Symantec Mail Security for Microsoft Exchange Getting Started Guide The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Documentation version 6.5 PN: 20973766 Legal Notice Copyright 2010 Symantec Corporation. All rights reserved. Federal acquisitions: Commercial Software - Government Users Subject to Standard License Terms and Conditions. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be "commercial computer software" and "commercial computer software documentation" as defined in FAR Sections 12.212 and DFARS Section 227.7202. Symantec Corporation 350 Ellis Street Mountain View CA 94043 USA http://www.symantec.com
Contents Getting Started... 5 Introducing Symantec Mail Security for Microsoft Exchange... 5 What's new in Mail Security... 5 Components of Mail Security... 8 Before you install... 10 About security and access permissions... 12 System requirements... 13 Server system requirements... 13 Console system requirements... 15 Installation options... 16 Migrating to version 6.5... 17 Where to get more information about Mail Security... 19
4 Contents
Getting Started Introducing Symantec Mail Security for Microsoft Exchange Symantec Mail Security for Microsoft Exchange (a member of the Symantec Information Foundation product family) is a complete, customizable, and scalable solution that scans email that passes through or resides on the Microsoft Exchange server. Mail Security protects your Exchange server from the following: Threats (such as viruses, Trojan horses, worms, and denial-of-service attacks) Security risks (such as adware and spyware) Unwanted file attachments Unsolicited email messages (spam) Mail Security also lets you manage the protection of one or more Exchange servers from a single console. The Exchange environment is only one avenue by which a threat or security risk can penetrate a network. For complete protection, ensure that every computer and workstation is protected by an antivirus solution. What's new in Mail Security Table 1 lists the new and enhanced features in Mail Security.
6 Getting Started What's new in Mail Security Table 1 Feature New and enhanced features Description Support for Exchange Server 2010 Mail Security supports Exchange Server 2010 on the following roles: Edge Transport Hub Transport Mailbox Addition of a Global Group for Exchange Server 2010 Support for Manual and Scheduled Scan in Exchange Server 2010 Support for Filtering contents in Exchange Server 2010 Global Group consists of all the servers that are managed through Mail Security console. When you configure and apply Global Group settings, the changes are propagated to all the servers in all the groups. Changes that are made at the Global Group level overwrites group settings of all individual and user-defined servers. Manual scans run on-demand and scan public folders and mailboxes. Scheduled scans run unattended usually at off-peak periods. All policies apply to manual and to scheduled scans, except antispam. You can specify which file folders and mailboxes to scan during a manual or scheduled scan. You can also specify the content filtering rules that you want to enable for the manual or scheduled scan. Mail Security provides comprehensive content filtering for messages and attachment content. It supports more than 300 attachment types. Mail Security lets you create content filtering rules that apply to SMTP inbound and outbound mails and the Exchange Information Store. Content filtering rules let you filter messages for attachment names, attachment content, specific words, phrases, subject lines, and senders or recipients. It provides pre-cooked match list and let you define your own match list. You can also set content filtering rules for attachment size.
Getting Started What's new in Mail Security 7 Table 1 Feature New and enhanced features (continued) Description Troubleshooting installation issues with common error dialog Web links are provided in the product installer that assist and guide you to troubleshoot the failures that are encountered during installation. These links provide more information about the failure or a similar failure and the resolution steps and recommendations. Performance improvements Through Antispam processing Mail Security 6.5 has a provision to reduce the processing time that is required for AntiSpam processing. The Fastpass feature conserves resources by providing a temporary exemption from spam scanning for senders with a demonstrated history of sending no spam messages. Thus senders with the best local reputation are exempted from spam scanning. Mail Security automatically collects local sender reputation data to support Fastpass determinations and regularly re-evaluates the senders that are granted a pass. By turning off performance counters for logging Mail Security 6.5 lets you configure performance counters for logging. By default, this counter is enabled. However, to improve Mail Security's scanning performance, these performance counters for logging can be turned off by adding following registry key and setting its value to 1. Registry key for 32-bit platform: HKEY_LOCAL_MACHINE\SOFTWARE\ Symantec\SMSMSE\6.5 \Server\TurnOffPerfCounters Registry key for 64-bit platform: HKEY_LOCAL_MACHINE\SOFTWARE \Wow6432Node\Symantec\SMSMSE\6.5\ Server\TurnOffPerfCounters Restart Mail Security service after setting this registry key.
8 Getting Started Components of Mail Security Note: Mail Security 6.5 does not support Windows 2000 and Exchange Server 2000. Components of Mail Security Table 2 lists the components of Mail Security. Table 2 Component Product components Description Location on the product CD Symantec Mail Security for Microsoft Exchange This software protects your Exchange servers from threats (such as viruses and denial-of-service attacks) and security risks (such as adware and spyware). It also detects spam email messages and unwanted content. This software protects your Exchange servers from threats (such as viruses and denial-of-service attacks), security risks (such as adware and spyware). It also detects spam email messages and unwanted email attachments. \SMSMSE\Install\
Getting Started Components of Mail Security 9 Table 2 Component Product components (continued) Description Location on the product CD LiveUpdate Administration Utility Symantec Central Quarantine This utility lets you configure one or more intranet FTP, HTTP, or LAN servers to act as internal LiveUpdate servers. LiveUpdate lets Symantec products download program and definition file updates directly from Symantec or from a LiveUpdate server. For more information, see the LiveUpdate Administrator documentation on the Mail Security product CD in the following location: \DOCS\LUA\ This utility lets Mail Security forward infected messages and messages that contain certain types of violations from the local quarantine to the Central Quarantine, which acts as a central repository. For more information, see the Symantec Central Quarantine Administrator's Guide on the Mail Security product CD in the following location: \DOCS\DIS\CentQuar.pdf \ADMTOOLS\LUA\ \ADMTOOLS\DIS
10 Getting Started Before you install Table 2 Component Product components (continued) Description Location on the product CD Mail Security for Microsoft Exchange Management Pack This component lets you integrate Symantec Mail Security for Microsoft Exchange events with Microsoft Operations Manager 2005 (MOM). If you use Microsoft Exchange 2003, this component also lets you integrate Mail Security events with Microsoft System Center Operations Manager 2007 (SCOM). Pre-configured Computer Groups, Rule Groups/Rules, and Providers are automatically created when you import the management pack. These rules monitor specific Symantec Mail Security for Microsoft Exchange events in the Windows Event Log and the Windows Performance Monitor. \ADMTOOLS\Mgmt_Pack For more information, see the Symantec Mail Security for Microsoft Exchange Management Pack. Before you install Ensure that you meet all system requirements before you install Mail Security. Select the installation plan that best matches your organization's needs, and ensure that you have met the pre-installation requirements. See System requirements on page 13. See Installation options on page 16. Mail Security supports upgrades from Mail Security 4.6x and higher. If Mail Security detects an older version of the product on your computer, the installer
Getting Started Before you install 11 automatically uninstalls the prior version. The installer then continues with the installation. If you want to uninstall the previous version manually, do so before installing the current version of Mail Security. If you are installing Mail Security on an Exchange Server 2007 or Server 2010, install the product on all of the following server roles in your organization: Edge Transport servers, if available Hub Transport servers Mailbox servers You must uninstall and reinstall the product if you change the server role on which Mail Security is installed. Mail Security automatically installs custom transport agents when you install the product on Hub Transport or Edge Transport servers. The Mail Security transport agents consist of an antispam transport agent and an antivirus transport agent. By default, the Mail Security transport agents are installed with a lower priority than the Exchange transport agents. If you modify your transport agent priorities, ensure that the Mail Security transport agents remain a lower priority than the Exchange transport agents. Do the following before you install the product: If you are running Symantec Brightmail AntiSpam on the same server on which you want to install Mail Security, you must uninstall Symantec Brightmail AntiSpam before you install Mail Security. It is recommended that you not run Mail Security on the same server as Symantec Brightmail AntiSpam. If you are using the email tools feature of Symantec AntiVirus Corporate Edition, you must uninstall the feature before you install Mail Security. The email tools feature of Symantec AntiVirus is not compatible with Mail Security or Microsoft Exchange. If you are running any antivirus software that is on the server on which you want to install Mail Security, you must disable it before you install Mail Security. After installation but before you re-enable the antivirus protection, configure your other antivirus programs to exclude certain folders from scanning. Log on as a Windows domain administrator to install Mail Security components correctly. Modify your screen resolution to a minimum of 1024 x 768. Mail Security does not support a resolution less than 1024 x 768.
12 Getting Started About security and access permissions Configure the default receive connector for the Exchange Hub Transport server to permit connections from anonymous users. Before you install Mail Security on Exchange 2010 mailbox role, you must specify a domain user account. The domain user account must fulfill the following criteria. Mail Security uses the domain user account as a service account and this account must have a mailbox. The user must be a member of Organization Management group under the Microsoft Exchange Security Groups Organizational Unit. By default, Organization Management group is a member of the local Administrators group on all the exchange servers in the organization. If not, then add the user to the local Administrators group. You may use different user account for installations of Mail Security on other Exchange 2010 mailbox servers within that domain for better performance. When the user updates the password, the same password must be provided to the Mail Security Service on all Exchange 2010 mailbox role servers. Note: While installing Mail Security on local Exchange 2010 Mailbox server, in the Logon Information screen, specify the domain user credentials in the User name and Password fields. Mail Security provides this user account Application Impersonation and Logon as service rights. Ensure that the following IIS Role Service components are installed when you install Mail Security on Windows Server 2008 for Exchange 2010 and 2007 servers. This installation is applicable for both remote installation and local installation. Application Development - ASP.NET Security - Windows Authentication Management Tools - IIS management console, IIS 6 Scripting Tools About security and access permissions Mail Security automatically creates the following user groups and assigns them access when you install the product:
Getting Started System requirements 13 SMSMSE Admins Permits read and write access to all Mail Security components and features. Users in this group can change settings for Mail Security through the console. The user who installs Mail Security is automatically added to the SMSMSE Admins group. SMSMSE Viewers Permits read-only access to Mail Security components and features. Users in this group cannot change settings for Mail Security. Users can view reports, event logs, and settings through console-only installations. System requirements The user groups are domain-wide for Active Directory. You can use the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in to change membership in the groups. Users must be designated in one of the SMSMSE user groups to access the product. For example, administrators who are not in one of the SMSMSE user groups are not granted access to Mail Security. Adding a user to the SMSMSE Admins group does not automatically grant the user Windows Local Administrator, Windows Domain Administrator, or Exchange administrator rights. Security is also set for the Mail Security registry key and file folders during the security set-up process. You must have administrator access to the local servers and domain administrator rights for the security set-up to proceed. Ensure that you meet the appropriate system requirements for the type of installation that you are performing. See Installation options on page 16. Server system requirements You must have domain administrator-level privileges to install Mail Security. The server system requirements are as follows:
14 Getting Started System requirements Operating system The operating system requirements for Microsoft Exchange 2010 are as follows: Windows Server 2008 with SP2 (64-bit) Standard or Enterprise Edition Windows Server 2008 R2 (64-bit) Standard or Enterprise Edition The operating system requirements for Microsoft Exchange 2007 are as follows: Windows Server 2008 with SP1or later (64-bit) Standard or Enterprise Edition Windows Server 2003 with SP2 (64-bit) Standard or Enterprise Edition Windows Server 2003 R2 (64-bit) Standard or Enterprise Edition The operating system requirements for Microsoft Exchange 2003 are as follows: Windows Server 2003 SP1/SP2/R2 Standard or Enterprise or Data Center Edition Exchange platform The Exchange platform requirements for Microsoft Exchange 2007/2010 are as follows: Exchange Server 2007 SP1/SP2 Exchange Server 2010 The Exchange platform requirements for Microsoft Exchange 2003 are as follows: Exchange Server 2003 SP1/SP2
Getting Started System requirements 15 Minimum system requirements Intel(TM) Pentium II 266 MHz or higher processor; recommended Intel Pentium or compatible 733MHz processor Requirement for Exchange Server 2003 only x64 architecture-based processor that supports Intel Extended Memory 64 Technology (Intel EM64T) x64 architecture-based computer with AMD 64-bit processor that supports AMD64 platform Requirement for Exchange Server 2007/Server 2010 only Only for Exchange 2007 Mailbox server role, Exchange Server MAPI client and Collaboration Data Objects 1.2.1 Requirement for mailbox role of Exchange Server 2007 only 1 GB of memory for Mail Security besides the minimum requirements for the operating system and Exchange. Approximately 4GB or more of memory is required. 500-MB disk space is required for Mail Security. This space does not include disk space required for items such as quarantined messages and attachments, reports, and log data..net Framework version 2.0 MDAC 2.8 or higher DirectX 9 or higher Microsoft Internet Information Services (IIS) Manager Requirement for Exchange Server 2007 only Only for Exchange Server 2010, Microsoft.NET Framework 3.5 and Microsoft Windows Powershell 2.0 Ensure that the components.net Framework, MDAC, and DirectX are installed before you install Mail Security. Adobe Acrobat Reader is not a requirement to install and run Mail Security. However, it is required to view the reports that are generated in.pdf format. You can download Adobe Acrobat Reader from www.adobe.com. For more information, see the Symantec Mail Security for Microsoft Exchange Implementation Guide. Console system requirements You can install the Mail Security console on a computer on which Mail Security is not installed. The console system requirements are as follows:
16 Getting Started Installation options Operating system Windows Server 2003/R2/SP2 Windows XP Windows Vista 32-bit Windows Server 2008/R2/SP2 Standard and Enterprise Edition Windows 7 Minimum system requirements 512 MB RAM 162 MB available disk space This does not include the space required for items such as quarantined messages and attachments, reports, and log data..net Framework version 2.0 Microsoft Internet Information Services (IIS) Manager Requirement is for Exchange Server 2007 only Ensure that.net Framework is installed before you install Mail Security. Adobe Acrobat Reader is not a requirement to install and run the Mail Security Console. However, it is required to view the reports that are generated in.pdf format. You can download Adobe Acrobat Reader from www.adobe.com. Installation options Use any of the following installation procedures, depending on the type of installation that you want to perform: Local server You can install or upgrade Mail Security on a local computer that is running the Microsoft Exchange server. Remote server You can install Mail Security on remote servers through the product console. Console You can install the product console on a computer that is not running Mail Security. This lets you manage your servers from any computer that has access to your Exchange servers. Silent/automated installation You can install Mail Security using automated installation tools. Microsoft cluster server You can install Mail Security in a Microsoft Cluster environment. Veritas cluster server You can install Mail Security in a Veritas cluster environment.
Getting Started Migrating to version 6.5 17 For more information about installation procedures, see the Symantec Mail Security for Microsoft Exchange Implementation Guide. Migrating to version 6.5 Mail Security supports upgrades from Mail Security 4.6x and higher. Table 3 lists the settings that do not migrate from version 5.x to the new version. Table 3 Setting Version 5.x migration settings Description Heuristic antispam This feature is no longer supported. Enable and configure Symantec Premium AntiSpam for spam detection. Save to folder option The Save to folder option is no longer supported. If Save to folder was a disposition for a content filtering rule, the disposition is set to Log Only. The Add X-header settings associated with the Save to folder disposition has been removed. In the Symantec Premium AntiSpam settings, the Save to folder settings and the Add X-header settings associated with them have been removed. The Add X-header settings that are not associated with the Save to folder settings migrate as is. Report templates and the report database SESA Alerts Background scanning Veritas Cluster Server configurations These items do not migrate. This feature is no longer supported. These settings do not migrate. Re-enable and schedule background scanning. Mail Security does not support upgrades from 5.0 on Veritas Cluster Server configurations. If you are upgrading from 4.6x, the policy settings are incorporated into the applicable policy on the new installation. Mail Security 5.x and higher does not contain a separate multiserver console. Single and multiple servers are administered from the same console. Multiserver console settings do not migrate to the new version. Custom policies, heuristic antispam settings, content filtering rules, and report templates do not migrate to the new version.
18 Getting Started Migrating to version 6.5 Table 4 lists the migrations from version 4.6x to the new version. Table 4 Setting Auto-protect Version 4.6x migration settings Description Migrates to the new version as the standard policy. Heuristic antispam This feature is no longer supported. Enable and configure Symantec Premium AntiSpam for spam detection. Macro Virus Rule Bloodhound Virus Rule Mass-Mailer Virus Rule HeartBeat Filtering subpolicy Messenger Service Alerts AMS Alerts SESA Alerts Scheduled scans Manual scans Attachment Blocking rule Outbreak settings Content Dictionary Generated reports These settings are no longer supported. These settings are no longer supported. These settings do not migrate. This feature is no longer supported. These settings do not migrate. This feature is no longer supported. This feature is no longer supported. This feature is no longer supported. These settings do not migrate. These settings do not migrate. This rule is migrated to a new rule File Name Rule. These settings do not migrate. This feature is no longer supported. Reports cannot be viewed through the console. Reports that you generated in version 4.6x are copied to the following directory: <Installation directory>\server\reports\4.6 You can view a report by opening it from this directory. Report templates and the report database Background scanning These features and documents do not migrate. These settings do not migrate. Re-enable and schedule background scanning.
Getting Started Where to get more information about Mail Security 19 Where to get more information about Mail Security Mail Security includes a comprehensive help system that contains conceptual, procedural, and context-sensitive information. Press F1 to access information about the page on which you are working. If you want more information about features that are associated with the page, select a More Information link in the Help page, or use the Table of Contents, Index, or Search tabs in the Help viewer to locate a topic. The Symantec Mail Security for Microsoft Exchange Implementation Guide provides information about using this product and is found on the product CD in the following location: \DOCS\SMSMSE\ You can visit the Symantec Web site for more information about your product; the following online resources are available: Provides access to the technical support Knowledge Base, newsgroups, contact information, downloads, and mailing list subscriptions www.symantec.com/techsupp/ent/enterprise.html Provides information about registration, frequently asked questions, how to respond to error messages, and how to contact Symantec License Administration www.symantec.com /licensing/els/help/en/help.html Provides product news and updates www.symantec.com/enterprise/index.jsp Provides access to the Threat Explorer, which contains information about all known threats www.symantec.com/enterprise/security_response/threatexplorer/azlisting.jsp
20 Getting Started Where to get more information about Mail Security