantec Mail Security
components and features.
Users in this group cannot change settings for Symantec Mail Security but can run reports, view event logs, and view settings through the user interface.
41 Installing Symantec Mail Security for Microsoft Exchange
Installing on a single server
User group assignments and setup
You are automatically added to the SMSMSE Admins group when you set up a single Symantec Mail Security server. If you do not already belong to the SMSMSE Admins group, you are not automatically added to SMSMSE Admins when you install remote servers in a multiserver environment. Use the Active Directory Users and Computers MMC snap-in to verify and add membership to SMSMSE Admins if necessary.
Installing on a single server
You can install Symantec Mail Security on a single Microsoft Exchange Server. Before you begin, you should review the pre-installation information.
See“Before you install” on page 34.
Note: You are prompted whether to retain existing settings or to use default settings when you upgrade Symantec Mail Security 4.0/4.5/4.6 to Symantec Mail Security 5.0.
To perform the initial setup
1 Start the Symantec Mail Security Setup program (Setup.exe). This file is located in the SMSMSE\Install folder on the product CD.
2 In the InstallShield Welcome panel, click Next.
3 In the first Symantec Mail Security Setup Preview panel, click Next.
4 In the second Symantec Mail Security Setup Preview panel, click Next.
5 In the Software License Agreement panel, click I accept the terms in the license agreement, and then clickNext.
You must accept the terms of the license agreement for the installation to continue.
6 If the Existing Settings panel appears, click Restore default settings or
Retain existing settings, and then click Next.
7 In the Destination Folder panel, do one of the following:
■ Verify that the default destination directory is appropriate
The default destination directory is as follows: C:\Program Files\Symantec\SMSMSE\5.0\Server
42 Installing Symantec Mail Security for Microsoft Exchange Installing on a single server
8 In the Setup Type panel, click Complete (recommended) or Custom, and then click Next.
If you select Custom, do all of the following:
■ Select Symantec Mail Security for Microsoft Exchange (full installation) or Server management console (user interface installation).
■ Continue to step 9.
See“Installing the user interface separately” on page 54.
9 Click OK.
To configure external interfaces
1 In the IIS Reset Options panel, select whether to stop IIS during installation, and then click Next.
2 In the Web Service Setup panel, accept the following values or type new data.
3 Click Next.
4 In the Notification E-mail Address panel, accept the default or type a new originator email address, and then click Next.
5 In the Symantec Enterprise Security Architecture panel, select whether to enable logging to SESA.
You should only select Yes if you have a SESA server. If you select Yes, type the SESA IP address, and then click Next. If you do not have a SESA server or select No, you can manually configure the SESA agent at another time. See“Integrating Symantec Mail Security with SESA” on page 195.
6 In the Setup Summary panel, review the information. If any changes are needed, click Back to return to the appropriate panel to make the changes.
IP/Name By default, the computer name resolves to the primary external network identification card (NIC). Alternatively, an IP address can be used.
The IP address can be used to validate the availability of the port. Port # Port 8081 is the default port number for the Web service that is
used by Symantec Mail Security. If port 8081 is being used by another application, a different default port number appears. If you change the port number, do not use a port number that is used by another application, and do not use port 80. Port 80 is the port number that is used by the default Web service, which is hosted by Microsoft Internet Information Services (IIS).
43 Installing Symantec Mail Security for Microsoft Exchange
Installing on a single server
7 Click Next.
8 Click Install.
After installing the product on a server, you can install the UI separately on a remote computer, add the server to the UI, and specify the port number to access Symantec Mail Security.
See“Installing the user interface separately” on page 54.
To install content licenses
1 In the Install Content License File panel, do one of the following:
■ Type the fully qualified path to the license file, and then click Install.
A dialog box will confirm installation of the license. Click OK to close the dialog box, and then click Next.
If the license file is located on another computer, you can specify a mapped drive or UNC path.
■ Click Browse, select the license file, and then click Install.
If the license file is located on another computer, you can locate the file using My Network Places.
■ Click Skip to skip file selection and add the license information later. You can install the virus content and the Symantec Premium AntiSpam license one after the other.
See“Installing on multiple servers” on page 44.
2 After installing the license or licenses, click Next on the Install Content License File screen.
3 In the LiveUpdate screen, click Yes or No, and then click Next. If you click No, proceed to step 7.
4 In the Welcome to LiveUpdate screen, click Next.
5 In the Options screen, click Next.
6 When the Thank you message appears, click Finish.
7 In the Setup Complete panel, select whether to view the Readme file, and then click Finish.
The Readme file contains information that is not available in the product documentation.
44 Installing Symantec Mail Security for Microsoft Exchange Installing on multiple servers
Installing on multiple servers
Once you have installed Symantec Mail Security on a single server or the UI on a suitable computer, you can install Symantec Mail Security on multiple Exchange Servers by doing the following:
■ Installing Symantec Mail Security on remote servers
■ Customizing the installation of remote servers
Installing Symantec Mail Security on remote servers
You can install the Symantec Mail Security server component on remote servers. This should not be done when installing the product in a cluster environment.
See“Installing to Exchange Servers with Microsoft Clustering Service” on page 50.
Remote servers are installed with default installation settings. By default, vpremote.dat retains settings if Symantec Mail Security is already installed on a remote server. If you want to customize the installation settings and apply them to a remote server, add the custom features to the vpremote.dat file.
See“Customizing the installation of remote servers” on page 45. See“Upgrading from a previous version” on page 49.
You must be logged on as a member of the administrator group on the local computer and have domain administrator privileges on all remote computers on which you want to install Symantec Mail Security.
Note: It is not recommended to install Symantec Mail Security on remote servers in a cluster environment.
To install Symantec Mail Security on remote servers 1 Review preinstallation information.
See“System requirements” on page 38.
See“Software component locations” on page 35. See“Before you install” on page 34.
2 On the main menu bar, select Tasks > Manage Assets.
3 In the Asset Management window, in the sidebar, click Install to server(s).
4 Under Servers to install to, in the Servers and server groups box, select the server or servers on which you want to install Symantec Mail Security.
45 Installing Symantec Mail Security for Microsoft Exchange
Installing on multiple servers
5 Click the >> button to select the server(s). The name or the IP address of the selected server(s) appears in the Selected Servers box.
You can select individual servers, or groups, or a combination.
6 To deselect a server or servers, select it in the Selected Servers box and click the << button.
7 Optionally, under Server options, check Keep installation files on server(s)
if you do not want the installation files to be deleted when the installation finishes.
8 Optionally, check Send group settings to deploy the settings of the group or groups to which the servers belong when the installation finishes.
9 Click OK.
Customizing the installation of remote servers
There may be cases in which you want to customize the installation of Symantec Mail Security on a remote Exchange Server. For example, you may need to change the following settings:
■ Installation location
■ Default email address for notifications
■ Stop/Start of IIS
Table 2-2 lists the remote customization options.
Table 2-2 Remote customization options
Property Description Default value Optional value
EMAILADDRESS= Address of the domain administrator. This will be used for the Notification/Alert settings-Address of sender and Administrator and other to notify.
N/A (Email address of domain
administrator)
EXISTINGSETTINGGROUP= Controls whether to retain a previous version’s setting or restore the default settings of the new version.
Retain Restore
IIS_RESET= Controls whether or not to stop and restart the IIS.
Yes No
INSTALL_SESA= Determines whether or not to install SESA. No Yes INSTALLDIR= The “drive:\path” to install SMSME