Symantec 10490452 Administration Guide
Symantec 10490452 - Mail Security 8220 Manual
 |
UPC - 037648265683
View all Symantec 10490452 manuals
Add to My Manuals
Save this manual to your list of manuals |
Symantec 10490452 manual content summary:
- Symantec 10490452 | Administration Guide - Page 1
Symantec Mail Security for SMTP Administration Guide - Symantec 10490452 | Administration Guide - Page 2
Symantec Mail Security for SMTP Administration Guide The software described in this book is furnished under rights reserved. Symantec, the Symantec logo, Brightmail, LiveUpdate, SESA, and Norton AntiVirus are U.S. registered trademarks or registered trademarks of Symantec Corporation or its - Symantec 10490452 | Administration Guide - Page 3
worldwide in a variety of languages for those customers enrolled in the Platinum Support Program ■ Advanced features, such as the Symantec Alerting Service and Technical Account Manager role, offer enhanced response and proactive security support Please visit our Web site for current information on - Symantec 10490452 | Administration Guide - Page 4
Router, gateway, and IP address information ■ Problem description ■ Error messages/log files ■ Troubleshooting performed prior to contacting Symantec ■ Recent software configuration changes and/or network changes Customer Service To contact Enterprise Customer Service online, go to www.symantec.com - Symantec 10490452 | Administration Guide - Page 5
the Services page 20 HTTP proxies 21 SMTP Scanner settings 22 Advanced SMTP settings 25 Configuring internal mail hosts 28 Testing Scanners 28 Configuring LDAP settings 29 Replicating data to Scanners 37 Starting and stopping replication 38 Replication status information 38 Troubleshooting - Symantec 10490452 | Administration Guide - Page 6
filtering settings 58 Configuring email filtering About email filtering 61 Notes on filtering actions 66 Multiple actions 67 Multiple policies 69 Security risks 70 About precedence 71 Creating groups and adding members 72 Assigning filter policies to a group 75 Selecting virus policies for - Symantec 10490452 | Administration Guide - Page 7
Specifying Spam Quarantine message and size thresholds 136 Troubleshooting Spam Quarantine 137 Working with Suspect Virus Quarantine About 148 Testing Symantec Mail Security for SMTP Verifying normal delivery 151 Verifying spam filtering 151 Testing antivirus filtering 152 Verifying filtering - Symantec 10490452 | Administration Guide - Page 8
the retention period for report data 173 Running reports 173 Saving and editing Favorite Reports 174 Running and deleting favorite reports 175 Troubleshooting report generation 175 No data available for the report type specified 175 Sender HELO domain or IP connection shows gateway information - Symantec 10490452 | Administration Guide - Page 9
Starting and stopping UNIX services 198 Periodic system maintenance 198 Backing up logs data 198 Backing up the Spam and Virus Quarantine databases 199 Maintaining adequate disk space 200 Feature Cross-Reference New features for all users 202 Changes for Symantec Mail Security for SMTP users - Symantec 10490452 | Administration Guide - Page 10
10 Contents Appendix D Glossary Index Editing antivirus notification messages Modifying notification files 231 Changing the notification file character set 232 Editing messages in the notification file 232 Notification file contents 233 - Symantec 10490452 | Administration Guide - Page 11
enterprises an easy-to-deploy, comprehensive gateway-based email security solution through the following: ■ Antispam technology - Symantec's state-of-the-art spam filters assess and classify email as it enters your site. ■ Antivirus technology - Virus definitions and engines protect your users from - Symantec 10490452 | Administration Guide - Page 12
mailbox access for end users nor message storage; it is not intended for use as the only MTA in your email infrastructure. Note: Symantec Mail Security for SMTP does not filter messages that don't flow through the SMTP gateway. For example, when two mailboxes reside on the same MS Exchange Server - Symantec 10490452 | Administration Guide - Page 13
for SMTP 13 Architecture Architecture Symantec Mail Security for SMTP processes a mail message as follows. For the sake of discussion, our sample message passes through the Filtering Engine to the Transformation Engine without - Symantec 10490452 | Administration Guide - Page 14
SMTP product comes with the following documentation: ■ Symantec Mail Security for SMTP Installation Guide ■ Symantec Mail Security for SMTP Planning Guide ■ Symantec Mail Security for SMTP Getting Started Symantec Mail Security also includes a comprehensive help system that contains conceptual and - Symantec 10490452 | Administration Guide - Page 15
About Symantec Mail Security for SMTP 15 Where to get more information Provides access to the Virus Encyclopedia, which contains information about all known threats; information about hoaxes; and access to white papers about threats www.symantec.com/ avcenter/global/index.html - Symantec 10490452 | Administration Guide - Page 16
16 About Symantec Mail Security for SMTP Where to get more information - Symantec 10490452 | Administration Guide - Page 17
portions of the SMTP tab on the Settings > Hosts page. ■ User interface HTTPS certificate-This is the HTTPS certificate used by the Control Center for secure Web management. Assign this certificate from the Settings > Certificates page. - Symantec 10490452 | Administration Guide - Page 18
18 Configuring system settings Configuring certificate settings You can add certificates to the certificate list in the following two ways: ■ Add a self-signed certificate by adding the certificate and filling out the requested information as presented to you at the time. ■ Add a Certification - Symantec 10490452 | Administration Guide - Page 19
Configuring system settings 19 Configuring certificate settings 9 On the Import Certificate page, type the full path and filename or click Browse and choose the file. 10 Click Import. To view or delete a certificate 1 In the Control Center, click Settings > Certificates. 2 Check the box next to the - Symantec 10490452 | Administration Guide - Page 20
Control Center, click Settings > Hosts. 2 Check the Scanner to edit. 3 Click Edit. 4 Select the services to be started or stopped. 5 Click Stop to stop a running service or Start to start a stopped service. To enable or disable Scanner replication for a host 1 In the Control Center, click Settings - Symantec 10490452 | Administration Guide - Page 21
not checked. 6 Click Save to store your changes. To take a Scanner out of service 1 In the Control Center, click Settings > Hosts. 2 Check the Scanner to edit. updates from Symantec. If you need to add proxy and/or other security settings to your server definition, use the steps below. To change or - Symantec 10490452 | Administration Guide - Page 22
22 Configuring system settings Configuring host (Scanner) settings SMTP Scanner settings A full complement of SMTP settings has been provided to help you define internal and external SMTP configurations for Scanners. Inbound SMTP settings determine how the inbound MTA processes inbound messages. - Symantec 10490452 | Administration Guide - Page 23
Configuring system settings 23 Configuring host (Scanner) settings Setting Inbound Mail Settings* Description Provides settings for inbound messages. In this area, you can provide the following information: ■ Inbound mail IP address- Location at which inbound messages will be received. ■ Inbound - Symantec 10490452 | Administration Guide - Page 24
hosts. Advanced Settings Provides for inbound, outbound and delivery advanced settings. See "Advanced SMTP settings" on page 25 for details. (*) Classless InterDomain Routing (CIDR) is supported for inbound and outbound mail connection IP addresses. 6 Click Save to store your changes. - Symantec 10490452 | Administration Guide - Page 25
Configuring system settings 25 Configuring host (Scanner) settings Advanced SMTP settings Use the MTA Configuration portion of the page to specify the MTA host name. The MTA Host Name gives you the ability to define the Hello banner during the initial portion of the SMTP conversation. Use the - Symantec 10490452 | Administration Guide - Page 26
26 Configuring system settings Configuring host (Scanner) settings Table 2-2 Outbound SMTP advanced setting descriptions Item Description Maximum message Sets the maximum size allowable for a message before it is size in bytes rejected. The default is 10,485,760 bytes. Maximum number of - Symantec 10490452 | Administration Guide - Page 27
Configuring system settings 27 Configuring host (Scanner) settings Table 2-3 SMTP delivery advanced setting descriptions Item Description Maximum number Sets the maximum number of connections allowed to all defined of connections to all internal mail servers. Any additional connection attempts - Symantec 10490452 | Administration Guide - Page 28
28 Configuring system settings Testing Scanners Configuring internal mail hosts You can add or delete internal mail hosts at your site. Configure internal mail hosts Follow these procedures to add or delete internal mail hosts. To add an internal mail host 1 From the Control Center, click Settings > - Symantec 10490452 | Administration Guide - Page 29
from the LDAP server and cached in the Control Center and Scanners, but not written back to the LDAP server. Symantec Mail Security for SMTP supports the following LDAP directory types: ■ Windows 2000 Active Directory ■ Windows 2003 Active Directory ■ Sun Directory Server 5.2 (formerly known as the - Symantec 10490452 | Administration Guide - Page 30
to create user mappings for source, and you have recently changed DNS servers, restart your LDAP synchronization components. Windows users use the Services control panel to first stop SMS Virtual Directory, then start SMS Sync Server. Dependencies are automatically restarted. Alternatively, the host - Symantec 10490452 | Administration Guide - Page 31
logging onto a Windows host. Use commas or semicolons to separate multiple domain names. Primary domain Internet domain to which mail is delivered. (Domino only) Domain aliases (Domino only) Internet domain names that resolve to the primary domain. For example, you could assign company.net to - Symantec 10490452 | Administration Guide - Page 32
32 Configuring system settings Configuring LDAP settings Table 2-4 LDAP Server Parameters when adding a server Item Description Authentication Query Details Contains the following options: ■ Autofill-Places default values in the field for you to modify as needed. ■ Query start (Auth base DN)- - Symantec 10490452 | Administration Guide - Page 33
Configuring system settings 33 Configuring LDAP settings Table 2-4 LDAP Server Parameters when adding a server Item Description Synchronization Query Details Specifies queries to use for synchronization. Available choices are: ■ Autofill-Places default values in the field for you to modify as - Symantec 10490452 | Administration Guide - Page 34
logging onto a Windows host. Use commas or semicolons to separate multiple domain names. Primary domain Internet domain to which mail is delivered. (Domino only) Domain aliases (Domino only) Internet domain names that resolve to the primary domain. For example, you could assign company.net to - Symantec 10490452 | Administration Guide - Page 35
Configuring system settings 35 Configuring LDAP settings Table 2-5 LDAP Server Parameters when editing a server Item Description Authentication Query Details Contains the following options: ■ Autofill-Places default values in the field for you to modify as needed. ■ Query start (Auth base DN)- - Symantec 10490452 | Administration Guide - Page 36
. ■ Starting-A synchronization request was issued either by the Control Center or through a replication request from a Scanner. ■ Cancelled-Either the LDAP synchronization was cancelled manually via clicking Status > LDAP Synchronization > Cancel, or a replication was in progress when a scheduled or - Symantec 10490452 | Administration Guide - Page 37
rejected when an attempt to add a group entry fails because one or more of the group members is not yet known to the LDAP synchronization service. Generally, this can be resolved by issuing a Synchronize Changes request from the Control Center. Each time this is done, the number of rejected entries - Symantec 10490452 | Administration Guide - Page 38
information ■ Troubleshooting replication Starting and stopping replication You may occasionally need to start or stop replication manually. Start or generated and displayed via the Status interface in Symantec Mail Security for SMTP. To view replication status information ◆ In the Control Center - Symantec 10490452 | Administration Guide - Page 39
has been issued. ■ Cancelled-Either the LDAP synchronization was cancelled manually via clicking Status Synchronization > LDAP > Cancel, or a replication Scanners. Troubleshoot replication The following techniques can help you troubleshoot replication problems. Basic troubleshooting procedure 1 - Symantec 10490452 | Administration Guide - Page 40
information" on page 38. To troubleshoot a status message 1 If the the initial synchronization service has completed successfully with a message of In-Progress ◆ Perform a manual replication from the Control Center. If replication still stalls The Symantec Mail Security for SMTP Control Center - Symantec 10490452 | Administration Guide - Page 41
the Control Center. See the procedure below for help resolving this situation. Specify Control Center access or reset Control Center access Follow these instructions to specify Control Center access or to regain access to the Control Center. To specify Control Center access 1 In the Control Center - Symantec 10490452 | Administration Guide - Page 42
. This situation happens more frequently on private networks than on the public Internet. Control Center certificate Through the Control Center, you can designate a user interface HTTPS certificate. This enhances the security for the Control Center and those logging into it. To designate a Control - Symantec 10490452 | Administration Guide - Page 43
synchronization cycle has completed. For information on setting up LDAP services, see "Configuring LDAP settings" on page 29. The replication for checking the status of Scanner replication and for troubleshooting possible problems with Scanner replication in "Replicating data to Scanners" on page - Symantec 10490452 | Administration Guide - Page 44
information to designated email addresses and repositories at your site: ■ Alert notifications ■ Reports ■ Spam Quarantined messages When the MTA for Symantec Mail Security for SMTP is used, messages that pass through it will be tracked by the message tracking log facilities in the product. In order - Symantec 10490452 | Administration Guide - Page 45
masquerading is a method of concealing email addresses or domain names behind the mail gateway by assigning replacement values to them. Symantec Mail Security for SMTP lets you implement address masquerading on inbound mail, outbound mail, or both. Manage masqueraded entries Follow these steps to - Symantec 10490452 | Administration Guide - Page 46
46 Configuring email settings Configuring address masquerading 6 Click Save. To edit a masqueraded entry 1 In the Control Center, click Settings > Address Masquerading. 2 Click the masqueraded address or domain or check a box, and then click Edit. 3 In the Edit Masqueraded Entry page, modify the - Symantec 10490452 | Administration Guide - Page 47
Configuring email settings 47 Configuring aliases To import a list of masqueraded entries 1 In the Control Center, click Settings > Address Masquerading. 2 Click Import. 3 On the Import Masqueraded Entry page, enter or browse to the filename containing the list of masqueraded entries. 4 Click Import - Symantec 10490452 | Administration Guide - Page 48
■ Alias transformation does not occur for messages passing through Symantec Mail Security for SMTP's MTA to the Internet. Alias transformation only applies to inbound or internal messages that pass through Symantec Mail Security for SMTP's MTA. ■ The system's inbound MTA checks email addresses in - Symantec 10490452 | Administration Guide - Page 49
Configuring email settings 49 Configuring aliases 5 Click Save. To edit an alias 1 In the Control Center, click Settings > Aliases. 2 Click the alias or check the box next to an alias, and then click Edit. 3 In the Edit aliases page, modify the text in the Alias domain or email address box as - Symantec 10490452 | Administration Guide - Page 50
50 Configuring email settings Configuring local domains Configuring local domains On the Local Domains page, you can view, add, edit, and delete local domain names and email addresses for which inbound messages are accepted. You can also import lists of local domains formatted as described in this - Symantec 10490452 | Administration Guide - Page 51
with a destination type (Mailer) of SMTP or ESMTP are supported, and %backreferences are not supported. After import, ESMTP destination types convert to SMTP. When the spam settings are available in Symantec Mail Security for SMTP: ■ Configuring suspected spam ■ Choosing language identification type - Symantec 10490452 | Administration Guide - Page 52
techniques such as pattern matching and heuristic analysis. If an email scores in the range of 90 to 100 after being filtered by Symantec Mail Security for SMTP, it is defined as spam. For more aggressive filtering, you can optionally define a discrete range of scores from 25 to 89. The messages - Symantec 10490452 | Administration Guide - Page 53
allow messages in all other languages. You can use one of two types of language identification: ■ Language identification offered by Symantec Mail Security for SMTP Processing takes place within the software, and no further software needs to be installed. Using the Policies > Group Policies > Edit - Symantec 10490452 | Administration Guide - Page 54
Configuring virus settings 6 Click Save. Configuring virus settings The following types of virus settings are available in Symantec Mail Security for SMTP: ■ Configuring LiveUpdate ■ Excluding files from virus scanning ■ Configuring general settings Configuring LiveUpdate LiveUpdate is the process - Symantec 10490452 | Administration Guide - Page 55
for SMTP employs the Intelligent Updater in order to update virus definitions. You can also update antivirus files with any other Symantec definitions downloaded to the computer running Symantec Mail Security for SMTP. To enable installation of non-default definitions: ◆ Click the box, Check for and - Symantec 10490452 | Administration Guide - Page 56
invalid recipient handling By default, when an email message arrives addressed to your domain, but is not addressed to a valid user, Symantec Mail Security for SMTP passes the message to the internal mail server. The internal mail server may either accept the message and generate a bounce message - Symantec 10490452 | Administration Guide - Page 57
recipients is an extreme measure. Enabling it may prevent diagnosis of serious problems with your email configuration, so only enable it after you're sure content filtering settings. Configuring container settings When Symantec Mail Security for SMTP processes certain zip files and other types of - Symantec 10490452 | Administration Guide - Page 58
scanning containers. If the configured limits are reached, Symantec Mail Security for SMTP will automatically perform the action designated for the " Do not set this value too high or you could be vulnerable to denial of service attacks or zip bombs, in which huge amounts of data are zipped into very - Symantec 10490452 | Administration Guide - Page 59
Configuring email settings 59 Configuring scanning settings maximizes the effect of content filtering, it can also impact the system load and slow down email filtering. To check attachments that are not plain text against your dictionaries 1 Click Settings > Scanning. 2 In Content Filtering Settings - Symantec 10490452 | Administration Guide - Page 60
60 Configuring email settings Configuring scanning settings - Symantec 10490452 | Administration Guide - Page 61
your requirements. Content filtering and Email Firewall policies offer further methods of managing mail flow into and out of your organization. Symantec Mail Security for SMTP provides a wide variety of actions for filtering email, and allows you to either set identical options for all users, or - Symantec 10490452 | Administration Guide - Page 62
Spyware or adware Email is flagged because it contains nay of the following types of security risks: spyware, adware, hack tools, dialers, joke programs, or remote access programs. See "Security risks" on page 70 for descriptions of these risks. Suspicious attachment Email is flagged because - Symantec 10490452 | Administration Guide - Page 63
Configuring email filtering 63 About email filtering Table 4-1 Filtering verdicts by category (Continued) Filtering Category Verdict Description Attachment type Email is flagged because it contains a specific attachment type. Attachment content Email is flagged because specific text appears - Symantec 10490452 | Administration Guide - Page 64
64 Configuring email filtering About email filtering Action The following table shows the filtering actions available for each verdict. Note: See "Notes on filtering actions" on page 66 for additional limitations. Table 4-2 Description Filtering actions by verdict Verdict Directory harvest - Symantec 10490452 | Administration Guide - Page 65
Action Configuring email filtering 65 About email filtering Table 4-2 Description Filtering actions by verdict (Continued) Verdict Directory harvest attack Spam attack Virus attack Virus Spam, Suspected Spam Content Compliance Deliver message to the Deliver the message to end-user Spam folder - Symantec 10490452 | Administration Guide - Page 66
66 Configuring email filtering About email filtering Action Table 4-2 Description Filtering actions by verdict (Continued) Verdict Directory harvest attack Spam attack Virus attack Virus Spam, Suspected Spam Content Compliance Treat as a blocked Process the message using the action(s) - Symantec 10490452 | Administration Guide - Page 67
administrator assigns members then selects the new virus policy. 3 An email message is received whose recipients include someone in the new Group Policy. 4 Symantec Mail Security for SMTP cleans the message, annotates it, then sends a notification to its intended recipients. - Symantec 10490452 | Administration Guide - Page 68
68 Configuring email filtering About email filtering The following table lists the limitations on combining actions. Table 4-3 Compatibility of filtering actions by verdict Action Compatibility with other actions Can be added multiple times? Add a header Any except Delete the message No - Symantec 10490452 | Administration Guide - Page 69
Configuring email filtering 69 About email filtering Table 4-3 Compatibility of filtering actions by verdict (Continued) Action Compatibility with other actions Can be added multiple times? Reject SMTP Can't be used with other actions No connection Remove invalid Any except Delete the - Symantec 10490452 | Administration Guide - Page 70
risks can cause a verdict of spyware or adware. Table 4-4 Security risk categories included in spyware or adware verdict Category Description Adware Stand-alone or appended programs that gather personal information through the Internet and relay it back to a remote computer without the user - Symantec 10490452 | Administration Guide - Page 71
Configuring email filtering 71 About email filtering Table 4-4 Security risk categories included in spyware or adware verdict Category Description Remote access Programs that let a remote user gain access to a computer over the programs Internet to gain information, attack, or alter the host - Symantec 10490452 | Administration Guide - Page 72
List ■ Content Compliance policies ■ Dropped invalid recipient ■ Spam ■ Blocked language ■ Suspected spam ■ Suspected Spammers (part of the Sender Reputation Service) ■ Sender authentication failure Note that end user-defined lists have precedence over all other lists. This may affect your decision - Symantec 10490452 | Administration Guide - Page 73
Configuring email filtering 73 Creating groups and adding members Note: To edit a group member, such as to correct a typo, delete the member and add the member again. There is no edit button for group members. To create a new Group Policy 1 In the Control Center, click Policies > Group Policies. - Symantec 10490452 | Administration Guide - Page 74
74 Configuring email filtering Creating groups and adding members These examples are not valid, and won't match any users: domain.* @domain.* dom*.com sub*.domain.com ■ Check the box next to one or more LDAP groups. The LDAP groups listed on this page are loaded from your LDAP server. See " - Symantec 10490452 | Administration Guide - Page 75
Members list for a Group Policy is 10,000. If you require more than 10,000 entries, contact your Symantec representative for instructions on how to configure MySQL and Tomcat to support more entries. This limitation refers to the number of entries in the Members list, not the number of users at your - Symantec 10490452 | Administration Guide - Page 76
76 Configuring email filtering Assigning filter policies to a group Table 4-5 Virus categories and default actions (Continued) Category Default action Spyware or adware Suspicious attachments Prepend [SPYWARE OR ADWARE INFECTED] to Subject: header. Inbound message: Strip and hold message in - Symantec 10490452 | Administration Guide - Page 77
Configuring email filtering 77 Assigning filter policies to a group ■ Outbound suspicious attachment message policy ■ Outbound spyware/adware message policy 8 Optionally, click View next to any policy to view details of that policy. 9 Click Save. Note: You cannot change virus policy details from the - Symantec 10490452 | Administration Guide - Page 78
78 Configuring email filtering Assigning filter policies to a group Note: You cannot change spam policy details from the Edit Group page. See "Creating spam policies" on page 85 for information about creating or editing spam policies. Selecting compliance policies for a group By associating an - Symantec 10490452 | Administration Guide - Page 79
. The login and password for end users is the same as their LDAP login and password. For information about supported browsers, see the Symantec Mail Security for SMTP Installation Guide. Note: End users are limited to a total of 200 entries in their combined Allowed Senders and Blocked Senders Lists - Symantec 10490452 | Administration Guide - Page 80
defined user (that is, an email address you typed manually). Note: End user Allowed and Blocked Senders Lists take the language identification offered by Symantec Mail Security for SMTP, you can block or allow enabled. To disable support for the Outlook Plug-in and enable support for built-in - Symantec 10490452 | Administration Guide - Page 81
the second or third option, check the box for each desired language. 6 Click Save. Note: The language identification technology employed by Symantec Mail Security for SMTP to identify the language of a message is not foolproof. Note that messages identified to be in a disallowed language are deleted - Symantec 10490452 | Administration Guide - Page 82
82 Configuring email filtering Creating virus, spam, and compliance filter policies Add or delete members or change filtering actions for this Group Policy as you did when you created it. See "Add or remove members from a group" on page 72 for more information. To enable a Group Policy ◆ Check the - Symantec 10490452 | Administration Guide - Page 83
Configuring email filtering 83 Creating virus, spam, and compliance filter policies Table 4-6 Policy status page (Continued) Column Description Number of Groups Number of groups that this policy has been used in Creating virus policies Using the Virus Policies page, you can add, edit, copy, - Symantec 10490452 | Administration Guide - Page 84
84 Configuring email filtering Creating virus, spam, and compliance filter policies If a message is unscannable A message can be unscannable for viruses for a variety for viruses of reasons. For example, if it exceeds the maximum file size or maximum scan depth configured on the Scanning - Symantec 10490452 | Administration Guide - Page 85
Configuring email filtering 85 Creating virus, spam, and compliance filter policies deleted. You may want to change the default setting for unscannable messages if you are concerned about losing important messages. See Table 4-5, "Virus categories and default actions," on page 75. Creating spam - Symantec 10490452 | Administration Guide - Page 86
86 Configuring email filtering Creating virus, spam, and compliance filter policies 7 Select the desired action. See Table 4-2, "Filtering actions by verdict," on page 64. For some actions you need to specify additional information in fields that appear below the action. 8 Click Add Action. 9 If - Symantec 10490452 | Administration Guide - Page 87
Configuring email filtering 87 Creating virus, spam, and compliance filter policies instead of deleted. When you are sure the compliance policies are working correctly, you can adjust the action. ■ Sieve scripts cannot be imported, including those created in previous versions of Symantec or - Symantec 10490452 | Administration Guide - Page 88
88 Configuring email filtering Creating virus, spam, and compliance filter policies Adding conditions to compliance policies Refer to the following tables when creating your compliance policy. Table 4-7 describes the conditions available when creating a compliance policy. Table 4-7 Compliance - Symantec 10490452 | Administration Guide - Page 89
Configuring email filtering 89 Creating virus, spam, and compliance filter policies Table 4-7 Compliance conditions (Continued) Condition Test against Examples For all messages All email not filtered by a higher precedence policy is flagged. For example, if a message matches a spam, virus, - Symantec 10490452 | Administration Guide - Page 90
condition flags all messages not filtered by a higher precedence policy. Message header Type the header category (From, To, etc), then follow the instructions in the first row above. Message size Choose a comparison from the first drop-down list, type a number, and choose units from the second - Symantec 10490452 | Administration Guide - Page 91
each with \ as shown in the table. For more information about Perl-compatible regular expressions, see: http://www.perl.com/doc/manual/html/pod/perlre.html Table 4-10 Sample Perl-compatible regular expressions Character Description Example . Match any one character j.n jo.. .* Match zero - Symantec 10490452 | Administration Guide - Page 92
Continued) Character Description Example Sample matches [0-9]{n} Match any numeral n [0-9]{3}-[0-9]{2}-[0-9]{4} times, for example, match a social security number 123-45-6789 Note: Symantec Mail Security for SMTP uses two different types of analysis in scanning for messages that match your - Symantec 10490452 | Administration Guide - Page 93
Control Center, click Policies > Compliance. 2 Check the box next to a compliance policy. 3 Click Enable or Disable. Managing Email Firewall policies Symantec Mail Security for SMTP can detect patterns in incoming messages to thwart certain types of spam and virus attacks. You can block and allow - Symantec 10490452 | Administration Guide - Page 94
Email Firewall policies lists maintained by Symantec. Sender authentication provides a way to block forged email. Configuring attack recognition Symantec Mail Security for SMTP can detect the following types of attacks originating from a single SMTP server (IP address). Directory harvest attacks - Symantec 10490452 | Administration Guide - Page 95
Configuring email filtering 95 Managing Email Firewall policies 3 Accept the defaults or modify the values under Attack Configuration: Minimum percentage of ... Percentage of bad recipient, spam, or virus messages from a single server that must be exceeded to trigger the specified action. The - Symantec 10490452 | Administration Guide - Page 96
spam or filtered in any way. ■ Define Blocked Senders Symantec Mail Security for SMTP supports a number of actions for mail from a sender or connection in a the Sender Reputation Service By default, Symantec Mail Security for SMTP is configured to use the Sender Reputation Service. Symantec monitors - Symantec 10490452 | Administration Guide - Page 97
requisite DNS lookups. Symantec recommends that you use the Sender Reputation Service lists instead of enabling third party lists. ■ To understand the sender: Use cases for lists of allowed and blocked senders Problem Solution Pattern example Mail from an end-user's colleague is occasionally - Symantec 10490452 | Administration Guide - Page 98
of allowed and blocked senders (Continued) Problem Solution Pattern example An individual is Lists and Blocked Senders Lists. Supported Methods for Identifying Senders You specify sender addresses or domain names Symantec Mail Security for SMTP checks the following characteristics of incoming - Symantec 10490452 | Administration Guide - Page 99
define non-contiguous sets of IP addresses (e.g. 69.84.35.0/ 255.0.255.0). Supported notations are: ■ Single host: 128.113.213.4 ■ IP address with .250.00/18 ■ Third party services: supply the lookup domain of a third party sender service Symantec Mail Security for SMTP can check messages sources - Symantec 10490452 | Administration Guide - Page 100
for the current Blocked Sender group. See "How Symantec Mail Security for SMTP identifies senders and connections" on page 98. 5 to your Allowed Senders Lists. To add domain-based, IP-based, and Third Party Services entries to your Allowed Senders Lists 1 In the Control Center, click Policies > - Symantec 10490452 | Administration Guide - Page 101
when evaluating incoming messages. You may need to periodically disable and then re-enable senders from your list for troubleshooting or testing purposes or if your list is not up to date. Symantec Mail Security for SMTP will treat mail from a sender that you've disabled just as it would any other - Symantec 10490452 | Administration Guide - Page 102
102 Configuring email filtering Managing Email Firewall policies 2 Click one of the Blocked or Allowed Sender groups, depending on the list that you want to work with. A red x in the Enabled column indicates that the entry is currently disabled. A green check mark in the Enabled column indicates - Symantec 10490452 | Administration Guide - Page 103
Configuring email filtering 103 Managing Email Firewall policies Table 4-13 ■ After the header, each line contains exactly one attribute, along with a corresponding pattern. ■ Empty lines or white spaces are not allowed. ■ Lines beginning with # are ignored. ■ Entries terminating with the colon- - Symantec 10490452 | Administration Guide - Page 104
Import. Ensure that the sender information is formatted as described in "Format of allowed and blocked sender file" on page 102. Symantec Mail Security for SMTP merges data from the imported list with the existing sender information. 5 Click Save. Exporting sender information You can export to - Symantec 10490452 | Administration Guide - Page 105
on the source's reputation value as determined by Symantec. By default, Symantec Mail Security for SMTP is configured to incorporate the source information from all three lists comprising the Sender Reputation Service. To enable or disable Proxy Senders, Safe Senders, and Suspect Spammers lists 1 In - Symantec 10490452 | Administration Guide - Page 106
106 Configuring email filtering Managing policy resources If you add Sender Authentication domains, it's best to specify the highest level domain possible, such as example.com, because subdomains of the specified domain will also be tested for compliance. Warning: Authenticating all domains can lead - Symantec 10490452 | Administration Guide - Page 107
than the encoding used by the original message, either the message text or the annotation text will not be displayed correctly. You can avoid this problem by creating a notification instead of an annotation, and attaching the original message to the - Symantec 10490452 | Administration Guide - Page 108
108 Configuring email filtering Managing policy resources notification. See "Adding and editing notifications" on page 114 for instructions. ■ When you specify the action to add an annotation in a policy, you can choose to prepend the annotation to the beginning of the message body, - Symantec 10490452 | Administration Guide - Page 109
information about the Archive action: ■ Only one, global email address is supported. You can't supply different archive email addresses for different policies. ■ The viewing them with an email client. However, Symantec Mail Security for SMTP itself does not use the X-archive: header. If multiple - Symantec 10490452 | Administration Guide - Page 110
110 Configuring email filtering Managing policy resources policies result in archiving the same message, each unique X-archive: header is added to the message. For example, the following archive tag: Docket 53745 adds the following header to the message when it is archived: X-archive: Docket 53745 - Symantec 10490452 | Administration Guide - Page 111
Configuring email filtering 111 Managing policy resources Table 4-15 Add Attachment List page. For the last three choices, all characters are interpreted literally; wildcards are not allowed. Attachment characteristics for attachment lists Characteristic True file type True file class File name - Symantec 10490452 | Administration Guide - Page 112
to a dictionary using substring text analysis, not regular expression analysis. Symantec Mail Security for SMTP includes the following predefined dictionaries, which can be edited. The dictionaries listed, not other common endings, such as verb tenses. ■ Wildcards are not supported in dictionaries. - Symantec 10490452 | Administration Guide - Page 113
phrase. Separate the keywords with spaces. ■ Up to 100 dictionaries are supported, and each dictionary can contain up to 10,000 words. ■ considered both profane and legitimate, depending on the context. ■ Symantec Mail Security does not search for dictionary matches in the HTML headers or tags of - Symantec 10490452 | Administration Guide - Page 114
want to also notify the sender that the attachment has been stripped. Notifications are different than alerts. Alerts are sent automatically when certain system problems occur, such as low disk space. See "Configuring alerts and logs" on page 155. Note that the original message is delivered to the - Symantec 10490452 | Administration Guide - Page 115
Configuring email filtering 115 Managing policy resources 5 Under Send to, check one or more of the following: Sender Recipients Others Check this box to send the notification to sender listed in the message envelope (not the sender listed in the From: header). Check this box to send the - Symantec 10490452 | Administration Guide - Page 116
116 Configuring email filtering Managing policy resources - Symantec 10490452 | Administration Guide - Page 117
5 Chapter Working with Spam Quarantine This chapter includes the following topics: ■ About Spam Quarantine ■ Delivering messages to Spam Quarantine ■ Working with messages in Spam Quarantine for administrators ■ Configuring Spam Quarantine About Spam Quarantine Spam Quarantine provides storage of - Symantec 10490452 | Administration Guide - Page 118
118 Working with Spam Quarantine Working with messages in Spam Quarantine for administrators Note: To understand how Spam Quarantine handles messages sent to distribution lists or aliases, see "Notification for distribution lists/aliases" on page 130. Working with messages in Spam Quarantine for - Symantec 10490452 | Administration Guide - Page 119
an administrator email address (such as yourself), Symantec, or both. This allows the email administrator or Symantec to monitor the effectiveness of Symantec Mail Security for SMTP. To delete individual messages 1 Click on the check box to the left of each message to select a message for deletion - Symantec 10490452 | Administration Guide - Page 120
120 Working with Spam Quarantine Working with messages in Spam Quarantine for administrators To search messages ◆ Click Show Filters to search messages for a specific recipient, sender, subject, message ID, or date range. See "Searching messages" on page 123. To navigate through messages ◆ Click one - Symantec 10490452 | Administration Guide - Page 121
Working with Spam Quarantine 121 Working with messages in Spam Quarantine for administrators Differences between the administrator and user message list pages The pages displayed for administrators and other users on your network have the following differences. ■ Users can only view and delete - Symantec 10490452 | Administration Guide - Page 122
email address (such as yourself), Symantec, or both. This allows the email administrator or Symantec to monitor the effectiveness of Symantec Mail Security for SMTP. To delete the message ◆ To delete the message currently being viewed, click Delete. When you delete a message, the page refreshes - Symantec 10490452 | Administration Guide - Page 123
Working with Spam Quarantine 123 Working with messages in Spam Quarantine for administrators To display full headers ◆ To display all headers available to Spam Quarantine, click Display Full Headers. The full headers may provide clues about the origin of a message, but keep in mind that spammers - Symantec 10490452 | Administration Guide - Page 124
124 Working with Spam Quarantine Working with messages in Spam Quarantine for administrators To search message envelope "To" recipient ◆ Type in the To box to search the message envelope RCPT TO: recipient in all messages for the text you typed. You can search for a display name, the user name - Symantec 10490452 | Administration Guide - Page 125
are sorted by date descending order by default but can be resorted by clicking on a column heading. ■ Wildcards such as * are not supported in search. All searches are literal. ■ If you search for multiple characteristics, only messages that match the combination of characteristics are listed in - Symantec 10490452 | Administration Guide - Page 126
126 Working with Spam Quarantine Configuring Spam Quarantine ■ The amount of time required for the search is dependent on how many search boxes you filled in and the number of messages in the current mailbox. Searching in the administrator mailbox will take longer than searching in a user's mailbox. - Symantec 10490452 | Administration Guide - Page 127
. Disabling the spam and suspect virus quarantine port is appropriate if your computer is not behind a firewall and you're concerned about security risks. Note: If you disable the Spam and suspect virus quarantine port, disable any spam or virus filtering policies that quarantine messages. Otherwise - Symantec 10490452 | Administration Guide - Page 128
128 Working with Spam Quarantine Configuring Spam Quarantine Configuring Spam Quarantine for administrator-only access If you don't have an LDAP directory server configured or don't want users in your LDAP directory to access Quarantine, you can configure Quarantine so that only administrators can - Symantec 10490452 | Administration Guide - Page 129
and make appropriate changes to the content compliance filters. Unless you are quarantining spam, you should not copy Symantec Security Response. Symantec Security Response will take no action on submissions of suspected spam or content compliance policy violations. To configure recipients for - Symantec 10490452 | Administration Guide - Page 130
messages sent to tom or to tomevans all arrive in the Spam Quarantine account for tomevans. Note: An "alias" on UNIX or "distribution list" on address that translates to two or more email addresses. When Symantec Mail Security for SMTP forwards a spam message sent to a distribution list to Spam - Symantec 10490452 | Administration Guide - Page 131
Working with Spam Quarantine 131 Configuring Spam Quarantine If the Include View link box is selected, recipients of the notification digest can view all the quarantined distribution list messages. If the Include Release link box is selected, recipients of the notification digest can release - Symantec 10490452 | Administration Guide - Page 132
132 Working with Spam Quarantine Configuring Spam Quarantine Changing the notification digest templates The notification digest templates determine the appearance of notification messages sent to users as well as the message subject and send from address. The default notification templates are - Symantec 10490452 | Administration Guide - Page 133
template. 6 Edit the user notification template, distribution list notification template, or both. See Table 5-1, "Notification Message Variables," on page 132. Don't manually insert breaks if you plan to send notifications in HTML. 7 Click Save to save your changes to the template and close the - Symantec 10490452 | Administration Guide - Page 134
134 Working with Spam Quarantine Configuring Spam Quarantine To enable notification for distribution lists 1 In the Control Center, click Settings > Quarantine. 2 If needed, click on the Spam tab. 3 Under Notification Settings, click Notify distribution lists. 4 Click Save on the Quarantine Settings - Symantec 10490452 | Administration Guide - Page 135
Working with Spam Quarantine 135 Configuring Spam Quarantine released from Spam Quarantine and sent to the user's normal inbox. This check box is only available if you choose Multipart (HTML and text) or HTML only notification format. If you remove the %NEW_QUARANTINE_MESSAGES% variable from the - Symantec 10490452 | Administration Guide - Page 136
136 Working with Spam Quarantine Configuring Spam Quarantine 3 Choose the desired setting from the Quarantine Expunger frequency dropdown list. 4 Choose the desired setting from the Quarantine Expunger start time dropdown lists. 5 Click Save. Specifying Spam Quarantine message and size thresholds - Symantec 10490452 | Administration Guide - Page 137
dramatically improve quarantine performance. Troubleshooting Spam Quarantine The following sections describe some problems that may occur with Spam 194. Can't log in due to conflicting LDAP and Control Center accounts If there is an account in your LDAP directory with the user name of "admin," you - Symantec 10490452 | Administration Guide - Page 138
brightmail.bl.bo.impl.SpamManager.create(Unknown Source) at com.brightmail.service.smtp.impl.SmtpConsumer.run(Unknown Source) Error in log file " Edit page, SMTP tab. See "SMTP Scanner settings" on page 22 for instructions. Users don't see distribution list messages in their Spam Quarantine When a - Symantec 10490452 | Administration Guide - Page 139
the proper recipient for a message received by Symantec Mail Security for SMTP, it delivers the message to a postmaster mailbox out of disk space on the computer where Spam Quarantine is installed. If that isn't the problem, follow the steps below. 9 Jan 2004 00:00:22 (ERROR:5396:6396):[2032] Error - Symantec 10490452 | Administration Guide - Page 140
spam messages, but others get a message saying that there are no messages to display after logging in to Spam Quarantine, there may be a problem with the Active Directory (LDAP) configuration. If the users who can't access their messages are in a different Active Directory domain than the users - Symantec 10490452 | Administration Guide - Page 141
address including the domain name, such as [email protected]. Message "Unable to release the message" is displayed This message may occur if there is a problem with message traffic on your inbound or outbound MTA. - Symantec 10490452 | Administration Guide - Page 142
142 Working with Spam Quarantine Configuring Spam Quarantine - Symantec 10490452 | Administration Guide - Page 143
6 Chapter Working with Suspect Virus Quarantine This chapter includes the following topics: ■ About Suspect Virus Quarantine ■ Accessing Suspect Virus Quarantine ■ Configuring Suspect Virus Quarantine About Suspect Virus Quarantine The Suspect Virus Quarantine provides short-term storage of messages - Symantec 10490452 | Administration Guide - Page 144
144 Working with Suspect Virus Quarantine Accessing Suspect Virus Quarantine administrators with full privileges or Manage Quarantine rights (View or Modify) can make all Quarantine setting changes. Users with only 'view' rights for manage quarantine will see the 'Settings' tab, but cannot make - Symantec 10490452 | Administration Guide - Page 145
Working with Suspect Virus Quarantine 145 Accessing Suspect Virus Quarantine To redeliver misidentified messages ◆ Click on the check box to the left of a misidentified message and then click Release to redeliver the message to the intended recipient. This also removes the message from Suspect Virus - Symantec 10490452 | Administration Guide - Page 146
146 Working with Suspect Virus Quarantine Accessing Suspect Virus Quarantine Go to next page of messages Choose up to 500 pages before or after the current page of messages To set the entries per page ◆ On the Entries per page drop-down list, click a number. Details on the message list page Note the - Symantec 10490452 | Administration Guide - Page 147
subject lines would all be displayed in the search results: Finance Refinance your Mortgage Have you REFINANCED Yet? ■ Wildcards such as * are not supported in search. All searches are literal. You don't have to put quote marks around search text that contains spaces. ■ All text searches are - Symantec 10490452 | Administration Guide - Page 148
box. Disabling the Spam and Suspect Virus Quarantine port is appropriate if your computer is not behind a firewall and you're concerned about security risks. If you disable the Spam and Suspect Virus Quarantine port, disable any spam or virus filtering policies that quarantine messages. Otherwise - Symantec 10490452 | Administration Guide - Page 149
Working with Suspect Virus Quarantine 149 Configuring Suspect Virus Quarantine To configure the size for your Suspect Virus Quarantine 1 Click Settings > Quarantine. 2 Specify your desired values for the options provided in Maximum size of suspect virus quarantine. The default is 10 GB. - Symantec 10490452 | Administration Guide - Page 150
150 Working with Suspect Virus Quarantine Configuring Suspect Virus Quarantine - Symantec 10490452 | Administration Guide - Page 151
the following topics: ■ Verifying normal delivery ■ Verifying spam filtering ■ Testing antivirus filtering ■ Verifying filtering to the Spam Quarantine The following are sample tests by which you can verify that Symantec Mail Security for SMTP is filtering your email as intended. Use these tests as - Symantec 10490452 | Administration Guide - Page 152
Symantec Mail Security for SMTP Testing antivirus filtering To test spam filtering with subject line modification 1 Create a POP3 account on your MDA. For the SMTP Server setting on this account, specify the IP address of an enabled Scanner. 2 Compose an email message addressed to an account on the - Symantec 10490452 | Administration Guide - Page 153
account to verify receipt of the cleaned message with the text indicating cleaning has occurred. Verifying filtering to the Spam Quarantine If you configure Symantec Mail Security to Spam Quarantine" on page 117 for step-by-step instructions on creating such a configuration policy for a group. 2 - Symantec 10490452 | Administration Guide - Page 154
154 Testing Symantec Mail Security for SMTP Verifying filtering to the Spam Quarantine http://www.example.com/url-1.blocked/ 4 Send the message. 5 Send a message to the same account that is not spam and that does not contain any viruses. 6 In the Control Center, click the Spam Quarantine tab and - Symantec 10490452 | Administration Guide - Page 155
following topics: ■ Configuring alerts ■ Viewing logs ■ Configuring logs Configuring alerts Alerts are email notifications sent automatically by Symantec Mail Security for SMTP to inform system administrators of conditions potentially requiring attention. You can choose the types of alerts sent - Symantec 10490452 | Administration Guide - Page 156
Security Response by problems in the Antivirus license expired An alert is sent when your antivirus Service start after improper shutdown An alert is sent because a service restarted after an improper shutdown. Service shutdown An alert is sent because a service was shut down normally. Service - Symantec 10490452 | Administration Guide - Page 157
Configuring alerts and logs 157 Viewing logs Configure alerts Follow these procedures to configure alerts. To specify which administrators receive alerts 1 In the Control Center, click Administration. 2 In the Administrators list, click the name of an administrator. 3 Under Administrator, check or - Symantec 10490452 | Administration Guide - Page 158
158 Configuring alerts and logs Viewing logs Table 8-2 View Logs page (Continued) Item Description Time range (drop-down) Component (drop-down) Log type (drop-down) Log actions (drop-down) Display Settings Save Log Clear All Scanner Logs Entries per page (drop-down) Display (drop-down) Select - Symantec 10490452 | Administration Guide - Page 159
no information is displayed when you click Display, wait a few minutes then click Display again. Configuring logs You can configure log settings for Symantec Mail Security for SMTP components on each Scanner in your system. The severity of errors you want written to the log files can be chosen for - Symantec 10490452 | Administration Guide - Page 160
160 Configuring alerts and logs Configuring logs Table 8-3 Log Settings page - Local Log Type (Continued) Item Description Mail Transfer Agent Apply to All Hosts Maximum log size Maximum number of days to retain Log Expunger frequency Log Expunger start time Enable message logs Event Viewer/ - Symantec 10490452 | Administration Guide - Page 161
Configuring alerts and logs 161 Configuring logs For more information, see "Message tracking" on page 184. Warning: Because logging data for each message can impair system performance, you should use this feature judiciously. To configure log settings for remote hosts 1 In the Control Center, click - Symantec 10490452 | Administration Guide - Page 162
162 Configuring alerts and logs Configuring logs - Symantec 10490452 | Administration Guide - Page 163
and editing Favorite Reports ■ Running and deleting favorite reports ■ Troubleshooting report generation ■ Printing, saving, and emailing reports ■ Scheduling reports to be emailed About reports Symantec Mail Security for SMTP reporting capabilities provide you with information about filtering - Symantec 10490452 | Administration Guide - Page 164
contents. The third column lists the reporting data that you must instruct Symantec Mail Security for SMTP to track before you can generate the specified report. or connection of the gateway computer, rather than the external Internet address you might expect. Affected reports are: all "Top Sender - Symantec 10490452 | Administration Guide - Page 165
Working with reports 165 Choosing a report Table 9-1 Available Message reports (Continued) Report Type: Displays... Required Report Data Storage Options (Reports Settings Page) Top Sender Domains Domains from which the most messages have been processed. For each domain, the total processed and - Symantec 10490452 | Administration Guide - Page 166
166 Working with reports Choosing a report Table 9-2 Available Virus reports Report Type: Displays... Required Report Data Storage Options (Reports Settings Page) Overview A summary of total messages that matched for each virus type. For each grouping, the virus to total processed percentage, - Symantec 10490452 | Administration Guide - Page 167
Working with reports 167 Choosing a report Table 9-2 Available Virus reports (Continued) Report Type: Displays... Required Report Data Storage Options (Reports Settings Page) Top Recipients Email addresses for which the most virus messages have been detected. For each email address, the virus - Symantec 10490452 | Administration Guide - Page 168
168 Working with reports Choosing a report Table 9-3 Available Spam reports (Continued) Report Type: Displays... Required Report Data Storage Options (Reports Settings Page) Top Sender HELO Domains SMTP HELO domain names from which the most spam messages have been detected. For each HELO - Symantec 10490452 | Administration Guide - Page 169
Working with reports 169 Choosing a report Table 9-4 Available Content Compliance reports (Continued) Report Type: Displays... Required Report Data Storage Options (Reports Settings Page) Top Sender Domains Domains from which the most compliance matches have been detected. For Sender domains - Symantec 10490452 | Administration Guide - Page 170
170 Working with reports Choosing a report Table 9-5 Available Attack reports Report Type: Displays... Required Report Data Storage Options (Reports Settings Page) Overview Total messages processed and number and percentage of directory harvest, None spam, and virus attacks versus messages - Symantec 10490452 | Administration Guide - Page 171
Working with reports 171 Choosing a report Table 9-6 Available Sender Authentication reports (Continued) Report Type: Displays... Required Report Data Storage Options (Reports Settings Page) Top Succeeded Senders Top Failed Senders Email addresses from which the most successful sender - Symantec 10490452 | Administration Guide - Page 172
data appropriate for the report. For example, to generate recipient-based reports, such as Spam/Virus: Specific Recipients, you must configure Symantec Mail Security for SMTP to store recipient information. See tables 9-1 through 9-8 for a list of reports and the data you must store for each type of - Symantec 10490452 | Administration Guide - Page 173
to get a summary of filtering activity. The results will display in the browser window. To run a report 1 Ensure that you have configured Symantec Mail Security for SMTP to track the appropriate data for the report. See "Selecting report data to track" on page 172. 2 In the Control Center, click - Symantec 10490452 | Administration Guide - Page 174
174 Working with reports Saving and editing Favorite Reports ■ To specify a different time period, click Customize, and then click in the Start Date and End Date fields and use the popup calendar to graphically select a time range. You must have JavaScript enabled in your browser to use the calendar - Symantec 10490452 | Administration Guide - Page 175
Delete to delete the report. Troubleshooting report generation Check the following information if you're having trouble with reports. No data available the specified period, for a Specific Recipients report. ■ Symantec Mail Security for SMTP is configured to keep data for that report type. See - Symantec 10490452 | Administration Guide - Page 176
176 Working with reports Troubleshooting report generation Sender HELO domain or IP connection connection of the gateway computer, rather than the external Internet address. Reports presented in local time of Control Center Symantec Mail Security for SMTP stores statistics in the stats directory on - Symantec 10490452 | Administration Guide - Page 177
Working with reports 177 Printing, saving, and emailing reports processed count increases by 1, not 12. If a policy for any of the recipients determines that this message is spam, it will also increase the spam count by 1 for that day. The spam count will be 1 no matter how many of the recipients - Symantec 10490452 | Administration Guide - Page 178
report. Schedule, Edit, or Delete Reports Follow these steps to schedule, edit, or delete reports. To schedule a report 1 Ensure that you have configured Symantec Mail Security for SMTP to track the appropriate data for the report. See "Selecting report data to track" on page 172. - Symantec 10490452 | Administration Guide - Page 179
. 5 Using the procedure under "Running reports" on page 173 as a guide, select the desired report and report settings. 6 Under Report Schedule, set the 't be sent. Choose the Last day of every month option to avoid this problem. 8 Under Report Format, click one of the following to specify the format: - Symantec 10490452 | Administration Guide - Page 180
180 Working with reports Scheduling reports to be emailed 4 Click Save. To delete a scheduled report 1 In the Control Center, click Reports > Scheduled Reports. 2 Check the box next to the scheduled report that you want to delete, and then click Delete. 3 Click Save. - Symantec 10490452 | Administration Guide - Page 181
through the Control Center ■ Administering the Control Center ■ Starting and stopping UNIX and Windows services ■ Periodic system maintenance Getting status information Symantec Mail Security for SMTP provides a comprehensive means of checking and displaying system, host and message status. Status - Symantec 10490452 | Administration Guide - Page 182
system activity including spam processed, virus filter updates, Quarantine utilization, and similar general information. To examine overview status for Symantec Mail Security for SMTP ◆ In the Control Center, click Status > Overview. Use the Reset button to refresh status information for the Totals - Symantec 10490452 | Administration Guide - Page 183
Administering the system 183 Getting status information ■ Suspected Spam ■ Content Compliance Columns list the numbers of messages for each of the following time periods: ■ Past Hour ■ Past Day ■ Past Week ■ Past Month ■ Uptime: the period since the software was last started ■ Lifetime: the period - Symantec 10490452 | Administration Guide - Page 184
page enables you to specify either one or two criteria and related supplementary information as follows: ■ Host-One or more Scanners running Symantec Mail Security for SMTP. In order to find all details about a message, search on all attached Scanners. ■ Time range-Period of time for the search to - Symantec 10490452 | Administration Guide - Page 185
the email software initiating the sending of the message and included as a message header. Because the Message ID is not generated by Symantec Mail Security for SMTP the uniqueness of the ID cannot be guaranteed. At times, distributors of spam have used this header to mask the identity of a message - Symantec 10490452 | Administration Guide - Page 186
186 Administering the system Getting status information View or search the message audit log Follow these procedures to view or search the message audit log. To view message tracking information ◆ In the Control Center, click Status > Message Tracking. To search information in the message audit log - Symantec 10490452 | Administration Guide - Page 187
page in Editing Scanners. For more information about this page, see "Working with the Services page" on page 20. From the Services page, either stop or start the desired service. LDAP synchronization You can synchronize user, alias, group and distribution list data and view synchronization details - Symantec 10490452 | Administration Guide - Page 188
188 Administering the system Managing Scanners Log details You can examine performance logs for Scanners and the Control Center. Log data is based on time range, log type, and error severity. See "Viewing logs" on page 157. Scanner replication Status information is available to show you your most - Symantec 10490452 | Administration Guide - Page 189
Configure Host. 4 Make any changes to the host or its included components and services. See "To edit a Scanner" on page 189 for a list of the types of changes you can make. Enabling and disabling Scanners For troubleshooting or testing purposes, you can disable and then re-enable Scanners. Also, It - Symantec 10490452 | Administration Guide - Page 190
for a disabled Scanner has no effect on the Scanner. Deleting Scanners When you delete a Scanner using the Control Center, you permanently remove that Scanner's services from the Control Center. To prevent a Scanner from continuing to run after deleting it, disable the Scanner before deleting it. - Symantec 10490452 | Administration Guide - Page 191
Administering the system 191 Administering the system through the Control Center To delete a Scanner 1 In the Control Center, click Settings > Hosts. 2 Check the box next to the scanner you want to delete. 3 Click Delete. Administering the system through the Control Center The following - Symantec 10490452 | Administration Guide - Page 192
and add licenses through the Control Center 1 In the Control Center, click Administration > Licenses. 2 Review the license information for Symantec Mail Security for SMTP. Next to each licensed entry, a status of Licensed is shown. For an unlicensed product, ask your Symantec representative about - Symantec 10490452 | Administration Guide - Page 193
Security for SMTP is turned on and to stop when it is shut down. However, there may be times when you need to manually stop and later start the Control Center, such as to investigate a problem and Notifier on Windows, use the Control Panel > Services window to stop Tomcat. On Linux or Solaris, log - Symantec 10490452 | Administration Guide - Page 194
. Follow the procedure at the end of this section to view it. Each problem results in a number of lines in the error log. For example, the following brightmail.bl.bo.impl.SpamManager.create(Unknown Source) at com.brightmail.service.smtp.impl.SmtpConsumer.run(Unknown Source) To view BrightmailLog.log - Symantec 10490452 | Administration Guide - Page 195
Administering the Control Center Increasing the amount of information in BrightmailLog.log If you have problems with the Control Center, you can increase the detail of the log messages saved into and exit from the log4j.properties file. 9 On Windows, use Control Panel > Services to restart Tomcat. - Symantec 10490452 | Administration Guide - Page 196
Although you should perform routine administration using the Control Center, you may occasionally need to start and stop Symantec Mail Security for SMTP services outside of the Control Center. For example, the Control Center itself can't be stopped using the Control Center. Starting and stopping - Symantec 10490452 | Administration Guide - Page 197
Virtual SMSENQUIRESVC Directory Server Enquire.exe Provides unified view of LDAP data to SyncService Start or stop Windows services You can start and stop Windows services from the Services window. You can also stop services from the Task Manager, but not start them. To start or stop Windows - Symantec 10490452 | Administration Guide - Page 198
and stopping UNIX services Table 10-2 describes the UNIX services of Symantec Mail Security for SMTP. Table 10-2 UNIX services Service Description bcc is no reason to store stale logs. For troubleshooting purposes, logs that are not set to Information (which provides the most detail) have - Symantec 10490452 | Administration Guide - Page 199
limited utility, especially if you need assistance from Symantec Support personnel. It is best to view and save current logs is running. MySQL must be running when you perform backups. For complete instructions on performing backups of MySQL data, see MySQL documentation. The following MySQL commands - Symantec 10490452 | Administration Guide - Page 200
disk space Use standard file system monitoring tools to verify that you have adequate disk space. Remember that the storage required by certain Symantec Mail Security for SMTP features, such as extended reporting data and Spam Quarantine, can become large. - Symantec 10490452 | Administration Guide - Page 201
Brightmail Antispam users ■ About email filtering and message handling options All users will find significant new features in this release of Symantec Mail Security for SMTP. You will also find familiar features, in many cases improved and expanded. In some cases the names of features are the - Symantec 10490452 | Administration Guide - Page 202
Security for SMTP and Symantec Brightmail Antispam Category Features Description Threat protection features Inbound and outbound content controls Flexible mail management Improved Email Firewall Protects against directory harvest attacks, denial of service management, support for secure email - Symantec 10490452 | Administration Guide - Page 203
A-1 New features for Symantec Mail Security for SMTP and Symantec Brightmail Antispam Category Features Description Improved reporting and monitoring Extensive set of pre-built reports, scheduled reporting, additional alert conditions, remote syslog support More than 50 graphical reports that - Symantec 10490452 | Administration Guide - Page 204
5.0 features that have different names. Table A-3 Version 4.1 to Version 5.0 Symantec Mail Security for SMTP 4.1 Symantec Mail Security for SMTP 5.0 Feature Name Feature Name Accounts Administration Custom disclaimer Annotation Scan policy Settings > Virus > Exclude Scanning tab Routing - Symantec 10490452 | Administration Guide - Page 205
changes are new features. For users of Symantec Brightmail Antispam, Symantec Mail Security for SMTP Version 5.0 provides significant new and expanded capabilities. In addition features Improved virus processing Outbound filtering LiveUpdate support for virus definitions, list of file types - Symantec 10490452 | Administration Guide - Page 206
administration capabilities Expanded virus monitoring Virus outbreak alerts, expanded logging of virus events Expanded logging Symantec Security Information Manager (SSIM) logging support Global reject or pause During a virus outbreak, you can temporarily pause scanning until of message - Symantec 10490452 | Administration Guide - Page 207
types of Allowed Sender Lists, specify actions for three types of Blocked Senders Lists, and enable or disable three Symantec-managed Reputation Service lists. ■ Policy Resources: Create sets of data that enable further customization of email filtering and the actions taken on filtered email. You - Symantec 10490452 | Administration Guide - Page 208
208 Feature Cross-Reference About email filtering and message handling options - Symantec 10490452 | Administration Guide - Page 209
Blocked Senders Lists and language preferences offered by the Control Center. For a comparison of the native language processing offered by Symantec Mail Security for SMTP, and the Symantec Outlook Spam Plug-in, see "Choosing language identification type" on page 52. Note: The Symantec Outlook Spam - Symantec 10490452 | Administration Guide - Page 210
210 Spam foldering and the Symantec Outlook Spam Plug-in Installing the Symantec Outlook Spam Plug-in Installing the Symantec Outlook Spam Plug-in The Symantec Outlook Spam Plug-in makes it easy for Outlook users to submit missed spam and false positives to Symantec. Depending on how you configure - Symantec 10490452 | Administration Guide - Page 211
installation process, users will have a new toolbar in their Outlook window: This is Spam Users click this button to submit the message to Symantec Security Response and move it from their Inbox to their Spam folder This is Not Spam Users click this button to submit the message to Symantec - Symantec 10490452 | Administration Guide - Page 212
212 Spam foldering and the Symantec Outlook Spam Plug-in Installing the Symantec Outlook Spam Plug-in Options About Symantec Set plug-in properties and administer your private Blocked Senders and Allowed Senders Lists, specify languages in which you do or do not wish to receive email. Get - Symantec 10490452 | Administration Guide - Page 213
.ini. To preserve your changes, add /qn to the end of the CmdLine attribute in setup.ini, and then run the silent install using: /s. Note: Instruct users to close Outlook before running the installer by clicking File, and then clicking Exit. If they close Outlook in any other way, Outlook may - Symantec 10490452 | Administration Guide - Page 214
set to 0, do not treat any members of the Outlook Contacts folder as members of the Allowed Senders List. When submitting a spam message to Symantec Security Response, add the sender of the message to the Blocked Senders List. The default is 1. When submitting a false positive message to Symantec - Symantec 10490452 | Administration Guide - Page 215
Spam foldering and the Symantec Outlook Spam Plug-in 215 Installing the Symantec Outlook Spam Plug-in Table B-1 Symantec Outlook Spam Plug-in setup variables (Continued) Variable Name Description DISPLAY_ARE_YOU_SURE_MSGS Specifies whether the confirmation dialog is displayed after a message - Symantec 10490452 | Administration Guide - Page 216
. The default value for this string is: "Thank you for submitting messages to Symantec for review. We appreciate your help in improving our antispam service. This will be your only acknowledgement." Specify the action to take if the message sender is not in the Allowed Senders List. Normal - Move - Symantec 10490452 | Administration Guide - Page 217
Spam Folder Agent for Exchange. Note: Symantec Mail Security for SMTP does not support native spam foldering for Exchange 2003. As an The Custom option allows you to tailor installation options. 5 Under Service Account, specify an account to be used by the Symantec Spam Folder Agent for Exchange. - Symantec 10490452 | Administration Guide - Page 218
configures the Symantec Spam Folder Agent for Exchange as a Windows service that will run automatically. For information on how to change this and double-click it. 2 Click Domino Agent. 3 Follow the displayed instructions to start Lotus Notes and open the Symantec Spam Folder Agent for Domino - Symantec 10490452 | Administration Guide - Page 219
(This setting is not required for servers running Release 6.) For more information, search for document #1099178 on the Lotus support page: http://www-3.ibm.com/software/lotus/support/ 7 Click Next. The Selecting Options panel is displayed. 8 Select the option(s) you wish to configure and click Next - Symantec 10490452 | Administration Guide - Page 220
220 Spam foldering and the Symantec Outlook Spam Plug-in Configuring automatic spam foldering 15 Specify a mail server. If your mail template files are replicas (as they are when shipped), you need only install the Symantec Spam Folder Agent for Domino on one server. 16 Specify a mail template - Symantec 10490452 | Administration Guide - Page 221
Spam foldering and the Symantec Outlook Spam Plug-in 221 Enabling automatic spam foldering Uninstalling the Symantec Spam Folder Agent for Domino Use the following procedure to uninstall the Symantec Spam Folder Agent for Domino. To uninstall the Symantec Spam Folder Agent for Domino 1 Click Domino - Symantec 10490452 | Administration Guide - Page 222
222 Spam foldering and the Symantec Outlook Spam Plug-in Enabling language identification Enabling language identification Symantec Mail Security for SMTP must be configured to work with the clientside language processing offered by the Symantec Outlook Spam Plug-in. See "Enabling and disabling end - Symantec 10490452 | Administration Guide - Page 223
-related events and products that exist in today's corporate environments. The event categories and classes include threats, security risks, content filtering, network security, spam, and systems management. The range of events varies depending on the Symantec applications that are installed and - Symantec 10490452 | Administration Guide - Page 224
are associated with the incident. The Knowledge Base also suggests tasks that you can assign to a help desk ticket for resolution. Symantec Security Information Manager is purchased and installed separately. The appliance must be installed and working properly before you can configure Symantec Mail - Symantec 10490452 | Administration Guide - Page 225
is different. Configuring data sources You must configure the following data sources on the Information Manager to receive events from Symantec Mail Security for SMTP. You can add a new sensor for each data source. Once you have configured these sources, you must distribute the configuration - Symantec 10490452 | Administration Guide - Page 226
are sent to the Information Manager Table C-4 lists the firewall events that Symantec Mail Security for SMTP can send to the Information Manager. Table C-4 Firewall events that are sent symc_def_update Rule Description (Reason sent) Antivirus definition update Body hash definition update - Symantec 10490452 | Administration Guide - Page 227
definition update Permit definition update Message events that are sent to the Information Manager Table C-6 lists the message events that Symantec Mail Security for SMTP can send to the Information Manager. Table C-6 Message events that are sent to the Information Manager Event ID (SES_EVENT_ - Symantec 10490452 | Administration Guide - Page 228
Information Manager Table C-7 lists the administration events that Symantec Mail Security for SMTP can send to the Information Manager. Table C-7 Administration service stopping SES_EVENT_APPLICATION_START (92001) Informational symc_base BCC/service 92054) symc_defupdate Antivirus filters old - Symantec 10490452 | Administration Guide - Page 229
Integrating Symantec Mail Security with Symantec Security Information Manager 229 Interpreting events in the Information Manager Table C-7 Administration events Component is not active Informational symc_config_update Administrator account change Major symc_config_update Virus outbreak - Symantec 10490452 | Administration Guide - Page 230
230 Integrating Symantec Mail Security with Symantec Security Information Manager Interpreting events in the Information Manager - Symantec 10490452 | Administration Guide - Page 231
Editing antivirus notification messages Whenever Symantec Mail Security for SMTP sidelines and processes a message for virus cleaning, it extracts the appropriate text from the notification file and creates an advisory message that informs the recipient of the action taken. Symantec Mail Security - Symantec 10490452 | Administration Guide - Page 232
232 Editing antivirus notification messages Modifying notification files Changing the notification file tag. Do not modify any other tags or structures. To make changes to the text Symantec Mail Security for SMTP inserts for cleaned messages, only edit the boldface text, as shown in the following - Symantec 10490452 | Administration Guide - Page 233
Editing antivirus notification messages 233 Notification file contents Notification file contents This section shows the full contents of the Notification.en_US.UTF-8.xml file which contains text for notifications issued by Symantec Mail Security for SMTP as it sidelines and processes messages. The - Symantec 10490452 | Administration Guide - Page 234
of boilerplate text that can be used with any of the notifications above. --> This message has been processed by Symantec AntiVirus. This message has been processed by Symantec - Symantec 10490452 | Administration Guide - Page 235
advisory name="sender_text"> The message you sent has been processed by Symantec AntiVirus. You may want to install or update antivirus software on your computer. For more information on antivirus tips and technology, visit http://www.symantec.com Headers of infected message - Symantec 10490452 | Administration Guide - Page 236
. ]]> You may want to install or update antivirus software on your computer. For more information on antivirus tips and technology, visit http://www.symantec.com. Headers of - Symantec 10490452 | Administration Guide - Page 237
administrator may also update security settings on workstations. adware Programs that secretly gather personal information through the Internet and relay it can use this feature to automate email disclaimers. antivirus A subcategory of a security policy that pertains to computer viruses. API ( - Symantec 10490452 | Administration Guide - Page 238
on a Blocked Senders List. You can configure how messages from blocked senders are handled. Blocked Senders List A list used by Symantec Mail Security for SMTP in filtering email. Email from senders on a Blocked Senders List is processed according to your configuration choices. bounce An action - Symantec 10490452 | Administration Guide - Page 239
Symantec Mail Security for SMTP. Each site has one Control Center. The Control Center also houses Spam Quarantine and supporting software. An intermediary between a workstation user and the Internet that allows the enterprise to ensure security and administrative control. DNS (Domain Name System) - Symantec 10490452 | Administration Guide - Page 240
and supports data transfer rates of 100 Mbps. Expunger A component of Spam Quarantine, which resides on the Control Center computer in Symantec Mail Security for intranet that allows its workers access to the wider Internet will want a firewall to prevent outsiders from accessing its own - Symantec 10490452 | Administration Guide - Page 241
acts as an entrance to another network. A gateway can also be any computer or service that passes packets from one network to another network during their trip across the Internet. Group Policy In Symantec Mail Security for SMTP, a set of filter policies that apply to a specified group of users - Symantec 10490452 | Administration Guide - Page 242
gateway. A protocol used for transmitting documents with different formats via the Internet. A generic term for programs such as Sendmail, postfix, or qmail that send and receive mail between servers. Each Symantec Mail Security for SMTP Scanner uses the following three separate MTAs: ■ Delivery MTA - Symantec 10490452 | Administration Guide - Page 243
Service, Open Proxy Senders is a sender group in Symantec Mail Security for SMTP. You can specify actions to take on messages from each sender group. A unit of data that is formed when a protocol breaks down messages that are sent along the Internet filtering instructions that Symantec Mail Security - Symantec 10490452 | Administration Guide - Page 244
Security Response to detect spam. Probe Network A network of email accounts provided by Symantec's Probe Network Partners. Used by Symantec Security used within a company or enterprise to gather all Internet requests, forward them out to Internet servers, and then receive the responses and in turn - Symantec 10490452 | Administration Guide - Page 245
the Probe Network. Part of the Sender Reputation Service, Safe Senders is a sender group in Symantec Mail Security for SMTP. You can specify actions to take secure against unauthorized access. As the Internet becomes a more fundamental part of doing business, computer and information security are - Symantec 10490452 | Administration Guide - Page 246
can also redeliver misidentified messages to their inbox. An administrator account provides access to all quarantined messages. Spam Quarantine can also an authenticated and encrypted connection, thus ensuring the secure transmission of information over the Internet. See also TLS. A set of standard - Symantec 10490452 | Administration Guide - Page 247
outgoing email is spam, identified by Symantec based on data from the Probe Network. Part of the Sender Reputation Service, Suspected Spammers is a sender group within Symantec Mail Security for SMTP. You can specify actions to take on messages from each sender group. Suspect Virus Quarantine In - Symantec 10490452 | Administration Guide - Page 248
and global technical support teams that work in tandem to provide extensive coverage for enterprise businesses and consumers. Symantec Security Response also leverages sophisticated threat and early warning systems to provide customers with comprehensive, global, 24x7 Internet security expertise to - Symantec 10490452 | Administration Guide - Page 249
to a system in the form of destruction, disclosure, modification of data, or denial of service. TLS (Transport Layer Security) A protocol that provides communications privacy over the Internet by using symmetric cryptography with connection-specific keys and message integrity checks. TLS provides - Symantec 10490452 | Administration Guide - Page 250
A series of virus-infected emails from a specific domain. Symantec Mail Security for SMTP allows you to choose an action to perform on these documents. The World Wide Web is also a system of Internet servers that support specially formatted documents. Another important aspect of the World Wide Web - Symantec 10490452 | Administration Guide - Page 251
85 language-based 80 sender authentication 105 Spam Quarantine 117 verify filtering 151 verify filtering to Spam Quarantine 153 antivirus filters create antivirus policies 83 Suspect Virus Quarantine 143 test 152 architectural overview 13 archive messages 109 attachment lists 110 attachments - Symantec 10490452 | Administration Guide - Page 252
full 139 Spam Quarantine, graphics appear as gray rectangles 121 Spam Quarantine, very large spam messages 137 F features 11, 201 discontinued from Symantec Mail Security for SMTP 4.1 204 name changes 204 new features 202 Symantec Brightmail Antispam, new or changed features from 205 Symantec Mail - Symantec 10490452 | Administration Guide - Page 253
login help 128 specify custom Login help page 129 heuristics spam score 52 virus scanning 56 host details, status 186 how Symantec Mail Security appliances work 12 HTML text add to messages 107 HTTP proxies 21 HTTPS certificate assignment 19 I invalid recipients, drop 56 K key features 11 - Symantec 10490452 | Administration Guide - Page 254
lists 49 import Local Routes list 50 select Sender Reputation Service lists 105 separate notification templates for, Spam Quarantine 131 50 log back up 198 log backup 198 log in help, configuration 128 problems 137 specify custom Login help page 129 logs configure settings 159 configure settings - Symantec 10490452 | Administration Guide - Page 255
-set spam reports available 167 pre-set virus reports available 166 print 177 run 173 save 178 schedule 178 size limit 177 time shown 176 troubleshoot report generation 175 types of pre-set reports available 164 Reputation Lists enable 105 Reputation - Symantec 10490452 | Administration Guide - Page 256
To headers in Spam Quarantine 124 To headers in Suspect Virus Quarantine 147 self-signed certificate, add 18 sender authentication 105 Sender Reputation Service 105 configure 105 customize 105 select lists 105 senders delete from lists 101 disable, enable 101 edit senders in lists 101 export data - Symantec 10490452 | Administration Guide - Page 257
configure 136 start and stop 193 tables, restore 200 tables, saving 199 templates 131 troubleshooting 137 undeliverable messages 139 spam score set 52 SSIM see also Symantec Security Information Manager 223 status host information 186 LDAP synchronization 187 log information 188 overview information - Symantec 10490452 | Administration Guide - Page 258
headers, search in Spam Quarantine 124 To headers, search in Suspect Virus Quarantine 147 totals information 182 Transformation Engine 13 troubleshoot replication 39 Spam Quarantine 137 status message 40 synchronization 39 virus definitions non-default 55 virus filters configure virus settings 54
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
 |
 |
Symantec Mail Security for
SMTP
Administration Guide