Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Network Prevent Email integration with Exchange Server

Created: 01 Oct 2012 | 9 comments
jawad1987's picture

I don't have a lot of knowledge about Exchange. I am deploying DLP for a client and they use Exchange as their Mail Server. They are many Exchange boxes in their enviornment with different roles like Mailbox, Hub Transport, Edge Transport etc. Admin guide just says that you have to integrate Network Prevent with MTA. With which role should i integrate Network Prevent. Also is there any plugin that needs to be installed on Exchange?

Comments 9 CommentsJump to latest comment

stumunro's picture

jawad.

 

there are a 2 options, first you need to decide if you want forward or reflecting mode.

 

next you need to get between the exchange server and the outbound egress. also you need to look at how many messges per sec you are pushing as multiple NP for email may be required. i have used a internal netscaler to round robin to load balance them previously and mx records with a cost count from 10 to 40.

 

i would review all this with your client post here is you need more info

jawad1987's picture

I am going for Reflecting mode option. Kindly tell me two things

1) With which Exchange server should i integrate it Network Prevent. The one with Hub Transport role or the one with Edge Transport role?

2) Is there any plugin that needs to be installed on Exchange Server?

stumunro's picture

jawad,

 

there is no agent to be instsalled, you would want the transport as hub handles all the internal mail flow and sends it up to the transport if this is all they have setup. you need to install the net prev for email server.

I have attached the np for email server guide in there as it will show sample artichecture and design and mail flow for each. If you show this to your clients they will see where they need to place it.

 

ideally email server ------>np for email------->email encrypter/spam filter

 

Does this help you at all?

AttachmentSize
Symantec_DLP_11.5_Email_Prevent_MTA_Integration_Guide.pdf 714.63 KB
TechnicallyCreative's picture

Jawad,

I think the issue is you are misunderstanding Vontu's service... It is not an exchange agent; it is only an interceptor of SMTP communications. The message has to leave the exchange server for Vontu to read it. The message will leave via SMTP from the hub transport server if a message is set to be delivered outside the exchange enterprise.

 

It also means that messages that don’t leave the exchange server are not accessible to vontu in real-time. If you want them to be scanned post-send, enable an exchange journal rule and target a SMTP server that has the vontu appliance in between.

 

jawad1987's picture

So i have to configure Hub Transport to forward the email to Network Prevent Email and after inspection the Network Prevent will resend the email to Hub Transport. Hub Transport will then move the email outside the organization. Right?

stumunro's picture

sort of correct, you need to send it to the next hop. this may be a bridge head server, this may be a email encrypter. i assume we are dealing with exchange 2010? is there still a 03 legacy excchange box there and what is acting as a bridge head server?

TechnicallyCreative's picture

jawad,

  You can do that, you will need to setup some complex transport rules though. It might cause to much volume on the HT if you do that.

 

Typically you have Vontu forward to a remote mail relay device like iron port or a gateway "dumb" smtp server

stumunro's picture

Jawad,

 

you need to get the exchange guys involved as they will need to decide costs and you will need a mx record for the next hops... also you need to know how many messages per sec you are sending as multiple NP for email may be required. Also in the advanced settings you need to look at ports you are sendning and receiving on. I believe by default they are 1025 and 1026. If the down range email server is looking for 25 it will never connect. Also is there a load balancer you can take advantage of for internal setup...

Subhani's picture

Hi Jawad

             Few points from my side too .

  1. First of all identify ,what server is used to send emails to Internet .Is it Hub Transport Or Edge Transport .Going from the inside to internet , Your Network protect should be after Hub Transport and before the MTA which is responsible to send emails to Internet .
  2. Than you need to configure Smart Host on your exchange Server for the outgoing emails .Email must go throug Email Prevent .
  3. You can also use default port 25 if your hub transport ,email prevent and gateway mta are all on separate machines .

Hope it helps .If you still have any doubts ,do write .