Messaging Gateway

 View Only

  • 1.  Integrating Brightmail Gateway with Exchange & MailMarshal

    Posted Jan 31, 2010 10:58 PM
    I am working on a site which currently uses Exchange, MailMarshal & Symantec Mail Security for SMTP. As Symantec Mail Security for SMTP is going End Of Life, I have been tasked with replacing it with Brightmail Gateway. I have installed Brightmail Gateway as a VM and licensed it successfully.

    I am new to these things, and need a hand getting the routing sorted. I guess I will have to configure Exchange to route outbound emails to the Brightmail Gateway, then configure Brightmail to route emails to MailMarshal. This will all have to be done in reverse for inbound email? Any and all help gratefully received.

    Thanks


  • 2.  RE: Integrating Brightmail Gateway with Exchange & MailMarshal

    Posted Feb 01, 2010 11:09 AM
     We were in the same situation 5 years ago with the same 3 products. We decided to retire SMS for SMTP and MailMarshal and use SBG for both of those roles (AV,SPAM and Content Filtering) and it has worked well.

    However if your going to keep MM, I assume that SBG will receive inbound email first and will also be last as far as receiving outbound email.

    In SBG, you tell the Inbound Scanner IP to forward email to the IP address of the next hop which I'm assuming is MM (Administration - Configuration - pick your scanner - SMTP tab). MM would still keep its normal configs to forward email to your exchange server.

    For outbound email, tell MM to forward the email to the Outbound Scanner IP. Tell SBG in the SMTP configs to accept email from only that IP (MM IP address) so nothing else can relay outbound email off of it. (Administration - Configuration - pick your scanner - SMTP tab)

    Basically that its as far as routing goes. Any reason your keeping MM in the loop?

    Stephen


  • 3.  RE: Integrating Brightmail Gateway with Exchange & MailMarshal

    Posted Feb 01, 2010 11:50 AM
    Mark,

    Thanks for the question and thank you dnslammers for the reply as well.  There are really two ways to set up this environment if you want to keep mailmarshal in the works.  The first would be as follows:

    INBOUND:  Internet-->Brightmail Gateway-->Mail Marshall-->Exchange
    OUTBOUND:  Exchange-->Mail Marshall-->Brightmail Gateway-->Internet

    The second:

    INBOUND:  Internet-->Mail Marshall-->Brightmail Gateway-->Exchange
    OUTBOUND:  Exchange-->Brightmail Gateway-->Mail Marshall-->Interet

    The first option would require the lease amount of configuration.  All you would need to do is change your MX or firewall to point at the SBG and then configure your downstream mail server as the Mail Marshall.  In option number two you would configure mail marshall to deliver to the SBG box, add the MM box as an internal mail host to brightmail gateway then configure your mail server as the downstream mail server then change the SMART host on the exchange server to point at the SBG box.

    Let me know if this helps,
    John


  • 4.  RE: Integrating Brightmail Gateway with Exchange & MailMarshal

    Posted Feb 01, 2010 04:17 PM
    Thanks to both Stephen and John for sharing the experience and recommendations.

    I would like to emphasize the importance and benefits of "First" option mentioned by John.  This is the recommended way to deploy SBG to gain maximum benefit from its capabilities and to take advantage of the Connection Classification feature.  For details, please see Chapter 6: "Blocking and allowing messages at connection time" in SBG 8.0 Administration Guide.

    Following KB article is also a great resource to look at:

    http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2008080612113754

    Regards,

    Adnan


  • 5.  RE: Integrating Brightmail Gateway with Exchange & MailMarshal

    Posted Feb 23, 2010 02:09 AM
    Hi Mark,

    If any of the replies answered your question, please mark that response as the Solution.

    Thanks

    Adnan