Video Screencast Help

Symantec Mail Security for Microsoft Exchange Best Practices

Created: 11 Oct 2011 • Updated: 14 Oct 2011 | 5 comments
Language Translations
Tariq Naik's picture
+8 8 Votes
Login to vote

About Symantec Mail Security for Exchange

At a high level, Symantec Mail Security for Microsoft Exchange (SMSMSE) integrates with Microsoft Exchange to provide real-time protection against viruses, spam, spyware, phishing, and other attacks while enforcing content policies. SMS scans all traffic that traverses the Exchange environment, including in/outbound and internal. SMS also integrates with the Mail Store to prevent outbreaks and enable re-scanning for cleanup. SMS is designed for Microsoft Exchange Server 2003, 2007 and 2010, with support for Virtualized environments.

 

About this Article

Several configuration settings are part of Symantec SMSMSE environment.  This article covers major configuration settings to leverage the product after the installation.

Different types of policies need to be enforced to ensure email security. These include Antivirus/Threat, File Filtering, and Content Filtering. However never lose sight of that fact that the basic function of the Exchange system is to provide messaging functionality. Hence it is important that these policies are enforced in a distributed manner making optimum use of the distributed architecture of Exchange so as to have minimum impact on Exchange performance. We will discuss some ways of how this is achieved the rest of this article.

 

Best Practices 

For the purpose of this article we consider the two scenarios with Microsoft Exchange 2010.

Scenario 1: -

We start by looking at an exchange environment consisting of three server. The following table looks at a high level distribution of what features we should enable across different Exchange Server Roles: -

Environment

3 Servers

 

Server 1

Server 2

Server 3

Role

Edge Transport

Hub Transport/ Client Access Server

Mailbox Server

Features

 

 

 

Antispam

Only if there is no mail gateway with anti-spam.

No

No

Antivirus

Yes

Yes

Yes but exclude outbound scanning.

Background Scanning

No

No

Yes

File Filtering

Yes

Yes

No

Content Filtering

No

Yes

No

Outbreak Detection

No

Yes

No

The Edge Transport (ET) should scan inbound and outbound mails for Threats (Antivirus Policies). It should also scan inbound mails for Spam if there is no mail gateway with antispam capabilities. It should filter the attachments which are to be blocked using file filtering policies. As outbound mails pass through File Filter and Antivirus on Hub Transport(HT)/Client Access Server(CAS)/Mailbox Server(MBS), file filtering and antivirus scanning practically occurs only for inbound mails if the mails have been virus scanned by the same set of virus definitions. 

Threat Scanning(Antivirus Policies) should be enabled on the HT/CAS. Mails which have been virus scanned by the ET and MBS will not be scanned again on this server if they have been scanned by the same set of virus definitions. Hence practically all the mails scanned for virus here are outbound mails. File filtering should also enabled here to filter unwanted attachment types and practically applies to internal and outbound mails as inbound mails already go though file filtering on ET. Content Policies should be enforced on this server. Outbreak Detection should also enabled on this server. A combination of Content Polices and Outbreak Detection on HT helps in mail storm detection and containment. 

Threat Scanning(Antivirus Policies) should be enabled on the MBS. However outbound mails destined for remote domains must be excluded from this scanning to reduce the load. This ensures that mails leaving the MBS server are scanned with the latest set of virus definitions. In case of a mail being already scanned with the latest definition, it will not be scanned again. Such mails are scanned on the HT. Background Threat Scanning (Antivirus Policies) should be enabled and scheduled on this server during off-peak periods. This is to ensure that the mails in the mailboxes are scanned using the latest virus definitions without impacting the performance during peak production period.

 

Scenario 2: -

We now look at an exchange environment consisting of two server. The following table looks at a high level distribution of what features we should enable across different Exchange Server Roles: -

Environment

2 Servers

 

Server 1

Server 2

 

Role

Edge Transport

Hub Transport/ Client Access Server/ Mailbox Server

 

Features

 

 

 

Antispam

Only if there is no mail gateway with anti-spam.

No

 

Antivirus

Yes

Yes but exclude outbound scanning.

 

Background Scanning

No

Yes

 

File Filtering

Yes

Yes

 

Content Filtering

No

Yes

 

Outbreak Detection

No

Yes

 

The Edge Transport (ET) should scan inbound and outbound mails for Threats (Antivirus Policies). It should also scan inbound mails for Spam if there is no mail gateway with antispam capabilities. It should filter the attachments which are to be blocked using file filtering policies. As outbound mails pass through File Filter on Hub Transport(HT)/Client Access Server(CAS)/Mailbox Server(MBS), file filtering practically occurs only for inbound mails. Antivirus Scanning occurs for both inbound and outbound mails.

Threat Scanning(Antivirus Policies) should be enabled on the HT/CAS/Mailbox. However outbound mails destined for remote domains must be excluded from this scanning to reduce the load. Mails which are have been scanned by the ET will not be scanned again on this server if they have been scanned by the same set of virus definitions. Hence practically all the mails scanned for virus here are internal mails. File filtering should also enabled here to filter unwanted attachment types and practically applies to internal and outbound mails as inbound mails already go though file filtering on ET. Content Policies should be enforced on this server. Outbreak Detection should also enabled on this server. A combination of Content Polices and Outbreak Detection on HT helps in mail storm detection and containment. Background Threat Scanning (Antivirus Policies) should be enabled and scheduled on this server during off-peak periods. This is to ensure that the mails in the mailboxes are scanned using the latest virus definitions without impacting the performance during peak production period.

 

Conclusion 

We have looked at two scenarios for Exchange 2010. You may encounter a different type or Exchange environment, however the key steps of designing an SMS implementation remain the same and can be summarized as follows: -

1.    Study your exchange setup and understand the role of each server.

2.    List down the SMS features that you need to enable.

3.    Put a thought into which exchange role should a feature be enabled and whether the feature functionality can be distributed.

Comments 5 CommentsJump to latest comment

Vikram Kumar-SAV to SEP's picture

Informative

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

+1
Login to vote
Avkash K's picture

Very Helpfull!!

Regards,

Avkash K

0
Login to vote
Symantec World's picture

Thanks Tarik.

Regards, M.R

0
Login to vote
kishorilal1986's picture

Hi Tariq sir,

Nice Article , Thansk for sharing

 

Regarsd

Ksihorilal

0
Login to vote
pravinbedekar's picture

Hi Tariq,

 

Please share the Best practices for Exchange 2013.

 

Regards,

Pravin

0
Login to vote