Symantec™ Mail Security for Microsoft® Exchange
Getting Started Guide
The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.
Documentation version 6.5 PN: 20973766
Legal Notice
Copyright © 2010 Symantec Corporation. All rights reserved.
Federal acquisitions: Commercial Software - Government Users Subject to Standard License Terms and Conditions.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,
PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be "commercial computer software" and "commercial computer software documentation" as defined in FAR Sections 12.212 and DFARS Section 227.7202.
Symantec Corporation
Getting Started
... 5Introducing Symantec™ Mail Security for Microsoft® Exchange ... 5
What's new in Mail Security ... 5
Components of Mail Security ... 8
Before you install ... 10
About security and access permissions ... 12
System requirements ... 13
Server system requirements ... 13
Console system requirements ... 15
Installation options ... 16
Migrating to version 6.5 ... 17
Getting Started
Introducing Symantec™
Mail Security for Microsoft® Exchange
Symantec™ Mail Security for Microsoft® Exchange (a member of the Symantec Information Foundation™ product family) is a complete, customizable, and scalable solution that scans email that passes through or resides on the Microsoft Exchange server.
Mail Security protects your Exchange server from the following:
■ Threats (such as viruses, Trojan horses, worms, and denial-of-service attacks)
■ Security risks (such as adware and spyware)
■ Unwanted file attachments
■ Unsolicited email messages (spam)
Mail Security also lets you manage the protection of one or more Exchange servers from a single console.
The Exchange environment is only one avenue by which a threat or security risk can penetrate a network. For complete protection, ensure that every computer and workstation is protected by an antivirus solution.
What's new in Mail Security
Table 1 New and enhanced features Description Feature
Mail Security supports Exchange Server 2010 on the following roles:
■ Edge Transport
■ Hub Transport
■ Mailbox Support for Exchange Server 2010
Global Group consists of all the servers that are managed through Mail Security console. When you configure and apply Global Group settings, the changes are propagated to all the servers in all the groups. Changes that are made at the Global Group level overwrites group settings of all individual and user-defined servers.
Addition of a Global Group for Exchange Server 2010
Manual scans run on-demand and scan public folders and mailboxes. Scheduled scans run unattended usually at off-peak periods. All policies apply to manual and to scheduled scans, except antispam. You can specify which file folders and mailboxes to scan during a manual or scheduled scan. You can also specify the content filtering rules that you want to enable for the manual or scheduled scan.
Support for Manual and Scheduled Scan in Exchange Server 2010
Mail Security provides comprehensive content filtering for messages and attachment content. It supports more than 300 attachment types. Mail Security lets you create content filtering rules that apply to SMTP inbound and outbound mails and the Exchange Information Store . Content filtering rules let you filter messages for attachment names, attachment content, specific words, phrases, subject lines, and senders or recipients. It provides pre-cooked match list and let you define your own match list. You can also set content filtering rules for attachment size.
Support for Filtering contents in Exchange Server 2010
Getting Started
Table 1 New and enhanced features (continued) Description Feature
Web links are provided in the product installer that assist and guide you to troubleshoot the failures that are
encountered during installation. These links provide more information about the failure or a similar failure and the resolution steps and recommendations.
Troubleshooting installation issues with common error dialog
■ Through Antispam processing Mail Security 6.5 has a provision to reduce the processing time that is required for AntiSpam processing . The Fastpass feature conserves resources by providing a temporary exemption from spam scanning for senders with a demonstrated history of sending no spam messages. Thus senders with the best local reputation are exempted from spam scanning. Mail Security automatically collects local sender reputation data to support Fastpass determinations and regularly re-evaluates the senders that are granted a pass.
■ By turning off performance counters for logging
Mail Security 6.5 lets you configure performance counters for logging. By default, this counter is enabled. However, to improve Mail Security's scanning performance, these performance counters for logging can be turned off by adding following registry key and setting its value to 1.
Registry key for 32-bit platform: HKEY_LOCAL_MACHINE\SOFTWARE\ Symantec\SMSMSE\6.5
\Server\TurnOffPerfCounters Registry key for 64-bit platform: HKEY_LOCAL_MACHINE\SOFTWARE \Wow6432Node\Symantec\SMSMSE\6.5\ Server\TurnOffPerfCounters
Restart Mail Security service after setting this registry key.
Performance improvements
Note:Mail Security 6.5 does not support Windows 2000 and Exchange Server
2000.
Components of Mail Security
Table 2lists the components of Mail Security. Table 2 Product components
Location on the product CD
Description Component
\SMSMSE\Install\ This software protects your
Exchange servers from threats (such as viruses and denial-of-service attacks) and security risks (such as adware and spyware). It also detects spam email messages and unwanted content. This software protects your Exchange servers from threats (such as viruses and denial-of-service attacks), security risks (such as adware and spyware). It also detects spam email messages and unwanted email attachments. Symantec Mail Security for
Microsoft Exchange Getting Started
Table 2 Product components (continued)
Location on the product CD
Description Component
\ADMTOOLS\LUA\ This utility lets you configure
one or more intranet FTP, HTTP, or LAN servers to act as internal LiveUpdate servers. LiveUpdate lets Symantec products download program and definition file updates directly from Symantec or from a LiveUpdate server. For more information, see the LiveUpdate
Administrator
documentation on the Mail Security product CD in the following location: \DOCS\LUA\ LiveUpdate™ Administration
Utility
\ADMTOOLS\DIS This utility lets Mail Security
forward infected messages and messages that contain certain types of violations from the local quarantine to the Central Quarantine, which acts as a central repository.
For more information, see the Symantec Central
Quarantine Administrator's Guide on the Mail Security
Table 2 Product components (continued)
Location on the product CD
Description Component
\ADMTOOLS\Mgmt_Pack This component lets you
integrate Symantec Mail Security for Microsoft Exchange events with Microsoft Operations Manager 2005 (MOM). If you use Microsoft Exchange 2003, this component also lets you integrate Mail Security events with Microsoft System Center Operations Manager 2007 (SCOM). Pre-configured Computer Groups, Rule Groups/Rules, and Providers are automatically created when you import the management pack. These rules monitor specific Symantec Mail Security for Microsoft Exchange events in the Windows Event Log and the Windows Performance Monitor. For more information, see the Symantec Mail Security
for Microsoft Exchange Management Pack.
Mail Security for Microsoft Exchange Management Pack
Before you install
Ensure that you meet all system requirements before you install Mail Security. Select the installation plan that best matches your organization's needs, and ensure that you have met the pre-installation requirements.
See“System requirements”on page 13. See“Installation options”on page 16.
Mail Security supports upgrades from Mail Security 4.6x and higher. If Mail Security detects an older version of the product on your computer, the installer Getting Started
automatically uninstalls the prior version. The installer then continues with the installation. If you want to uninstall the previous version manually, do so before installing the current version of Mail Security.
If you are installing Mail Security on an Exchange Server 2007 or Server 2010, install the product on all of the following server roles in your organization:
■ Edge Transport servers, if available
■ Hub Transport servers
■ Mailbox servers
You must uninstall and reinstall the product if you change the server role on which Mail Security is installed.
Mail Security automatically installs custom transport agents when you install the product on Hub Transport or Edge Transport servers. The Mail Security transport agents consist of an antispam transport agent and an antivirus transport agent. By default, the Mail Security transport agents are installed with a lower priority than the Exchange transport agents. If you modify your transport agent priorities, ensure that the Mail Security transport agents remain a lower priority than the Exchange transport agents.
Do the following before you install the product:
■ If you are running Symantec Brightmail™ AntiSpam on the same server on which you want to install Mail Security, you must uninstall Symantec Brightmail AntiSpam before you install Mail Security. It is recommended that you not run Mail Security on the same server as Symantec Brightmail AntiSpam.
■ If you are using the email tools feature of Symantec AntiVirus™ Corporate Edition, you must uninstall the feature before you install Mail Security. The email tools feature of Symantec AntiVirus™ is not compatible with Mail Security or Microsoft Exchange.
■ If you are running any antivirus software that is on the server on which you want to install Mail Security, you must disable it before you install Mail Security.
After installation but before you re-enable the antivirus protection, configure your other antivirus programs to exclude certain folders from scanning.
■ Log on as a Windows domain administrator to install Mail Security components correctly.
■ Modify your screen resolution to a minimum of 1024 x 768. Mail Security does not support a resolution less than 1024 x 768.
■ Configure the default receive connector for the Exchange Hub Transport server to permit connections from anonymous users.
Before you install Mail Security on Exchange 2010 mailbox role, you must specify a domain user account. The domain user account must fulfill the following criteria.
■ Mail Security uses the domain user account as a service account and this account must have a mailbox.
■ The user must be a member of Organization Management group under the Microsoft Exchange Security Groups Organizational Unit.
■ By default, Organization Management group is a member of the local
Administrators group on all the exchange servers in the organization. If not,
then add the user to the local Administrators group.
■ You may use different user account for installations of Mail Security on other Exchange 2010 mailbox servers within that domain for better performance.
■ When the user updates the password, the same password must be provided to the Mail Security Service on all Exchange 2010 mailbox role servers.
Note:While installing Mail Security on local Exchange 2010 Mailbox server, in the Logon Information screen, specify the domain user credentials in the User
name and Password fields. Mail Security provides this user account Application Impersonation and Logon as service rights.
Ensure that the following IIS Role Service components are installed when you install Mail Security on Windows Server 2008 for Exchange 2010 and 2007 servers. This installation is applicable for both remote installation and local installation.
■ Application Development - ASP.NET
■ Security - Windows Authentication
■ Management Tools - IIS management console , IIS 6 Scripting Tools
About security and access permissions
Mail Security automatically creates the following user groups and assigns them access when you install the product:
Getting Started
Permits read and write access to all Mail Security components and features. Users in this group can change settings for Mail Security through the console. The user who installs Mail Security is automatically added to the SMSMSE Admins group.
SMSMSE Admins
Permits read-only access to Mail Security components and features.
Users in this group cannot change settings for Mail Security. Users can view reports, event logs, and settings through console-only installations. SMSMSE Viewers
The user groups are domain-wide for Active Directory. You can use the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in to change membership in the groups.
Users must be designated in one of the SMSMSE user groups to access the product. For example, administrators who are not in one of the SMSMSE user groups are not granted access to Mail Security. Adding a user to the SMSMSE Admins group does not automatically grant the user Windows Local Administrator, Windows Domain Administrator, or Exchange administrator rights.
Security is also set for the Mail Security registry key and file folders during the security set-up process. You must have administrator access to the local servers and domain administrator rights for the security set-up to proceed.
System requirements
Ensure that you meet the appropriate system requirements for the type of installation that you are performing.
See“Installation options”on page 16.
Server system requirements
You must have domain administrator-level privileges to install Mail Security. The server system requirements are as follows:
The operating system requirements for Microsoft Exchange 2010 are as follows:
■ Windows Server 2008 with SP2 (64-bit) Standard or Enterprise Edition
■ Windows Server 2008 R2 (64-bit) Standard or Enterprise Edition The operating system requirements for Microsoft Exchange 2007 are as follows:
■ Windows Server 2008 with SP1or later (64-bit) Standard or Enterprise Edition
■ Windows Server 2003 with SP2 (64-bit) Standard or Enterprise Edition
■ Windows Server 2003 R2 (64-bit) Standard or Enterprise Edition The operating system requirements for Microsoft Exchange 2003 are as follows:
■ Windows Server 2003 SP1/SP2/R2 Standard or Enterprise or Data Center Edition
Operating system
The Exchange platform requirements for Microsoft Exchange 2007/2010 are as follows:
■ Exchange Server 2007 SP1/SP2
■ Exchange Server 2010
■ Intel(TM) Pentium II 266 MHz or higher processor; recommended Intel Pentium or compatible 733MHz processor
Requirement for Exchange Server 2003 only
■ x64 architecture-based processor that supports Intel Extended Memory 64 Technology (Intel EM64T)
x64 architecture-based computer with AMD 64-bit processor that supports AMD64 platform
Requirement for Exchange Server 2007/Server 2010 only
■ Only for Exchange 2007 Mailbox server role, Exchange Server MAPI client and Collaboration Data Objects 1.2.1
Requirement for mailbox role of Exchange Server 2007 only
■ 1 GB of memory for Mail Security besides the minimum requirements for the operating system and Exchange. Approximately 4GB or more of memory is required.
■ 500-MB disk space is required for Mail Security. This space does not include disk space required for items such as quarantined messages and attachments, reports, and log data.
■ .NET Framework version 2.0
■ MDAC 2.8 or higher
■ DirectX 9 or higher
■ Microsoft Internet Information Services (IIS) Manager Requirement for Exchange Server 2007 only
■ Only for Exchange Server 2010, Microsoft .NET Framework 3.5 and Microsoft Windows Powershell 2.0
Minimum system requirements
Ensure that the components.NET Framework, MDAC, and DirectX are installed before you install Mail Security.
Adobe Acrobat Reader is not a requirement to install and run Mail Security. However, it is required to view the reports that are generated in .pdf format. You can download Adobe Acrobat Reader fromwww.adobe.com.
For more information, see the Symantec Mail Security for Microsoft Exchange
Implementation Guide.
Console system requirements
You can install the Mail Security console on a computer on which Mail Security is not installed. The console system requirements are as follows:
■ Windows Server 2003/R2/SP2
■ Windows XP
■ Windows Vista 32-bit
■ Windows Server 2008/R2/SP2 Standard and Enterprise Edition
■ Windows 7 Operating system
■ 512 MB RAM
■ 162 MB available disk space
This does not include the space required for items such as quarantined messages and attachments, reports, and log data.
■ .NET Framework version 2.0
■ Microsoft Internet Information Services (IIS) Manager Requirement is for Exchange Server 2007 only
Ensure that .NET Framework is installed before you install Mail Security.
Minimum system requirements
Adobe Acrobat Reader is not a requirement to install and run the Mail Security Console. However, it is required to view the reports that are generated in .pdf format. You can download Adobe Acrobat Reader fromwww.adobe.com.
Installation options
Use any of the following installation procedures, depending on the type of installation that you want to perform:
You can install or upgrade Mail Security on a local computer that is running the Microsoft Exchange server.
Local server
You can install Mail Security on remote servers through the product console.
Remote server
You can install the product console on a computer that is not running Mail Security. This lets you manage your servers from any computer that has access to your Exchange servers. Console
You can install Mail Security using automated installation tools.
Silent/automated installation
You can install Mail Security in a Microsoft Cluster environment.
Microsoft cluster server
You can install Mail Security in a Veritas cluster environment. Veritas cluster server
For more information about installation procedures, see the Symantec Mail Security
for Microsoft Exchange Implementation Guide.
Migrating to version 6.5
Mail Security supports upgrades from Mail Security 4.6x and higher.
Table 3lists the settings that do not migrate from version 5.x to the new version. Table 3 Version 5.x migration settings
Description Setting
This feature is no longer supported.
Enable and configure Symantec Premium AntiSpam for spam detection.
Heuristic antispam
The “Save to folder” option is no longer supported. If “Save to folder” was a disposition for a content filtering rule, the disposition is set to “Log Only.” The “Add X-header” settings associated with the “Save to folder” disposition has been removed.
In the Symantec Premium AntiSpam settings, the “Save to folder” settings and the “Add X-header” settings associated with them have been removed. The “Add X-header” settings that are not associated with the “Save to folder” settings migrate as is.
Save to folder option
These items do not migrate. Report templates and the
report database
This feature is no longer supported. SESA Alerts
These settings do not migrate. Re-enable and schedule background scanning.
Background scanning
Mail Security does not support upgrades from 5.0 on Veritas Cluster Server configurations.
Veritas Cluster Server configurations
If you are upgrading from 4.6x, the policy settings are incorporated into the applicable policy on the new installation. Mail Security 5.x and higher does not contain a separate multiserver console. Single and multiple servers are
administered from the same console. Multiserver console settings do not migrate to the new version. Custom policies, heuristic antispam settings, content filtering rules, and report templates do not migrate to the new version.
Table 4lists the migrations from version 4.6x to the new version. Table 4 Version 4.6x migration settings
Description Setting
Migrates to the new version as the standard policy. Auto-protect
This feature is no longer supported.
Enable and configure Symantec Premium AntiSpam for spam detection.
Heuristic antispam
These settings are no longer supported. Macro Virus Rule
These settings are no longer supported. Bloodhound Virus Rule
These settings do not migrate. Mass-Mailer Virus Rule
This feature is no longer supported. HeartBeat
These settings do not migrate. Filtering subpolicy
This feature is no longer supported. Messenger Service Alerts
This feature is no longer supported. AMS Alerts
This feature is no longer supported. SESA Alerts
These settings do not migrate. Scheduled scans
These settings do not migrate. Manual scans
This rule is migrated to a new rule — File Name Rule. Attachment Blocking rule
These settings do not migrate. Outbreak settings
This feature is no longer supported. Content Dictionary
Reports cannot be viewed through the console.
Reports that you generated in version 4.6x are copied to the following directory:
<Installation directory>\Server\Reports\4.6
You can view a report by opening it from this directory. Generated reports
These features and documents do not migrate. Report templates and the
report database
These settings do not migrate. Re-enable and schedule background scanning.
Background scanning Getting Started
Where to get more information about Mail Security
Mail Security includes a comprehensive help system that contains conceptual, procedural, and context-sensitive information.Press F1 to access information about the page on which you are working. If you want more information about features that are associated with the page, select a More Information link in the Help page, or use the Table of Contents, Index, or Search tabs in the Help viewer to locate a topic.
The Symantec Mail Security for Microsoft Exchange Implementation Guide provides information about using this product and is found on the product CD in the following location:
\DOCS\SMSMSE\
You can visit the Symantec Web site for more information about your product; the following online resources are available:
■ Provides access to the technical support Knowledge Base, newsgroups, contact information, downloads, and mailing list subscriptions
www.symantec.com/techsupp/ent/enterprise.html
■ Provides information about registration, frequently asked questions, how to respond to error messages, and how to contact Symantec License
Administration
www.symantec.com /licensing/els/help/en/help.html
■ Provides product news and updates
www.symantec.com/enterprise/index.jsp
■ Provides access to the Threat Explorer, which contains information about all known threats
www.symantec.com/enterprise/security_response/threatexplorer/azlisting.jsp
Getting Started