Managing multiple server
installations
This chapter includes the following topics:
■ Accessing the Symantec Mail Security user interface
■ About the user interface display
■ Managing servers and server groups
■ Installing Symantec Mail Security to remote servers
■ Updating and distributing virus definitions
Accessing the Symantec Mail Security user
interface
The management of single or multiple installations of Symantec Mail Security is done through a user interface.
See“Symantec Mail Security user interface components” on page 60.
To access the Symantec Mail Security user interface
◆ Do one of the following:
■ On the desktop, double-click SMSMSE 5.0.
■ On the Windows taskbar, click Start > Programs > Symantec Mail
112 Managing multiple server installations About the user interface display
Making selections
To select a server or group, click the Change button and select the server or group from the pop-up menu. The name of the selected server or group appears in the Server/group panel. Any data that you observe or actions you take will relate to that server or group.
About the user interface display
Symantec Mail Security uses the same user interface to manage a single server and multiple servers.
About the Global server group
All the servers under group control are part of the Global server group. This group includes servers that are added to user-defined groups as well as servers that are added to multiserver management control but are not assigned to a specific server group.
When you reconfigure the Global server group, changes are propagated to all servers in all groups. If you change a setting on an individual server or at the group level and subsequently change the same setting at the Global server level, the change made at the Global server level overrides the change made at the individual server or group level.
About user-defined server groups
User-defined server groups can be created dynamically when installing servers, when adding servers to management, or at any time through the UI. A user- defined server group is a physical server grouping that simplifies server management. For example, a server group might be all mail servers that are used by a department (for example, marketing) or the physical location of a group of mail servers (for example, third floor servers in Building A). A managed server can only belong to one user-defined group. See“Moving a server to another group” on page 115.
About group settings
When you reconfigure a user-defined server group, any changes that you make are propagated to all servers that belong to that group. The reverse is not true. If you change the settings for an individual server, the changes are not recognized at the server group level or at the Global level. In that case, the information that is displayed by the screen does not reflect the changes to the individual server.
113 Managing multiple server installations
Managing servers and server groups
You can view the settings on an individual server by selecting it to display its settings.
See“Making selections” on page 112.
Managing servers and server groups
You can perform the following administration tasks with the Symantec Mail Security UI:
■ Creating a server group
■ Adding servers to a group
■ Moving a server to another group
■ Changing the Transmission Control Protocol (TCP) port and using Secure Sockets Layer (SSL)
■ Sending group settings to a server
■ Restoring default settings to a server or group
■ Removing a server group
■ Updating servers in a server group
■ Removing a server from group management
Creating a server group
There are two general categories of server groups: the Global group and user- defined groups.
The Global group is the default server group. You can keep all of your Microsoft Exchange Servers that run Symantec Mail Security in the Global group. If your network contains a large number of Exchange Servers, you can create server groups in addition to the Global group, add servers to these groups, and administer all of your servers that run Symantec Mail Security on a group basis.
To create a server group
1 On the main menu, select Tasks > Manage Assets.
2 Under Tasks, click Add group.
3 In the Add new management group dialog box, type a name for the server group, and then click OK.
114 Managing multiple server installations Managing servers and server groups
Adding servers to a group
If an installation of Symantec Mail Security is not under management control, you may want to add the server to the UI. For example, your organization might have run a single-server installation of Symantec Mail Security on several Exchange Servers that you now want to manage through the UI, along with your other managed servers.
You can add servers that run Symantec Mail Security to a managed group in the following ways:
■ Add one or more servers to an existing group.
■ Create a new server group during the Add process.
Note: All servers are always added to the Global group in addition to any specified server group.
To add servers to a group
1 On the main menu, select Tasks > Manage Assets.
2 Under Tasks, click Add servers.
3 In the Add servers window, under Management group, select an existing server group (if different from the one that appears in the field) or type a name to create a new group.
4 Under Servers to add, do one of the following:
■ Highlight one or more servers from the Available servers: window and click the >> button.
■ Type the server name or IP in the Server name or IP box and click the
>> button.
5 Under Server options, do all of the following:
■ Type the TCP port number for the server or group of servers that you
want to add.
The port number must be the same for all servers that you want to add. Port 8081 is the default. The port number and SSL setting must be identical to that of the server in order for the UI to communicate with the server.
■ Check Send group settings.
If checked, the group settings are applied to a newly added server. If unchecked, server settings are retained. Future changes that are made to the server group, however, will be applied to the server.
115 Managing multiple server installations
Managing servers and server groups
6 Click OK.
7 Repeat steps 2-6 for each server that you want to add to the group.
8 Click Close.
If you add a server that is not running Symantec Mail Security 5.0 or that is running Symantec Mail Security 4.0, 4.5, or 4.6, the server is added to the group without warning. In the case of a 4.0, 4.5, or 4.6 server, although the server may be visible in the window, it cannot be managed. In either case, it is necessary to upgrade the server.
Moving a server to another group
A server that is going to be moved from one server group to another can be selected either from the Global group, which contains all managed servers, or from a server group.
Unless Send group settings to server is checked, moving a server to another group does not affect the current server settings even if its settings differ from those of its new group. Future changes made to the server group, however, will be applied to the server.
To move a server to another group
1 On the main menu, select Tasks > Manage Assets.
2 If necessary, expand the groups from and to which you intend to move the server.
3 Do one of the following:
■ Select the server you intend to move, and then under Tasks, click Move server.
■ Right-click the server you intend to move, and then on the pop-up
menu, click Move server.
■ Drag and drop the server from one group to another.
After doing so, click Send group settings to server to match the server’s settings to the group, if desired.
4 In the Move Server window, select the target server group or create a new server group, and then click OK.
5 To apply the settings of the new server group to the server, click Send group settings to server.
116 Managing multiple server installations Managing servers and server groups
Changing the Transmission Control Protocol (TCP) port and using
Secure Sockets Layer (SSL)
After a server is added to management control, you can change the TCP port and specify whether to use SSL for communication between the UI and a server. See“Implementing SSL” on page 55.
To change the TCP port and use SSL
1 On the main menu, select Tasks > Manage Assets.
2 In the Asset Management window, in the content area, select a server.
3 On the sidebar, under Tasks, click Server Properties.
4 To change the TCP port, type the new port number in the Port Number box.
5 To use SSL, check Use SSL.
Sending group settings to a server
Settings on a particular server might not be synchronized with its server group settings. This can occur, for example, if a server is configured both from its single-server user interface and a remote user interface.
Note: If a server is added to a server group but the group settings are not yet applied to the new server, changes to policy settings that are applied to the server group may cause operation status to report an error until the server group settings are applied to the new server.
To send group settings to a server
1 On the main menu, select Tasks > Manage Assets.
2 Select the server to which you want to sent group settings.
3 UnderTasks,clickSend group settings to server.
This sends the settings of the server group to the selected server.
117 Managing multiple server installations
Managing servers and server groups
Restoring default settings to a server or group
You can restore all settings for a server or group to their initial, default states.
To restore default settings to a server or group
1 On the main menu, select Tasks > Manage Assets.
2 Select a server or a group.
3 Under tasks, click Reset to factory defaults.
4 Click Close.
Removing a server group
If a user-defined server group is no longer needed, you can remove it.
If you remove a user-defined server group that contains managed servers, the servers that belong to the group are not removed from management control. The servers still exist in and can be managed through the Global group. The server group settings, however, are retained on the servers until they are updated or new settings are pushed out.
Note: You cannot remove the Global server group.
To remove a server group
1 On the main menu, select Tasks > Manage Assets.
2 Select a server group.
3 Under tasks, click Remove group.
4 In the confirmation dialog box, click OK.
5 Click OK, and then click Close.
Updating servers in a server group
If an update of Symantec Mail Security is released, you can update all previous installations in a server group.
To update servers in a server group
1 On the main menu, select Tasks > Manage Assets.
118 Managing multiple server installations
Installing Symantec Mail Security to remote servers
3 Under tasks, click Update servers.
4 When the update completes, do one of the following:
■ If an error occurs, click Errors for more information.
■ Click OK, and then clickClose.
Removing a server from group management
When a server is removed from the Symantec Mail Security UI, it is removed from group management. Symantec Mail Security protection, however, remains operational on the server itself.
To remove a server from group management
1 On the main menu, select Tasks > Manage Assets.
2 Select a server.
3 Under tasks, click Remove servers.
4 In the confirmation dialog box, click OK.
When the confirmation dialog box closes, the icon of the group to which it belongs is contracted.
5 Click OK, and then clickClose.
Installing Symantec Mail Security to remote servers
From the Symantec Mail Security UI, you can install Symantec Mail Security to remote servers that run Exchange 2000 or 2003.
There may be cases in which you want to customize the installation of Symantec Mail Security to one or more remote Exchange Servers.
See“Customizing the installation of remote servers” on page 45.
You can also upgrade existing version 4.0, 4.5, or 4.6 installations to Symantec Mail Security 5.0 using the Symantec Mail Security UI.
See“Upgrading from a previous version” on page 49.
To install Symantec Mail Security to remote servers 1 On the main menu, select Tasks > Manage Assets.
2 Under tasks, click Add servers.
3 In the Add servers window, under Management group, select an existing server group (if different from the one that appears in the field) or type a name to create a new group.
119 Managing multiple server installations Updating and distributing virus definitions
4 Under Servers to add, do one of the following:
■ Highlight one or more servers from the Available servers window and
click the >> button.
■ Type the server name or IP in the field below the Available servers window and click the >> button.
5 Under Server options, do all of the following:
■ Type the TCP port number for the server or group of servers that you want to add.
The port number must be the same for all servers that you want to add. Port 8081 is the default. The port number and SSL setting must be identical to that of the server in order for the UI to communicate with the server.
■ Check Install SMSMSE.
■ Check Send group settings to server.
If checked, the group settings are applied to a newly added server. If unchecked, server settings are retained. Future changes that are made to the server group, however, will be applied to the server.
■ Select any other option you want to exercise. 6 Click OK.
7 Install the Symantec content license file on the server. See“Installing on multiple servers” on page 44.
8 Click Close.
Updating and distributing virus definitions
Symantec Mail Security lets you centrally administer virus definition updates. You can update virus definitions by doing the following:
■ Connecting to the LiveUpdate site and updating virus definitions on the UI
■ Updating virus definitions through Rapid Release
■ Distributing updated definitions to all Exchange Servers or to a group of managed servers
You can also schedule virus definition updates for managed servers. See“Updating virus definitions for multiple servers” on page 147.
120 Managing multiple server installations Updating and distributing virus definitions
Update and distribute virus definitions
You can manually distribute LiveUpdate virus definitions from the UI to your servers. The LiveUpdate virus definition update applies to a single server, not to a server group. You cannot manually distribute Rapid Release virus definitions from the UI to your servers.
To manually distribute virus definitions to servers 1 On the primary navigation bar, click Admin.
2 In the sidebar, under Views, do one of the following:
■ In single server view, click LiveUpdate/Rapid Release Status. This option is not available in group view.
■ In group view, click LiveUpdate Status.
This option is not available in single server view.
3 In the sidebar, under Tasks, do one of the following:
■ In single server view, click Run LiveUpdateand/orRun Rapid Release. ■ In group view, click Run LiveUpdate.
4 Under Tasks, click Run LiveUpdate.
Follow the steps in the LiveUpdate UI to run LiveUpdate.
Chapter
6
Performing scans
This chapter includes the following topics:
■ How scans work
■ Working with policies
■ Working with matchlist settings
■ About Outbreak Triggered Attachment Names and Subject Lines matchlist options
■ Configuring and running scans
How scans work
In Symantec Mail Security, you can configure any scan and specify the content filtering rules to apply to it. All other rules, for example, threats and security risks, apply to all scans except that spam rules do not apply to manual or scheduled scans.
Every scan that runs on Symantec Mail Security belongs to one of the following categories:
Auto-Protect scans
When enabled, Auto-Protect runs constantly.
In this mode, violations are scanned and detected in real time. The policies or rules linked to the Auto-Protect scan apply to everything on the Exchange Server (items in all public folders and mailboxes and messages that are processed by the Microsoft Exchange SMTP service).
Auto-protect scanning applies to all the categories in the Policies section of the primary navigation bar except antispam.
122 Performing scans Working with policies
About policies and scanning
When a scan detects a mail security violation, the rule settings in effect for the scan determine which events will be triggered. For example, when a virus is detected, a specific action (such as sending the message attachment to the Quarantine or deleting the whole message), notifications, and alerts (alerts available only if SESA is in use) are triggered upon detection of the virus. You can enable and disable rules and add and modify content filtering rules.
Working with policies
You can use the following scanning policies to protect your Microsoft Exchange server:
■ The General Policy addresses scanning limits, exceptions, and outbreak management.
■ The Antivirus Policy addresses viruses and security risks.
■ The Antispam Policy addresses spam prevention.
■ The Content Enforcement Policy addresses undesirable or inappropriate content.
Manual scans A manual scan is an on-demand scan of public folders and mailboxes. Manual scanning applies to all the categories in the Policies section of the primary navigation bar except antispam.
You can specify file folders and mailboxes to be covered by a manual scan.
You can specify content filtering rules to apply to a given scan. Scheduled scans Scheduled scans run unattended, usually at off-peak periods.
Scheduled scanning applies to all the categories in the Policies section of the primary navigation bar except antispam. You can specify file folders and mailboxes to be covered by a scheduled scan.
123 Performing scans Working with policies
About the General policy
The General Policy includes the following:
■ Configuring Scanning Limits Policies
■ Configuring Exceptions Policies
Configuring Scanning Limits Policies
To protect your network from denial-of-service attacks, configure Symantec Mail Security to limit processing of large files by setting a maximum scan time and depth.
To configure Scanning Limits Policies
1 On the primary navigation bar, click Policies.
2 On the sidebar, under General, click Scanning Limits.
3 In the content area, under Maximum scan time (in seconds), accept the