Messaging Gateway

 View Only

  • 1.  Connection Classification

    Posted Jun 14, 2010 01:09 PM
    Good Afternoon,
    Finally got to replace our old Symantec SMS 5.x system for SBG 9.x.  So far, everything is working as it should.  I do have a question though.  It about Connection Classification.  We currently don't have it turned on but interested in doing it, but there is a problem.  SBG is not the true Mail Gateway.  We have another machine(s) that sends the mail to SBG.  SBG is inside the firewall.  Are there any benefits of turning on Connection Classification with SBG being inside the firewall?

    Thanks in advanvce!!!!


  • 2.  RE: Connection Classification

    Posted Jun 14, 2010 03:02 PM
    Hi mrmugg, by SBG inside the firewall i hope you mean the firewall is receiving SMTP request and being resend to the SBG?.
    If all SMTP is being sent to the SBG you can activate Connection Clsassification. This is a new feature together with Reputation Classification in SBG vers 8.0.
    There is always more beneffits on activating it since you will receive less hits of unwanted email. However in my case i think is a feature you only use when you have Hi volume of SMTP hits.

    You can se specifics benefits here.
    https://www-secure.symantec.com/connect/articles/using-new-reputation-and-connection-management-features-brightmail-gateway-80
    hopes this helps


  • 3.  RE: Connection Classification

    Posted Jun 14, 2010 04:28 PM

    Is the firewall proxying or NATing the inbound mail - if the SBG sees the TRUE connection IP address of the sender, you can turn on Connection Classification.

    We have it enabled and it helps alot.

    You might also want to setup a scheduled report and summarize IP connections, Top Rejected, or Top Deferred as candidates for your Local Bad Senders by IP list.  For example, I've seen  7556 defered and 4506 rejected connections for 193.252.22.151 in the past 24 hours.


  • 4.  RE: Connection Classification

    Posted Jun 15, 2010 08:48 AM
    There is a completely different MTA server(s) (PMDF) in front of the SBG application.  SBG is the 2nd hop in our mail chain.  I would believe that it doesn't see the "true" connection of the mail coming in.  Under Administration, Configuration, Edit Host Configuration, Internal Mail Hosts, I have specified these 2 PMDF mail hosts.  So I think that SBG is only going to see the IP connections of the MTA servers in front of it.


  • 5.  RE: Connection Classification

    Posted Jun 15, 2010 10:31 AM

    Then Connection Classification will not work, since it will only see the two front end host IPs.  In fact, if you enabled Connection Classification SBG will soon block all inbound mail.    Are you also seeing poor performance of the IP Reputation feature?


  • 6.  RE: Connection Classification

    Posted Jun 15, 2010 04:02 PM
    I'm just looking for another tool to attempt to stop more Spam from entering our environment.

    Thanks!!


  • 7.  RE: Connection Classification

    Posted Jun 15, 2010 05:03 PM

    You might want to consider replacing the competition that's infront of the SBGs.  We process 20M messages / day and 98% get blocked by IP reputation, and an additional 250K are deferred due to connection classification.