Symantec Mail Security Planning Guide

(1)

Symantec Mail Security

Planning Guide

(2)

Syamantec Mail Security Planning Guide

The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

Documentation version

Legal Notice

Federal acquisitions: Commercial Software - Government Users Subject to Standard License Terms and Conditions.

Symantec, the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,

PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be "commercial computer software" and "commercial computer software documentation" as defined in FAR Sections 12.212 and DFARS Section 227.7202.

Symantec Corporation 20330 Stevens Creek Blvd. Cupertino, CA 95014 USA http://www.symantec.com

(3)

Technical Support

Symantec Technical Support maintains support centers globally. Technical Support’s primary role is to respond to specific queries about product feature and function, installation, and configuration. The Technical Support group also authors content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates.

Symantec’s maintenance offerings include the following:

■ A range of support options that give you the flexibility to select the right amount of service for any size organization

■ A telephone and web-based support that provides rapid response and up-to-the-minute information

■ Upgrade insurance that delivers automatic software upgrade protection ■ Global support that is available 24 hours a day, 7 days a week worldwide.

Support is provided in a variety of languages for those customers that are enrolled in the Platinum Support program

■ Advanced features, including Technical Account Management

For information about Symantec’s Maintenance Programs, you can visit our Web site at the following URL:

www.symantec.com/techsupp/ent/enterprise.html

Select your country or language under Global Support. The specific features that are available may vary based on the level of maintenance that was purchased and the specific product that you are using.

Contacting Technical Support

Customers with a current maintenance agreement may access Technical Support information at the following URL:

www.symantec.com/techsupp/ent/enterprise.html Select your region or language under Global Support.

Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to recreate the problem.

(4)

When you contact Technical Support, please have the following information available:

■ Product release level ■ Hardware information

■ Available memory, disk space, and NIC information ■ Operating system

■ Version and patch level ■ Network topology

■ Router, gateway, and IP address information ■ Problem description:

■ Error messages and log files

■ Troubleshooting that was performed before contacting Symantec ■ Recent software configuration changes and network changes

Licensing and registration

If your Symantec product requires registration or a license key, access our technical support Web page at the following URL:

www.symantec.com/techsupp/ent/enterprise.html

Select your region or language under Global Support, and then select the Licensing and Registration page.

Customer service

Customer service information is available at the following URL: www.symantec.com/techsupp/ent/enterprise.html

Select your country or language under Global Support.

Customer Service is available to assist with the following types of issues: ■ Questions regarding product licensing or serialization

■ Product registration updates such as address or name changes

■ General product information (features, language availability, local dealers) ■ Latest information about product updates and upgrades

■ Information about upgrade insurance and maintenance contracts ■ Information about the Symantec Value License Program

(5)

■ Advice about Symantec's technical support options ■ Nontechnical presales questions

■ Issues that are related to CD-ROMs or manuals

Maintenance agreement resources

If you want to contact Symantec regarding an existing maintenance agreement, please contact the maintenance agreement administration team for your region as follows:

■ Asia-Pacific and Japan: [email protected] ■ Europe, Middle-East, and Africa: [email protected]

■ North America and Latin America: [email protected]

Additional Enterprise services

Symantec offers a comprehensive set of services that allow you to maximize your investment in Symantec products and to develop your knowledge, expertise, and global insight, which enable you to manage your business risks proactively. Enterprise services that are available include the following:

These solutions provide early warning of cyber attacks, comprehensive threat analysis, and countermeasures to prevent attacks before they occur. Symantec Early Warning Solutions

These services remove the burden of managing and monitoring security devices and events, ensuring rapid response to real threats.

Managed Security Services

Symantec Consulting Services provide on-site technical expertise from Symantec and its trusted partners. Symantec Consulting Services offer a variety of prepackaged and customizable options that include assessment, design, implementation, monitoring and management capabilities, each focused on establishing and maintaining the integrity and availability of your IT resources.

Consulting Services

Educational Services provide a full array of technical training, security education, security certification, and awareness communication programs. Educational Services

(6)

To access more information about Enterprise services, please visit our Web site at the following URL:

www.symantec.com

(7)

Technical Support

Chapter 1 About Symantec Mail Security

Key features ... 9

New features ... 10

Functional overview ... 12

Architecture ... 13

Where to get more information ... 14

Chapter 2 Planning your deployment

General deployment considerations ... 17

MTA usage ... 17

Configuring Scanners ... 17

Positioning with other filtering products ... 18

Filtering internal deliveries ... 18

LDAP services ... 18

Load balancing ... 20

Adjusting MX records ... 20

Adjusting RAM and MySQL threads ... 20

Deployment models ... 21

Basic gateway deployment ... 21

Multi-tier gateway deployment ... 22

Post-gateway deployment ... 23

Chapter 3 Configuring message filtering

Understanding filtering ... 25

Deployment considerations ... 25

Appendix A

Feature Cross-Reference

About Feature Cross-Reference ... 27

Changes for Symantec Mail Security for SMTP users ... 27

New feature names ... 29

Discontinued features ... 29

Changes for Symantec Brightmail Antispam users ... 29

(8)

Index

Contents 8

(9)

About Symantec Mail

Security

This chapter includes the following topics: ■ Key features

■ New features ■ Functional overview ■ Architecture

■ Where to get more information

Key features

Symantec Mail Security offers enterprises an easy-to-deploy, comprehensive gateway-based email security solution through the following features:

■ Antispam technology – Symantec's state-of-the-art spam filters assess and classify email as it enters your site.

■ Antivirus technology – Virus definitions and engines protect your users from email-borne viruses.

■ Content Compliance – These features help administrators enforce corporate policies, reduce legal liability, and ensure compliance with regulatory requirements.

■ Group policies and filter policies – An easy-to-use authoring tool lets administrators create powerful, flexible ad hoc filters for users and groups.

1

(10)

New features

The following table lists the features that have been added to this version of Symantec Mail Security:

Table 1-1 New features for Symantec Mail Security (all users)

Description Features

Category

Protects against directory-harvest attacks, denial-of-service attacks, spam attacks, and virus attacks. Improved email firewall Threat protection features

Protects against phishing attacks, using the Sender Policy Framework (SPF), Sender ID, or both. Sender

Authentication

Additional virus verdicts protect against suspected viruses, spyware, and adware and quarantine messages with suspicious encrypted attachments. Email messages that may contain viruses can be delayed in the Suspect Virus Quarantine, then refiltered, with updated virus definitions, if available. This feature tcan be effective in defeating virus attacks before conventional signatures are available. View a list of available virus-definition updates. Improved virus

protection

Automatically detects file types without relying on file name extensions or MIME types.

True file type recognition for content compliance filtering Inbound and outbound content controls

Scan within attachments to find keywords from dictionaries you create or edit. Specify a number of occurrences to look for.

Keywords filtering within attachments, keyword frequency filtering

Use regular expressions to further customize filter conditions by searching within messages and attachments.

Regular expression filtering

Specify conditions that result in email being sent to an archival email address or disk location.

Support for Enterprise Vault and third-party archival tools

About Symantec Mail Security

New features

(11)

Table 1-1 New features for Symantec Mail Security (all users)(continued)

Category

Dynamic group population via any of several supported LDAP servers

LDAP integration Flexible

mail management

More than two dozen actions that can be taken, individually or in combination, on messages Expanded variety of

actions and combinations

SMTP connection management, including support for secure email (TLS encryption, with security level depending on platform); for user-based routing and static routes; for address masquerading, invalid recipient handling, and control over delivery-queue processing

Expanded mail controls

Distribution lists automatically expanded, mail filtered and delivered correctly for each user Aliasing

More than 50 graphical reports that you can generate ad-hoc or on a scheduled basis. Reports can be exported for offline analysis and emailed. Extensive set of

pre-built reports, scheduled reporting, and additional alert conditions Improved

reporting and monitoring

View a trail of detailed information about a message, including the filtering processing applied to a message.

Message tracking

Control which hosts and networks can access your Control Center. IP-based access control Expanded administration capabilities

Specify user-based and total limits, configure automatic message deletions.

Control over Quarantine size limits

Support for double-byte character sets.

Language autodetection of messages for Quarantine and of subject encodings for message handling. Support for non-ASCII LDAP source descriptions. Support for non-ASCII character sets Enhanced localization capabilities 11 About Symantec Mail Security

(12)

Functional overview

You can deploy Symantec Mail Security in different configurations to best suit the size of your network and your email processing needs.

Each Symantec Mail Security host can be deployed in the following ways: Deployed as a Scanner, a Symantec Mail Security host filters email for viruses, spam, and noncompliant messages. You can deploy Scanners on exisiting email or groupware server(s).

Scanner

Deployed as a Control Center, a Symantec Mail Security host allows you to configure and manage email filtering, SMTP routing, system settings, and all other functions from a Web-based interface. Multiple Scanners can be configured and monitored from your enterprise-wide deployment of Symantec Mail Security, but only one Control Center can be deployed to administer all the Scanner hosts.

The Control Center provides information on the status of all Symantec Mail Security hosts in your system, including system logs and extensive customizable reports. Use the Control Center to configure both system-wide and host-specific details. The Control Center provides the Setup Wizard, for initial configuration of all Symantec Mail Security instances at your site, and also the Add Scanner Wizard, for adding new Scanners. The Control Centrer also hosts the Spam and Suspect Virus Quarantines to isolate and store spam and virus messages, respectively. End users can view their quarantined spam messages and set their preferences for language filtering and blocked and allowed senders. Alternatively, you can configure Spam Quarantine for administrator-only access.

Control Center

A single Symantec Mail Security host performs both functions. Scanner and Control

Center

Note:Symantec Mail Security provides neither mailbox access for end users nor message storage. It is not intended for use as the only MTA in your email infrastructure.

Functional overview

(13)

Note:Symantec Mail Security does not filter messages that don't flow through the SMTP gateway. For example, when two mailboxes reside on the same MS Exchange Server, or on different MS Exchange Servers within an Exchange organization, their messages will not pass through the Symantec Mail Security filters.

Architecture

Figure 1-1shows how a Symantec Mail Security installation processes an email message, assuming the sample message passes through the Filtering Engine to the Transformation Engine without being rejected.

Figure 1-1 Symantec Mail Security architecture

Messages proceed through the installation in the following way: ■ The incoming connection arrives at the inbound MTA via TCP/IP.

13 About Symantec Mail Security

(14)

■ The inbound MTA accepts the connection and moves the message to its inbound queue.

■ The Filtering Hub accepts a copy of the message for filtering.

■ The Filtering Hub consults the LDAP SyncService directory to expand the message's distribution list.

■ The Filtering Engine determines each recipient's filtering policies. ■ The message is checked against Blocked/Allowed Senders Lists defined by

administrators.

■ Virus and configurable heuristic filters determine whether the message is infected.

■ Content Compliance filters scan the message for restricted attachment types, regular exessions, or keywords as defined in configurable dictionaries. ■ Spam filters compare message elements with current filters published by

Symantec Security Response to determine whether the message is spam. At this point, the message may also be checked against end-user defined Language settings.

■ The Transformation Engine performs actions per recipient based on filtering results and configurable Group Policies.

Where to get more information

The Symantec Mail Security documentation set consists of the following manuals: ■ Symantec Mail Security Administration Guide

■ Symantec Mail Security Planning Guide

■ Symantec Mail Security Installation Guide

■ Symantec Mail Security Getting Started

Symantec Mail Security also includes a comprehensive help system that contains conceptual and procedural information.

You can visit the Symantec Web site for more information about your product. The following online resources are available:

www.symantec.com/enterprise/support Provides access to the technical support Knowledge

Base, newsgroups, contact information, downloads, and mailing list subscriptions

Where to get more information

(15)

www.symantec.com

/licensing/els/help/en/help.html Provides information about registration, frequently

asked questions, how to respond to error messages, and how to contact Symantec License Administration

www.enterprisesecurity.symantec.com Provides product news and updates

www.symantec.com/security_response Provides access to the Virus Encyclopedia, which

contains information about all known threats; information about hoaxes; and access to white papers about threats

15 About Symantec Mail Security

(16)

Where to get more information

(17)

Planning your deployment

This chapter includes the following topics:

■ General deployment considerations ■ Deployment models

General deployment considerations

This section provides information about integrating Symantec Mail Security into your network.

Note:Multiple Scanner scenarios are common for organizations with heightened system failover needs or high mail scanning throughput requirements.

MTA usage

Symantec Mail Security contains a Message Transfer Agent (MTA), which processes and relays messages to support filtering activities.

Note:Symantec Mail Security provides neither mailbox access for end users nor message storage; it is not suitable for use as the only MTA in your email infrastructure.

Configuring Scanners

During installation, you can use a wizard to add a Scanner. Depending on your filtering requirements and messaging environment, you may want to deploy multiple Scanners and administer them via a single Control Center. In such cases, you can dedicate Scanners to specific functions. For example, you might want one Scanner to filter inbound mail and another to filter outbound mail.

2

(18)

Positioning with other filtering products

In order for Symantec Mail Security's spam and Content Compliance filters to function properly, you should avoid placing the product behind other filtering products (such as content filters) or MTAs that alter or remove pre-existing message headers or modify the message body.

Filtering internal deliveries

You can force internal mail through Symantec Mail Security to avoid propagation of viruses and spam generated by email mass-mailing worms that may have been picked up by individuals via Web browsing or downloading.

LDAP services

Symantec Mail Security supports LDAP services for user authentication and synchronization. Symantec Mail Security LDAP services synchronize user, alias, and group data with LDAP server directories. These services convert the data to formats compatible with Spam Quarantine, Scanner, and Control Center data stores while minimizing impact on directory infrastructure. They include:

LDAP source is used to authenticate end-user access to Spam Quarantine and resolve email aliases for quarantined messages. The Control Center reads user and password data directly from the LDAP server.

Authentication

User, group, and distribution-list data from the LDAP source and is used to populate and update Control Center database tables for later replication to Scanners. Membership in groups and aliases is validated or otherwise resolved. New and updated entries are cached in the Control Center's database. User, group, and distribution-list data are used to expand aliases, validate message recipients, recognize directory harvest attacks, and filter messages for group policies.

Synchronization

User, group, and distribution-list data are converted to database files that can be used to look up nested relationships among them; new and updated data are replicated to Scanners.

Replication

LDAP SyncService supports the following LDAP servers: ■ Windows 2000 Active Directory

■ Windows 2003 Active Directory

■ Sun Directory Server 5.2 (formerly known as the iPlanet Directory Server) on Solaris 8 and 9 and on Red Hat Linux

Planning your deployment

General deployment considerations

(19)

■ Lotus Domino LDAP Server 6.5 ■ Exchange 5.5

■ other (used for authentication only)

For more information on using LDAP services, see the Symantec Mail Security

Administration Guide.

Authentication

Only one LDAP source can be used for authentication. While the same source may also be used for synchronization purposes, no other LDAP directories may be used for authentication. This is especially important with regard to Spam Quarantine. The LDAP source must authenticate end users if they are to process email sent to Quarantine.

Synchronization

Synchronization converts data from the LDAP source and inserts them into Control Center database tables. It also resolves group and distribution-list memberships, rejecting inconsistent entries. Synchronization supports both full and

change-based synchronization. In planning deployments administrators should be aware of how the two types of synchronization affect performance.

■ Full sychronization - Symantec Mail Security employs full sychronization between an LDAP source and a Control Center whenever Control Center configuration or maintenance requires that data stores be refreshed. Because group and distribution-list memberships must be resolved for each individual entry, full synchronization can take time to process, depending on the number of members in groups and distribution lists. Symantec Mail Security reduces initial synchronization overhead by independently processing members (end users), groups, and distribution lists in parallel.

■ Change-based synchronization – Symantec Mail Security employs change-based synchronization between full synchronizations to improve performance. Change-based synchronization reduces the need to perform full

synchronizations by updating only those entries that have changed since the last full synchronization.

Replication

This process replicates entries from the Control Center to Scanner hosts. Replication resolves nested relationships such as those used to expand distribution (or alias) lists. Replication is not change-based. In order to avoid the overhead associated with looking up each database entry (as in full synchronization), replication first converts Control Center group and alias membership data into

19 Planning your deployment

(20)

database files that contain relationship tables. Fewer data-store lookups are thus needed to resolve nested relationships among users, groups, and distribution lists when directory data are replicated to attached and enabled Scanner hosts. Time-to-replication is comparable to change-based rather than full

synchronization. Once replicated, group and alias entries can be expanded to their full member directories in response to mail events.

Load balancing

Symantec Mail Security is not intended to be used for load balancing. Administrators can associate only one host name or IP address as the MTA to which email is relayed. You must implement multiple Scanners to perform load balancing.

Adjusting MX records

When you implement Symantec Mail Security in front of a separate MTA that receives inbound messages, you must to change the DNS mail exchange (MX) records. The records must point incoming messages to the system. Symantec Mail Security should have a higher priority than the existing MTA.

However, if you simply list Symantec Mail Security as a higher- weighted MX record in addition to the existing MX record, spammers can look up the previous MTA's MX record. This allows them to send spam directly to the old server, bypassing your spam filtering. To prevent spammers from circumventing the new spam-filtering servers, you should do one of the following:

■ Remove the previous MTA's MX record from DNS. ■ Block off the MTA from the Internet using a firewall.

■ Modify the firewall's network address translation (NAT) tables to route external IP addresses to internal non-routable IP addresses. You can then map from the old server to Symantec Mail Security.

■ When naming Symantec Mail Security, ensure that the name you choose does not imply its function. For example, antispam.yourdomain.com,

symantec.yourdomain.com, or antivirus.yourdomain.com are not good choices.

Adjusting RAM and MySQL threads

The Control Center is a combination of Tomcat and MySQL applications. Tomcat provides the Web-based interface, and MySQL is the database storage. Their default configuration performs well in installations with a single Scanner and low volume email traffic. In installations where multiple Scanners or large amounts of spam are processed, increasing the amount of RAM allocated to Tomcat and

General deployment considerations

(21)

increasing the number of listener and consumer threads in MySQL improves performance.

Deployment models

You can deploy Symantec Mail Security in the following ways: ■ Basic gateway deployment

■ Multi-tier gateway deployment ■ Post-gateway deployment

Basic gateway deployment

This is the simplest deployment model. Symantec Mail Security resides at the outermost gateway layer, processing inbound and outbound mail, providing Secure Email Services, and relaying mail to other relay layers or to the user-facing mail server layer.

On all configured server computers, port 443 must be configured to permit outbound connections to Symantec to download content updates.

Figure 2-1shows Symantec Mail Security deployed at the gateway, behind a firewall.

Figure 2-1 Basic gateway deployment

Advantages

The basic gateway deployment takes advantage of Symantec Mail Security's proximity to the Internet.

■ Because spam emanates from the outside world, the gateway is the logical and effective place to deploy Symantec Mail Security.

(22)

■ When you deploy the system closer to the gateway, you can minimize mail processing and storage requirements as well as network bandwidth via Email Firewall filtering.

Considerations

Administrators considering the basic gateway deployment should take into account the following factors:

■ Some organizations prefer to have secure gateways with no other services running. In these environments, all other services run behind the first gateway layer.

■ Some smaller organizations do not have dedicated gateway servers or a gateway layer. Instead, they deploy gateway servers and internal mail servers on the same computers.

■ Symantec Mail Security cannot be installed on the server running Exchange.

Multi-tier gateway deployment

Note:This model may be implemented with one or more Scanner hosts. Figure 2-2shows Symantec Mail Security in a multi-tier gateway deployment, with multiple Scanners in the DMZ and a Control Center behind a second firewall.

Figure 2-2 Multi-tier gateway deployment

Advantages

A multi-tier gateway deployment maximizes Symantec Mail Security's network administration capacities.

Deployment models

(23)

■ This configuration meets a common security audit requirement in that all data stores are in the second tier, including the Control Center and Spam Quarantine databases.

■ Inbound traffic may be load balanced across multiple scanners with this model. ■ Compared with basic gateway deployment, this configuration eliminates a

single point of failure for message scanning.

■ This model allows administrators to take individual Scanners offline for maintenance without incurring downtime.

■ This scenario enables load balancing of filtered mail across multiple downstream MTAs.

Considerations

With its greater administrative controls, a multi-tier deployment requires higher administrative and maintenance overhead.

■ This approach requires more administrative overhead and complex networking than a basic gateway deployment.

■ With increased hardware and maintenance costs, this model could require a higher total cost of operation.

Post-gateway deployment

Note:This model may be implemented with one or more SMTP gateway MTAs and one or more Scanner hosts.

Figure 2-3shows Symantec Mail Security deployed after MTAs at the firewall.

(24)

Figure 2-3 Post-Gateway deployment

MTAs at the gateway layer accept unfiltered mail from the Internet then relay it to Symantec Mail Security. The system filters mail from the gateway layer and relays mail to other MTAs downstream.

Advantages

Your network configuration may require that you place your Scanner hosts with your SMTP gateway MTA in a "demilitarized zone" between two firewalls. ■ If you have a customized MTA or specific business needs, then running this

configuration may outweigh the extra overhead and loss of functionality.

Considerations

Post-gateway deployment limits the functionality of Scanners and may decrease system throughput.

■ This configuration limits Scanner functionality as IP-based defenses are nullified.

■ Unless the SMTP Gateway is performing filtering, all email is processed by the gateway (read, stored, and forwarded) then sent to the system, which must then read, filter, and take some action based on the verdict. Such redundancy may add overhead, thereby decreasing throughput.

Deployment models

(25)

Configuring message

filtering

This chapter includes the following topics: ■ Understanding filtering

■ Deployment considerations

Understanding filtering

Symantec Mail Security provides a wide variety of actions for filtering email. It allows you to either set identical options for all users, or specify different actions for different groups of users.

You can specify groups of users based on email addresses or domain names. For each group, you can specify an action or group of actions to perform given a particular condition.

Deployment considerations

The following table lists deployment considerations for select actions.

Table 3-1 Deployment considerations

Consideration Action

If many messages need to be cleaned, there may be high demand on the Scanner.

Clean the message

3

(26)

Table 3-1 Deployment considerations(continued)

Consideration Action

This eliminates the need for spam storage, though users cannot check for misidentified messages. When you’re comfortable with your deployment’s low false positive rate, you may want to configure spam to be deleted.

Delete the message

This setting is useful for testing. Suspected spam is still counted as such in message statistics for reports. Deliver message normally

Symantec Mail Security supports the Symantec Spam Folder Agent for Exchange using X-header markup for Microsoft Exchange 5.5 and Exchange 2000 internal messaging systems. The Symantec Spam Folder Agent for Exchange may also be run on an Exhange 2003 host.

Note that Exchange 2000 and Lotus Domino configurations require installation of lightweight agents to folder spam. Deliver the message to

recipient's Spam folder

A modified message will be delivered to end-user mailboxes, unless it contains a virus or worm.

Modify the message

Configuring message filtering

Deployment considerations

(27)

Feature Cross-Reference

This appendix includes the following topics:

■ About Feature Cross-Reference

■ Changes for Symantec Mail Security for SMTP users ■ Changes for Symantec Brightmail Antispam users

About Feature Cross-Reference

All users will find significant new features in this release of Symantec Mail Security. You will also find familiar features, in many cases improved and expanded. In some cases the names of features are the same; in some cases the names have changed, and the changes are noted in this appendix.

Note:By default, inbound and outbound messages containing a virus or mass-mailing worm, and unscannable messages, including malformed MIME messages, will be deleted. You may want to change the default setting for unscannable messages if you are concerned about losing important messages.

Changes for Symantec Mail Security for SMTP users

The following table describes new features for Symantec Mail Security for SMTP users.

A

(28)

Table A-1 New features for Symantec Mail Security for SMTP users

Category

Use the Control Center to manage all aspects of email management and spam, virus, and content filtering across all servers with one interface.

Centralized, Web-based administration Flexible mail management

Create separate inbound and outbound policies for an unlimited number of groups of users. You can specify groups of users based on email addresses, domains, LDAP groups, or IP addresses. For each category of email, you can specify custom message handling for each group.

Group Policies

Automatically send emails notifying specific persons or groups when certain message conditions are encountered during message filtering. Create different notifications for different conditions or user groups. Expanded

notification capabilities

Strip attachments within container files. Search within attachments using regular expressions. Improved attachment blocking Inbound and outbound content controls

Access logs for all messages from all servers via the Control Center. Manage reports for all servers via the Control Center. Note that many of the reporting features in Symantec Mail Security for SMTP 4.1 have been replaced in Symantec Mail Security 5.0 by the message-tracking feature. Aggregated logging and reporting Improved reporting and monitoring

Multiple administrator roles with view only or modify access to different portions of the management interface. Delegated administration Expanded administration capabilities

Group Policies introduce expanded flexibility in mail filtering and message handling. Group Policies enable you to specify groups of users, based on email addresses, domains, or IP addresses, and customize mail filtering for each group. In addition, if you were using Version 4.1 without Premium AntiSpam, Version 5.0, with or without Premium AntiSpam provides much more extensive capabilities for customizing both message filtering and the actions taken on filtered messages.

Feature Cross-Reference

Changes for Symantec Mail Security for SMTP users

(29)

New feature names

Most features in Version 5.0 have similar names to the corresponding Version 4.1 features.

The following table describes the equivalents between selected Symantec Mail Security for SMTP 4.1 features and Symantec Mail Security 5.0 features that have different names.

Table A-2 Version 4.1 to Version 5.0

Symantec Mail Security 5.0 Feature Name

Symantec Mail Security for SMTP 4.1 Feature Name

Administration Accounts

Annotation Custom disclaimer

Settings > Virus > Exclude Scanning tab Scan policy

Settings > Hosts > Edit > SMTP tab Routing

Discontinued features

The following Symantec Mail Security for SMTP 4.1 features are not included in Symantec Mail Security 5.0:

■ Auto-generated whitelist ■ Logging of SMTP conversations

■ Hold Queue, automatic reordering of the Slow Queue ■ Return code support for DNS Blacklists

■ Configurable administrator timeout for the management interface

Changes for Symantec Brightmail Antispam users

Although the product name has changed, if you were a Symantec Brightmail Antispam user you will find the user interface for Symantec Mail Security quite familiar. Most features are named similarly, and the organization of the user interface is quite similar. Most of the changes are new features.

The following table describes additional new features for Symantec Brightmail Antispam users.

29 Feature Cross-Reference

(30)

Table A-3 New features for Symantec Brightmail Antispam users

Category

LiveUpdate support for virus definitions, list of file types to exclude from virus scanning, expanded container limit controls

Improved virus processing Threat

protection features

Provides spam, virus, and content compliance filtering on outbound email messages. Specify different outbound and inbound policies for each user group. Outbound filtering

Use LDAP groups to populate groups for Group Policies.

More flexible Group Policies

Flexible mail management

Specify more than one action to take on specific categories of messages to specific groups of recipients. Multiple actions

Expanded set of actions available on filtered messages, support for multiple actions on the same messages Expanded content compliance filtering capabilities Inbound and outbound content controls

Create lists of attachment types to remove. Strip attachments within container files.

Attachment blocking

Automatically append or prepend text, such as legal disclaimers or marketing tag lines, to messages. Annotations

Automatically send emails notifying specific persons or groups when certain message conditions are encountered during message filtering. Create different notifications for different conditions or user groups. Notifications

Virus outbreak alerts, expanded logging of virus events Expanded virus monitoring Improved reporting and monitoring

Symantec Security Information Manager (SSIM) logging support

Expanded logging

During a virus outbreak, you can temporarily pause scanning until new virus filters are in place. Global reject or pause

of message scanning Expanded

administration capabilities

While the names of features are largely the same, you will find some changes to the organization of menus. Most importantly, you will now find a Policies menu

Changes for Symantec Brightmail Antispam users

(31)

at the top level, breaking out Group Policies (under the Settings menu in Symantec Brightmail Antispam 6.0.3), and including other items as well.

31 Feature Cross-Reference

(32)

Changes for Symantec Brightmail Antispam users

(33)

A

architecture overview 13

B

balance load 20

basic gateway deployment 21

D

deployment considerations 17 gateway 21 models 21 multi-tier gateway 22–23 post-gateway 23–24

F

features 27

discontinued from Symantec Mail Security for SMTP 4.1 29

name changes 29

Symantec Brightmail Antispam, new or changed features from 29

Symantec Mail Security for SMTP, new or changed features 27 Filtering understanding 25 filtering intra-enterprise 18 Filtering Engine 14 Filtering Hub 14 flow of messages 13 functional overview overview 12

G

gateway deployment advantages 21

gateway deployment (continued) basic 21

considerations 22 multi-tier 22

general deployment considerations 17

H

help 14

K

key features overview 9

L

LDAP compatibility 18 supported servers 18 load balancing 20

M

mail flow 13 message filtering intra-enterprise 18 MTAs using additional 17

multi-tier gateway deployment 22 advantages 22 considerations 23 MX records adjusting 20

N

new features overview 10

P

positioning with other filtering products 18 post-gateway deployment 23

advantages 24

(34)

post-gateway deployment (continued) considerations 24

S

Scanners 12 configuring 17 supported LDAP servers 18

T

Transformation Engine 13

U

Understanding filtering 25 Index 34