Messaging Gateway

Hello guys!

We are looking for a new solution for AntiSPAM. And now, I want to test Symantec Messaging Gateway.

I loaded a VM with a trial license to see the app and to test something.

In my first contact, I really liked the product. It seems very powerful, but, I need your feeling about that.

Nowadays, we are running a free solution, like postfix, mailscanner, clamav, spamassassin... (and exchange for mailboxes, postfix is transporting to exchange, and cleaners do the job to clean and deliver to end user :) )

Are you glad with SMG solution? In my case, MX = SMG and after deliver to Exchange, ok!

Very simple to use and configure? No problems? Affect end user? Like slow delivery or something else like this?

I did not see something like block e-mails from other countries. I saw one time, a solution that I could select many countries (by their flag, for example) and make it blocked, like a blacklist. I did not see it in SMG. Does the product have it?

Did you have any problem with the SO? It runs in a CentOS, right? Do you need to update something in the SO? Like yum check-update?

And what about the database? any problem?

And finally? Does it get 99% of SPAMs how it says?

Thanks guys!

Diego

Hi Dimago,

It is a very powerful and effective in blocking spam messages. And it does block 99% of the spam as well.

It uses Symantec Global reputation, and local reputation to fight attackers.

It has all the features required, Like boucne attack feature, Directory harvest attack and list goes on.

You cannot block emails based on their origin from a country as that seems quite harsh. but you have the opttion to block emails in certain languages.

for example you can configure it to accept messages only in English or you can select languages from a list.

On top of that You have Customer specific rulesets feature. Which is very powerful for administrator.

Yes it is using Linux at the backend, but you don't have to login to backend to update packages or anything like that. 

You can only log in as admin to run specific commands. 

Well Database is not keeping a lot of information, only configs and settings mostly. So there is no problem with the database as such.

But you have the option to run repair and optimize command by logging as admin.

Please let me know if you have any further questions about any features that you require more clarification.

Hi Mudasssar, thanks for your reply!

So, about blocking th certain language. Im from Brazil, so, Im using my private e-mail and I sent a message to my business e-mail. The message came with .com.br, for example. In the subject of the message, I wrote in portuguese and in the body I wrote in portuguese as well. I blocked German, but, in a little piece of the message, I wrote one line in German. So, will it be blocked?

And now, one more doubt about how to implement it, design:

I will create 2 mx for my domain:

mx 5 smtp.domain.com.br

mx 10 mxsec.domain.com.br

I have 2 sites, so, smtp.domain.com.br will respond for site 1 and mxsec.domain.com.br for site 2.

I will put 2 scanners, 1 in site 1 and other in site 2 (every fine until now, right?)

I need to use 2 Control Centers, in case of Control Center 1 stop. In the Control Center, I use it to insert policies to scanners, right? So that policies are applied for both Scanners, right?

In the Control Center, is possible to make it Active x Active, like Endpoint Protection Manager? ( I have it running Active x Active)

What solution you suggest to me in my environment?

Thanks!

Diego

Hi Dimago,

Answer to your first question:

1.If you write one german word in the email, will it be blocked as german?

No it will not be blocked as German. Without going into too many details it has a mechanism to determine.

2. If you have two sites.

It will be better to have two Controlcenter+scanner on each site.

They don't share the settings. You have to manually configure both of them seperately.

If on both sides the policies are going to be identical, then you can have one Controlcenter+scanner and on second site just scanner only.

There is no Active Active design. 

One Scanner cannot report to two controlcenter at a time.

So You can decide which one wil be easier for you.

For two Controlcenters you have to search for messages from Two Controlcenters. It is better to have One Controlcenter and two scanners.

Let me know if you have more questions.

Hi!

Thanks for help!!!

So, I think 1 Scanner in each site sounds good! (total 2 scanners).

And one Control Center in just one site. (Site 1, for example)

But, Control Center in site 1 can manage Scanner in site 1 and scanner in site 2? Scanners must have the same policies, so, when I apply a rule, using Control Center it must be apllied for both Scanners (Site 1 and Site2)

Follow a simple draft of what I have in mind!

If this scenario is OK, so I need a way to have a control center in Site 2 for disaster recovery. Maybe a VM ESX Backup and copy from Site 1 to Site 2?

Mudasssar,

I am thinking in saving (backup) the configuration from Control Center 01 and leave this backup in any folder to restore in Control Center 02 in case of disaster Control Center 01.

But, what kind of backup should I choose to improve it?

Full?

Configuration?

Could you suggest it for me?

Thanks!

Diego

Ola Diego,

I'm running the same sort of setup - Site A has the control+scanner with MX=5 and Site B has the scanner only with MX=10. Therefore if my Site B scanner goes down I still have full control and scanning ability, while if Site A goes down my site B scanner will continue to function as a scanner, but I just won't have control over the scanner until I bring the controller back up... For me this was the better solution, otherwise I'd have to duplicate the settings each and everytime there was a change and manage 2 seperate sets of Spam filtering / submissions.

Regardless of which setup you choose, don't forget to configure your exchange server to be able to send out via either of the scanners. To acheive this, I created a new internal-only domain on my AD DNS and created 2 A host / MX records pointing to the internal IP addresses of the respective scanners. I then set the exchange SMTP connector's smarthost as the new internal-only domain name. Therefore if the default router via Site A scanner goes down, all email is routed to the Site B scanner via MX weighting...

-------- Example --------

New Forward Lookup Zone - internaldomain.net

A Host - smtp1 192.168.2.100 (site A) / A Host - smtp2 192.168.3.100 (site B)

MX 10 smtp1.internaldomain.net / MX 20 smtp2.internaldomian.net

Exchange SMTP Connector - Network - Router mail through the following smart hosts:

internaldomain.net

--------------------------------

Hope that helps.

Tchau

John

Hello John,

Perfect! I think that scenario is the most used, right? So, I used MX 10 for both scanners, the Inbound arrives from both, but my outbound is just for one scanner, at this moment. Your configuration is really interesting for dns with smarthost. I took note of this!!!

Thanks!

Diego