Symantec 10547849 - Mail Security For SMTP, Mail Security for SMTP Installation Manual

Symantec Mail Security for SMTP Installation Guide

The software described inthis book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

Legal Notice

Federal acquisitions: Commercial Software - Government Users Subject to Standard License Terms and Conditions.

Symantec, the Symantec Logo are trademarks or registered trademarks of Symantec Corporationor itsaffiliates in the U.S. and other countries. Othernames may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "ASIS" AND ALL EXPRESSOR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLYINVALID. SYMANTEC CORPORATION SHALLNOT BE LIABLE FORINCIDENTAL OR CONSEQUENTIAL DAMAGESIN CONNECTION WITH THEFURNISHINGPERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Softwareand Documentation are deemedtobe "commercialcomputersoftware" and "commercial computer software documentation" as defined in FAR Sections 12.212 and DFARS Section 227.7202.

Symantec Corporation 20330 Stevens Creek Blvd. Cupertino, CA 95014 USA

http://www.symantec.com

Technical Support

Symantec Technical Support maintains support centers globally. Technical Support’s primary role is to respond to specific queries about product feature and function, installation, andconfiguration. The Technical Supportgroup also authors content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates.

Symantec’s maintenance offerings include the following:

■ A range of support options that give you the flexibility to select the right

amount of service for any size organization

■ A telephone and web-based support that provides rapid response and

up-to-the-minute information

■ Upgrade insurance that delivers automatic software upgrade protection

■ Global support that is available 24 hours a day, 7 days a week worldwide.

Support is provided in a variety of languages for those customers that are enrolled in the Platinum Support program

■ Advanced features, including Technical Account Management

For information about Symantec’s Maintenance Programs, you can visit our Web site at the following URL:

www.symantec.com/techsupp/ent/enterprise.html

Select your country or language under Global Support. The specific features that are available may vary based on the level of maintenance that was purchased and the specific product that you are using.

Contacting Technical Support

Customers with a current maintenance agreement may access Technical Support information at the following URL:

www.symantec.com/techsupp/ent/enterprise.html

Select your region or language under Global Support.

Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to recreate the problem.

When you contact Technical Support, please have the following information available:

■ Product release level

■ Hardware information

■ Available memory, disk space, and NIC information

■ Operating system

■ Version and patch level

■ Network topology

■ Router, gateway, and IP address information

■ Problem description:

■ Error messages and log files

■ Troubleshooting that was performed before contacting Symantec

■ Recent software configuration changes and network changes

Licensing and registration

If your Symantec product requires registration or a license key, access ourtechnical support Web page at the following URL:

www.symantec.com/techsupp/ent/enterprise.html

Select your region orlanguage under Global Support, and then select the Licensing and Registration page.

Customer service

Customer service information is available at the following URL:

www.symantec.com/techsupp/ent/enterprise.html

Select your country or language under Global Support.

Customer Service is available to assist with the following types of issues:

■ Questions regarding product licensing or serialization

■ Product registration updates such as address or name changes

■ General product information (features, language availability, local dealers)

■ Latest information about product updates and upgrades

■ Information about upgrade insurance and maintenance contracts

■ Information about the Symantec Value License Program

■ Advice about Symantec's technical support options

■ Nontechnical presales questions

■ Issues that are related to CD-ROMs or manuals

Maintenance agreement resources

If you want to contact Symantec regarding an existing maintenance agreement, please contact the maintenance agreement administration team for your region as follows:

■ Asia-Pacific and Japan: contractsadmin@symantec.com

■ Europe, Middle-East, and Africa: semea@symantec.com

■ North America and Latin America: supportsolutions@symantec.com

Additional Enterprise services

Symantec offers a comprehensive set of services that allow you to maximize your investment in Symantec products and to develop your knowledge, expertise, and global insight, which enable you to manage your business risks proactively. Enterprise services that are available include the following:

These solutions provide early warning of cyber attacks, comprehensive threat analysis, and countermeasuresto preventattacks before they occur.

Symantec Early WarningSolutions

These services remove the burden of managing and monitoring security devices and events, ensuring rapid response to real threats.

Managed Security Services

Symantec Consulting Services provide on-site technical expertise from Symantec and its trusted partners. Symantec Consulting Services offer a variety of prepackaged andcustomizableoptions that include assessment, design,implementation,monitoringand management capabilities, each focused on establishing and maintainingthe integrity andavailabilityof your IT resources.

Consulting Services

Educational Services provide a full array of technical training, security education, security certification, and awareness communication programs.

Educational Services

To access more information about Enterprise services, please visit our Web site at the following URL:

www.symantec.com

Select your country or language from the site index.

Technical Support

Chapter 1 About Symantec Mail Security

Key features ... ....... ... ....... ... ....... .......... ....... ... ....... .......... ....... ... ..... 9

New features ...... ....... ... ....... .......... ....... ... ....... ... ....... ....... ... ....... .. 10

Functional overview ..... ... ....... .......... ....... ... ....... .......... ....... ... ....... . 12

Architecture ... ... ....... .......... ....... ... ....... .......... ....... ... ....... ... ....... .. 13

Firewall rules .. ....... .......... ....... ... ....... ... ....... .......... ....... ... ....... ...... 15

Where to get more information ......... ....... ... ....... .......... ....... ... ....... .. 16

Chapter 2 Installing Symantec Mail Security for SMTP

Before you install ....... ... ....... ... ....... .......... ....... ... ....... .......... ....... .. 19

Before you install on any platform .. ... ....... ....... ... ....... ... ....... ...... 19

Before you install on Windows ...... ... ....... .......... ....... ... ....... ....... 22

Before you install on Solaris or Linux .... ... ....... ... ....... .......... ....... 23

Before you upgrade ..... ....... ... ....... .......... ....... ... ....... ... ....... ...... 25

System requirements ....... ....... ... ....... ... ....... .......... ....... ... ....... ....... 25

Hardware requirements .. ....... ... ....... ... ....... ....... ... ....... ... ....... ... 26

Supported browsers ... ... ....... .......... ....... ... ....... ... ....... ....... ... .... 26

Supported LDAP servers ... ....... ... ....... ....... ... ....... ... ....... .......... . 26

System requirements for Windows ....... ....... ... ....... .......... ....... ... 26

System requirements for Solaris .......... ....... ... ....... .......... ....... ... 27

System requirements for Linux . ....... ... ....... .......... ....... ... ....... ... . 27

Installing on Windows ......... ....... ... ....... .......... ....... ... ....... .......... .... 27

Installing on Solaris and Linux .... ....... ... ....... .......... ....... ... ....... ... .... 30

Setting up . ....... ... ....... .......... ....... ... ....... .......... ....... ... ....... ... ....... . 32

Logging in ...... .......... ....... ... ....... .......... ....... ... ....... ... ....... ....... 33

Registering your system ...... .......... ....... ... ....... .......... ....... ... ..... 33

Configuring your system .. .......... ....... ... ....... ... ....... .......... ....... .. 34

Setting up a Scanner . ... ....... ....... ... ....... ... ....... .......... ....... ... ..... 38

Completing setup ... ....... ... ....... ....... ... ....... ... ....... .......... ....... ... 42

Adding more Scanners .... ... ....... .......... ....... ... ....... .......... ....... ... ..... 42

Setting mail filtering policies .... ....... ... ....... ... ....... .......... ....... ... ...... 42

Testing Scanners ...... .......... ....... ... ....... .......... ....... ... ....... ... ....... .... 43

Accessing the Control Center .. .......... ....... ... ....... ... ....... ....... ... ....... .. 43

Contents

Logging out .... ....... ... ....... .......... ....... ... ....... ... ....... ....... ... ....... 47

Having trouble logging in or out? . ....... .......... ....... ... ....... ... ....... . 47

Areas of localization ....... .......... ....... ... ....... ... ....... ....... ... ....... ... ..... 47

Importing configuration files . ....... ....... ... ....... ... ....... .......... ...... 48

Configuring system locale ... .......... ....... ... ....... ... ....... ....... ... ...... 49

Uninstalling Symantec Mail Security for SMTP ... ... ....... ....... ... ....... ... . 49

Uninstalling from Windows ....... ... ....... .......... ....... ... ....... .......... 49

Uninstalling from Linux and Solaris ...... .......... ....... ... ....... ......... 50

Appendix A Sample options file

About the sample options file ...... ....... ... ....... .......... ....... ... ....... ... .... 53

Appendix B Integrating Symantec Mail Security with Symantec

Security Information Manager

About Symantec Security Information Manager .. ....... ... ....... ... ....... .... 57

Interpreting events in the Information Manager ...... ... ....... .......... ...... 58

Firewall events that are sent to the Information Manager . ... ....... ... 59

Definition Update events that are sent to the Information

Manager .... .......... ....... ... ....... .......... ....... ... ....... ... ....... ..... 59

Message events that are sent to the Information Manager .. ....... ..... 60

Administration events that are sent to the Information

Manager .... .......... ....... ... ....... .......... ....... ... ....... ... ....... ..... 61

Installing and configuring event logging to the Information

Manager .... .......... ....... ... ....... .......... ....... ... ....... ... ....... .......... . 63

Configuring the Information Manager ..... ... ....... ....... ... ....... ... ..... 64

Installing the local SSIM Agent ..... .......... ....... ... ....... ... ....... ...... 64

Installing the Collector ... ....... .......... ....... ... ....... .......... ....... ... ... 66

Configuring data sources ...... ....... ... ....... .......... ....... ... ....... ... .... 66

Uninstalling Information Manager components ..... .......... ....... ... ....... 68

Uninstalling the Collector .... ... ....... ... ....... .......... ....... ... ....... ..... 68

Uninstalling the Information Manager Agent ...... ....... ... ....... ....... 69

Index

Contents8

About Symantec Mail Security

This chapter includes the following topics:

■ Key features

■ New features

■ Functional overview

■ Architecture

■ Firewall rules

■ Where to get more information

Key features

Symantec Mail Security offers enterprises an easy-to-deploy, comprehensive gateway-based email security solution through the following features:

■ Email Firewall - This early response feature improves message throughput by

analyzing incoming SMTP connections, comparing them to industry-generated lists of known hostile senders and enabling you to refuse connections or email messages from those hosts.

■ Antispam technology – Symantec's state-of-the-art spam filters assess and

classify email as it enters your site.

■ Antivirus technology – Virus definitions and engines protect your users from

email-borne viruses.

Chapter

■ Content Compliance – These features help administrators enforce corporate

policies, reduce legal liability, and ensure compliance with regulatory requirements.

■ Group policies and filter policies – An easy-to-use authoring tool lets

administrators create powerful, flexible ad hoc filters for users and groups.

New features

The following table lists the features that have been added to this version of Symantec Mail Security:

Table 1-1

New features for Symantec Mail Security (all users)

DescriptionFeaturesCategory

Protects against directory-harvest attacks, denial-of-service attacks, spam attacks, and virus attacks.

Improved email firewall

Threat protection features

Protects against phishing attacks, using the Sender Policy Framework (SPF), Sender ID, or both.

Sender Authentication

Additional virus verdicts protect against suspected viruses, spyware, and adware and quarantine messages with suspicious encrypted attachments.

Email messages that may contain viruses can be delayed in the Suspect Virus Quarantine, then refiltered, withupdated virus definitions,if available. This feature tcan be effective in defeating virus attacks before conventional signatures are available.

View a list of available virus-definition updates.

Improved virus protection

Automatically detects file types without relying on file name extensions or MIME types.

True file type recognition for content compliance filtering

Inbound and outbound content controls

Scan within attachments to find keywords from dictionaries you create or edit. Specify a number of occurrences to look for.

Keywords filtering within attachments, keyword frequency filtering

Use regular expressions to further customize filter conditions by searching within messages and attachments.

Regular expression filtering

About Symantec Mail Security

New features

Table 1-1

New features for Symantec Mail Security (all users) (continued)

DescriptionFeaturesCategory

Specify conditions that result in email being sent to an archival email address or disk location.

Support for Enterprise Vault and third-party archival tools

Dynamic group population via any of several supported LDAP servers

LDAP integrationFlexible mail management

More than two dozen actions that can be taken, individually or in combination, on messages

Expanded variety of

actions and

combinations

SMTP connection management, including supportfor secure email (TLS encryption, with security level depending on platform); for user-based routing and static routes; for address masquerading, invalid recipient handling, and control over delivery-queue processing

Expanded mail

controls

Distribution lists automatically expanded, mail filtered and delivered correctly for each user

Aliasing

More than 50 graphical reports that you can generate ad-hoc or on a scheduled basis. Reports can be exported for offline analysis and emailed.

Extensive set of

pre-built reports,

scheduled reporting,

and additional alert

conditions

Improved reporting and monitoring

View a trail of detailed information about a message, including the filtering processing applied to a message.

Message tracking

Control which hosts and networks can access your Control Center.

IP-based access

control

Expanded administration capabilities

Specify user-based and total limits, configure automatic message deletions.

Control over

Quarantine size

limits

11About Symantec Mail Security

New features

Table 1-1

New features for Symantec Mail Security (all users) (continued)

DescriptionFeaturesCategory

Support for double-byte character sets.

Language autodetection of messages for Quarantine and of subject encodings for message handling.

Support for non-ASCII LDAP source descriptions.

Support for non-ASCII character sets

Enhanced localization capabilities

Functional overview

Each Symantec Mail Security Scanner uses the following three separate message transfer agents MTAs:

The component that sends inbound and outbound messages that have already been filtered to their required destinations. To do this, the delivery MTA uses the filtering results and the configuration settings for relaying inbound and outbound mail.

Delivery MTA

The component that receives inbound mail and forwards it to the Filtering Hub for processing.

Inbound MTA

The component that receivesoutbound mail and forwards it to the Filtering Hub for processing.

Outbound MTA

You can deploy Symantec Mail Security in different configurations to best suit the size of your network and your email processing needs.

Note: Symantec Mail Security provides neither mailbox access for end users nor message storage. It is not intended for use as the only MTA in your email infrastructure.

Each Symantec Mail Security host can be deployed in the following ways:

Deployed as a Scanner, a Symantec Mail Security host filtersemail for viruses, spam, and noncompliant messages. You can deploy Scanners on exisiting email or groupware server(s).

Scanner

About Symantec Mail Security

Functional overview

Deployed as aControlCenter, a Symantec MailSecurityhost allows you to configureand manage emailfiltering,SMTP routing, system settings, and all other functions from a Web-based interface. Multiple Scanners can be configured and monitored from your enterprise-wide deployment of Symantec Mail Security, but only one Control Center can be deployed to administer all the Scanner hosts.

The Control Center provides information on the status of all Symantec Mail Security hosts in your system, including system logs and extensive customizable reports. Use the Control Center to configure both system-wide and host-specific details.

The Control Center provides the Setup Wizard, for initial configuration ofall Symantec MailSecurityinstances at your site, and also the Add Scanner Wizard, for adding new Scanners.

The Control Centrer also hosts the Spam and Suspect Virus Quarantines to isolate and store spam and virus messages, respectively. End userscan view theirquarantinedspam messages and set their preferences for language filtering and blocked and allowed senders. Alternatively, you can configureSpam Quarantine for administrator-only access.

Control Center

A single Symantec Mail Security host performs both functions.Scanner and Control

Center

Note: Symantec Mail Security does not filter messages that do not flow through the SMTP gateway. For example, when two mailboxes reside on the same MS Exchange Server, or on different MS Exchange Servers within an Exchange organization, their messages will not pass through the Symantec Mail Security filters.

Architecture

Figure 1-1 shows how a Symantec Mail Security installation processes an email

message, assuming the sample message passes through the Filtering Engine to the Transformation Engine without being rejected.

13About Symantec Mail Security

Architecture

Figure 1-1

Symantec Mail Security architecture

Messages proceed through the installation in the following way:

■ The incoming connection arrives at the inbound MTA via TCP/IP.

■ The inbound MTA accepts theconnection and moves the message to its inbound

queue.

■ The Filtering Hub accepts a copy of the message for filtering.

■ The Filtering Hub consults the LDAP SyncService directory to expand the

message's distribution list.

■ The Filtering Engine determines each recipient's filtering policies.

■ The message is checked against Blocked/Allowed Senders Lists defined by

administrators.

■ Virus and configurable heuristic filters determine whether the message is

infected.

About Symantec Mail Security

Architecture

■ Content Compliance filters scan the message for restricted attachment types,

regular exessions, or keywords as defined in configurable dictionaries.

■ Spam filters compare message elements with current filters published by

Symantec Security Response to determine whether the message is spam. At this point, the message may also be checkedagainst end-user defined Language settings.

■ The Transformation Engine performs actions per recipient based on filtering

results and configurable Group Policies.

Firewall rules

The following table shows the necessary firewall rules forSymnatec Mail Security. These assignments may differ slightly depending on your environment and filtering types (inbound, outbound, or both).

Table 1-2

Firewall rules for Symantec Mail Security

DescriptionToFromProtocolPort

Inbound internet mail trafficSymantec Mail

Security

InternetTCP25

Inbound internal mail trafficInternal mail

servers

Symantec Mail Security

TCP25

Outbound internal mail trafficSymantec Mail

Security

Internal mail servers

TCP25

Outbound internet mail trafficInternet mail

hosts

Symantec Mail Security

TCP25

Rapid response antivirus updatesInternetSymantec Mail

Security

TCP21

Default automatic antivirus updatesInternetSymantec Mail

Security

TCP80

Rule updates andlicense registrationInternetSymantec Mail

Security

TCP443

LDAP server access to synchronize users/groups/d-lists

LDAP serversSymantec Mail

Security

TCP389

LDAP server access to synchronize users/groups/d-lists(Global Catalog Access)

LDAP serversSymantec Mail

Security

TCP3268

15About Symantec Mail Security

Firewall rules

Table 1-2

Firewall rules for Symantec Mail Security (continued)

DescriptionToFromProtocolPort

Communication between the Control Center and Scanners

ScannersControl CenterTCP41002

Communication between the Control Center and Scanners

Control CenterScannersTCP41002

To send quarantined messages to the Control Center

Control CenterScannersTCP41025

Disabled by defaultControl CenterManagement

hosts

TCP41080

Web management port for the Control Center

Control CenterManagement

hosts

TCP41443

Symantec Mail Security also uses the following web addresses:

DescriptionPortProtocolURL

Used to register Symantec Mail Security

443TCPregister.brightmail.com

Used to retrieve filters443TCPaztec.brightmail.com

Used to retrieve automatic antivirus updates

80TCPliveupdate.symantecliveupdate.symantec.com

Used to retrieve automatic antivirus updates

80TCPliveupdate.symantec.com

Used to retrieve Rapid Response antivirus updates

21TCPupdate.symantec.com

Where to get more information

The Symantec MailSecuritydocumentationset consists ofthe following manuals:

■ Symantec Mail Security Administration Guide

■ Symantec Mail Security Planning Guide

■ Symantec Mail Security Installation Guide

■ Symantec Mail Security Getting Started

About Symantec Mail Security

Where to get more information

Symantec Mail Security also includes a comprehensive help system that contains conceptual and procedural information.

You can visit the Symantec Web site for more information about your product. The following online resources are available:

www.symantec.com/enterprise/supportProvides access to the technical support Knowledge Base, newsgroups, contact information, downloads, and mailing list subscriptions

www.symantec.com

/licensing/els/help/en/help.html

Provides information about registration, frequently asked questions, how to respond to error messages, and how to contactSymantec License Administration

www.enterprisesecurity.symantec.comProvides product news and updates

www.symantec.com/security_responseProvides access to the Virus Encyclopedia, which contains information about all known threats; information about hoaxes; and access to white papers about threats

17About Symantec Mail Security

Where to get more information

About Symantec Mail Security

Where to get more information

Installing Symantec Mail Security for SMTP

This chapter includes the following topics:

■ Before you install

■ System requirements

■ Installing on Windows

■ Installing on Solaris and Linux

■ Setting up

■ Adding more Scanners

■ Setting mail filtering policies

■ Testing Scanners

■ Accessing the Control Center

■ Areas of localization

■ Uninstalling Symantec Mail Security for SMTP

Before you install

Before you install Symantec Mail Security for SMTP, you must perform some pre-installation tasks.

Before you install on any platform

The following are pre-installation tasks for both Windows and Linux/Solaris:

Chapter

■ Disable other antivirus programs

■ Ensure no other programs are using the port that you want to use for the

inbound MTA (usually port 25)

■ Ensure no Tomcat or MySQL installations are present

■ Establish an alternate MTA for alerting (optional)

■ Save whitelist, blacklist, local domain, and Anti-Relay list data (optional, for

users of Symantec Mail Security for SMTP 4.x only)

Disabling other antivirus programs

If you have other antivirus programs installed on your computer, it is recommended that you uninstall them to prevent any installation or operational errors. At a minimum, you must configure any other antivirus program to exclude the following directories from scanning:

■ The MTA data directory (which you can specify during the Symantec Mail

Security for SMTP installation process —to do this, you must specify a ‘custom’ installation)

■ On Windows, the C:\windows\tmp directory

■ On Linux and Solaris, anything under /var/tmp

For information on excluding directories from scanning, see the user documentation that came with the antivirus program.

Ensuring no other programs or services are running on the MTA port

Stop, disable, or reconfigure any services running on the port you plan to use for your MTA (usually port 25) on the installation host if you are installing a Scanner. This is most likely an MTA such as sendmail or postfix. Optionally, you can configurethe MTA to listen on another port when you add it to the Control Center.

Do the following:

■ To check on Linux, use the following command:

netstat -an

| grep ':25'

You can also telnet to port 25 and see if it answers.

■ To check on Solaris, use the following command:

netstat -an

| grep '\.25'

Installing Symantec Mail Security for SMTP

Before you install

You can also telnet to port 25 and see if it answers.

■ To check on Windows:

Launch a Command window and type:

netstat -an

| find “:25 ”

This will list the status of port 25 for this system. If it is listed as LISTENING or ESTABLISHED, it is in use.

Note: If the port is in use by the IIS SMTP Virtual Server, you do not need to remove it, as it is required for, and operates compatibly with Symantec Mail Security for SMTP.

To determine whether the port is in use by IIS SMTP Virtual Server, click Programs>Administrative Tools>Internet Information Services, then expand the server name. Right click Default SMTP Virtual Server, select Properties, then from the General Tab, click Advanced. The currently bound TCP port will be listed there.

Checking for Tomcat or MySQL installations

Ensure that there are no installations of Tomcat or MySQL on the machine before you begin the installation process.

To check on Linux, type: rpm -qa | egrep ‘mysql|tomcat’

If any RPMs match, you must remove them.

To check on Solaris, type: pkginfo | egrep -i ‘mysql|tomcat’

If any packages match, you must remove them.

Note: These two methods will only find installations that were installed using the native packages, and not a manual installation.

To check on Windows, navigate to the Services panel and look for Tomcat and MySQL services.

If you find either product installed, you must uninstall it.

Designating an alternate MTA for alerting (optional)

Once you have installed Symantec Mail Security for SMTP and have begunfiltering email, you can configure it to send email alerts for certain conditions or events.

21Installing Symantec Mail Security for SMTP

Before you install

However, if you stop the filter-hub or the MTA service, these alerts cannot be sent. To ensure that you continue receiving alerts, it is useful to establish and maintain an alternate MTA; you can specify its IP address in the settings for the Control Center. For more information, refer to the Symantec Mail Security for SMTP Administration Guide.

For information on deployment planning and options, refer to the Symantec Mail Security for SMTP Planning Guide.

Saving data from Symantec Mail Security for SMTP 4.x (optional)

If you wish to keep data from your existing installation of Symantec Mail Security for SMTP 4.x for use in this version, you must save the data files from your existing installation before you uninstall it.

You can save the following data:

■ Whitelist and blacklist data

■ Local Routing list data

■ Anti-Relay list data

The custom whitelist data is stored in the file named SMSSMTP_cw.txt file. The autogenerated whitelist data is stored in SMSSMTP_aw.txt. The blacklist, Local Routing list, and Anti-Relay list data is stored in the file named SMSSMTP.cfg. You can search for these files under the directory in which you installed Symantec Mail Security for SMTP 4.x.

Table 2-1 describes the default locations for these files. The location will be

different if you installed into a non-default location.

Table 2-1

Default locations for data files

LocationPlatform

C:\Program Files\Symantec\SMSSMTP\localWindows

/var/opt/SMSSMTP/localSolaris

Before you install on Windows

You must ensure that the IIS SMTP Virtual Server is installed before you begin the installation procedure.

Installing Symantec Mail Security for SMTP

Before you install

Installing IIS SMTP Virtual Server

Symantec Mail Security for SMTP is integrated with IIS SMTP Virtual Server on Windows. You must installthis Windows Component beforeyou run theSymantec Mail Security for SMTP installer.

To install the IIS SMTP Virtual Server

■ On your Windows server, click Control Panel > Add/Remove Programs >

Add/Remove Windows Components > Internet Information Services (IIS) > Details > Select SMTP Service.

The service is installed.

Before you install on Solaris or Linux

Ensure the following tasks are completed before you begin the installation procedure:

Adding hostnames and IP addresses of hosts to /etc/hosts

Before installing, you must ensure that all IP addresses and host names of Scanners and the Control Center are added to the hosts file (including localhost) . If you do not do so, you will see the following error at the end of the Setup Wizard:

Could not resolve the Control Center host name into an IP address. Please

check your network settings.

Creating the necessary users and groups

You must create the users and groups that Symantec Mail Security for SMTP will use. These users require a shell, but do not require login access, so you do not have to define a password for them.

Note: The instructions given in this section are only for adding users to the local

passwd file; the method you use for user and group creation may vary depending

on how your system is configured to manage users.

Users and groups for a Control Center installation

Create the following users and groups for a Control Center installation:

■ users: mysql, postfix

■ groups: mysql, postfix, postdrop

The mysql user must be in the mysql group.

The postfix user must be in the postfix group.

23Installing Symantec Mail Security for SMTP

Before you install

There is no user for the postdrop group.

To create this user and these groups on Solaris

■ Use the following commands:

$ su

Password: <your_root_password>

# groupadd mysql

# groupadd postdrop

# groupadd postfix

# useradd -c "MySQL user" -g mysql mysql

# useradd -c "Postfix user" -g postfix postfix

To create this user and these groups on Linux

■ Use the following commands:

$ su

Password: <your_root_password>

# groupadd -r mysql

# groupadd -r postdrop

# groupadd -r postfix

# useradd -c "MySQL user" -r -g mysql mysql

# useradd -c "Postfix user" -r -g postfix postfix

Users and groups for a Scanner installation

Create the following users and groups for a Scanner installation:

■ users: mailwall

■ groups: bmi, avdefs

The mailwall user must be in the bmi and avdef groups.

To create these users and groups on Solaris:

■ Use the following commands:

$ su

Password: <your_root_password>

# groupadd bmi

# groupadd avdefs

# useradd -c "dummy user for SMS for SMTP"

-d /opt/Symantec/SMSSMTP/scanner

-m -G bmi,avdefs mailwall

Installing Symantec Mail Security for SMTP

Before you install

To create these users and groups on Linux:

■ Use the following commands:

$ su

Password: <your_root_password>

# groupadd -r bmi

# groupadd -r avdefs

# useradd -c "Dummy user for SMS for SMTP" -d /opt/Symantec/

SMSSMTP/scanner -m -r -G bmi,avdefs mailwall

If you are reinstalling this version of Symantec Mail Security for SMTP on this machine, and did not explicitly remove the users and groups that you created for the previous installation, you do not have to recreate them.

Before you upgrade

If you are upgrading from an earlier version of Symantec Mail Security for SMTP, you must ensure that your existing installation does not use admin user names or file/directory paths that include doublebyte characters.

You must do the following:

■ If you have administrative users whose usernames include doublebyte

characters, you must delete and recreate them without the doublebyte characters.

■ If your existing installation is installed in a location that includes doublebyte

characters in thepathname, you willnot be able to upgrade; you must uninstall and then install this version into a location that does not contain doublebyte characters in the path.

System requirements

This section lists system requirements for running Symantec Mail Security for SMTP.

The following are required:

■ If you plan to install and configure this Symantec Mail Security for SMTP as

a Scanner that will process both inbound and outbound traffic, two IPs (NICs) are required, one each for for inbound and outbound mail traffic. The inbound IP should be on your external network and the outbound IP should be on your internal network. Optionally, youcan use one NIC andtwo MTA ports (inbound and outbound). For example, port 25 for inbound and port 26 for outbound.

If you will not be processing both inbound and outbound mail, only one IP is required.

25Installing Symantec Mail Security for SMTP

System requirements

■ A fully qualified domain name is requiredfor each computer running Symantec

Mail Security for SMTP.

■ A UTF-8 compliant application for reading logs and other exported files.

Hardware requirements

Symantec Mail Security for SMTP has the following hardware requirements:

■ Intel Pentium 4 Processor or compatible (Windows and Linux)

■ UltraSPARC (Solaris)

■ 1GB RAM (2GB Recommended)

■ 512 MB disk space minimum (2 GB or more recommended)

Supported browsers

The following browser versions are supported for Control Center access:

■ Internet Explorer 6.0

■ Firefox 1.5

Note: You must enable cookies in your browser for Control Center to function correctly.

Supported LDAP servers

Symantec Mail Security for SMTP supports the following LDAP directory types:

■ Windows 2000 Active Directory

■ Windows 2003 Active Directory

■ Sun Directory Server 5.2 (formerly known as the iPlanet Directory Server) If

you are using version5.2 of the SunOne LDAP server, you must updateto patch

■ Exchange 5.5

■ Lotus Domino LDAP Server 6.5

■ OpenLDAP (for authentication only)

System requirements for Windows

Symantec Mail Security for SMTP is supported on the following versions of Windows:

Installing Symantec Mail Security for SMTP

System requirements

■ Windows 2000 Server SP4

■ Windows Server 2003 SP1

■ Windows 2003 Server R2

System requirements for Solaris

Symantec Mail Security for SMTP is supported on the following versions of Solaris:

If you are running Solaris9, you mustapply patch 115697-02. The patch is available here:

http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-115697-02-1

Solaris 9

Because the tar file namesexceed the 40-character file name limit of native Solaris tar, GNU tar is required to install Symantec Mail Security for SMTP. GNU tar for Solaris is available from http://www.sunfreeware.com and other Web sites.

Solaris 10

System requirements for Linux

Symantec Mail Securityfor SMTP is supported on the following versions of Linux:

■ Red Hat AS 3 and 4

■ Red Hat ES 3 and 4

Installing on Windows

This procedure describes the installation process for Windows. You can install the Control Center, Scanner, or both on the same machine.

Note: If you plan to install both the Control Center and a Scanner on the same machine, you must install themat the same time,running theinstallation program only once.

Note: Symantec Mail Security for SMTP does not support installation paths containing doublebyte charaters. You must install it into a location that is named with US-ASCII characters only.

27Installing Symantec Mail Security for SMTP

Installing on Windows

Warning: If youare reinstalling Symantec Mail Security for SMTP after uninstalling it on this machine, ensure that you have completely removed all of the files and directories as described at the end of Uninstalling from Windows before proceeding.

To install Symantec Mail Security for SMTP on Windows

Double-click the installer icon.

The installer will prepare the installation and the InstallShield Wizard welcome panel is displayed. This may take a few moments.You can run the installer using an options file. For more information about using an options file, refer to About the sample options file.

Click Next.

The Subscription Software License Agreement is displayed.

Read the licensing agreement, select the radio button to indicate that you accept the licensing agreement, and then click Next.

The Installation Type panel is displayed.

You can choose to install Symantec Mail Security for SMTP in the following configurations:

■ Typical, which installs both the Scanner and Control Center on the same

machine in a location you specify, with subcomponents under that location, or

■ Custom, which allows you to install a Scanner or the Control Center

individually, as well as specify locations for the MTA data and log directories (if you are installing a Scanner), and/or the port number for your Tomcat installation (if you are installing the Control Center).

Select a configuration option and click Next.

The Installation Directory panel is displayed.

Click Browse to specify an alternate location, or accept the default value, and then click Next.

The default value is

C:\Program Files\Symantec\SMSSMTP

■ If you selected the default configuration in step 4, the Installation

Parameters Summary panel is displayed. Proceed to step 12.

■ If you selected the custom installation configuration in step Step 74, the

Feature Selection panel is displayed. Proceed to step 1.

Installing Symantec Mail Security for SMTP

Installing on Windows

If you are installing both a Scanner and the Control Center, click Next, otherwise, uncheck the box for the component you are not installing, and then click Next.

If you are installing the Control Center only, proceed to step 11.

If you are installing a Scanner, the MTA Data Directory panel is displayed. This is the directory used for message queue data. The default location for this directory is

C:\Program Files\Symantec\SMSSMTP\mta

Click Browse to specify an alternate location, or accept the default value, and then click Next.

The Log Directory panel is displayed. All log data for this Scanner will be stored in the directory you specify. The default location for this directory is

C:\Program Files\Symantec\SMSSMTP\logs

Click Browse to specify an alternate location, or accept the default value, and then click Next.

■ If you are installingboth aScanner andthe Control Center onthis machine,

proceed to step 12.

■ If you are installing a Scanner individually (with no Control Center on

this machine), the Control Center IP panel is displayed. You must provide a specific IPaddress, CIDR, or subnet mask from which the Control Center is allowed to access this Scanner.

Enter an IP address, CIDR, or subnet mask and click Next.

If you are installing the Control Center, the Tomcat Port panel is displayed. Accept the default value (41443), or enter an alternate value, and then click Next.

The Installation Parameters Summary panel is displayed.

The port number you specify for Tomcat to use must be higher than 1024.

Verify the list of installation parameters and click Install.

The installation completes,and thecomponents you have installed are started automatically.

A log of the installation is placed in

C:\Program Files\Symantec\SMSSMTP\install_log.txt

29Installing Symantec Mail Security for SMTP

Installing on Windows

Installing on Solaris and Linux

The following section describes how to install Symantec Mail Security for SMTP on Solaris and Linux.

Note: If you plan to install both the Control Center and a Scanner on the same machine, you must install themat the same time,running theinstallation program only once.

Note: Symantec Mail Security for SMTP does not support installation paths containing doublebyte charaters. You must install it into a location that is named with US-ASCII characters only.

To install Symantec Mail Security for SMTP on Solaris or Linux

As root, or using sudo, type

./install

The installer begins running. If the correct version of the required JRE is not present, it will unpack its own copy.

You can run the installer using an options file.

For more information about using an options file, refer to About the sample

options file.

Type 1 to proceed.

The license agreement is displayed.

Use the Enter key to page through the license agreement text.

Type 1 to accept the license agreement, then type 0 and then 1 to proceed.

The Installation Type screen is displayed.

You can choose to install Symantec Mail Security for SMTP in the following configurations:

Installing Symantec Mail Security for SMTP

Installing on Solaris and Linux

■ Typical , which installs both the Scanner and Control Center on the same

machine in a location you specify, with subcomponents under that location, or

■ Custom, which allows you to install a Scanner or the Control Center

individually, as well as specify locations for the MTA data and log directories (if you are installing a Scanner), or the port number for your Tomcat installation (if you are installing the Control Center).

Type the number of the option you want to select or deselect it, then type 1 to proceed.

The Installation Directory screen is displayed.

Specify an alternate location, or type 1 to accept the default value, and then then type 0 to proceed.

The default value is

/opt/Symantec/SMSSMTP/

■ If you selected the default installation configuration in step 13 5, the

Installation Parameters Summary screen is displayed. Proceed to step 1.

■ If you selected the custom installation configuration in step5, the Feature

Selection panel is displayed. Proceed to step 7.

If you are installing both a Scanner and the Control Center, type 0 to proceed, otherwise, type the number for the component you are not installing to deselect it, and then type 0 to proceed.

If you are installing the Control Center only, proceed to step 12.

If you are installing a Scanner, the MTA Data Directory screen is displayed. This is the directory used for message queue data. The default location for this directory is

/opt/Symantec/SMSSMTP/mta

Specify an alternate location, or type 1 accept the default value, and then then type 0 to proceed.

The Log Directory screen is displayed. All log data for this Scanner will be stored in the directory you specify. The default location for this directory is

/opt/Symantec/SMSSMTP/logs .

Specify an alternate location, or type 1 to accept the default value, and then then type 0 to proceed

31Installing Symantec Mail Security for SMTP

Installing on Solaris and Linux

■ If you are installingboth aScanner andthe Control Center onthis machine,

proceed to step 13.

■ If you are installing a Scanner individually (with no Control Center on

this machine), the Control Center IP panel is displayed. You must provide a specific IPaddress, CIDR, or subnet mask from which the Control Center is allowed to access this Scanner.

Enter an IP address, CIDR, or subnet mask, and type 0 to proceed.

If you are installing the Control Center, the Tomcat Port screen is displayed. Accept the default port value (41443), or enter an alternate value, and then type 0 to proceed.

The port number you specify for Tomcat to use must be higher than 1024 , as it does not run as root (or setuid root).

The Installation Parameters Summary screen is displayed.

Verify the list of installation parameters and type 3 to complete the installation.

The installation completes,and thecomponents you have installed are started automatically.

A log of the installation is placed in

/opt/Symantec/SMSSMTP/install_log.txt

Setting up

If you installed Control Center, you will now log into the Control Center and run the Setup Wizard. Many of the site-wide settings that you will specify as you use the Setup Wizard areactually site defaults that you can later vary for eachScanner you add.

If you are setting up the Control Center and a Scanner on the same machine, the Setup Wizard will not show a summary as described in step 7 of this procedure, instead you will proceed directly to the Add Scanner Wizard.

Note: If you have installed both the Control Center and a Scanner on one machine, you must add the Scanner on that machine to the Control Center before adding other Scanners.

Installing Symantec Mail Security for SMTP

Setting up

Note: None of the settings you specify using the wizard are final until you click Finish at the end of the wizard. If you step through all the panels of the wizard and do not click Finish, configuration settings will be unchanged.

Logging in

Before you can register and set up your system, you must log in to the Control Center.

To log in as an administrator

Access your Control Center from a browser.

The default login address is:

https://<hostname>:41443/brightmail/

where <hostname> is the hostname of the machine on which you installed the Control Center. You can also use the IP address in place of <hostname>.

You may see a security alert message.

If you see a security alert message, accept the self-signed certificate to continue.

The Control Center log in page is displayed.

You may choose the language in which you want to operate the Quarantine and end user views of the Control Center.

Select the languageyou wish touse from thedrop-down list onthe login page.

To display Quarantine and other end-user pages correctly when using a non-English locale setting, you must install language-specific fonts on the computer used to access these pages. These fonts must support UTF-8.

Enter the default username and password, which are admin/symantec, and then click Login.

Registering your system

The first time you access the Control Center, you will see the License Registration panel.

If you have installed Control Center but have not yet installed a Scanner, you will see the Administrator Settings panel described in Configuring your system.

To complete registration, you need one or more license files (.slf files) provided to you by Symantec (depending on the product features you have purchased, you may receive multiple license files). Place the file(s) on the computer from which

33Installing Symantec Mail Security for SMTP

Setting up

you are accessing the Control Center. Each time you add a Scanner, you must confirm your license(s) or register again. However, you can use the same .slf file(s) for each Scanner.

To register your license(s)

On the License Registration page, click Browse to find your .slf file.

Select your .slf file and click Open to return to the License Registration page.

If your installation will be using a proxy server for communications with Symantec, check the Use HTTP Proxy box and complete the proxy configuration fields.

Click Register.

If registration was successful, the License Registration page is redisplayed. If there was an error, you will see error text at the top of the page.

For registration and ongoing operations, Symantec Mail Security for SMTP communicates with Symantec Security Response over a secure connection. If registration has failed, ensure that your network is configured to permit outbound connections to Symantec on port 443.

If you have another .slf file for a different feature, repeat this procedure.

When all your .slf files are successfully registered, click Next.

Configuring your system

When you have registered your license(s), the Setup Wizard is launched.

Configure your system

Proceed through the Setup Wizard as described in this section to configure your system.

Installing Symantec Mail Security for SMTP

Setting up

To specify administrator, local domain, and locale settings

On the Administrator Settings panel, specify an email address for the administrator and click Next.

You can use the Control Center to specify that the system send alerts and other information to this address after you have completed this procedure.

On the Local Domains panel, add the domains for which you accept incoming mail.

You can also add specific email addresses.

To delete a domain or email address from the list, check it and click Delete.

For each domain or email address you add, optionally specify that messages should be routed to a specific host and port.

You can optionally check Enable MX Lookup.

You can click Import to import a text file containing a list of local domains, one domain per line.

Click Next.

The System Locale panel is displayed.

Specify the locale that Symantec Mail Security for SMTP should use for formatting numbers, dates, and times, and then click Next.

If you are setting up a Control Center-only installation, you will now see the Setup Wizard Summary panel. If you are setting up a Control Center and a Scanner on the same machine, you will see the Mail Filtering panel, the first panel in the Add Scanner Wizard.

Do one of the following:

■ If you are setting up a Control Center-only installation, review the

information on the Setup Wizard Summary panel. Click Back to make changes, or Finish to complete. You must set up a Scanner before you can filter mail.

To set up a Scanner on another machine you must install a Scanner on that machine, and then follow the procedure described in Setting up a

Scanner.

■ If you are setting up a Control Center and a Scanner on this machine,

continue with To specify mail filtering settings in the next section.

To specify mail filtering settings

On the Mail Filtering panel, specify how you will use this Scanner.

35Installing Symantec Mail Security for SMTP

Setting up

You can choose to filter inbound mail, outbound mail, or both. If you choose to filter inbound mail, you willsee theInbound MailFiltering panel.

■

Proceed with step 2.

■ If you choose to filter outbound mail only, you will see the Outbound Mail

Filtering panel. Proceed with To specify outbound mail filtering settings .

On the Inbound Mail Filtering panel, choose the IP address to use for inbound mail.

You can use the Test button to ensure that the mail server responds.

The Test button scans the local network TCP table to see if an address/port is in use; any address that is not listed in this table is assumed to be unavailable.

If desired, change the port specification for inbound mail, and then clickNext.

Be sure not to use a port already in use on your system.

On the Inbound Mail Filtering - Connections panel, specify the mail servers from which this Scanner will accept inbound mail.

You can choose All IP addresses or specify IP addresses or hostnames. A typical choice would be All IP addresses, thus allowing the Scanner to accept mail from any MTA on the Internet.

If you specify one or more IP addresses, you must include the IP address of the Control Center so that Spam Quarantine and Suspect Virus Quarantine can release messages.

After you add the first entry, the IP address of the Control Center is added automatically and selected. If you are using a different IP address for the Control Center, or have the Control Center and Scanner installed on different machines, you must add the new IP address and disable the one that was added automatically.

Warning: If you are deploying this Scanner behind a gateway, and are specifying one or more IP addresses instead of All IP addresses, you must add theIP addresses of ALL upstream mail servers inuse byyour organization. Upstream mail servers that are not specified here may be classified as spam sources.

Installing Symantec Mail Security for SMTP

Setting up

On the Inbound Mail Filtering - Local Relay panel, specify the internal host to which this Scanner will relay inbound mail after filtering is complete.

You can define a new host or select a host from the list. A typical value is a downstream mail server such as your corporate mail server.

You can also specify a port. If you check Enable MX lookup for this host, you must specify a host name (not an IP address) for that server.

If you chose to filter only inbound mail, click Next and proceed to step 8 in “To specify outbound mail filtering settings ” in the next section.

If you chose to filter inbound and outbound mail, click Next and proceed to step 1 in “To specify outbound mail filtering settings ” in the next section.

To specify outbound mail filtering settings

On the Outbound Mail Filtering panel, choose the IP address to use for outbound mail.

If desired, change the port specification for outbound mail, and then click Next.

In most cases this should be left as port 25.

If you are using one NIC but wish to support both inbound and outbound filtering, you must set this to an alternate port so that it does not conflict with the port used for inbound filtering.

You can use the Test button to ensure that the mail server responds.

The Test button scans the local network TCP table to see if an address/port is in use; any address that is not listed in this table is assumed to be unavailable.

On the Outbound Mail Filtering - Connections panel, specify by IP address the internal mail servers from which this Scanner will accept outbound mail.

A typical value is the IP address of your corporate outbound mail server.If you chose to filter only outbound mail, you will see the Outbound Mail Filtering - Local Relay panel next. Click Next and proceed to step 4. If not, click Next and skip to step 6.

On the Outbound Mail Filtering - Local Relay panel, specify the internal host to which this Scanner will relay outbound mail after filtering is complete.

You can select a host from the list or define a new host. A typical value is a downstream mail server such as your corporate mail server.

You can also specify a port. If you check Enable MX lookup for this host, you must specify a host name (not an IP address) for that server.

Click Next.

37Installing Symantec Mail Security for SMTP

Setting up

On the Outbound Mail Filtering - Nonlocal Relay panel, specify how you want to relay outbound mail after filtering is complete.

You can use default MX lookup, select a host from the list, or define a new host.

You can also specify a port. If you check Enable MX lookup for this host, you must specify a host name (not an IP address) for that server.

Foroutbound mail addressed to anon-local domain, there is typicallyno relay host to specify. If you choose Use default MX lookup, the Scanner will use Internet MX records to deliver the mail.

Click Next.

On the Setup Wizard Summary panel, review the settings shown.

If you are satisfied with the settings, click Finish to save them.

If not, click Back to revise your settings, or Cancel to end without saving any changes.

When the configuration is complete, the Scanner will contact Symantec to download the latest antispam filters andantivirus definitions, and the default antivirus definition download schedule will be in place (if you have installed an antivirus license). You can alter this schedule from the Control Center. Refer to the Symantec Mail Security for SMTP Administration Guide for more information.

Setting up a Scanner

The instructions in this sectiononly apply if you are adding aScanner ona machine different from the one hosting your Control Center.

Add a Scanner

Use the Add Scanner Wizard to set up a Scanner.

Installing Symantec Mail Security for SMTP

Setting up

To configure host IP settings

If you are adding your first Scanner, youwill now see the Add Scanner Wizard. Skip to step3. If you'readding a subsequent Scanner,from the ControlCenter, click Settings > Hosts.

On the Hosts page, click Add and then click Next.

On the Scanner Host Settings panel, identify your new Scanner by typing a description and a name or IP address.

Click Next to continue with To register the Scanner in the next section.

To register the Scanner

On the License Registration page, click Browse to find your .slf file.

Select your .slf file and click Open to return to the License Registration page.

If your Scanner will be using a proxy server for communications with Symantec, check the Use HTTP Proxy box and complete the proxy configuration fields.

Click Register.

If registration was successful, the License Registration page is redisplayed. If there was an error, you will see error text at the top of the page.

If you have another .slf file for a different feature, repeat this procedure.

When all your .slf files are successfully registered, click Next.

Continue with “To specify mail filtering settings ” in the next section.

To specify mail filtering settings

On the Mail Filtering panel, specify how you will use this Scanner.

You can choose to filter inbound mail, outbound mail, or both inbound and outbound mail.

■ If you choose to filter inbound mail, you will see the Inbound Mail Filtering

panel. Click Next and proceed with step 2.

■ If you choose to filter outbound mail only, you will see the Outbound Mail

Filtering panel.

39Installing Symantec Mail Security for SMTP

Setting up

Click Next and proceed with To specify outbound mail filtering settings .

On the Inbound Mail Filtering panel, choose the IP address to use for inbound mail.

You can use the Test button to ensure that the mail server responds.

The Test button scans the local network TCP table to see if an address/port is in use; any address that is not listed in this table is assumed to be unavailable.

If desired, change the port specification for inbound mail, and then clickNext.

On the Inbound Mail Filtering - Connections panel, specify the mail servers from which this Scanner will accept inbound mail.

You can choose All IP addresses or specify IP addresses or hostnames. A typical choice would be All IP addresses, thus allowing the Scanner to accept mail from any MTA on the Internet.

If you specify one or more IP addresses, you must include the IP address of the Control Center so that Spam Quarantine and Suspect Virus Quarantine can release messages.

Click Next.

Installing Symantec Mail Security for SMTP

Setting up

On the Inbound Mail Filtering - Local Relay panel, specify the internal host to which this Scanner will relay inbound mail after filtering is complete.

You can select a host from the list or define a new host. A typical value is a downstream mail server such as your corporate mail server.

You can also specify a port. If you check Enable MX lookup for this host, you must specify a host name (not an IP address) for that server.

If you chose to filter only inbound mail, click Next and proceed to step 9 in

To specify outbound mail filtering settings ”.

If you chose to filter inbound and outbound mail, click Next and proceed to step 1 in “To specify outbound mail filtering settings ”.

To specify outbound mail filtering settings

On the Outbound Mail Filtering panel, choose the IP address to use for outbound mail.

If desired, change the port specification for outbound mail.

In most cases this should be left as port 25. If you are using a single NIC and IP for both inbound andoutbound mail,ensure that this port isdifferent from the one you specified for inbound mail.

You can use the Test button to ensure that the mail server responds.

The Test button scans the local network TCP table to see if an address/port is in use; any address that is not listed in this table is assumed to be unavailable.

Click Next.

On the Outbound Mail Filtering - Connections panel specify by IP address or CIDR range the internal mail servers from which this Scanner will accept outbound mail.

A typical value is your corporate outbound mail server.

If you chose to filter only outbound mail, you will see the Outbound Mail Filtering - Local Relay panel next. Click Next and proceed to step 5. If not, click Next and skip to step 7.

On the Outbound Mail Filtering - Local Relay panel, specify the internal host to which this Scanner will relay outbound mail after filtering is complete.

You can define a new host or select a host from the list. A typical value is a downstream mail server such as your corporate mail server.

You can also specify a port. If you check Enable MX lookup for this host, you must specify a host name (not an IP address) for that server.

Click Next.

41Installing Symantec Mail Security for SMTP

Setting up

On the Outbound Mail Filtering - Nonlocal Relay panel, specify how you want to relay outbound mail after filtering is complete.

You can use default MX lookup, select a host from the list, or define a new host.

You can also specify a port. If you check Enable MX lookup for this host, you must specify a host name (not an IP address) for that server.

Foroutbound mail addressed to anon-local domain, there is typicallyno relay host to specify. If you choose Use default MX lookup, the Scanner will use Internet MX records to deliver the mail.

Click Next.

On the Setup Wizard Summary panel, review the settings shown.

If you are satisfied with the settings, click Finish to save them.

If not, click Back to revise your settings, or Cancel to end without saving any changes.

Completing setup

Your installation is now nearly ready to use, with a set of default policies designed for most enterprise installations. Review the following sections to determine what additional setup tasks you need to perform.

Adding more Scanners

To add more Scanners, repeat the tasks in Setting up a Scanner.

Setting mail filtering policies

When you set up Symantec Mail Security for SMTP, a set of ready-made default message filtering policies are in place. You can use these policies or customize them.

The initial default policies are as follows:

Installing Symantec Mail Security for SMTP

Adding more Scanners

■ The default group policy includes all users, and specifies use of default filtering

policies for spam, suspected spam, virus, content compliance, and end user settings.

■ The default spam policy is to modify the subject line by prepending [Spam]

and deliver the message to the inbox, and only applies to inbound mail traffic.

■ The default suspected spam policy is to modify the subject line by prepending

[Suspected Spam] and deliver the message to the inbox.

■ The suspected spam threshold is set to 72 (see Symantec Mail Security for

SMTP Administration Guide for more information).

■ The default virus policy is to clean the message.

■ The default worm policy is to delete the message.

■ No default content compliance policies are in place.

■ No end user configuration capabilities are in place.

For more information on these policies and instructions on adjusting them to meet your needs, see the Symantec Mail Security for SMTP Administration Guide.

Note: With this release, the default action for an Unscannable verdict, including those due to malformed MIME content, has been changed from markup to delete. This was done to provide the strongest possible level of protection against external threats. If desired, you can change this action on a per group basis. You may want to change the default setting forunscannable messages if you are concerned about losing important messages.

Testing Scanners

For instructions on testing Scanners, see the Symantec Mail Security for SMTP Administration Guide.

Accessing the Control Center

Follow these instructions to begin using the Control Center.

43Installing Symantec Mail Security for SMTP

Testing Scanners

To log in as an administrator

Access your Control Center from a browser.

The default login address is:

https://<hostname>:41443/

where <hostname> is the hostname of the machine on which you installed the Control Center. You can also use the IPaddress in placeof <hostname>.You may see a security alert message.

If you see a security alert message, accept the self-signed certificate to continue.

The Control Center log in page is displayed.

You may choose the language in which you want to operate the Quarantine and end user views of the Control Center.

Select the languageyou wish touse from thedrop-down list onthe login page.

In the User name box, type the user name given to you by your system administrator.

If you are the first administrator to log in, type: admin

In the Password box, type your administrative password.

The initial default password is symantec. Contact your system administrator if you do not know the password.

Click Login.

Warning: Do not create an account for an administrator that is identical to a user account name. Do not create an end user account that is identical to an administrator account name. If a naming conflict occurs, the administrator will take precedence and the end user will be denied access to their account. In the unlikely event that both the username and the password for an administrator and an end user are identical, the end user will be granted access to the administrator account.

To log in as an end user with an iPlanet or Sun ONE Directory Server

Warning: To do this, LDAP authentication must be enabled. Refer to the Symantec

Mail Security for SMTP Administration Guide for more information on LDAP support.

Installing Symantec Mail Security for SMTP

Accessing the Control Center

Access your Control Center from a browser.

The default login address is:

https://<hostname>:41443/

where <hostname> is the hostname of the machine on which you installed the Control Center. You can also use the IPaddress in placeof <hostname>.You may see a security alert message.

If you see a security alert message, accept the self-signed certificate to continue.

The Control Center log in page is displayed.

If necessary, choose the language in which you want to operate the Control Center.

Below the text entry fields you will see a list of names of languages. The name of the language currently in use is displayed in normal text. The names of other languages are displayed underlined and highlighted. Click the name of another language to use that language instead.

In the User name box, type your full email address (for example, kris@example.com).

In the Password box, type the password you normally use to log in to your system.

Click Login.

To log in as an end user with an Active Directory account

Access your Control Center from a browser.

The default login address is:

https://<hostname>:41443/

where <hostname> is the hostname of the machine on which you installed the Control Center. You can also use the IPaddress in placeof <hostname>.You may see a security alert message.

If you see a security alert message, accept the self-signed certificate to continue.

The Control Center log in page is displayed.

45Installing Symantec Mail Security for SMTP

Accessing the Control Center

If necessary, choose the language in which you want to operate the Control Center.

In the User name box, type your user name (for example, kris).

In the Password box, type the password you normally use to log in to your system.

Select the LDAP server you use to verify your credentials.

Click Login.

To log in as an end user with an Exchange 5.5 account

Access your Control Center from a browser.

The default login address is:

https://<hostname>:41443/brightmail/

where <hostname> is the hostname of the Control Center. Or, you can use the IP address in place of <hostname>.

You may see a security alert message.

If you see a security alert message, accept the self-signed certificate to continue.

The Control Center log in page is displayed.

If necessary, choose the language in which you want to operate the Control Center.

In the User name box, type your full primary email address (for example, kris@example.com).

In the Password box, type the password you normally use to log in to your Windows system.

Click Login.

Installing Symantec Mail Security for SMTP

Accessing the Control Center

To determine your primary email address for Exchange 5.5, check the following in Outlook 2000 or Outlook 2003

Click Tools, click Address Book.

Type your name in the Type Name or Select from List box.

Double-click your name in the list displayed, and then click E-mail Addresses.

The mail address on the line starting with SMTP: in capitals is your primary email address.

Logging out

Follow these steps to log out.

To log out

Click the Log Out link in the upper right corner of the current page.

For security purposes, close your browser window to clear your browser's memory.

Having trouble logging in or out?

If you are having trouble logging in or logging out, consider the following:

■ When logging in, make sure you type your user name and password in the

correct case. Note the difference between kris, Kris, and KRIS.

■ You are automatically logged out if you don't use the Control Center for 30

minutes. If it happens, log in again.

Areas of localization

The following portions of the Control Center are available in multiple languages:

Table 2-2

Localized portions of the Control Center

End-UsersAdministratorsTopic

●●Spam Quarantine

●Virus Quarantine

●Blocked Senders

●Allowed Senders

●Language settings

47Installing Symantec Mail Security for SMTP

Areas of localization

Note: Symantec Mail Security for SMTP does not support installation paths containing doublebyte charaters. You must install it into a location that is named with US-ASCII characters only.

End users will view the Control Center in the language they selected at login.

The Control Center as a whole is internationalized. You can enter non-US ASCII characters into most fields. However, end users and administrators should be warned not to enter non-US ASCII characters into any of the following fields:

■ Under Policies > Compliance, the conditions for From: address, To: address,

CC:address, BCC: address, Envelopesender, Enveloperecipient, and Envelope HELO. Also under Policies > Compliance, any text entered under Actions.

■ Under Policies > Attacks, the text entry fields for the Forward the message

and Add BCC recipients actions.

■ Under Policies > Sender Groups, email addresses or domain names or names

of third party allowed sender services.

■ In Attachment Lists, Add attachment type entries for MIME-type and File

name.

■ In Notifications, under Notification Content, entries in the Send from field.

■ In Archive, the Archive email address or Archive server host.

■ In Alert Settings, the Send from email address. Also, in Administration,

administrator email addresses.

■ In Quarantine Settings, the Notification Templates Send from, and, under

Misidentified Messages, the Administrator.

■ Under Reports, email addresses (Report addresses).

■ In Spam and Virus Quarantine,the following search criteria: From, To, Message

ID.

■ Any field that asks for a domain name. Internationalized domain names are

not supported.

■ Forend users, email addresses or domain names of blocked or allowed senders.

■ Names of administrative users must be US-ASCII only.

Importing configuration files

You cannot import a file with extended ASCII or non-ASCII characters; you can only import files encoded in US-ASCII format.

Installing Symantec Mail Security for SMTP

Areas of localization

Configuring system locale

The Control Center can be configured for single and double-byte character sets. This is done through the Locale setting.

To configure the Control Center to handle single and double-byte character sets

In the Control Center, click Settings > Control Center.

Using the dropdown list in the System Locale section of the page, select a language from the list.

Uninstalling Symantec Mail Security for SMTP

Symantec Mail Securityfor SMTP includes an uninstallationtool. Use the following instructions to uninstall the application.

Uninstalling from Windows

An uninstaller is included in the Symantec Mail Security for SMTP product when you install it on your Windows machine.

To uninstall Symantec Mail Security for SMTP from a Windows machine

■ Click Start > Programs > Symantec > SMSSMTP > Uninstall SMS for SMTP

The uninstaller is launched. All Symantec Mail Security for SMTP processes are stopped bythe uninstaller.

A number of files and directories will remain after the uninstaller is finished. You can remove them by deleting the \SMSSMTP directory, for which you specified the location at install time, as well as

c:\Program Files\Symantec

c:\Program Files\Common Files\Symantec Shared\

Warning: If you are uninstalling and plan to reinstall, you must remove these files and directories, as the data that they contain will interfere with a subsequent installation of Symantec Mail Security for SMTP.

Warning: If you have installed other Symantec products onthis machine, there may be licenses and other files within the c:\Program Files\Symantec directory that are required for the operation of these products. Ensure that you are only removing files that are not used by other Symantec products.

49Installing Symantec Mail Security for SMTP

Uninstalling Symantec Mail Security for SMTP

Uninstalling from Linux and Solaris

To uninstall Symantec Mail Security for SMTP from a Linux or Solaris machine, you must know the location of its installation directory, sometimes called the LOADPOINT. To find this location, type

cat /etc/Symantec/SMSSMTP/resources

and look for the value of LOADPOINT.

To uninstall Symantec Mail Security for SMTP from a Linux or Solaris machine

■ As the root user, type

<LOADPOINT>/uninstall

The uninstaller is launched. All Symantec Mail Security for SMTP processes are stopped bythe uninstaller.

You can verify this using ps -ef. All packages are uninstalled. You can verify this using the pkginfo command

on Solaris or the rpm command on Linux. The users and groups you created before installing are not removed. If you are

planning to reinstall Symantec Mail Security for SMTP, you do not have to recreate them.

The following directories/files will remain:

common/ install_log.txt jre/ ldapsync/ mta/ mysql/ scanner/

tomcat/

On Solaris, the _jvm directory is also left behind.

Warning: If you are uninstalling and plan to reinstall, you must remove these directories, as the data that they contain will interfere with a subsequent installation of Symantec Mail Security for SMTP. You can remove these directories with the following command:

rm -rf /opt/Symantec/SMSSMTP

(If you specified a non-default installation location, specify it instead of

/opt/Symantec/SMSSMTP .)

At install time, an InstallShield directory was created in root's home directory. This directory is not completely removed by the uninstaller. To ensure that is removed, do the following: cd to root's home directory and check to see if an

InstallShield directory exists. If it does exist, check to see if it contains

directories for products other than Symantec Mail Security for SMTP. If there

Installing Symantec Mail Security for SMTP

Uninstalling Symantec Mail Security for SMTP

are directories for other products, remove only the one for Symantec Mail Security for SMTP, otherwise, you can remove the entire InstallShield directory.

51Installing Symantec Mail Security for SMTP

Uninstalling Symantec Mail Security for SMTP

Installing Symantec Mail Security for SMTP

Uninstalling Symantec Mail Security for SMTP

Sample options file

This appendix includes the following topics:

■ About the sample options file

About the sample options file

The following is a sample options file for use with the -options command line installation flag. You must edit the contents of this file to replace the default values provided with the values you want to use for your installation. The default values are for Linux/Solaris installations, but you can replace them with the Windows-appropriate values. Other sample options files (with additional features, such as invoking the ‘custom’ installation scenario), are available on the product CD in the /tools/options_files directory.

Note: If you use an options file for silent upgrade on Windows, you must restart your host manually when the installation procedure is completed.

To call an options file so that its contents are substituted for the answers in the installation procedure, do one of the following:

■ For Linux/Solaris: navigate to the installation directory for your platform and

type:

sudo ./install -silent -options <filename>

■ ForWindows: launch a command window, navigate to the Windowsinstallation

directory on the product CD and type:

install.bat -silent -options <filename>

Appendix

###################################################################

# InstallShield Options File

# Wizard name: Install

# Wizard source: assembly.dat

# Created on: Thu Sep 29 11:12:53 PDT 2005

# Created by: InstallShield Options File Generator

# This file contains values that were specified during a recent

# execution of Install. It can be used to configure Install with the

# options specified below when the wizard is run with the “-options”

# command line option. Read each setting's documentation for

# information on how to change its value.

# A common use of an options file is to run the wizard in silent

# mode. This lets the options file author specify wizard settings

# without having to run the wizard in graphical or console mode. To

# use this options file for silent mode execution, use the following

# command line arguments when running the wizard:

# -silent -options “default.txt”

###################################################################

# Custom Dialog: License

# The initial state of the License panel. The accept and reject

# option states are stored as Variables and must be set with -V

-V LICENSE_ACCEPT_BUTTON=“true“

###################################################################

# Custom Dialog: License

# The initial state of the License panel. The accept and reject

# option states are stored as Variables and must be set with -V

Sample options file

About the sample options file

-V LICENSE_REJECT_BUTTON=“false”

###################################################################

# Symantec Mail Security for SMTP 5.0 Install Location

# The install location of the product. Specify a valid directory

# into which the product should be installed. If the directory

# contains spaces, enclose it in double-quotes. For example, to

# install the product to C:\Program Files\My Product, use

# -P installLocation=“C:\Program Files\My Product”

-P installLocation=“/opt/Symantec/SMSSMTP”

###################################################################

# Custom Dialog: InstallType

# The Installation Type to be used when installing the product.

# Stored as a Variable and must be set with -V.

-V IS_SELECTED_INSTALLATION_TYPE=custom

###################################################################

# “Control Center” Feature

# The selection state of the “Control Center” feature. Legal values

# are:

# true - Indicates that the feature is selected for installation

# false - Indicates that the feature is not selected for

# installation

# For example, to select “Control Center” for installation, use

# -P feature1.active=true

55Sample options file

About the sample options file

-P feature1.active=true

###################################################################

# “Scanner” Feature

# The selection state of the “Scanner” feature. Legal values are:

# true - Indicates that the feature is selected for installation

# false - Indicates that the feature is not selected for

# installation

# For example, to select “Scanner” for installation, use

# -P bean32.active=true

-P bean32.active=true

###################################################################

Sample options file

About the sample options file

Integrating Symantec Mail Security with Symantec Security Information Manager

This appendix includes the following topics:

■ About Symantec Security Information Manager

■ Interpreting events in the Information Manager

■ Installing and configuring event logging to the Information Manager

■ Uninstalling Information Manager components

About Symantec Security Information Manager

In addition to using the Symantec Mail Security for SMTP logging features, you can also log events to the Symantec Security Information Manager appliance for event management and correlation. Symantec Security Information Manager (SSIM) integrates multiple Symantec Enterprise Security products and third-party products to provide a central point of control of security within an organization. It provides a common management framework for Information Manager-enabled security products, such as Symantec Mail Security for SMTP, that protect your IT infrastructure from malicious code, intrusions, and blended threats. The InformationManager increases your organization's security posture by simplifying the task of monitoring and managing the multitude of security-related events and products that exist in today's corporate environments.

Appendix

The event categories and classes include threats, security risks, content filtering, network security, spam, and systems management. The range of events varies depending on the Symantec applications that are installed and managed by the Information Manager. The Information Manager provides you with an open, standards-based foundation for managing security events from Symantec clients, gateways, servers, and Web servers.

SSIM Agents collect events from Symantec security products and send the events to the Symantec Security Information Manger which uses a sophisticated set of rules to filter, aggregate, and correlate the events into security incidents and allows for fulltrackingand response. The Symantec Security Information Manager allows you to manage and respond to incidents fromthreat and vulnerability from discovery through resolution.

The Symantec Incident Manager evaluates the impact of incidents on the associated systems and assigns incident severities. A built-in Knowledge Base provides information about the vulnerabilities that areassociated with theincident. The Knowledge Base also suggests tasks that you can assign to a help desk ticket for resolution.

Symantec Security Information Manager is purchased and installed separately. The appliance must be installed and working properly before you can configure Symantec Mail Security to log events to the SSIM.

For more information, see the Symantec Security Information Manager documentation.

Interpreting events in the Information Manager

SSIM provides extensive event management capabilities, such ascommon logging of normalized event data for Information Manager-enabled security products like Symantec Mail Security for SMTP. The event categoriesand classes include threats (such as viruses), security risks (such as adware and spyware), content filtering rule violations, network security, spam, and systems management.

For more information about interpreting events in the Information Manager and on the event management capabilities of the Information Manager, see the Symantec Security Information Manager documentation.

Symantec Mail Security for SMTP can send the following types of events to the Information Manager:

■ Firewall events

■ Definition Update events

■ Message events

Integrating Symantec Mail Security with Symantec Security Information Manager

Interpreting events in the Information Manager

■ Administration events

Note: Although some Information Manager Event IDs are the same for multiple events, the event descriptions and occasionally the severity is different.

Firewall events that are sent to the Information Manager

Table B-1 lists the firewall events that Symantec Mail Security for SMTP can send

to the Information Manager.

Table B-1

Firewall events that are sent to the Information Manager

Rule description

(Reason sent)

Event classSeverityEvent ID

(SES_EVENT_<Unique ID>)

Connection Permitted

symc_firewall_networkInformationalSES_EVENT_CONNECTION_ACCEPTED

(512000)

Connection Rejected

symc_firewall_networkInformationalSES_DETAIL_CONNECTION_REJECTED

(517242)

Connection Deferred

symc_firewall_networkInformationalSES_DETAIL_CONNECTION_REJECTED

(517247)

Definition Update events that are sent to the Information Manager

Table B-2 lists thedefinition update events that SymantecMail Security for SMTP

can send to the Information Manager.

Table B-2

Definition Update events that are sent to the Information Manager

Rule Description

(Reason sent)

Event classSeverityEvent ID

(SES_EVENT_<Unique ID>)

Antivirus definition update

symc_def_updateInformationalSES_EVENT_VIRUS_DEFINITION_UPDATE

(92004)

Body hash definition update

symc_def_updateInformationalSES_EVENT_LIST_UPDATE (92009)

59Integrating Symantec Mail Security with Symantec Security Information Manager

Interpreting events in the Information Manager

Table B-2

Definition Update events that are sent to the Information Manager

(continued)

Rule Description

(Reason sent)

Event classSeverityEvent ID

(SES_EVENT_<Unique ID>)

BLRM definition update

symc_def_updateInformationalSES_EVENT_LIST_UPDATE (92009)

Spamsig definition update

symc_def_updateInformationalSES_EVENT_LIST_UPDATE (92009)

Spamhunter definition update

symc_def_updateInformationalSES_EVENT_LIST_UPDATE (92009)

Intsig definition update

symc_def_updateInformationalSES_EVENT_LIST_UPDATE (92009)

Permit definition update

symc_def_updateInformationalSES_EVENT_LIST_UPDATE (92009)

Message events that are sent to the Information Manager

Table B-3 lists the message events that Symantec Mail Security for SMTPcan send

to the Information Manager.

Table B-3

Message events that are sent to the Information Manager

Rule Description

(Reason sent)

Event classSeverityEvent ID

(SES_EVENT_<Unique ID>)

Virus messagesymc_data_virus_incidentInformationalSES_EVENT_VIRUS (122000)

Unscannable violation

symc_data_incidentInformationalSES_EVENT_UNSCANNABLE_

VIOLATION (112056)

Malware message

symc_data_virus_incidentInformationalSES_EVENT_MALWARE_CONTENT

(122001)

Integrating Symantec Mail Security with Symantec Security Information Manager

Interpreting events in the Information Manager

Table B-3

Message events that are sent to the Information Manager (continued)

Rule Description

(Reason sent)

Event classSeverityEvent ID

(SES_EVENT_<Unique ID>)

Spam messagesymc_data_incidentInformationalSES_EVENT_SPAM_CONTENT

(132001)

Suspect Spam message

symc_data_incidentInformationalSES_EVENT_GENERIC_CONTENT

(132000)

Content violation message

symc_data_incidentInformationalSES_EVENT_SENSITIVE_CONTENT

_ VIOLATION (182000)

Encrypted message

symc_data_incidentInformationalSES_EVENT_GENERIC_CONTENT

(132000)

Administration events that are sent to the Information Manager

Table B-4 lists the administration events that Symantec Mail Security for SMTP

can send to the Information Manager.

Table B-4

Administration events that are sent to the Information Manager

Rule Description

(Reason sent)

Event classSeverityEvent ID

(SES_EVENT_<Unique ID>)

Registration success

symc_config_updateInformationalSES_EVENT_CONFIGURATION_CHANGE

(92008)

Registration failure

symc_config_updateWarningSES_EVENT_CONFIGURATION_FAILED

(92058)

BCC/service stopping

symc_baseInformationalSES_EVENT_APPLICATION_STOP

(92002)

BCC/service starting

symc_baseInformationalSES_EVENT_APPLICATION_START

(92001)

User login successful

symc_host_intrusionInformationalSES_EVENT_HOST_INTRUSION

(1032000)

User logout successful

symc_host_intrusionInformationalSES_EVENT_HOST_INTRUSION

(1032000)

61Integrating Symantec Mail Security with Symantec Security Information Manager

Interpreting events in the Information Manager

Table B-4

Administration events that are sent to the Information Manager

(continued)

Rule Description

(Reason sent)

Event classSeverityEvent ID

(SES_EVENT_<Unique ID>)

User login failed

symc_host_intrusionWarningSES_EVENT_HOST_INTRUSION

(1032000)

Enable/add host

symc_config_updateInformationalSES_EVENT_CONFIGURATION_CHANGE

(92008)

Disable/

removehost

symc_config_updateInformationalSES_EVENT_CONFIGURATION_CHANGE

(92008)

Prohibited action

symc_host_intrusionMinorSES_EVENT_HOST_INTRUSION

(1032000)

Delete allsymc_config_updateInformationalSES_EVENT_CONFIGURATION_CHANGE

(92008)

Change group policy

symc_config_updateInformationalSES_EVENT_CONFIGURATION_CHANGE

(92008)

Antispam filters old

symc_defupdateMinorSES_EVENT_LIST_UPDATE_FAILED

(92059)

Antivirus filters old

symc_defupdateMajorSES_EVENT_VIRUS_DEFINITION_

UPDATE_FAILED (92054)

Antispam license expired

symc_defupdateCriticalSES_EVENT_LIST_UPDATE_FAILED

(92059)

Antivirus license expired

symc_defupdateCriticalSES_EVENT_VIRUS_DEFINITION_

UPDATE_FAILED (92054)

Certificate imported

symc_config_updateInformationalSES_EVENT_CONFIGURATION_CHANGE

(92008)

Dictionary items imported

symc_config_updateInformationalSES_EVENT_CONFIGURATION_CHANGE

(92008)

Integrating Symantec Mail Security with Symantec Security Information Manager

Interpreting events in the Information Manager

Table B-4

Administration events that are sent to the Information Manager

(continued)

Rule Description

(Reason sent)

Event classSeverityEvent ID

(SES_EVENT_<Unique ID>)

Sender group members imported

symc_config_updateInformationalSES_EVENT_CONFIGURATION_CHANGE

(92008)

Group policy members imported

symc_config_updateInformationalSES_EVENT_CONFIGURATION_CHANGE

(92008)

Component is not active

symc_config_updateInformationalSES_EVENT_CONFIGURATION_CHANGE

(92008)

Administrator account change

symc_config_updateInformationalSES_EVENT_CONFIGURATION_CHANGE

(92008)

Virus outbreak

symc_config_updateMajorSES_EVENT_VIRUS (122000)

Installing and configuring event logging to the Information Manager

The logging of events to the Information Manager is in addition to, and independent of, the logging of events within the Symantec MailSecurity for SMTP logging feature.

To configure logging to the Information Manager,you must completethe following steps:

63Integrating Symantec Mail Security with Symantec Security Information Manager

Installing and configuring event logging to the Information Manager

For the Information Manager to receive events from Symantec Mail Security for SMTP, you must run the SIP IntegrationWizard that is specific to SymantecMail Security for SMTP. The SIP Integration Wizard installs the appropriate integration components for identifying the individual security product (in this case, Symantec Mail Security for SMTP) to the Information Manager.

See “Configuring the Information Manager” on page 64.

Configure the Information Manager to recognize Symantec Mail Security for SMTP

The local SSIM Agent and Collector handles the communication between Symantec Mail Security and the Information Manager.

See “Installing the local SSIM Agent ” on page 64. and See

“Installing the Collector” on page 66..

Install a local SSIM Agent and Collector on the computer that is running Symantec Mail Security for SMTP

These are the events that the Information Manager will receive and display. You must provide this information so that the Information Manager knows where to look for the event data.

Configuredata sources inthe Information Manager Web interface

Configuring the Information Manager

The Symantec Security InformationManager Web configurationinterfaceprovides a link that you can use to download and install the SIP Integration Wizard. The wizard installs SSIM Integration Packages (SIPs) for Symantec Mail Security for SMTP. The SIP contains the configuration settings and event schemas that the Information Manager requires to recognize and log events from Symantec Mail Security for SMTP.

You must run the SIP Integration Wizard for each Symantec Security Information Manager to which you are forwarding events from Symantec Mail Security for SMTP.

Installing the local SSIM Agent

The local SSIM Agent handlesthe communication between Symantec Mail Security and theInformationManager and is installed on the same computer that is running Symantec Mail Security. The local SSIM Agent is provided as part of the software distribution package for Symantec Mail Security for SMTP.

When you have more than one SSIM-enabled product installed on a single computer, these products can share a local SSIM Agent. However, each product must register with the SSIM Agent. Thus, even if a SSIM Agent has already been installed on the computer for another SSIM-enabled security product, you must run the installer to register Symantec Mail Security for SMTP.

Integrating Symantec Mail Security with Symantec Security Information Manager

Installing and configuring event logging to the Information Manager

You must install the local SSIM Agent on all computers on which Symantec Mail Security for SMTP is installed.

To install the local SSIM Agent on Windows

Ensure you are logged into the Symantec Mail Security for SMTP machine on the console or via SSH as an administrative user.

Insert the Symantec Mail Security for SMTP product CD in the CD drive.

Launch a Command window, navigate to the \Agents\ directoryon the product CD, and use the following command:

setup.exe [ -debug ] [-log] [-a{ProdID}] [-f{filename}] [-s{server}] [-p{port}] [-i{install path}]

where

-s{server} specifies the hostname or IP of the management server, and

-i{install path} specifies the destination path where the SSIM Agent will

be installed. If you omit this parameter, the SSIM Agent will be installed in the default folder, which is C:\Program Files\Symantec\SESA\Agent

(example: setup.exe -s192.168.0.10)

The installer runs and completes.

To install the local SSIM Agent on Linux/Solaris

Ensure you are logged into the Symantec Mail Security for SMTP machine on the console or via SSH as root.

Navigate to the /Agents/ directory on the product CD and copy the

Unix.tar.gz file to a temporary directory on the hard drive.

After you have copied the file, decompress the SSIM Agent directory using the following commands:

gunzip Unix.tar.gz

tar xvf Unix.tar

65Integrating Symantec Mail Security with Symantec Security Information Manager

Installing and configuring event logging to the Information Manager

Navigate to the decompressed AgtInst directory and launch the installation program with the command

./install.sh [ -debug ] [-log] [-a{ProdID}] [-f{filename}] [-s{server}] [-p{port}] [-i{installpath}]

where

-s{server} specifies the hostname or IP of the management server, and

-i{install path} specifies the destination path where the SSIM Agent will

be installed. If you omit this parameter, the SSIM Agent will be installed in the default folder.

(example: ./install.sh -i/opt/Symantec/sesa/Agent-s192.168.0.10)

The installer runs and completes.

Installing the Collector

To install the Collector on Windows

Ensure that youare logged into the Symantec Mail Security for SMTP machine on the console or via SSH as an administrative user.

Insert the Symantec Mail Security for SMTP product CD into the drive and execute the following command from the product CD:

\collectors\sms_smtp\install\install.bat

You can view the installation logs in installcollector.log in the Information Manager Agent folder.

To install the Collector on Linux/Solaris

Ensure that youare logged into the Symantec Mail Security for SMTP machine on the console or via SSH as root.

Insert the Symantec Mail Security for SMTP product CD into the drive and execute the following command from the product CD:

/collectors/sms_smtp/install/install.sh

You can view the installation logs in /tmp/collector-install.log

Configuring data sources

You must configure the following data sources on the Information Manager to receive events from Symantec Mail Security for SMTP. You can add a new sensor for each data source. Once you have configured these sources, you must distribute

Integrating Symantec Mail Security with Symantec Security Information Manager

Installing and configuring event logging to the Information Manager

the configuration to the Collector for it to take effect. For more information, refer to the Symantec Security Information Manager documentation.

Note: You must ensure that the Configure as: setting is configured exactly as indicated in the Value column.

Table B-5 describes the settings for Message statistics.

Table B-5

Settings for Message statistics

ValueSetting

Message statsType:

/opt/Symantec/SMSSMTP/scanner/stats/Path for Linux/Solaris:

c:\Program

Files\Symantec\SMSSMTP\scanner\stats\

Path for Windows:

bmi_eng_statsFilename:

Monitor in Real TimeConfigure as:

Table B-6 describes the settings for Firewall statistics.

Table B-6

Settings for Firewall statistics

ValueSetting

Firewall statsType:

/opt/Symantec/SMSSMTP/scanner/statsPath for Linux/Solaris:

c:\Program

Files\Symantec\SMSSMTP\scanner\stats

Path for Windows:

bmi_fw_statsFilename:

Monitor in Real TimeConfigure as:

Table B-7 describes settings for Administrative and Definition Update statistics.

Table B-7

Settings for Administrative and Definition Update statistics

ValueSetting

Admin and Definition Update statsType:

67Integrating Symantec Mail Security with Symantec Security Information Manager

Installing and configuring event logging to the Information Manager

Table B-7

Settings for Administrative and Definition Update statistics

(continued)

ValueSetting

/opt/Symantec/SMSSMTP/logs/tomcat/BMI_SESAPath for Linux/Solaris:

c:\Program Files\

Symantec\SMSSMTP\logs\omcat\BMI_SESA

Path for Windows:

Brightmail_SESA_EventsFilename:

Dynamic Filename, Monitor in Real TimeConfigure as:

Uninstalling Information Manager components

When Symantec Mail Security for SMTP is no longer forwarding messages to the Information Manager, you can uninstall the Information Manager components.

For information on how to uninstall the Integration Package, see the Symantec Security Information Manager documentation.

Uninstalling the Collector

To uninstall the Information Manager Collector on Windows

Ensure that youare logged into the Symantec Mail Security for SMTP machine on the console or via SSH as an administrative user.

Insert the Symantec Mail Security for SMTP product CD into the drive and execute the following command from the product CD

\collectors\sms_smtp\install\uninstall.bat

To uninstall the Collector on Linux/Solaris

Ensure that youare logged into the Symantec Mail Security for SMTP machine on the console or via SSH as root.

Insert the Symantec Mail Security for SMTP product CD into the drive and ungzip and untar the contentsof theAgents/Unix.tar.gz file into the Agent/ folder.

Launch the Collector uninstaller with the command

./collectors/sms_smtp/install/uninstall.sh

Integrating Symantec Mail Security with Symantec Security Information Manager

Uninstalling Information Manager components

Uninstalling the Information Manager Agent

To uninstall the local Information Manager Agent on Windows

Ensure that youare logged into the Symantec Mail Security for SMTP machine on the console or via SSH as an administrative user.

Insert the Symantec Mail Security for SMTP product CD into the drive and execute the following command from the product CD

\Agents\setup.exe

-u

To uninstall the local Information Manager Agent on Linux/Solaris

Ensure that youare logged into the Symantec Mail Security for SMTP machine on the console or via SSH as root.

Insert the Symantec Mail Security for SMTP product CD into the drive and ungzip and untar the contentsof theAgents/Unix.tar.gz file into the Agent/ folder.

Navigate to the /Agents directory on the product CD and copy the

Unix.tar.gz file to a temporary directory on the hard drive.

After you have copied the file, decompress the Information Manager Agent directory using the following commands:

gunzip Unix.tar.gz

tar xvf Unix.tar

Navigate to the decompressed AgtInst directory and launch the uninstaller with the command

./install.sh -u

To uninstall the Collector SIP file

At the command prompt, in the directory from which you ran the SIP Install Wizard, run the following command:

java -jar setup.jar -r

Follow the onscreen instructions.

For more information, see the Symantec Event Collector Integration Guide.

69Integrating Symantec Mail Security with Symantec Security Information Manager

Uninstalling Information Manager components

Integrating Symantec Mail Security with Symantec Security Information Manager

Uninstalling Information Manager components

administrator

email address for alerts 35

alerts

address to send to 35

architecture

overview 13

events

Symantec Security Information Manager 58

files

importing 48 Filtering Engine 14 Filtering Hub 14 filters

settings 35, 39

default 42 outbound 37, 41

firewall rules

ports 15 flow

of messages 13 functional overview

overview 12

help 17

Information Manager

uninstall 68 installation

Symantec Security Information Manager

Agent 64

key features

overview 9

local domains

initial settings 35

mail filters.. See filters mail flow 13

new features

overview 10

outbound

filters

settings 37, 41

registration

initial

Scanners 39

Scanners 12

registration

initial 39

set up

registration 39

settings

alert address for administrator 35 default filters 42 filters 35, 39

outbound 37, 41 local domain 35 time 35

Index

SSIM 57

See also Symantec SecurityInformationManager

Symantec Security Information Manager

about 57 events 58 install Agent 64

time

settings 35

Transformation Engine 13

uninstall

Symantec Security Information Manager 68

Index72

Symantec 10547849 - Mail Security For SMTP, Mail Security for SMTP Installation Manual

Specifications and Main Features

Frequently Asked Questions

User Manual