Data Loss Prevention

 View Only

  • 1.  MTAs Supported by Symantec DLP 10.0

    Posted Jan 09, 2010 03:12 AM

    Hi All,

    Can anyone provide me the list of MTAs supported by Symantec DLP 10.0 ? 

    In addition, if I have a MTA, which is not supported by Symantec, then is there anyway that we can use some customizations or third party tools to achieve the MTA Integration?

    Hope I am clear.


    - Naren



  • 2.  RE: MTAs Supported by Symantec DLP 10.0

    Posted Jan 09, 2010 11:26 AM
    There is a document that suggets how to use the network prevent for mail,
    but still any MTA that can transfer the mail to do another hop would be fine.
    You can either use forwarding mode (putting the DLP server between 2 MTA's),
    or use the reflecting mode (MTA sends the mail to the DLP server which analyze the mail and returns the mail to the same MTA).
    If you bought the priduct you could consult with the document: "Symantec DLP 10.0 Email Prevent MTA Integration Guide"

    What MTA do you use?

    P.S
    Symantec DLP Web Prevent does have some specifications that the organization must meet (the web proxy must support ICAP).
    the new version (10.0) supports: Bluecoat,ISA,Squid and more.

    Kind Regards,
    Naor Penso


  • 3.  RE: MTAs Supported by Symantec DLP 10.0

    Posted Jan 11, 2010 03:37 AM

    Thanks for the response

    The MTA product that we are using is Mxtreme from Borderware.

    Please let me know if you have any insight on integrating this product (or any) with Symantec DLP Network Prevent (Mail).




    - Naren


  • 4.  RE: MTAs Supported by Symantec DLP 10.0

    Posted Jan 11, 2010 01:53 PM
    I don't know this production specifically but you should consider the following things:
    1) There are 2 ways to integrate the network prevent for mail:
         * Exchange forwards a mail to the MTA -> the MTA transfers the mail to the Prevent for mail which analyze the
            mail and then returns the mail to MTA which forwards the mail to the destination
         * Exchange forwards a mail to the MTA -> the MTA transfers the mail to the Prevent for mail which analyze the
            mail and then forwards the mail to another MTA which forwards the mail to the destination
    For most clients the first option is the better one, because not many clients (that i know of) can afford 2 MTA's.

    2) Do not enforce prevent policies on day one - this is correct regarding any module that you are about to use. first test the policies and make sure that the amount of false-positive's are as little as possible, and make sure you are preventing what you intended, just then start enforcing prevent policies on your corporate network.

    If you have any more specific question you are more then welcome to ask.
    Kind Regards,
    Naor Penso