+ All Categories
Home > Documents > Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security...

Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security...

Date post: 26-Sep-2020
Category:
Upload: others
View: 14 times
Download: 0 times
Share this document with a friend
130
Symantec Hosted Mail Security Administration Guide
Transcript
Page 1: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

Symantec Hosted Mail SecurityAdministration Guide

Page 2: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

Symantec Hosted Mail SecurityAdministration Guide

Copyright © 2006 Symantec Corporation. All rights reserved.

Federal acquisitions: Commercial Software - Government Users Subject to Standard License Terms and Conditions.

Symantec, the Symantec logo, and Norton AntiVirus are U.S. registered trademarks of Symantec Corporation. LiveUpdate, Symantec AntiVirus, Symantec Enterprise Security Architecture, and Symantec Security Response are trademarks or registered trademarks of Symantec Corporation in the United States and certain other countries. pages is a trademark of Microsoft Corporation. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.

THIS DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID, SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

Symantec Corporation20330 Stevens Creek Blvd.Cupertino, CA 95014http://www.symantec.comPrinted in the United States of America.10 9 8 7 6 5 4 3 2 1

Page 3: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

Technical Support

Symantec Technical Support maintains support centers globally. Technical Support’s primary role is to respond to specific queries about product feature and function, installation, and configuration. The Technical Support group also authors content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates.

Symantec’s maintenance offerings include the following:

■ A range of support options that give you the flexibility to select the right amount of service for any size organization

■ Telephone and Web-based support that provides rapid response and up-to-the-minute information

■ Upgrade insurance that delivers automatic software upgrade protection

■ Global support that is available 24 hours a day, 7 days a week worldwide. Support is provided in a variety of languages for those customers that are enrolled in the Platinum Support program

■ Advanced features, including Technical Account Management

For information about Symantec’s Maintenance Programs, you can visit our Web site at the following URL:

www.symantec.com/techsupp/ent/enterprise.html

Select your country or language under Global Support. The specific features that are available may vary based on the level of maintenance that was purchased and the specific product that you use.

Contacting Technical SupportCustomers with a current maintenance agreement may access Technical Support information at the following URL:

www.symantec.com/techsupp/ent/enterprise.html

Select your region or language under Global Support.

Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to recreate the problem.

Page 4: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

When you contact Technical Support, please have the following information available:

■ Product release level

■ Hardware information

■ Available memory, disk space, NIC information

■ Operating system

■ Version and patch level

■ Network topology

■ Router, gateway, and IP address information

■ Problem description:

■ Error messages and log files

■ Troubleshooting that was performed before contacting Symantec

■ Recent software configuration changes and network changes

Licensing and registrationIf your Symantec product requires registration or a license key, access our technical support Web page at the following URL:

www.symantec.com/techsupp/ent/enterprise.html.

Select your region or language under Global Support, and then select the Licensing and Registration page.

Customer serviceCustomer service information is available at the following URL:

www.symantec.com/techsupp/ent/enterprise.html

Select your country or language under Global Support.

Customer Service is available to assist with the following types of issues:

■ Questions regarding product licensing or serialization

■ Product registration updates such as address or name changes

■ General product information (features, language availability, local dealers)

■ Latest information about product updates and upgrades

■ Information about upgrade insurance and maintenance contracts

■ Information about Symantec Value License Program

■ Advice about Symantec's technical support options

Page 5: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

5

■ Nontechnical presales questions

■ Issues that are related to CD-ROMs or manuals

Maintenance agreement resourcesIf you want to contact Symantec regarding an existing maintenance agreement, please contact the maintenance agreement administration team for your region as follows:

■ Asia-Pacific and Japan: [email protected]

■ Europe, Middle-East, and Africa: [email protected]

■ North America and Latin America: [email protected]

Additional enterprise servicesSymantec offers a comprehensive set of services that allow you to maximize your investment in Symantec products and to develop your knowledge, expertise, and global insight, which enable you to manage your business risks proactively. Additional services that are available include the following:

To access more information about Enterprise Services, please visit our Web site at the following URL:

www.symantec.com

Select your country or language from the site index.

Symantec Early Warning Solutions

These solutions provide early warning of cyber attacks, comprehensive threat analysis, and countermeasures to prevent attacks before they occur.

Managed Security Services

These services remove the burden of managing and monitoring security devices and events, ensuring rapid response to real threats.

Consulting services Symantec Consulting Services provide on-site technical expertise from Symantec and its trusted partners. Symantec Consulting Services offer a variety of prepackaged and customizable options that include assessment, design, implementation, monitoring and management capabilities, each focused on establishing and maintaining the integrity and availability of your IT resources.

Educational Services These services provide a full array of technical training, security education, security certification, and awareness communication programs.

Page 6: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

6

Page 7: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

Contents

Chapter 1 Introducing Symantec Hosted Mail SecurityAbout Symantec Hosted Mail Security ............................................................. 12How Symantec Hosted Mail Security works .................................................... 12How Symantec Hosted Mail Security protects against virus threats .......... 13

What happens during a virus scan ............................................................ 14If a virus is detected .................................................................................... 15

How Symantec Hosted Mail Security protects against spam ....................... 16About automatic spam filters .................................................................... 16About customized allow and deny lists .................................................... 19

How Symantec Hosted Mail Security protects against undesirable content 20How content filtering dictionaries work .................................................. 21About URL click-through protection ........................................................ 21About spam beacon blocking ..................................................................... 21About language identification blocking ................................................... 22

Where to find more information about Symantec Hosted Mail Security ... 22Contacting Technical Support ........................................................................... 23

Contacting Customer Service ..................................................................... 23Reporting missed spam to Symantec ....................................................... 23Reporting false positives to Symantec ..................................................... 24

Chapter 2 Configuring Symantec Hosted Mail SecurityAbout the Symantec Hosted Mail Security Console ....................................... 26Redirecting your inbound MX records ............................................................. 27Setting up your outbound server ...................................................................... 29Understanding hierarchy levels and user roles .............................................. 30Managing domain accounts ............................................................................... 32

Searching for a domain or alias domain .................................................. 32Viewing domain configuration information ........................................... 33Adding alias domain names ....................................................................... 34Deleting alias domain names ..................................................................... 35

Managing user accounts ..................................................................................... 35Designating how user accounts are created or deleted ......................... 36Creating user accounts manually .............................................................. 36Manually deleting user accounts ............................................................... 40Adding user accounts automatically through SMTP Discovery ........... 41

Page 8: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

8 Contents

Deleting user accounts automatically through SMTP Discovery ........ 42About access rights for the User role ....................................................... 42Using alias email addresses to manage user accounts .......................... 43Preventing users from adding their own aliases .................................... 44Limiting the number of email aliases per user ....................................... 44Adding alias email addresses ..................................................................... 44Deleting email addresses ............................................................................ 45Converting primary addresses to aliases ................................................. 47Viewing information about user configuration ...................................... 48Editing user accounts .................................................................................. 48

About user authentication methods ................................................................. 49Selecting password authentication ........................................................... 49Selecting LDAP authentication ................................................................. 50Selecting POP3 authentication .................................................................. 52Selecting IMAP authentication .................................................................. 53

About groups and group policy sets ................................................................. 54

Chapter 3 Managing domain and user policiesAbout domain policies ........................................................................................ 58

Editing domain policies .............................................................................. 58Working with Sender Allow and Deny lists ..................................................... 60About the Recipient Shield list .......................................................................... 63Working with antivirus policies ........................................................................ 64

Specifying actions for antivirus classification ........................................ 65Configuring antivirus notifications .......................................................... 66

About antispam filtering policies ...................................................................... 66Specifying actions for antispam classifications ..................................... 66Specifying actions for antispam content groups .................................... 68Configuring Spam Quarantine reporting ................................................. 70

About content policies ........................................................................................ 74Editing and creating content groups ........................................................ 74Specifying HTML Shield polices ................................................................ 76Specifying ClickProtect policies ................................................................ 77Specifying language policies ...................................................................... 78

Configuring file attachment policies ................................................................ 79Specifying notification policies ......................................................................... 83

Viewing and editing notification options ................................................ 85About user-level policy configurations ............................................................ 88About distribution lists ....................................................................................... 88About Fail Safe protection ................................................................................. 89

Chapter 4 Working with message quarantines

Page 9: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

9Contents

Viruses Quarantine ...................................................................................... 93Spam Quarantine ......................................................................................... 94Attachments Quarantine ............................................................................ 95Content Quarantine ..................................................................................... 96Safe Message View ....................................................................................... 97

Chapter 5 Reports and logsAbout reports and logs ......................................................................................100Traffic Overview report ....................................................................................100Threats Overview report ..................................................................................102Virus Threats report .........................................................................................104Spam Threats report .........................................................................................105Content Threats report .....................................................................................106Attachments Threats report ............................................................................107ClickProtect Overview report ..........................................................................108ClickProtect Log report .....................................................................................109Quarantine Release Overview report ..............................................................109Quarantine Release Log report ........................................................................111User Activity report ..........................................................................................112Event Log report ................................................................................................113Audit Trail report ..............................................................................................114Inbound Server Connections report ...............................................................115FailSafe Overview report ..................................................................................116FailSafe Event Log report .................................................................................117

Chapter 6 Troubleshooting and frequently asked questions

Glossary

Index

Page 10: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

10 Contents

Page 11: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

Chapter

1

Introducing Symantec Hosted Mail Security

This chapter includes the following topics:

■ About Symantec Hosted Mail Security

■ How Symantec Hosted Mail Security works

■ How Symantec Hosted Mail Security protects against virus threats

■ How Symantec Hosted Mail Security protects against spam

■ How Symantec Hosted Mail Security protects against undesirable content

■ Where to find more information about Symantec Hosted Mail Security

■ Contacting Technical Support

Page 12: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

12 Introducing Symantec Hosted Mail SecurityAbout Symantec Hosted Mail Security

About Symantec Hosted Mail SecuritySymantec Hosted Mail Security provides comprehensive protection from viruses, spam, unwanted message content, and other threats that spread through email. It protects your mail servers and internal network by scanning and filtering your incoming Internet email traffic before it enters your mail system. It lets you scan and filter your outgoing Internet email traffic to prevent the spread of malicious or inappropriate content and to enforce mail security policies. You set and manage your mail security policies, access quarantined mail, and view reports through a secure Web portal.

You can configure Symantec Hosted Mail Security to protect your network perimeter from the following types of threats:

■ Computer viruses, worms, Trojan horses, and mass-mailers

■ Denial-of-service attacks and messages that overload the system

■ Directory harvesting attacks and other email-based attacks

■ Unsolicited bulk email messages (spam), email fraud, and other spam threats

■ Inappropriate or malicious message content

How Symantec Hosted Mail Security worksSymantec Hosted Mail Security is a protective filter that scans all of your incoming Internet email traffic before it enters your mail system. You can also configure it to scan all of your outgoing Internet email traffic to prevent the spread of malicious or inappropriate content and to enforce mail security policies. Symantec Hosted Mail Security resides outside your firewall, which reduces the processing burden on your mail servers and reduces your network’s exposure to vulnerabilities and attacks.

Symantec Hosted Mail Security creates a proxy gateway for your inbound and outbound Internet email traffic. Messages are filtered in real-time as they pass to and from the Symantec Hosted Mail Security gateway and your mail servers. Symantec Hosted Mail Security handles the filtering processes in its cache. Only messages that are quarantined for virus, spam, or content filtering violations are stored on disk.

Symantec Hosted Mail Security uses multiple levels of dynamic filtering technology to determine whether a message may contain malicious or inappropriate content or attachments. It scans all parts of the message, including the message header, message body, and attachments. Depending on

Page 13: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

13Introducing Symantec Hosted Mail SecurityHow Symantec Hosted Mail Security protects against virus threats

your configuration, it scans first for viruses or virus behavior, then for spam, and then for content filtering rules.

When a violation is detected or if a scan error occurs, Symantec Hosted Mail Security stops scanning and handles the message based on the filtering policy settings that you have configured.

Figure 1-1 Figure 1: Email Traffic Flow

How Symantec Hosted Mail Security protects against virus threats

Symantec Hosted Mail Security includes all of the virus scanning technologies that are available in Symantec antivirus products. It protects against viruses, worms, and Trojan horses in all major file types, including compressed files and archive file formats. It also protects against mobile code (for example, ActiveX® or JavaScript™) and script-based threats.

Symantec Hosted Mail Security protects your mail system from messages and attachments that overload the system and cause denial-of-service. This includes container files that are overly large, that contain large numbers of embedded

chuck_egress
Note
Cam we change MX Control Console to just "Console"?
Page 14: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

14 Introducing Symantec Hosted Mail SecurityHow Symantec Hosted Mail Security protects against virus threats

compressed files, or that are otherwise designed to maliciously use resources and degrade performance.

Symantec Hosted Mail Security provides the following types of protection from virus threats that spread through email:

■ Automatic scanning for virus signatures

Symantec engineers continually track reported outbreaks of computer viruses and threats. When a new virus or other threat is identified, information about that virus (a signature) is stored in a virus definitions file. The virus definitions file contains the necessary information to detect and eliminate the virus.

Symantec Hosted Mail Security updates its virus definitions every 5 minutes. Updates are handled automatically without having to restart services or redeploy software. This ensures no interruption in scanning services during the updates.

■ Automatic scanning for virus-like characteristics using advanced heuristics

Heuristic methods of virus detection are designed to detect viruses for which no known definitions exist. Advanced heuristics analyze a program’s structure, behavior, and other attributes for virus-like characteristics, such as self-replication.

Symantec Hosted Mail Security uses advanced heuristics to analyze a file if it detects certain behaviors in the file that warrant further analysis.

■ Automatic protection from messages and attachments that can cause denial of service

Symantec Hosted Mail Security includes maximum size and scanning depth levels to reduce exposure to denial-of-service attacks.

■ Blocking by subject line

You can configure Symantec Hosted Mail Security to block messages by the subject line. This lets you handle emerging threats for which a virus definition has not been created.

Note: Internet email is only one avenue by which a virus or threat can infiltrate your network. For comprehensive protection, you should ensure that every server and workstation at your site is protected by a server or desktop antivirus solution.

What happens during a virus scanWhen Symantec Hosted Mail Security scans a file, it first decodes and decompresses it. It then looks for known viruses by comparing segments of the file to the sample code inside of a virus definitions file. The virus definitions file

Page 15: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

15Introducing Symantec Hosted Mail SecurityHow Symantec Hosted Mail Security protects against virus threats

contains nonmalicious bits of code, or virus definitions, for thousands of viruses. If Symantec Hosted Mail Security finds a match, the file is considered infected, and it is handled according to your configuration settings.

Advanced heuristics, which includes Symantec Bloodhound™ technology, help detect viruses for which no known definitions exist. Symantec Hosted Mail Security uses advanced heuristics to analyze a file if it detects certain behaviors in the file that warrant further analysis.

During a heuristics scan, the file is copied into a self-contained virtual computer that emulates the operating system environment. The antivirus scanner then runs the file and probes for and assesses suspicious behavior, such as whether the file replicates itself a number of times in a specified time frame. In most cases, the antivirus scanner can determine in milliseconds whether a file is likely to be infected by a virus. If it considers the file likely to be infected, it handles the file according to the settings that you have configured for handling infected files.

If Symantec Hosted Mail Security encounters a file that it cannot scan or it encounters a file attachment that violates a scanning rule, it logs the error and handles the file according to your configuration settings.

If a virus is detectedYou can configure Symantec Hosted Mail Security to handle infected files in the following ways:

Table 1-1 Actions for infected files

Action Result

Clean the message Attempts to remove the virus and preserve the attachment. If the file is successfully repaired, text is added to the email message to notify recipients that a virus was detected and that the file was cleaned.

Quarantine the message after attachment is stripped

Removes the infected attachment from the email message and sends the message to the quarantine for administrator review.

Strip Attachment Removes the infected attachment from the email message and delivers the rest of the message. Text is added to the message to notify recipients that a virus was detected in the attachment and that the attachment was removed.

Deny Delivery Blocks delivery of the email message and its attachments.

Do Nothing or Allow Delivery

Delivers the email message and its attachments with no filtering or notification.

Page 16: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

16 Introducing Symantec Hosted Mail SecurityHow Symantec Hosted Mail Security protects against spam

How Symantec Hosted Mail Security protects against spam

Symantec Hosted Mail Security lets you handle spam in the following ways:

■ Spam filters are continuously and automatically updated to protect against new and emerging spam threats.

■ Symantec Hosted Mail Security uses multiple filtering technologies to maximize spam detection and minimize false positives.

■ You can define specific email addresses, DNS names, and IP addresses from which email is always accepted or always denied.

About automatic spam filtersSymantec Hosted Mail Security provides multiple layers of filtering technology to protect your network environment from spam. As incoming messages pass through these filters, they are scored and classified as spam, potential spam, or legitimate messages. Legitimate messages are sent to the recipient. Based on how you configure Symantec Hosted Mail Security, spam and potential spam messages can be rejected, quarantined, or copied to another recipient, for example, an administrator.

Symantec maintains a global network of over 2 million decoy email addresses and domains that attracts and collects the latest spam. Tens of millions of email messages pass through the Symantec Probe Network™ each month. These messages are sent to Symantec Security Response for analysis to identify new spamming techniques and threats. Symantec technicians continuously fine-tune existing filters and develop new filters to respond to new and evolving threats. These filters are automatically updated every 10 minutes to ensure that your environment stays protected.

Table 1-2 provides information about the types of spam filtering technology that is used in Symantec Hosted Mail Security.

Page 17: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

17Introducing Symantec Hosted Mail SecurityHow Symantec Hosted Mail Security protects against spam

Table 1-2 Spam Filtering Technologies

Filter type Description Protection type

Reputation Service Symantec monitors email sources from around the world to determine how much of the email messages that are sent from those sources are legitimate. Email from those sources can then be blocked or allowed based on the reputation value of the source as determined by Symantec.

The Reputation Service is a dynamic database of IP addresses that is continuously compiled and updated. It consists of the following lists:

■ Open proxy list: A list of IP addresses of identity-masking relays that are used by spammers. This includes proxy servers with open or unsecured ports.

■ Safe list: A list of IP addresses from which virtually no outgoing email is spam.

■ Suspect list: A list of IP addresses from which virtually all outgoing email is spam.

■ Protects against high-volume spam sources and messages from open or unsecured relays.

■ Protects against false positives by allowing email traffic from sources that are contained on the safe list.

Heuristic filters Heuristic filters scan all parts of a message to test for characteristics that are usually inherent in spam, such as opt-out links, specific phrases, and forged headers. The filters assign an overall score to the message that is based on the number of spam characteristics that are found. If the message exceeds the spam threshold, it is considered spam.

Protects against spam that is too new to be detected by other types of filters.

Page 18: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

18 Introducing Symantec Hosted Mail SecurityHow Symantec Hosted Mail Security protects against spam

Language filters Language filters can detect whether a message is written in one of 11 supported languages and then apply only the heuristic filters that were created for that language. This helps improve performance.

The supported languages include Chinese, Dutch, English, French, German, Italian, Japanese, Korean, Portuguese, Russian, and Spanish.

Protects global network environments from spam that is written in a language other than English.

MIME attachment signature filters Attachment signatures target specific types of MIME attachments, such as ZIP files, for objectionable or malicious content.

Symantec Hosted Mail Security treats any message as spam if any MIME attachment in the message matches a Symantec MIME filter.

Protects against embedded images and executables in MIME attachments that contain objectionable or malicious content.

Signature filters Messages that flow into Symantec Security Response (SSR) are analyzed for unique signatures and variations of signatures that are characteristic of a spam attack. Using this signature, Symantec can group and match seemingly random messages that originated from a single attack.

Symantec continuously updates its database of known spam based on these signatures.

■ Protects against highly randomized, HTML-based spam attacks.

■ Protects against HTML-based evasion techniques that are used by spammers.

URL filters URL filters scan messages bodies for embedded URLs. The filters compare the URLs to the known-spammer list. The filters can identify and remove special characters that have been added to the URL link to conceal the Web address.

Symantec builds its known-spammer list based on URLs that are collected by the Symantec Probe Network and trusted third-party spam URL lists.

■ Protects against spam messages that direct recipients to inappropriate Web sites, such as pornographic sites.

■ Protects against spam messages that direct recipients to fraudulent Web sites.

■ Protects against tactics that spammers use to evade spam filters, such as disguised URLs and extreme randomization.

Filter type Description Protection type

Page 19: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

19Introducing Symantec Hosted Mail SecurityHow Symantec Hosted Mail Security protects against spam

About customized allow and deny listsYou can define specific email addresses, DNS names, and IP addresses from which email is always accepted or always denied.

Email addresses that you add to the deny list are always blocked. Deny lists are better suited for handling unwanted email messages from senders that you know, such as an individual or company whose sender address is unlikely to change frequently. Spammers use a variety of techniques to evade detection, such as changing or masking their sender addresses. Deny lists are not an effective tool against this type of threat.

Email addresses that you add to the allow list bypass the spam filters in Symantec Hosted Mail Security. This feature can help minimize the risk of a legitimate message being handled as spam. However, bypassing the spam filters can pose a security risk. Spammers who send fraudulent or malicious content often use techniques in which they spoof or hijack an email address or domain so that the message appears to be sent from a legitimate and trusted sender.

Note: The Allow List only applies to spam and content filtering. Messages are scanned for viruses and worms.

Page 20: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

20 Introducing Symantec Hosted Mail SecurityHow Symantec Hosted Mail Security protects against undesirable content

How Symantec Hosted Mail Security protects against undesirable content

Symantec Hosted Mail Security lets you monitor incoming and outgoing email messages and attachments for inappropriate content to enforce corporate mail policies, reduce legal liability, and ensure compliance with regulatory requirements. The content filtering features in Symantec Hosted Mail Security can detect and remove malicious HTML tags, scripting objects, and certain types of embedded images to protect your network from email-based threats. You can configure whether email messages that violate content or attachment policies are quarantined, rejected, stripped of the file attachment, or copied to another recipient, for example, an administrator.

Table 1-3 describes content compliance and security features provided by Symantec Hosted Mail Security.

Table 1-3 Content compliance and security features

Feature Description

Predefined content keyword categories Lets you filter content by keywords and phrases that are contained in the Symantec-provided content dictionary.

The content dictionary consists of the following categories:

■ Profanity

■ Sexual Overtones

■ Racially Insensitive

Customized content keyword categories Lets you add custom categories to the content dictionary and add your own keywords and phrases to satisfy your own security and business needs.

Spam-specific keyword categories Lets you define customized lists of keywords that are used to filter email for spam.

URL click-through protection Lets you enable or disable a user’s ability to follow a URL or other Web hyperlink that is contained in the body of an email message.

You can also monitor information about the Web sites that users are visiting and other statistics.

Spam beacon blocking Removes certain types of embedded images from email messages that are used to send information about the user the source of the message.

Spammers embed these images to gather information about the system and to verify that the recipient’s address is a valid address.

Language identification blocking Lets you specify languages in which you will allow messages.

Page 21: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

21Introducing Symantec Hosted Mail SecurityHow Symantec Hosted Mail Security protects against undesirable content

How content filtering dictionaries workThe content dictionary that is provided by Symantec contains commonly filtered words and phrases that are grouped by categories. You can select the categories that you want to use to filter content. You can also define your own custom categories and keywords to use for filtering.

When you enable content filtering, Symantec Hosted Mail Security matches the individual words that are contained in an email message to the words that are contained in the content filtering categories that you have selected for filtering. As the filtering process continues, the content filtering scanner builds a word chain so that it can examine the context. For example, if the word cancer succeeds the word breast in a word chain, it is likely that the message is about a medical condition and is not inappropriate.

The content filtering scanner scores a message based on the number of matches that are found and adjusts the score based on the context of the words. If the score exceeds the built-in threshold, the message is considered to be a content filtering violation, and it is handled according to the configuration settings.

About URL click-through protectionYou can enable or disable a user’s ability to follow a URL or other Web hyperlink that is contained in the body of an email message. This lets you enforce email security policies, reduce legal liabilities, and protect your network environment from security risks. Symantec Hosted Mail Security maintains information about the hyperlinks that were followed, who visited the sites, who sent the email message, and other statistical information so that you can monitor activities.

You can configure whether a site is automatically blocked, whether the user must respond to a confirmation prompt before proceeding, and whether the user receives a notification message. You can also create an allow list of URLs that you want to exclude from click-through protection.

About spam beacon blockingSpam beacons or Web bugs are small graphics that are embedded in HTML content that can gather and send information about your system to the source (usually a URL). They typically are transparent, 1x1 pixel graphics and are nearly invisible.

Web bugs are often used on Web sites to monitor surfing behavior. However, spammers can also hide them in their mass mailings as spam beacons. When the recipient opens the message, the spam beacon sends a signal back to the spammer’s URL that confirms that the recipient’s email address is valid.

Page 22: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

22 Introducing Symantec Hosted Mail SecurityWhere to find more information about Symantec Hosted Mail Security

You can configure Symantec Hosted Mail Security to automatically remove these types of images from HTML content that is contained in incoming Internet email messages.

About language identification blockingSymantec Hosted Mail Security can identify what language an email is written in, and filter email based on this information. You can choose to allow Symantec Hosted Mail Security to only deliver email in certain languages, or you can allow all languages, which is the default setting. The default policy is to allow email in all languages.

Where to find more information about Symantec Hosted Mail Security

The following documentation is available to assist you with using and configuring Symantec Hosted Mail Security:

■ Symantec Hosted Mail Security Console and Spam Quarantine User’s Guide

If you are connected to the Symantec Hosted Mail Security Console, the console contains embedded help to assist you with using and configuring Symantec Hosted Mail Security. What’s This links provide information about each option.

If you are connected to the Internet, the following online resources are available on the Symantec Web site:

■ Symantec.com/techsupp/ent/enterprise.html: Provides access to the technical support Knowledge Base, newsgroups, contact information, downloads, and mailing list subscriptions

■ Securityresponse.symantec.com: Provides access to the Virus Encyclopedia, which contains information about all known viruses; information about virus hoaxes; and access to white papers about virus threats

chuck_egress
Note
We should put a bullet in here to show the location of the SHMS specific manuals. This is at http://enterprisesecurity.symantec.com/hosted/docs Maybe this would be a place to mention the localized versions of the console and spam quarantine user's guide??
Page 23: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

23Introducing Symantec Hosted Mail SecurityContacting Technical Support

Contacting Technical SupportCustomers with a current support agreement may contact the Technical Support group via phone or online at www.symantec.com/techsupp.

When contacting the Technical Support group, please have the following:

■ The page where you were working and details of the particular function you were trying to perform

■ The exact wording of any messages that appeared in the message box or in the status line

■ Any software or hardware behavior that seemed unusual

■ A description of how you tried to solve the problem

■ The version of the product you were using

Contacting Customer ServiceTo contact Enterprise Customer Service online, go to www.symantec.com, select the appropriate Global Site for your country, and then choose Service and Support. Customer Service is available to assist with the following types of issues:

■ Questions regarding product licensing or serialization

■ Product registration updates such as address or name changes

■ General product information (features, language availability, local dealers)

■ Latest information on product updates and upgrades

■ Information on upgrade insurance and maintenance contracts

■ Information on Symantec Value License Program

■ Advice on Symantec technical support options

■ Nontechnical presales questions

■ Missing or defective CD-ROMs or manuals

Reporting missed spam to SymantecYou can submit spam or suspected spam messages that were not detected by Symantec Hosted Mail Security to the Symantec Brightmail Logistics and Operations Center (BLOC). Symantec engineers will analyze the message for spam characteristics and will issue updates to the spam filtering rules as needed.

Page 24: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

24 Introducing Symantec Hosted Mail SecurityContacting Technical Support

You should submit the missed spam within 24 hours of when you received the message to ensure timely updates and to avoid analyzing messages for which updated rules have already been issued.

You can submit the missed spam to one of the following email addresses:

Note: These addresses are for missed spam messages only. You must submit the message as an RFC-822 MIME-encoded attachment.

Reporting false positives to SymantecYou can submit messages that were incorrectly tagged as spam to the Symantec Brightmail Logistics and Operations Center (BLOC). Symantec engineers will analyze the message and issue updates to the spam filtering rules as needed.

■ You can submit false positives to one of the following email addresses:

Note: These addresses are for false-positive messages only. You must send the message as an RFC-822 MIME-encoded attachment.

North America [email protected]

Europe, Middle East, Africa [email protected]

Japan, Asia, Pacific Rim [email protected]

North America [email protected]

Europe, Middle East, Africa [email protected]

Japan, Asia, Pacific Rim [email protected]

Page 25: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

Chapter

2

Configuring Symantec Hosted Mail Security

This chapter includes the following topics:

■ About the Symantec Hosted Mail Security Console

■ Redirecting your inbound MX records

■ Setting up your outbound server

■ Understanding hierarchy levels and user roles

■ Managing domain accounts

■ Managing user accounts

■ About user authentication methods

■ About groups and group policy sets

Page 26: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

26 Configuring Symantec Hosted Mail SecurityAbout the Symantec Hosted Mail Security Console

About the Symantec Hosted Mail Security ConsoleThe Symantec Hosted Mail Security Console is a browser-based interface. You access the console through a secure Web portal at the following URL:

https:\\hostedmailsecurity.symantec.com

When you subscribe to Symantec Hosted Mail Security, you will receive a welcome kit that includes your initial log on name and password. You can change this password.

For more information about requesting a new password, setting passwords, and changing passwords and for more information about working in the console, see the Symantec Hosted Mail Security Console and Spam Quarantine Report User’s Guide.

You can do the following configuration tasks from the Symantec Hosted Mail Security Console:

■ Configure the inbound and outbound server settings

■ Set domain-level and user-level policies

■ Create groups of users and assign policies to them

■ Add and configure alias domain accounts

■ Add and configure user accounts and aliases

■ Configure the authentication settings for user logons

When you log on to the console as an Administrator, the Overview page is displayed by default. The Overview page provides high-level information about the email traffic to your domains over the previous 24 hours. Customer Administrators will see the information for all the domains that have been defined for the customer. Domain Administrators will see the information for only the domain in which the user role was defined.

You can configure Symantec Hosted Mail Security so that users can access their spam message quarantines through their Spam Quarantine Reports. The reports contain links that take them directly to their spam quarantine without having to log on through the console.

Note: Some of the settings in the Symantec Hosted Mail Security Console are determined by your level of user rights. Some of the options that are described in this manual may not be available.

chuck_egress
Note
Due to the activation console, a welcome kit is no longer sent and the customers create their initial user name and password themselves. So, the paragraph should be reworded as follows: "When you activate Symantec Hosted Mail Security, you will establish an initial log on name and password. You can change this password."
Page 27: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

27Configuring Symantec Hosted Mail SecurityRedirecting your inbound MX records

Redirecting your inbound MX recordsSymantec Hosted Mail Security creates a proxy gateway for your inbound and outbound Internet email traffic. Messages are filtered in real-time as they pass to and from the Symantec Hosted Mail Security gateway and your mail servers. Before you can enable scanning of your incoming or outgoing Internet email, you must change the Mail Exchange (MX) records on your Internet-facing mail server or with your Internet Service Provider (ISP) to direct your email traffic to Symantec.

When you subscribe to Symantec Hosted Mail Security, Symantec sends you instructions that are specific to your organization on how to configure the Mail Exchange (MX) records for your domain name server (DNS) to direct your inbound and outbound email traffic to Symantec.

Table 2-1 provides general information about the settings for inbound email traffic:

You should remove all previous listings of your mail server. Additional domains should be redirected in the same manner.

To ensure that all inbound email traffic is filtered and protected by Symantec Hosted Mail Security, you must restrict all IP access to your mail servers with the exception of the following Symantec subnets:

198.65.127.0/24

216.183.112.64/26

You must also configure your inbound server information on the console. You must have Administrator rights to perform this task on the console.

Table 2-1 MX settings for inbound email

MX record Preference level

<domain_name>.inbound10.symantecmail.com 10

<domain_name>.inbound10.symantecmail.net 10

<domain_name>.inbound20.symantecmail.com 20

<domain_name>.inbound20.symantecmail.net 20

<domain_name>.inbound30.symantecmail.com 30

<domain_name>.inbound30.symantecmail.net 30

chuck_egress
Note
Remove "that are specific to your organization". The activation process involves sending the customer information on how to change their MX Records but we've worked it out so that it gives them what they want but doesn't have to be custom tailored to each individual customer any more.
chuck_egress
Note
Add the following IP address: 208.65.144.0/21
Page 28: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

28 Configuring Symantec Hosted Mail SecurityRedirecting your inbound MX records

Note: It may take several days for your MX record redirect to propagate to all the email servers that may be sending email to your email server. During that time, your email server may still receive email directly from those email servers until they are updated with your latest MX record information.

To configure your inbound server settings

1 On the Symantec Hosted Mail Security Console, on the console toolbar, click Setup.

2 On the Configuration toolbar, click Inbound Servers.

3 On the Inbound Servers Setup page, in the SMTP Host Address field, type the fully qualified IP address or DNS address of your SMTP host server.

4 In the Port field, type the port number on your SMTP host server to which the Symantec Hosted Mail Security service should connect.

The default port number is 25.

5 In the Preference field, type a number to indicate the order of connection preference if you are configuring multiple servers.

The Symantec Hosted Mail Security service will attempt to connect to the server that has the lowest preference number first. If you assign the same preference number to multiple servers, Symantec Hosted Mail Security will balance the delivery.

6 If the server is immediately available to accept connections, check the Active checkbox.

You must check this checkbox to allow Symantec Hosted Mail Security to connect to the server.

7 Click Save Changes.

Page 29: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

29Configuring Symantec Hosted Mail SecuritySetting up your outbound server

Setting up your outbound serverTo enable outbound filtering, you must configure the outbound configuration settings on the security console to include the IP addresses that are associated with the outbound service on your mail server. You must also establish a relay to send outbound traffic to the appropriate outbound domains.

Table 2-2 provides general information about the settings for outbound email traffic.

You must also configure your outbound server information on the console. You must have Administrator rights to perform this task on the console.

To set up your outbound server

1 On the Symantec Hosted Mail Security Console, on the console toolbar, click Setup.

2 On the Configuration toolbar, click Outbound Servers.

3 On the Outbound Server page, in the Server IP Address Range field, type the fully qualified IP address of the outbound SMTP host server.

4 Click Add New Address.

5 Click Save.

Table 2-2 Settings for outbound email

Domain Preference level

<domain_name>.outbound10.symantecmail.com 10

<domain_name>.outbound10.symantecmail.net 10

<domain_name>.outbound20.symantecmail.com 20

<domain_name>.outbound20.symantecmail.net 20

<domain_name>.outbound30.symantecmail.com 30

<domain_name>.outbound30.symantecmail.net 30

Page 30: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

30 Configuring Symantec Hosted Mail SecurityUnderstanding hierarchy levels and user roles

Understanding hierarchy levels and user rolesSymantec Hosted Mail Security uses a hierarchical architecture to control data and security. User roles are assigned for each level in the hierarchy.

Table 2-3 describes user roles and hierarchy levels.

You must define at least one entity for each hierarchy level. Depending on the hierarchy level, an entity may be a full domain name, email domain name, or a user’s email address.

The name of each entity within a hierarchy level must be unique. For example, the same domain name cannot be defined in multiple customer entities.

Administrator and user roles define the level of access that a user has within the Symantec Hosted Mail Security console.

Table 2-3 Roles and hierarchy levels

User role Description

Customer Contains one or more domain entries. For example, you can group all of the domain names that are used by your company or division within a company.

Symantec sets up this account information for you when you purchase your license.

Domain Contains the primary and alias domains that your organization uses for its email addresses.

The domain is the part of the email address that follows the at (@) symbol. For example, in the email address [email protected], the domain is mycompany.com.

You must own the rights to these domain names and your mail transfer agent (MTA) must be configured to receive email for these domains.

Primary domain accounts can only be added by Symantec. Users with Customer Administrator rights can add alias domains.

User accounts Contains the complete email addresses (email accounts) in your organization that can receive email. The complete email address ([email protected]) is considered the primary email account. You can also add alias email accounts.

You can add user accounts manually or automatically through the SMTP discovery feature.

User account entries can only be added by users with Domain Administrator rights or higher.

chuck_egress
Note
change to "users with Customer Administrator rights."
Page 31: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

31Configuring Symantec Hosted Mail SecurityUnderstanding hierarchy levels and user roles

Table 2-4 describes administrator and user roles.

Table 2-4 Administrator and user roles

Role Description

Customer Administrator The Customer Administrator can do the following:

■ Add, edit, and delete alias domains, user accounts, and user aliases

■ Configure global and domain-level filtering policies for incoming and outgoing email

■ Add, edit, or delete mail server hosts

■ View and manage all quarantine areas for each domain

■ View reports and statistical information that is generated for each domain

Domain Administrator The Domain Administrator can do the following:

■ Add, edit, and delete user information for a specific email domain

■ Configure domain-level filtering policies for incoming and outgoing email messages

■ Add, edit, or delete mail server hosts at the domain level

■ View and manage all quarantine areas for the email domain

■ View reports and statistical information that is generated for the domain

Quarantine Manager The Quarantine Manager can do the following:

■ View all quarantine areas for the primary and alias domains to which they are assigned

■ View reports and statistical information

Quarantine Managers cannot cross boundaries between primary domains and cannot change filtering policies.

Reports Manager Reports Managers can view reports and statistical information for the primary and alias domains to which they are assigned.

Reports Managers cannot cross boundaries between primary domains and cannot change filtering policies.

User Users who are assigned to the User role have limited rights within the security console. They can view their spam quarantine and adjust personal spam policy settings.

They cannot change virus or content filtering policy settings and cannot view messages or attachments that have been quarantined for virus or content filtering violations.

chuck_egress
Note
It is really configure global, domain, user group and user level policies now.
chuck_egress
Note
Remove this bullet. This capability is no longer available to Domain Administrators.
chuck_egress
Note
The Domain Administrator role has changed. Thus, this first bullet should read, "View user information and manage user allow/deny lists for a specific email domain"
Page 32: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

32 Configuring Symantec Hosted Mail SecurityManaging domain accounts

Users who are assigned to the Domain Administrator, Quarantine Manager, or Reports Manager roles can perform any of the functions of their role and any role that has a lower level of rights.

Managing domain accountsWhen you subscribe to Symantec Hosted Mail Security, Symantec sets up a domain account for your company on the Symantec Hosted Mail Security Console. Symantec uses the fully qualified name of your domain name server (DNS) for this account. You must own the rights to this domain name.

Primary domain accounts can only be added or deleted by Symantec. However, you can add alias domains to map to your primary domain to manage your user and domain configurations.

Searching for a domain or alias domainThe Search Domains feature lets you search for a specific primary domain or alias domain or for a range of domain names, for example, all domain names that begin with a specific letter.

To search for a domain or alias domain

1 On the Symantec Hosted Mail Security Console, on the console toolbar, click Setup.

2 On the Configuration toolbar, click Domains.

3 On the Configuration page, click Search.

4 In the Domain list, select one of the following search criteria:

5 In the text field, type the text for which you want to search.

6 Click Search.

The domain names that match the search criteria are listed in the Domain list. To include alias domains in the list, check Show Domain Aliases.

starts with Searches for domain names that start with the characters that you type in the text field.

is Searches for the exact characters that you type in the text field. The text that you type must exactly match the domain name.

contains Searches for domain names that include the characters that you type in the text field.

chuck_egress
Note
Due to the activation portal, all of this has changed. The paragraph can now simply say, "When you activate Symantec Hosted Mail Security you establish an initial domain account for your company. Primary domain accounts can be added later using the Symantec Hosted Mail Security console and you can add alias domains to map to your primary domain to manage user and domain configurations.
Page 33: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

33Configuring Symantec Hosted Mail SecurityManaging domain accounts

Viewing domain configuration informationYou can view basic configuration information about your primary domain and alias domain accounts.

Table 2-5 describes information you can view about the account.

To view domain configuration information

1 On the Symantec Hosted Mail Security Console, on the console toolbar, click Setup.

2 On the Configuration toolbar, click Domains.

3 On the Configuration page, under Domain, click the name of the domain for which you want to view configuration information.

The Domain Details field shows the basic configuration information about the domain that you selected.

Table 2-5 Domain configuration

Domain account Description

Domain Indicates the name of the domain whose information is being displayed.

Created Indicates the date and time when the domain was added to Symantec Hosted Mail Security.

Contact Email Indicates the email address that is used to contact a representative for the domain.

Existing Users Qty Indicates the total number of user accounts (email addresses) defined in the domain.

Inbound Package Specifies whether Symantec Hosted Mail Security is being used to filter inbound mail.

Outbound Package Specifies whether Symantec Hosted Mail Security is being used to filter outbound mail.

Quarantine Period Indicates the number of days that data for quarantined emails are stored before being automatically deleted.

User Aliasing Indicates whether users can define and manage alias email addresses associated to their primary email addresses and, if enabled, how many alias email addresses can be defined per primary email address.

Domain Aliases Indicates any alias domain names that have been defined for the domain and whether the Customer Administrator can define alias domain names for the Domain.

Page 34: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

34 Configuring Symantec Hosted Mail SecurityManaging domain accounts

Adding alias domain namesSymantec Hosted Mail Security lets you associate alias domain names to your primary domain. Alias domain names are virtual domains in which all email addresses in the alias domain name are automatically aliased to equivalent email addresses in the primary domain.

For example, your primary domain account contains the email address [email protected]. If you add an alias domain called alias.com to the primary.com domain, an email address is automatically created for [email protected].

All email addresses that are defined for an alias domain must be aliased to primary email addresses in the associated primary domain. Because the alias domain is only a virtual domain, it can only contain alias email addresses. It cannot contain primary email addresses.

The policies and configuration settings for the primary domain apply to all alias domains that are associated with it. Email messages that are addressed to an alias domain are routed to the primary domain server. If a message violates a filtering policy, it is stored in the quarantine for the primary domain.

You must have Customer Administrator or higher level rights to add an alias domain. You must own the rights to the alias domain name, and your mail transfer agent (MTA) must be configured to accept email that is addressed to the alias domain.

To add alias domain names

1 On the Symantec Hosted Mail Security Console, on the console toolbar, click Setup.

2 On the Configuration toolbar, click Domains.

3 On the Configuration page, under Domain, select the primary domain to which you want to add an alias domain.

4 On the Configuration page, under Domain Details, click Manage Aliases.

5 On the Domain Management page, in the Add text field, type the fully qualified alias domain name.

6 Click Add.

If you want to add additional alias domains, repeat steps 5-6.

7 When you are finished, click Done to save your changes.

If you exit this page before you click Done, your changes will be lost.

Page 35: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

35Configuring Symantec Hosted Mail SecurityManaging user accounts

Deleting alias domain namesIf you delete an alias domain, any email messages that are addressed to the alias domain will be denied. Quarantined messages that are associated with the alias domain will be kept until you manually delete them or until the quarantine is automatically purged.

To delete alias domain names

1 On the Symantec Hosted Mail Security Console, on the console toolbar, click Setup.

2 On the Configuration toolbar, click Domains.

3 On the Configuration page, under Domain, select the primary domain to which you want to add an alias domain.

4 On the Configuration page, under Domain Details, click Manage Aliases.

5 On the Domain Management page, in the Delete list, select the aliases that you want to delete.

6 Click Delete.

7 To continue, on the confirmation page, click OK.

This action cannot be undone.

8 When you are finished, click Done.

Managing user accountsUser accounts (or email accounts) are the specific email addresses that receive email. A complete email address includes the prefix and the domain name (for example, [email protected]).

Users must have a primary email address defined in Symantec Hosted Mail Security for their mail to be filtered for viruses, spam, or content. This is also required for them to log into the Symantec Hosted Mail Security Console or to receive a Spam Quarantine Report.

Each user can have multiple primary email addresses. A user with multiple primary email addresses has multiple quarantine areas and receives a Spam Quarantine Report for each primary email address. You can also define alias email addresses to combine the reporting and quarantines for multiple email addresses.

Primary user accounts can be added, modified, or deleted only by Domain Administrators or higher-level user roles.

chuck_egress
Note
The sentence should read, "Primary user accounts can only be added, modified or deleted by administrators with a role of Customer Administrator."
Page 36: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

36 Configuring Symantec Hosted Mail SecurityManaging user accounts

You can add user accounts in the following ways:

■ Manually create or delete user accounts

■ Automatically create or delete users accounts through SMTP Discovery

Designating how user accounts are created or deletedSymantec Hosted Mail Security lets you add or delete user accounts manually or automatically using SMTP discovery. You can configure a domain to allow only the manual creation or deletion of user accounts for security purposes.

If you configure a domain to allow only manually created user accounts, messages that cannot be delivered because the email address is not defined in Symantec Hosted Mail Security or because your mail transfer agent (MTA) does not recognize the address as valid are handled according to the Recipient Shield policy settings that you have configured. For information about Recipient Shield, See “About the Recipient Shield list” on page 63.

To designate how user accounts are created or deleted

1 On the Symantec Hosted Mail Security Console, on the toolbar, click Setup.

2 On the Configuration page, on the toolbar, click User Creation.

3 If applicable, in the Domain list, select the domain that you want to configure.

4 Under User Creation Settings, select one of the following:

■ SMTP Discovery: Lets you create and delete user accounts automatically through SMTP discovery or by manually adding and deleting them

The SMTP Discovery feature creates user accounts from message transactions.

■ Explicit: Sets the User Creation Settings to manual mode

User accounts must be added and deleted manually.

5 Click Save Changes.

Creating user accounts manuallyUser accounts can only be added by users with Domain Administrator or higher-level rights. You can only assign the same level or lower level rights to a user. For example, Domain Administrators can add other Domain Administrators, Quarantine Managers, Reports Managers, and Users, but cannot add Customer Administrators.

chuck_egress
Note
Should read, "....by users with a Customer Administrator role".
Page 37: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

37Configuring Symantec Hosted Mail SecurityManaging user accounts

You can only create new user accounts in a primary domain. You cannot create new user accounts in an alias domain.

Table 2-6 describes characters that can and cannot be used in the user account name.

You can add user accounts by using a batch file that contains the email addresses and optional alias email addresses that you want to add. The batch file must be a text file. Each entry must be on its own line, and each entry must be terminated with a line-break character.

Each entry should use the following format:

[email protected] optional_alias_prefix optional_alias_prefix2

Table 2-6 User account name characters

Allowed Not Allowed

Alphanumeric characters (A-Z) Spaces before or after the account name

Numeric characters 0-1 Comma ( , )

Spaces within the name Plus sign ( + )

Hyphen ( - ) Double quotes ( “ )

Single apostrophe ( ‘ ) Backslash ( \ )

Ampersand ( & ) Left arrow ( < )

Right arrow ( > )

Semi-colon ( ; )

Hash sign ( # )

chuck_egress
Note
Add. "that is no larger than 100K in size" after "....text file" in this first sentence
Page 38: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

38 Configuring Symantec Hosted Mail SecurityManaging user accounts

Table 2-7 describes the user account entries format you should follow.

For example:

[email protected] johnsmith

All user accounts that are added by the batch method are assigned the default filtering policies and are assigned to the User role. When you add user accounts by using a batch file, users are not assigned passwords. Passwords are required to access the console.

To add an individual user account manually

1 On the Symantec Hosted Mail Security Console, on the console toolbar, click Users.

2 On the User Management page, if applicable, in the Domain drop-down list, select the name of the domain to which you want to assign the user.

3 On the User Management toolbar, click Create Users.

4 In the Creation Mode drop-down list, select Individual.

5 In the Email field, type the prefix (user account name) of the email address that you want to add.

The prefix is the part of the email address before the at (@) symbol in the email address. For example, sampleuser in the email address [email protected].

Table 2-7 User account entries

Entry format Description

[email protected] The complete email address, including the domain, of the user account that you want to add.

The domain must match the domain name that appears on the console.

optional_alias_prefix The prefix for the alias email address that you want to associate with the user account. Use a space between the [email protected] entry and the optional_alias_prefix.

The prefix is the part of the email address that precedes the at (@) symbol. For example, for the email address [email protected], the prefix is myname.

You can add multiple alias email addresses, up to the maximum that is defined in the system configuration.

When adding multiple alias email addresses, separate each alias with a space.

Page 39: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

39Configuring Symantec Hosted Mail SecurityManaging user accounts

All email addresses in Symantec Hosted Mail Security must be unique.

6 In the Role list, select the user role to which you want to assign the user:

7 In the Password field, type the password for the user account.

This is the password that users will use to log on to the console. Passwords must be at least 6 characters and must not include spaces. Passwords are case-sensitive.

8 In the Verify Password field, retype the password to confirm it.

You can configure the filtering policies for the user and set custom spam filtering policies.

9 If the you want the user to be added to a group, select that group from the Group Membership drop-down list.

You can create groups of users and create custom policies for those groups. If you do not select a group for this user, the user will be a member of the default group, and have the default policy assigned. If you have not created any groups, the only options available will be the default value for ‘ungrouped’ users. For more information about groups and group policies, see “About groups and group policy sets” on page 54.

10 If this user is to be exempt from all filtering or from outbound filtering, check the appropriate checkbox.

11 Check or uncheck the available Filter Policies for this user’s email as desired.

12 Click Create.

This saves your changes and adds the user account. If you exit this page before you click Create, your information will be discarded.

To add multiple user accounts in batches manually

1 On the Symantec Hosted Mail Security Console, on the console toolbar, click Users.

2 On the User Management page, if applicable, in the Domain list, select the name of the domain to which you want to assign the user.

3 On the User Management toolbar, click Create Users.

4 In the Creation Mode list, click Batch.

5 Under the Email Addresses field, do one of the following:

■ Type the full path and file name of the batch file.

■ Click Browse to navigate to the location of the batch file.

6 On the User Management page, click Upload File.

7 Click Create.

Page 40: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

40 Configuring Symantec Hosted Mail SecurityManaging user accounts

This saves your changes and adds the user account. If you exit this page before you click Create, your information will be discarded.

Manually deleting user accountsUser accounts can only be deleted by users with Domain Administrator or higher-level rights. When you delete an account, all of the information that is associated with that account is removed. This includes quarantine and reporting information. This action is recorded in the Audit Trail report.

You can only delete accounts for users that have lower level rights. For example, Domain Administrators can delete Quarantine Managers, Reports Managers, and Users, but cannot delete other Domain Administrators or Customer Administrators.

Note: Deletion of a user account cannot be undone. If the domain is configured to add users automatically through SMTP discovery, it is possible that a deleted user account may be added back automatically.

To delete user accounts manually

1 On the Symantec Hosted Mail Security Console, on the console toolbar, click Users.

2 On the User Management toolbar, click Delete Users.

3 On the User Management page, if applicable, in the Domain list, select the domain name from which you want to delete a user account.

4 In the Users list, select from the following to narrow the search criteria:

All users Lists the first 1000 user accounts for the designated domain in alphabetical order.

Last login over 15/30/60 days ago

Lists the first 1000 user accounts whose users have not logged in during the previous 15/30/60 days either by using the console or through the Spam Quarantine Report.

Created less than 24 hours/7days/15 days ago

Lists the first 1000 user accounts that have been created in the console during the previous 24 hours/7 days/15 days either manually or automatically.

chuck_egress
Note
Should read, "...by users with a Customer Administrator role."
Page 41: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

41Configuring Symantec Hosted Mail SecurityManaging user accounts

5 To further narrow the search for a user account, select one of the following search filters, type the search criteria in the text field, and click Search:

You can use wildcard characters. The search is performed only on the prefix of the email address. If you want to include the domain in the search, you must type the at (@) symbol in the text field.

6 In the Users list, select the user accounts that you want to delete.

You can select up to 100 items in the list.

7 Under Add/Remove Users from Delete List, click the right-pointing arrow (the arrow that points to the Delete List).

8 Review the items in the Delete List to confirm your selections.

If the list includes items that you do not want to delete, select the items and click the left-pointing arrow (the arrow that points to the Users list).

9 Click Delete to remove the items that are listed in the Delete List.

You will be prompted to confirm the action. This action cannot be undone.

Adding user accounts automatically through SMTP DiscoveryWhen you enable the SMTP Discovery option for a domain, Symantec Hosted Mail Security automatically adds user accounts to the domain based on SMTP message transactions. It creates the account only after several messages have been successfully delivered to the recipient within a certain time period and the account does not already exist. The number of delivered messages varies due to system-related factors. The typical range is three to seven messages. The time period within which the messages must be received varies by the configuration settings for your mail transfer agent (MTA). The time range is typically one day.

The email messages must be addressed to a primary domain and must successfully pass through the filtering policies. Symantec Hosted Mail Security does not automatically create user accounts for alias domains. For security reasons, if the messages were denied delivery by your MTA or if the messages were quarantined or denied because of filtering policy violations, the user account is not added.

equals The user account must match exactly with the text that you type in the text field.

starts The user account must start with the characters that you type in the text field.

contains The user account must contain the characters that you type in the text field.

Page 42: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

42 Configuring Symantec Hosted Mail SecurityManaging user accounts

When Symantec Hosted Mail Security automatically creates a new user account, it assigns the user account to the User role and assigns it the default configurations that are defined for that domain. It does not automatically create a password for the user account. For the purposes of group policies, the user is also included in the default ungrouped users group for that user’s domain.

Deleting user accounts automatically through SMTP DiscoveryWhen you enable the SMTP Discovery option for a domain, Symantec Hosted Mail Security will automatically delete user accounts if all of the following criteria are met:

■ Your mail transfer agent (MTA) permanently denies delivery of the email because of an invalid email address.

Messages are not automatically deleted if the failed delivery is caused by a temporary condition.

■ No logons have been recorded for the user account.

■ None of the configuration settings for the user account have changed (for example, Allow or Deny lists, Spam Quarantine Report settings).

■ No Spam Quarantine Report has been generated for the user account.

When an account is deleted, all of the information that is associated with that account is removed. This includes quarantine and reporting information.

About access rights for the User roleUsers that you assign to the User role have limited rights within Symantec Hosted Mail Security. They can view information about messages that were quarantined for spam and have limited control over spam policy settings. They cannot change virus or content filtering policy settings and cannot view messages or attachments that have been quarantined for virus or content filtering violations.

Depending on your configuration settings, those assigned to the User role can do the following:

■ View, release, or delete email messages from the Spam Quarantine.

■ Add, edit, or delete sender email addresses in their personal Allow and Deny lists.

■ If enabled, select whether the Spam Quarantine Report should list all of the messages that are contained in the spam quarantine or only the messages that have been quarantined since the last report.

Page 43: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

43Configuring Symantec Hosted Mail SecurityManaging user accounts

■ If enabled, choose to receive a text-only notification message instead of a Spam Quarantine Report.

■ If enabled, select whether email messages are filtered for potential spam content.

Users can also select the action to take on messages that are identified as having a medium or high likelihood of being spam.

■ Select how often they want to receive the Spam Quarantine Report.

■ If enabled, select the languages in which they wish to receive email.

■ If enabled, add or delete email addresses that are aliased to their primary email address.

Users can perform these actions only for the email addresses that an administrator has assigned to them.

For more information, see the Symantec Hosted Mail Security Console and Spam Quarantine User’s Guide.

Using alias email addresses to manage user accountsSymantec Hosted Mail Security lets you use alias email addresses to associate multiple email addresses with one primary email address. Alias email addresses let users who have multiple email addresses manage all of their quarantine areas and reports from a primary account. The configuration settings for the primary email address apply to all alias email addresses that are associated with it.

When an email message passes successfully through the filtering process, it is delivered to the designated primary or alias email address. Symantec Hosted Mail Security redirects the message to a primary address only if a filtering violation occurs. Messages that are addressed to an alias email address that are quarantined for a filtering violation are sent to the quarantine for the primary email address. If the message is released from the quarantine, it is sent to the primary email address.

By default, all users who have rights to access Symantec Hosted Mail Security can add aliases for their own primary email address. The maximum number of user aliases is five aliases per user. Users can add aliases by logging on to the console directly or through a Spam Quarantine report.

If you are assigned to a Domain Administrator role or higher, you can prevent users from adding their own aliases. You can also lower the number of aliases that users can add.

chuck_egress
Note
Change to, "assigned to a Customer Administrator role, you can prevent...
Page 44: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

44 Configuring Symantec Hosted Mail SecurityManaging user accounts

Preventing users from adding their own aliasesThe User Aliases feature is enabled by default, which lets all users who have rights to access Symantec Hosted Mail Security add aliases for their own primary email address. You can prevent users from adding their own aliases by disabling this feature. If you disable the User Aliases feature, only users with Domain Administrator or higher level rights can add user aliases.

To prevent users from adding their own aliases

1 On the Symantec Hosted Mail Security Console, on the console toolbar, click Users.

2 On the User Management toolbar, click Alias Settings.

3 On the User Management page, if applicable, in the Domain list, select the domain name that you want to configure.

4 Under User Aliases, click Disabled.

5 Click Update.

Limiting the number of email aliases per userBy default, the maximum number of user aliases is five aliases per user. If you are assigned to a Domain Administrator role or higher, you can lower this limit.

To limit the number of email aliases per user

1 On the Symantec Hosted Mail Security Console, on the console toolbar, click Users.

2 On the User Management toolbar, click Alias Settings.

3 On the User Management page, if applicable, in the Domain list, select the domain name that you want to configure.

4 In the Aliases per user field, type the number of aliases that you want to allow per user.

This field is available only if the Enabled option is selected.

5 Click Update.

Adding alias email addressesIf you are assigned to a Domain Administrator or higher level role, you can add email aliases for yourself or for other users by using the console. To add an alias for another user, the user must have the same or lower level rights. For example, a Domain Administrator can add an alias to another Domain Administrator account, but cannot add an alias to a Customer Administrator account.

chuck_egress
Note
Change to "....only users with a Customer Administrator role can add user aliases."
chuck_egress
Note
Please check with MX Logic on this first paragraph. The Domain administrator role has changed as a result of the new Group Level policy features. I'm not sure how managing user aliases has changed....
Page 45: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

45Configuring Symantec Hosted Mail SecurityManaging user accounts

Users who are assigned to the Quarantine Manager, Reports Manager, or User role can only add alias email addresses to their own primary addresses. Depending on your configuration settings, they can add alias email addresses by logging on to the console directly or through a Spam Quarantine Report.

For more information, see the Symantec Hosted Mail Security Console and Spam Quarantine Report User’s Guide.

User aliases must be unique names. They must also be valid email addresses that your mail server is configured to recognize.

Note: You must have Domain Administrator or higher level rights to perform this procedure.

To add alias email addresses

1 On the Symantec Hosted Mail Security Console, on the console toolbar, click Users.

2 On the User Management page, select the user name (email address) to which you want to add an alias email address.

3 Under User Details, click Edit User Aliases.

4 Under Add a User Alias Email Address, in the field, type the alias name that you want to use.

5 Click Add.

6 Repeat steps 4-5 for each alias that you want to add.

7 When you are finished, click Done.

Deleting email addressesAny user can delete alias email addresses. You must have Domain Administrator or higher level rights to delete primary email addresses. Users with lower-level rights who need to delete a primary account can convert the primary address to an alias address and then delete the former primary address.

If you delete an alias email address, its association with the primary email address is removed. If the user continues to receive messages that are addressed to the email address that you deleted, the SMTP Discovery feature may automatically recreate the deleted address. If this happens, the email address is added as a primary account with the default configuration settings for a User.

chuck_egress
Note
I believe all of this is now dependent upon being a Customer Administrator. Again, please check with MX Logic.
chuck_egress
Note
Change to, "....have Customer Administrator level rights to delete...."
Page 46: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

46 Configuring Symantec Hosted Mail SecurityManaging user accounts

To delete a primary email address

1 On the Symantec Hosted Mail Security Console, on the console toolbar, click Users.

2 On the User Management page, select the user name (email address) that you want to delete.

3 Under User Details, click Delete User.

You will receive a confirmation prompt to confirm the action.

4 To continue, click OK.

This action cannot be undone.

To delete an alias email address

1 On the Symantec Hosted Mail Security Console, on the console toolbar, click Users.

2 On the User Management page, check Show User Aliases.

3 Select the alias email address that you want to delete.

4 Under User Details, click Delete User.

You will receive a confirmation prompt to confirm the action.

5 To continue, click OK.

This action cannot be undone.

6 Click Done.

Page 47: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

47Configuring Symantec Hosted Mail SecurityManaging user accounts

To delete multiple alias email addresses

1 On the Symantec Hosted Mail Security Console, on the console toolbar, click Users.

2 On the User Management page, select the primary address that contains the alias addresses that you want to delete or convert.

3 Under User Details, click Edit User Aliases.

4 Under Email Addresses for, click Delete next to the alias email address that you want to delete.

The alias email address is deleted immediately without confirmation.

5 Repeat step 4 for each alias email address that you want to delete.

6 When you are finished, click Done.

Converting primary addresses to aliasesYou can convert a primary email address into an alias email address in the following ways:

■ Within a set of primary email addresses and associated alias email addresses, select an alias address as the primary address.

The alias email address must contain a primary domain name. Because alias domains are virtual domains, you cannot designate an alias email address that has an alias domain as the primary address.

You can use this option to convert a primary email address to an alias address so that you can delete it.

■ Add the name of an existing primary address as an alias to another primary email address.

This deletes the former primary address from the system. The quarantine information for the former primary address is merged with the other primary email address.

If the primary address that you want to convert to an alias address contains other alias email addresses, you must delete the other alias addresses first. Nested levels of alias email addresses are not allowed.

To convert primary addresses to aliases

1 On the Symantec Hosted Mail Security Console, on the console toolbar, click Users.

2 On the User Management page, select the user name (email address) to which you want to add an alias email address.

3 Under User Details, click Edit User Aliases.

Page 48: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

48 Configuring Symantec Hosted Mail SecurityManaging user accounts

4 Under Email Addresses for, select the alias email address that you want to designate as the primary address.

This designates the alias address as the primary address. The former primary address becomes an alias address.

5 Click Done.

Viewing information about user configurationThe User Management page lists the user accounts that are in the selected domain. You can use this page to view basic information about the filtering policies that are enabled for the user, view whether the user has recently logged on to the console, and perform other configuration tasks.

Editing user accountsYou can edit a user’s account to change a user’s role and password, configure the settings for Spam Quarantine Reports, and define user-level policies.

For more information about policy settings, see the descriptions of the domain-level policies that are provided in this guide.

For more information about user-level policies or about working in the console, see the Symantec Hosted Mail Security Console and Spam Quarantine User’s Guide.

To edit a user account

1 On the Symantec Hosted Mail Security Console, on the console toolbar, click Users.

2 On the User Management page, select the name of the user that you want to edit.

3 On the User Management page, click User Details.

4 Click Edit User.

Page 49: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

49Configuring Symantec Hosted Mail SecurityAbout user authentication methods

About user authentication methodsTable 2-8 descibes the methods used to authenticate users who manually log on to the Symantec Hosted Mail Security Console.

Users who access the console through the Spam Quarantine Report are logged on automatically and do not need to provide a user name and password. However, their access within the console is limited to their spam quarantine.

Selecting password authenticationPassword authentication lets you authenticate users who manually log on to the Symantec Hosted Mail Security Console against the user names and passwords that are maintained in a user database in the console.

You must set up a user account in the console or each user. You can use the SMTP Discovery feature to create your user accounts; however, you must manually set the password for the user accounts.

Table 2-8 Logon authentication methods

Authentication method Description

Password authentication Authenticates users against the user names and passwords that are maintained in a user database in the console.

The user account must be defined in the console.

Lightweight Directory Access Protocol (LDAP) authentication

Authenticates users against your corporate LDAP server. Users can type the same log on credentials that they use for their network log on accounts to log on to the console.

The user account must be defined in the LDAP server and in the console.

Post Office Protocol (POP3) authentication

Authenticates users against the user accounts that are maintained on your corporate POP3 mail server.

The user account must be defined in the POP3 mail server and in the console.

Internet Message Access Protocol (IMAP) authentication

Authenticates users against the user accounts that are maintained on your corporate IMAP mail server.

The user account must be defined in the IMAP mail server and in the console.

Page 50: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

50 Configuring Symantec Hosted Mail SecurityAbout user authentication methods

To select password authentication

1 On the Symantec Hosted Mail Security Console, on the console toolbar, click Setup.

2 On the Configuration toolbar, click Authentication.

3 On the Configuration page, if applicable, in the Domain list, select the name of the domain that you want to configure.

4 In the Authentication Type list, click Passwords.

5 Click Save Changes.

Selecting LDAP authenticationYou can configure Symantec Hosted Mail Security to query your corporate LDAP server to authenticate users who manually log on to the console. Users can type the same log on credentials that they use for their network log on accounts to log on to the console.

You must set up a user account in the console for each user. You can use the SMTP Discovery feature to create your user accounts. The user account must also be defined on your LDAP server.

Before you can apply this authentication type, you must successfully complete a test transaction to a test email address to confirm connectivity to the LDAP server.

After you apply this authentication type, if the LDAP server is unavailable, you must be assigned to the Domain Administrator role to log on to the console. You can log on using your administrator log on account to change the authentication type or to reset passwords. Users who are assigned to the User, Reports Manager, or Quarantine Manager roles can only access the console through the Spam Quarantine Report if the LDAP server is unavailable. Access within the console is limited to the spam quarantine.

To select LDAP authentication

1 On the Symantec Hosted Mail Security Console, on the console toolbar, click Setup.

2 On the Configuration toolbar, click Authentication.

3 On the Configuration page, if applicable, in the Domain list, select the name of the domain that you want to configure.

4 In the Authentication Type list, click LDAP.

5 In the Directory Type list, select one of the following:

chuck_egress
Note
Note. This is correct. The Domain Administrator role does permit Setup functionality, including authentication type selection.
Page 51: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

51Configuring Symantec Hosted Mail SecurityAbout user authentication methods

■ Active Directory: Select this option if your LDAP server users Microsoft Active Directory Services.

■ Other LDAPv3 Directory: Select this option if your LDAP server uses another type of directory service. The directory service must be compatible with LDAPv3.

6 In the Server Hostname field, type the fully qualified host name or IP address of the LDAP server.

7 If your LDAP server uses the Secured Socket Layer (SSL) protocol, check Enable SSL.

8 In the Server Port field, type the port number of the LDAP server that Symantec Hosted Mail Security should use to connect to it.

Port 389 is the standard port for LDAP communication if you do not use SSL Port 636 is the standard port for LDAP communication if you use SSL.

9 In the Search Bind DN field, type the Berkeley Internet Name Domain (BIND) distinguished name of a user in the directory on the LDAP server that has permission to search and retrieve information about any user.

10 In the Search Bind Password field, type the password for the user name that you typed in the Search Bind BN field.

11 In the Search Base DN field, type the distinguished name of the directory entry under which all user entries are listed.

12 In the Email Attribute field, type the LDAP attribute that contains a user’s email address, for example mail.

13 In the Test Email Address field, type the email address that you want to use to test connectivity to the LDAP server.

This must be a valid address that is configured on the LDAP server.

14 In the Test Password field, type the password for the email address that you typed in the Test Email Address field.

15 If you want to customize the search parameters that are used to communicate with the LDAP server, check Advanced, and then in the Search Filter field, type the search filter that you want to use.

The Search filter field appears only if you check Advanced. The default search filter is mail={[email protected]}.

16 Click Test LDAP to send a test transaction to the email address that is typed in the Test Email Address field.

You must perform this step and the transaction must be successfully completed before you can save the settings on the LDAP Authentication page.

17 Click Save Changes.

Page 52: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

52 Configuring Symantec Hosted Mail SecurityAbout user authentication methods

Selecting POP3 authenticationYou can configure Symantec Hosted Mail Security to query your corporate POP3 mail server to authenticate users who manually log on to the console.

You must set up a user account in the console for each user. You can use the SMTP Discovery feature to create your user accounts. The user account must also be defined on your POP3 server.

Before you can apply this authentication type, you must successfully complete a test transaction to a test email address to confirm connectivity to the POP3 server.

After you apply this authentication type, if the POP3 server is unavailable, you must be assigned to the Domain Administrator role or higher user role to log on to the console. You can log on using your administrator log on account to change the authentication type or to reset passwords. Users who are assigned to the User, Reports Manager, or Quarantine Manager roles can only access the console through the Spam Quarantine Report if the POP3 server is unavailable. Access within the console is limited to the spam quarantine.

To select POP3 authentication

1 On the Symantec Hosted Mail Security Console, on the console toolbar, click Setup.

2 On the Configuration toolbar, click Authentication.

3 On the Configuration page, if applicable, in the Domain list, select the name of the domain that you want to configure.

4 In the Authentication Type list, click POP3.

5 In the Server Hostname field, type the fully qualified host name or IP address of the POP3 server.

6 If your POP3 server uses the Secured Socket Layer (SSL) protocol, check Enable SSL.

7 In the Server Port field, type the port number of the POP3 server that Symantec Hosted Mail Security should use to connect to it.

Port 110 is the standard port for POP3 communication if you do not use SSL Port 995 is the standard port for POP3 communication if you use SSL.

8 If your POP3 server requires a complete email address, for example, [email protected], check Use Full Email Address.

Optionally, you can type a character or symbol to replace the at symbol (@) in the email address. This option is available only if you check Use Full Email Address.

Page 53: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

53Configuring Symantec Hosted Mail SecurityAbout user authentication methods

If your POP3 server supports partial email addresses, for example, yourname, you can leave the Use Full Email Address checkbox unchecked.

9 In the Test Email Address field, type the email address that you want to use to test connectivity to the POP3 server.

This must be a valid address that is configured on the POP3 server.

10 In the Test Password field, type the password for the email address that you typed in the Test Email Address field.

11 Click Test POP3 to send a test transaction to the email address that is typed in the Test Email Address field.

You must perform this step and the transaction must be successfully completed before you can save the settings on the POP3 Authentication page.

12 Click Save Changes.

Selecting IMAP authenticationYou can configure Symantec Hosted Mail Security to query your corporate IMAP mail server to authenticate users who manually log on to the console.

You must set up a user account in the console for each user. You can use the SMTP Discovery feature to create your user accounts. The user account must also be defined on your IMAP server.

Before you can apply this authentication type, you must successfully complete a test transaction to a test email address to confirm connectivity to the IMAP server.

After you apply this authentication type, if the IMAP server is unavailable, you must be assigned to the Domain Administrator role or higher user role to log on to the console. You can log on using your administrator log on account to change the authentication type or to reset passwords. Users who are assigned to the User, Reports Manager, or Quarantine Manager can only access the console through the Spam Quarantine Report if the IMAP server is unavailable. Access within the console is limited to the spam quarantine.

To select IMAP authentication

1 On the Symantec Hosted Mail Security console, on the console toolbar, click Setup.

2 On the Configuration toolbar, click Authentication.

3 On the Configuration page, if applicable, in the Domain list, select the name of the domain that you want to configure.

4 In the Authentication List, click IMAP.

Page 54: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

54 Configuring Symantec Hosted Mail SecurityAbout groups and group policy sets

5 In the Server Hostname field, type the fully qualified host name or IP address of the IMAP server.

6 If your IMAP server uses the Secured Socket Layer (SSL) protocol, check Enable SSL.

7 In the Server Port field, type the port number of the IMAP server that Symantec Hosted Mail Security should use to connect to it.

Port 143 is the standard port for POP3 communication if you do not use SSL Port 993 is the standard port for POP3 communication if you use SSL.

8 If your IMAP server requires a complete email address, for example, [email protected], check Use Full Email Address.

Optionally, you can type a character or symbol to replace the at symbol (@) in the email address. This option is available only if you check Use Full Email Address.

If your IMAP server supports partial email addresses, for example, yourname, you can leave the Use Full Email Address checkbox unchecked.

9 In the Test Email Address field, type the email address that you want to use to test connectivity to the IMAP server.

This must be a valid address that is configured on the POP3 server.

10 In the Test Password field, type the password for the email address that you typed in the Test Email Address field.

11 Click Test IMAP to send a test transaction to the email address that is typed in the Test Email Address field.

You must perform this step and the transaction must be successfully completed before you can save the settings on the IMAP Authentication page.

12 Click Save Changes.

About groups and group policy setsGroup policy sets are configurable message management options for an unlimited number of user groups which you define. Policies collect the spam, virus, and content filtering verdicts and actions for a group. Once you subscribe a group to a policy set, email sent to any of that group’s members will be filtered using the policy configurations defined in the policy set.

To create a group and add users

1 On the Symantec Hosted Mail Security console, on the console toolbar, click Users.

2 On the User Management toolbar, click Groups.

Page 55: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

55Configuring Symantec Hosted Mail SecurityAbout groups and group policy sets

The Group Configuration panel is displayed.

3 Click New.

4 Enter a name and description for this group, and click OK.

5 With the new group selected in the Groups list, click the Users tab.

The Users panel is displayed, with all users in the domain listed in the listbox.

6 As desired, select All users, Users not in a group, or Users not in this group from the drop-down list to affect the list of users displayed.

You can also use the search box below the listbox to find a specific user or subset of users.

7 Select the user or users you want to add to this group and click Add.

8 When you have finished adding users to this group, click Apply.

To subscribe a group or groups to a policy set:

1 On the Symantec Hosted Mail Security console, on the console toolbar, click Policies.

The Policy Configuration page is displayed.

2 If applicable, in the Domain drop-down list, select the name of the domain for which you want to create the group.

The policy sets you have defined for that domain are displayed.

3 Select the policy to which you would like to subscribe a group or groups, and click the Group Subscriptions tab.

The Groups panel is displayed.

4 Select one or more groups from the Groups list box.

5 Click Add.

The groups are added to the Groups Subscribed to this Policy Set list box.

6 Click Apply.

Note: By default, all user accounts in the currently selected domain belong to the” ungrouped users in <domain>” group, where <domain> is the domain name. On the Group Subscriptions tab, this group is displayed as the domain name itself.

Page 56: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

56 Configuring Symantec Hosted Mail SecurityAbout groups and group policy sets

Page 57: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

Chapter

3

Managing domain and user policies

This chapter includes the following topics:

■ About domain policies

■ Working with Sender Allow and Deny lists

■ About the Recipient Shield list

■ Working with antivirus policies

■ About antispam filtering policies

■ About content policies

■ Configuring file attachment policies

■ Specifying notification policies

■ About user-level policy configurations

■ About distribution lists

■ About Fail Safe protection

Page 58: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

58 Managing domain and user policiesAbout domain policies

About domain policiesSymantec Hosted Mail Security lets you configure global policies for filtering your incoming and outgoing email traffic. Global polices apply to the entire domain and to any alias domains that you add. You must have Domain Administrator or higher level rights to configure domain policies.

Editing domain policiesYou can add, view, or edit domain policies from the console.

To view or edit domain policies

1 On the Symantec Hosted Mail Security Console, on the console toolbar, click Policies.

2 If applicable, in the Domain drop-down list, select the name of the domain for which you want to create the policy.

The policy sets you have defined for that domain are displayed.

3 Select the policy set you want to view or edit.

Tabs containing the policy set information are displayed. The tabs displayed will depend on whether the policy set is for inbound or outbound mail. Table 3-1 and Table 3-2 describe the available settings.

4 Click on a tab to view or edit its contents.

5 Edit the policy settings as desired and click Apply.

Table 3-1 describes the policies available for inbound email traffic.

Table 3-1 Inbound email policy configuration

Policy Description

Allowow/Deny Lets you define a list of sender addresses from which email is always accepted or always denied.

Email addresses that are included in the Allow List are exempt from spam and content filtering. All messages are scanned for viruses.

Exempt Users Lets you define a list of recipient email addresses that you want to exclude from spam and content filtering.

All messages are scanned for viruses.

Recipient Shield Lets you define a list of recipient email addresses for which message delivery is always denied. You can configure separate actions for handling messages that are denied because the address is contained in the deny list or because the recipient name is not a valid address.

chuck_egress
Note
Type "Allow"
chuck_egress
Note
Change to "...must have Customer Administrator level rights to..."
Page 59: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

59Managing domain and user policiesAbout domain policies

Table 3-2 describes policies available for outbound email traffic

Anti-spam Lets you define spam filtering and reporting policies and define a list of recipient email addresses that are always excluded from spam filtering.

Anti-virus Lets you define the policies for handling messages and attachments that contain viruses and the options for handling messages and attachments that cannot be cleaned.

Attachment Lets you define filtering policies for attachments by file type and file size, define policies for specific file names, and define policies for blocking certain types of attachments that are considered as high risk.

Content Lets you select the content categories by which messages are filtered, specify the actions to take on message that violate content filtering rules, and add custom content categories and keywords.

HTML Shield Lets you define the policies for handling messages that contain HTML code. You can also enable or disable the blocking of spam beacons and enable or disable the automatic replacement of graphics that are contained within an HTML message with a default transparent image.

ClickProtect Lets you enable or disable a user’s ability to follow a URL or other Web hyperlink that is contained in the body of an email message. You can define a list of URLs that are always excluded from click-through protection.

Language Lets you specify allowed languages for messages your users receive.

Notifications Lets you configure the notification options for alerting the sender and recipient if a message or attachment is quarantined, denied, or stripped because of an antivirus, content, or attachment filtering violation.

Table 3-2 Outbound email policy configuration

Policy Description

Exempt Users Lets you define a list of recipient email addresses that you want to exclude from spam and content filtering.

All messages are scanned for viruses.

Table 3-1 Inbound email policy configuration

Policy Description

Page 60: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

60 Managing domain and user policiesWorking with Sender Allow and Deny lists

Working with Sender Allow and Deny listsSymantec Hosted Mail Security lets you define a global list of senders from which email messages are always accepted or always denied. Incoming email messages from the email addresses that you include in the Allow List are exempt from spam and content filtering. Messages are always scanned for viruses.

Administrator-level lists take precedence over user-level lists in a top-down manner (for example, if the same address is added to a user-level Allow List and the domain-level Deny List, the address is always denied).

Each user can define a maximum of 50 email addresses in the user-level Deny List. There is no limit to the number of email addresses that can be defined in the Allow Lists or the domain-level Deny Lists.

Users can add senders to either list using the Message Quarantine page or using the Allow/Deny Sender Lists page.

For more information, see the Symantec Hosted Mail Security Console and Spam Quarantine User’s Guide.

You can define a single email address, a range of email addresses, an entire domain, or a specific IP address in either the Allow or Deny list.

For example, you can do any of the following:

■ Designate a single email address (for example, “[email protected]”) to force the email messages received from just that address to be always or never delivered.

Anti-virus Lets you define the policies for handling messages and attachments that contain viruses and the options for handling messages and attachments that cannot be cleaned.

Attachment Lets you define filtering policies for attachments by file type and file size, define policies for specific file names, and define policies for blocking certain types of attachments that are considered as high risk.

Content Lets you select the content categories by which messages are filtered, specify the actions to take on message that violate content filtering rules, and add custom content categories and keywords.

Notifications Lets you configure the notification options for alerting the sender and recipient if a message or attachment is quarantined, denied, or stripped because of an antivirus, content, or attachment filtering violation.

Table 3-2 Outbound email policy configuration

Policy Description

chuck_egress
Note
I think this limit may have been updated. Please check with MX Logic. It used to be 50 local deny lists and 100 local allow per user and 1000 at the domain level. I think it is now 100 for end-user level allow/deny and still 1000 for the domain but I'm not 100% sure.
Page 61: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

61Managing domain and user policiesWorking with Sender Allow and Deny lists

■ Designate an entire domain (for example, “abc.com”) to force the email messages received from all addresses from that domain to be always or never delivered.

■ Use wildcard characters to enter a range of email address (for example, j*@abc.com) to force the emails starting with “j” from that domain to be always or never delivered.

The same address string cannot be added multiple times in the same list or added to both the Allow and Deny lists. The Allow List overrides the Deny List. For example, if you designate a range of email addresses (for example, by designating an entire domain) in the Deny List, but then designate a single email address from that domain in the Allow List, the email from that single address will be always accepted while the email from any other address in the domain in the Deny list will be always denied.

You can add a predefined list of sender email addresses to the Allow or Deny lists. The predefined list must be in the following format:

■ Text file

■ One entry per line (email address)

■ File must be available for your browser to access

Table 3-3 and Table 3-4 describe the options for the Sender Allow or Deny lists.

Table 3-3 Options for the Sender Allow list.

Option Description

Add Address Type the email address or wildcard address to be added to the Sender Allow list.

Add Click to add the address in the Add Entry field to the Sender Allow list.

Remove Click to remove the selected items in the Sender Allow list.

More Options Click to display the rest of the options described below.

Upload List Type the full path and filename of the file containing the list of email addresses to be added to the Allow list.

Browse Click to navigate to the location of the file.

Upload Sender Allow List Click to upload the file entered in the Upload List field.

Page 62: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

62 Managing domain and user policiesWorking with Sender Allow and Deny lists

Table 3-4 describes the options for the Sender Deny list.

Download Sender Allow List Click to download the selected items in the Sender Allow list list as a .csv file (comma separated values).

Table 3-4 Options for the Sender Deny list

Option Description

Add Address Type the email address or wildcard address to be added to the Sender Deny list.

Add Click to add the address in the Add Entry field to the Sender Deny list.

Remove Click to remove the selected items in the Sender Deny list.

If the Sender is on the Sender Deny List

The radio button you select specifies what is done with email from addresses on the Sender Deny list.

More Options Click to display the rest of the options described below.

Upload List Type the full path and file name of the file containing the list of email addresses to be added to the Sender Deny list.

Browse Click to navigate to the location of the file.

Upload Sender Deny List Click to upload the file entered in the Upload List field.

Download Sender Deny List Click to download the selected items in the Sender Deny list list as a .csv file (comma separated values).

Table 3-3 Options for the Sender Allow list.

Option Description

Page 63: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

63Managing domain and user policiesAbout the Recipient Shield list

About the Recipient Shield listYou can define a list of recipient email addresses for which email is always rejected and the actions that you want to take. You can also configure separate actions for message that have been denied delivery by your mail transfer agent (MTA) because the address is not valid or because it does not exist.

You can add a predefined list of recipient email addresses. The predefined list must be in the following format:

■ Text file

■ One entry per line (email address)

■ File must be available for your browser to access

Table 3-5 describes the options that are available on the Recipient Shield page.

Table 3-5 Recipient Shield page options

Option Description

Add Address Type the complete email address to be added to the Recipient Shield list. Wildcard characters, domain names, and IP addresses are not allowed.

Add Click to add the email address in the Add Entry field to the Recipient Shield list.

Remove Click to remove the selected items in the Recipient Shield list box.

If the recipient is on the Recipient Deny list…

Click to select the desired action when an email is received for one of the email addresses in the Recipient Shield list. Valid values are the following:

■ Accept and bounce the message: The email is accepted, but is then returned to the sender with a denial message.

■ Accept and silently discard the message: The email is accepted, but is discarded without notification.

■ Deny delivery: The email is denied delivery.

■ Do nothing: The email is forwarded to the recipient email address with no processing applied.

Upload List Type the full path and file name of the file containing the list of email addresses to be added to the Recipient Shield list.

Browse Click to navigate to the location of the file.

Upload Recipient Shield List

Click to upload the file entered in the Upload List field and add the addresses in it to the Recipient Shield list box.

Page 64: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

64 Managing domain and user policiesWorking with antivirus policies

Working with antivirus policiesYou can configure the actions to take if Symantec Hosted Mail Security detects a virus in an email message or attachment.

Note: To protect your system from virus outbreaks, Symantec Hosted Mail Security may automatically deny messages that contain a widespread, known virus or worm regardless of your antivirus policy settings.

Download Recipient Shield List

Click this command to save the Recipient Shield list list as a .csv file (comma separated values).

Table 3-5 Recipient Shield page options

Option Description

Page 65: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

65Managing domain and user policiesWorking with antivirus policies

Specifying actions for antivirus classificationTable 3-6 describes the options that are available on the Antivirus Policies page.

Table 3-6 Antivirus Policies page options

Option Description

If a message contains a virus:

Designates the action to take if an email contains a virus:

■ Clean the message: Symantec Hosted Mail Security attempts to remove the virus content and save the remainder of the message. If the clean is successful, the email is sent to the recipient with inserted text indicating that the email had been cleaned of a virus. If this action is selected, you must also select an action to take if the message cannot be cleaned.

■ Quarantine the message after attachment is stripped: The infected attachment is stripped from the email and the email is sent to the virus quarantine area without notification to the recipient. Text is inserted into the email notifying the recipient that an attachment has been stripped.

■ Strip the attachment: The infected attachment is stripped from the email and the email is sent to the recipient. Text is inserted into the email notifying the recipient that an attachment has been stripped.

■ Deny Delivery: The email is denied delivery.

■ Do Nothing: The email is sent to the recipient with no filtering or notification.

Caution: This action is potentially hazardous because the email will still contain the virus.

If a message cannot be cleaned:

Designates the action to take if an attempted clean of an infected email fails:

■ Quarantine the message after attachment is stripped: The infected attachment is stripped from the email and the email is sent to the virus quarantine area without notification to the recipient. Text is inserted into the email indicating that an attachment has been stripped.

■ Strip the attachment: The infected attachment is stripped from the email and the email is sent to the recipient. Text is inserted into the email notifying the recipient that an attachment has been stripped.

■ Deny Delivery: The email is denied delivery.

Update Policy Click this button to save all changes on this page and return to the Current Policies page. If you exit this page without clicking the Update Policy button, all unsaved changes are discarded.

Page 66: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

66 Managing domain and user policiesAbout antispam filtering policies

Configuring antivirus notificationsYou can specify whether or not to send email notifications to the senders and intended recipients of messages that were acted upon by Symantec Hosted Mail Security due to virus infection. You can choose to send messages when one or more of the following actions were taken due to virus infection: the message was quarantined, denied delivery, or stripped.

About antispam filtering policiesSymantec Hosted Mail Security lets you configure how to handle messages that violate antispam policies, configure the policies controlling Spam Quarantine Reports, create a list of user accounts whose email will not be filtered for spam, and configure spam keyword groups that are used to filter spam.

Specifying actions for antispam classificationsYou can designate what action to take if an email is assigned a spam likelihood level of medium or high. You can designate separate actions for each likelihood level.

Cancel Click this button discard all unsaved changes on this page and return to the Current Policies page.

Table 3-6 Antivirus Policies page options

Option Description

Page 67: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

67Managing domain and user policiesAbout antispam filtering policies

Table 3-7 describes the options that are available on the Antispam Classification page.

Table 3-7 Antispam classification options

Option Description

If a message is probably spam (medium likelihood)

Designates the desired action if an email is determined to have a medium likelihood of being spam.

Prepend “[SPAM]”: If selected, the subject line of the email has the phrase [SPAM] added to the beginning of the subject text and the email is sent to the recipient email address.

Quarantine the message: If selected, the email is added to the recipient’s spam quarantine area and is not sent to the recipient email address. The email is reported in the recipient’s Spam Quarantine Report.

Deny Delivery: The email is denied delivery.

Do Nothing: If selected, the email is forwarded to the recipient email address with no processing applied.

Add the X-Header: If selected, the header information you specify is added as an X-header to the message

If a message is probably spam (high likelihood)

Designates the desired action if an email is determined to have a high likelihood of being spam.

Prepend “[SPAM]”: If selected, the subject line of the email has the phrase “[SPAM]” added to the beginning of the subject text and the email is sent to the recipient email address.

Quarantine the message: If selected, the email is added to the recipient’s spam quarantine area and is not sent to the recipient email address. The email is reported in the recipient’s Spam Quarantine Report.

Deny Delivery: The email is denied delivery.

Do Nothing: If selected, the email is forwarded to the recipient email address with no processing applied.

Add the X-Header: If selected, the header information you specify is added as an X-header to the message.

Enable Global Deny List

Determines whether the Global Deny list that is defined at the system level is used. This option is checked by default.

Update Click this button to save all changes on this page and return to the Current Policies page. If you exit this page without clicking the Update button, all unsaved changes are discarded.

Page 68: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

68 Managing domain and user policiesAbout antispam filtering policies

Specifying actions for antispam content groupsYou can configure the action to take if an email message contains any content that is defined in any of the antispam content groups. Spam content filtering works by comparing the content of an email against predefined lists of keywords and phrases. You can define a different action for each antispam content group.

You can configure Symante Hosted Mail Security to always allow specific content strings that you define, which means email containing these strings will be accepted despite any other spam filtering. Similarly, you can designate specific content strings for which email should always be denied, which causes the email to be filtered as spam with the designated email action.

If the Quarantine action is designated, email messages that violate the given policy are placed in the Spam Quarantine area for the recipient’s account and are reported in the Spam Quarantine Report. Users will be able to access emails that were quarantined because they violated this email policy.

This email policy is separate from the Content Keyword email filtering. Email messages that quarantined for those types of content filtering violations are placed in the Content Quarantine area for the user account, which is accessible only by Quarantine Managers or higher level users.

Although you can define the same content on both the Antispam > Content Group page and on the Content > Content Group page, the policies in the Content > Content Group are applied. Content keyword policies override antispam content policies.

◆ To view or edit an antispam content group, select the group from the list and click Update.

◆ To create a new antispam content group, click New.

Table 3-8 describes the options that are available on the Antispam Content Groups page.

Cancel Click this button to discard all unsaved changes on this page and return to the Current Policies page.

Table 3-7 Antispam classification options

Option Description

Table 3-8 Antispam Content Group page options

Option Description

Group Name Enter the name of the spam content group.

Page 69: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

69Managing domain and user policiesAbout antispam filtering policies

Content box Designates the keywords and phrases in the spam content group using the following rules:

■ Each entry must be on its own line (separated by a hard return).

■ If an entry contains multiple words, the entire phrase is used as is.

■ To specify individual words, each word must be on its own line.

■ Letter-case (for example, upper case or lower case) is ignored.

■ You can use the wildcards “?” and “*” to designate the following:“?” (without quotes) designates any single character, including white space characters (for example, tab, space, line break, etc.).

For example, “w?y” would catch “way”, “why”, and “w y”.

“*” (without quotes) at the end of the string designates multiple characters until a white space character is encountered.

For example, “refi*” would catch “refinance”, “refinancing” and “refine”.

“*” (without quotes) followed by a literal character designates multiple characters, including white space characters, until the designated character is encountered.

For example, “refi*d” would catch “refinanced”, but would also catch “refinishing is a great way to save d”.

Note: It is possible to create wildcard combinations that will filter valid email, including all email, and/or substantially slow email processing. Be very careful if you use wildcards to ensure that only the desired content is filtered.

To specify a literal asterisk or question mark, you must precede it with a backslash (for example, “\*” or “\?”).

For example, “why\?” (without quotes) would catch the string “why?” and the question mark would not be used as a wildcard.

Table 3-8 Antispam Content Group page options

Option Description

Page 70: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

70 Managing domain and user policiesAbout antispam filtering policies

Configuring Spam Quarantine reportingYou can configure how Symantec Hosted Mail Security reports to you about quarantined spam email and configure the options available to users within the Spam Quarantine Reports.

Action Designate what action to take if an email contains content that is in the spam content group from this drop-down list.

■ Tag Message: The phrase [SPAM] is added to the subject line of the email at the beginning of the subject text, and the email is sent to the recipient email address.

■ Quarantine Message: The email is sent to the recipient’s spam quarantine area and is not sent to the recipient email address.

■ Deny Delivery: The email is denied delivery.

■ Allow

Active Check this option to activate the spam content group policy.

Table 3-8 Antispam Content Group page options

Option Description

Page 71: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

71Managing domain and user policiesAbout antispam filtering policies

Table 3-9 describes the options that are available on the Spam Reporting Policies page.

Table 3-9 Spam Reporting Policies page options

Option Description

Enable reporting for whom?

Click to select which users will receive Spam Quarantine Reports if their email is filtered for spam:

■ All users: All users within the Domain will receive Spam Quarantine Reports.

■ Selected users only: Only those users configured within the User Management pages will receive Spam Quarantine Reports.

Note: If spam email is quarantined for those users who are not configured to receive the Spam Quarantine Report, the users must log on to the Symantec Hosted Mail Security console (if enabled) to manage their spam quarantine area or will be unable to manage their spam quarantine area.

■ No one, disable reporting: No users within this domain will receive Spam Quarantine Reports.

Note: If spam email is quarantined for users in this domain, the users must log on to the Symantec Hosted Mail Security Console (if enabled) to manage their spam quarantine area or will be unable to manage their spam quarantine area.

Default Report Settings

Designates the default frequency and content of Spam Quarantine Reports. If enabled, users can override these settings.

Frequency Designates how often users will receive Spam Quarantine Reports if they have email in their spam quarantine area.

Never: The Spam Quarantine Reports are never sent. Users must log on to the Symantec Hosted Mail Security Console to manage their quarantined spam emails.

■ Every Day: The Spam Quarantine Reports are sent daily.

■ Every Weekday: The Spam Quarantine Reports are sent daily from Monday through Friday.

■ Every Monday: The Spam Quarantine Reports are sent each Monday.

■ Monday & Friday: The Spam Quarantine Reports are sent each Monday and Friday.

■ Monday, Wednesday, & Friday: The Spam Quarantine Reports are sent each Monday, Wednesday, and Friday.

Page 72: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

72 Managing domain and user policiesAbout antispam filtering policies

Report Type Designates the content of each Spam Quarantine Report sent to the users.

■ All Quarantined Messages: All emails in each user’s spam quarantine area are listed in the Spam Quarantine Report.

■ New Messages Since Last Report: Only those emails received since the previous Spam Quarantine Report are listed in the Spam Quarantine Report.

■ Text-only Summary: A text-only Spam Quarantine Summary is sent to the users with a link to their spam quarantines, instead of the Spam Quarantine Report. This option supports users with email applications that do not support HTML content.

HTML Format Designates whether the Spam Quarantine Reports will contain certain commands links.

■ HTML with Actions: The links Allow, Deny, and Release are enabled in the Spam Quarantine Reports.

■ HTML without Actions: The links Allow, Deny, and Release are disabled in the Spam Quarantine Reports. Users must log on to the console to perform these actions.

Report Security Settings

Designates the security settings used if a user logs on to the console using a hyperlink in the Spam Quarantine Reports.

Expire Spam Quarantine Report Links

Click to enable or disable whether the hyperlinks in the Spam Quarantine Reports become inactive after a designated time period. Once the hyperlinks are inactive, the user will not be able to use them to log on to the console from the Spam Quarantine Report to perform the selected action.

Report Links Expire After … Days

Designates the number of days after which the hyperlinks in the Spam Quarantine Report become inactive.

Restrict user rights when accessing quarantine from spam quarantine report

Click to enable or disable whether users who log on to the console using the Spam Quarantine Report will have their administrator rights enabled. This option affects Customer Administrators, Quarantine Managers, and Reports Managers.

If you check this option, administrator-level users will be logged in as users with user role of User from the Spam Quarantine Reports. This setting is recommended to provide additional security.

Table 3-9 Spam Reporting Policies page options

Option Description

Page 73: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

73Managing domain and user policiesAbout antispam filtering policies

Reporting Options Designates the security settings used if a user logs on to the console using a hyperlink in the Spam Quarantine Reports.

Allow users to personalize spam filtering actions

Click to enable or disable the ability of users to designate whether to use the default email actions or designate the email actions that should be applied to messages that have a medium or high likelihood of being spam.

Allow users to personalize delivery frequency

Click to enable or disable the ability of users to change the Frequency field setting for their Spam Quarantine Reports.

Allow users to personalize report type

Click to enable or disable the ability of users to change the Report Type field setting for their Spam Quarantine Reports.

Allow users to “opt out” of spam filtering

Click to enable or disable the ability of users to designate whether their email is filtered for spam.

Allow users to set a password

Click to enable or disable the ability of users to set their own passwords to log on the console.

Enable Always Deny shortcut from spam quarantine

Click to enable or disable the Always Deny command link in the Spam Quarantine Reports, the Message Quarantine pages, and the Safe Message View page.

Show Spam Score on User Quarantine Report

Click to enable or disable whether the spam likelihood scores will be included in the Spam Quarantine Reports.

Display message content in Safe Message View

Click to enable or disable the ability of users to view the body content of an email on the Safe Message View page.

Update Click this button to save all changes on this page. If you exit this page without clicking the Update button, all unsaved changes are discarded.

Cancel Click this button to discard all unsaved changes on this page and return to the Current Policies page.

(click for preview) Click this command to view a sample Spam Quarantine Report reflecting the settings on this page. The preview appears on another browser page. Click the Close page command on the preview page to close it.

Table 3-9 Spam Reporting Policies page options

Option Description

Page 74: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

74 Managing domain and user policiesAbout content policies

About content policiesContent filtering works by comparing the content of an email against predefined lists of keywords and phrases, which are called content groups. You can define a different action for each content group.

Symantec Hosted Mail Security provides some predefined content groups. These groups contain predefined content groups containing keywords and phrases that are commonly considered unacceptable or suspicious. You cannot edit these content groups, but you can designate whether they are used. You can also create your own customized lists of content keywords and phrases.

Editing and creating content groups◆ To view or edit a content group, select the group from the list and click

Update.

◆ To create a new content group, click New.

Table 3-10 describes the options that are available on the Content Groups page.

Table 3-10 Content Groups page options

Onscreen Item Description

Content Group Indicates the name of the content group. The following groups are predefined:

■ Profanity

■ Racially Insensitive

■ Sexual Overtones

Page 75: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

75Managing domain and user policiesAbout content policies

Keywords box Indicates the keywords and phrases in the content group. If the content group is a custom content group (not a predefined content group), type the keywords and phrases to be added to the content group using the following rules:

■ Each entry must be on its own line (separated by a hard return).

■ If an entry contains multiple words, the entire phrase is used as is.

■ To specify an individual word, each word must be on its own line.

■ Letter-case (for example, upper case or lower case) is ignored.

■ To specify a literal asterisk or question mark, you must precede it with a backslash (for example, “\*” or “\?”). For example, “why\?” (without quotes) would catch the string “why?” and the question mark would not be used as a wildcard.

You can use the wildcards “?” and “*” to designate the following:

■ “?” (without quotes) designates any single character, including white space characters (for example, tab, space, line break, etc.). For example, “w?y” would catch “way”, “why”, and “w y”.

■ “*” (without quotes) at the end of the string designates multiple characters until a white space character is encountered. For example, “refi*” would catch “refinance”, “refinancing” and “refine”.

■ “*” (without quotes) followed by a literal character designates multiple characters, including white space characters, until the designated character is encountered. For example, “refi*d” would catch “refinanced”, but would also catch “refinishing is a great way to save d”.

Caution: It is possible to create wildcard combinations that will filter valid email, including all email, or substantially slow email processing. Be very careful if you use wildcards to ensure that only the desired content is filtered.

Table 3-10 Content Groups page options

Onscreen Item Description

Page 76: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

76 Managing domain and user policiesAbout content policies

Specifying HTML Shield policesHTML Shield policies let you configure the polices for handling email message that contain an HTML attachment or that contain HTML coding within the body of the message.

Actions Designates what action to take if an email contains content that is in the content group.

■ Tag Subject – The phrase [CONTENT] is added to the subject line of the email at the beginning of the subject text and the email is sent to the recipient email address.

■ Quarantine: The email is sent to the recipient’s content quarantine area and is not sent to the recipient email address.

■ Deny: The email is denied delivery.

■ Allow: The email is allowed delivery

■ None: The email is forwarded to the recipient email address with no processing applied.

Silent Copy Designates whether a copy of the email is forwarded to a designated list of email addresses with no notification to the sender or recipient. By default, no silent copy is sent, but you can choose a distribution list from the drop-down list if you have defined one. For information about distribution lists, refer to “About distribution lists” on page 88.

Active If this is checked, the content group is currently being used to filter content.

Table 3-10 Content Groups page options

Onscreen Item Description

Page 77: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

77Managing domain and user policiesAbout content policies

Table 3-11 describes the options that are available on the HTML Shield Protection page.

Specifying ClickProtect policiesThe ClickProtect feature lets you configure whether URLs that are received in email messages can be clicked and followed by the user or are blocked. You can also designate an Allow List of URLs that are excluded from ClickProtect filtering.

Table 3-11 HTML Shield Protection page options

Option Description

HTML Shield Protection

Designates what level of HTML filtering is performed on email messages. Only one of this set of fields can be selected:

■ Low: If selected, designates that only malicious HTML tags are removed from the email and the email is then forwarded to the recipient. Text is added to the email to indicate that HTML content was removed.

■ Medium: If selected, designates that the listed HTML content is removed from the email and the email is then forwarded to the recipient. Text is added to the email to indicate that HTML content was removed.

■ High: If selected, designates that all HTML content is removed from the email and the email is then forwarded to the recipient. Text is added to the email to indicate that HTML content was removed.

■ None: If selected, designates that no HTML filtering is performed.

Enable spam “beacon” and web bug blocking

Designates whether email is filtered for spam beacons and web bugs.

Replace all image links with a default transparent image

Designates whether links to images in the HTML content are replaced with links to an image with one white pixel. Text is added to the email to indicate the substitution. This feature helps to prevent objectionable images from being received.

Page 78: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

78 Managing domain and user policiesAbout content policies

Table 3-12 describes the options that are available on the ClickProtect page.

Specifying language policiesSymantec Hosted Mail Security can identify what language an email is written in, and filter email based on this information. You can choose to allow Symantec Hosted Mail Security to only deliver email in certain languages, or you can allow all languages, which is the default setting. The default policy is to allow email in all languages.

Table 3-12 ClickProtect page options

Option Description

ClickProtect Designates what action will be performed if the user clicks on a URL in an email.

■ Disable ClickProtect: Allow the user to access the site designated by the URL in the email and do nothing.

■ Track all click throughs: Allow the user to access the site designated by the URL in the email, but log the click-through information.

■ Display warning message before redirecting: Display a dialog box with a customizable warning message. In the dialog box, the user can stop the click-through or continue to the site designated by the URL in the email.

■ Display warning message and deny click throughs: Display a dialog box with a customizable warning message and do not allow the user to continue with the click-through.

Warning Message Designates the warning text that will be displayed to users. You can edit this text.

Allow URL or IP Designates the list of URL addresses that you want to exclude from ClickProtect processing. A user clicking on a hyperlink to a URL in the Allow List will be sent to that URL with no warning or redirection. You can add URLs or IP addresses to this list.

Subscribe to Default Inbound ClickProtect Allow List

Designates whether the URL addresses defined in the ClickProtect Allow List in the Default Inbound policy set will also be included in the allowed URLs for this policy set. If this is the default inbound or outbound policy, this option is not available.

More Options Click to display the rest of the options described below.

Upload List Click to upload a file containing a list of URLs to be excluded from ClickProtect filtering.

Download List Click to download the current list of allowed URLs to a .csv (comma separated values) file.

Page 79: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

79Managing domain and user policiesConfiguring file attachment policies

Note: The language identification technology employed by Symantec Hosted Mail Security to identify the language of a message is not foolproof. Messages identified to be in a disallowed language are deleted.

Currently, Symantec Hosted Mail Security can identify the following languages:

■ Chinese

■ Dutch

■ English

■ French

■ German

■ Italian

■ Japanese

■ Korean

■ Portuguese

■ Russian

■ Spanish

Configuring file attachment policiesYou can figure the options for handling an email message that contains an attachment with a specific file type and how to handle an attachment that violates these policies.

Following are the types of attachment filtering that are available:

■ Specific file types (for example, “.exe” or “.php”)

■ Symantec Hosted Mail Security analyzes each attachment using the file extension, the MIME content type, and binary composition to determine the type of attachment.

■ Files that exceed a designated file size

■ Specific file names, including wildcards to designate a range of names (for example, “spreadsheet.zip” or “*guide.doc”)

■ Zip files that are encrypted, high risk, or that contain a file that violates one of the other attachment policies

Page 80: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

80 Managing domain and user policiesConfiguring file attachment policies

Table 3-13 describes the options that are available on the Attachment Control Policies page.

Table 3-13 Attachment Control Policies page options

Option Descriptions

Action to take for disallowed attachments:

Designates the action to take if an email contains an attachment that violated any of the attachment policies defined in the Allowed attachment types area:

■ Do Nothing: The email is sent to the recipient with no filtering or notification.

■ Deny delivery: The email is denied delivery.

■ Strip the attachment: The attachment that violated the policy is stripped from the email and the email is sent to the recipient. Text is inserted into the email notifying the recipient that an attachment has been stripped.

■ Quarantine the message: The email is sent to the attachment quarantine area without notification to the recipient.

Allowed attachment types:

Designates the rules for each attachment file type. By default, each listed attachment file type is disallowed unless you specifically select it to be allowed.

Note: The types Executables and Scripts are highlighted in red as types of most concern because it is relatively easy to make them self-invoke from an email.

Attachment Type Indicates the description of the attachment file type being configured.

Max Size Click to select a maximum size to allow for the file type. This field is ignored unless the file type is allowed.

Update Policy Click this button to save only the changes in the Allowed attachment types area and return to the Current Policies page. If you exit this page without clicking the Update Policy button, all unsaved changes in this area are discarded.

Page 81: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

81Managing domain and user policiesConfiguring file attachment policies

Attachment Filename Policies

Designates the rules for specific file names. This lets you to specify custom rules that override the global rules defined in the Allowed attachment types area.

This area indicates any currently defined file name policy rules. Following are descriptions of the columns:

■ Policy Type: Indicates that this policy rule applies to attachments.

■ Conditions: Indicates the rule statement in force.

■ Action: Indicates the action designated for the rule statement.

■ [Delete]: If desired, click this command to delete the rule statement.

Filename Designates the rule statement using multiple fields that you configure as follows:

First field designates the scope of the file name.

■ Is: File name must match exactly with the text typed in the second field.

■ Contains: File name can contain the text typed in the second field anywhere within the file name string.

■ ends with: File name must end with the text typed in the second field.

Second field designates the specific text that the file name must include.

Third field designates the action to take if an attachment is detected that matches this rule.

■ Allow Delivery: The email is sent to the recipient with no filtering or notification.

■ Quarantine Message: The email is sent to the attachment quarantine area without notification to the recipient.

■ Strip Attachment: The attachment that violated the policy is stripped from the email and the email is sent to the recipient. Text is inserted into the email notifying the recipient that an attachment has been stripped.

■ Deny delivery: The email is denied delivery.

Table 3-13 Attachment Control Policies page options

Option Descriptions

Page 82: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

82 Managing domain and user policiesConfiguring file attachment policies

Action Designates whether a silent copy of the email is forwarded to a predefined email address,

■ No Silent Copy: No copy of the email is forwarded to any email addresses.

■ Silent Copy: A copy of the email is forwarded to the listed email addresses without notification to the sender or recipient.

■ Create List: Click this command to open the Distribution List Management page.

Add Policy Click this button to add the new file name policy. If you exit this page without clicking the Add Policy button, all unsaved changes to the new file name policy are discarded.

Additional Attachment Policies

Designates the additional rules for predefined file types. These rules allow you to refine the policies for allowed file types. These rules override the rules defined in the Allow attachment types area.

You can specify separate actions for messages that contain high risk attachments and messages that contain encrypted container and for files within a container file that violate attachment filtering policies.

Message contains high-risk attachment

Designates the action to take if an email has an attachment that is a container file and that violates any of the following rules:

The container file itself is too large (> 500MB).

■ A file contained in the container file is too large (> 100MB).

■ The container file contains too many files (> 1500 files).

■ The compression rate is too high (> 95% compressed).

■ The container file contains too many levels of nesting (> 3 levels).

Following are the available actions.

■ Allow Delivery: The email is sent to the recipient with no filtering or notification.

■ Quarantine Message: The email is sent to the recipient’s attachment quarantine area without notification to the recipient.

■ Deny Delivery: The email is denied delivery.

Table 3-13 Attachment Control Policies page options

Option Descriptions

Page 83: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

83Managing domain and user policiesSpecifying notification policies

Specifying notification policiesYou can configure whether the sender and recipients are notified if an email violates a specific email filtering policy (other than spam policies) and a specific action is applied to it.

Note: Virus notifications will not be sent out for emails that are infected with widespread viruses or worms. These notifications will be automatically disabled.

Message contains an encrypted zip attachment

Designates the action to take if the email has an attachment that is a container file and is encrypted and password-protected.

Following are the available actions.

■ Allow Delivery: The email is sent to the recipient with no filtering or notification.

■ Quarantine Message: The email is sent to the recipient’s attachment quarantine area without notification to the recipient.

■ Deny Delivery: The email is denied delivery.

File in zip attachment violates attachment policy

Designates the action to take if file within a container file violates the policies defined in the Allowed attachment types and Attachment Filename Policies areas.

Following are the available actions.

■ Attachment Policy Action: The action for the specific policy that was violated will be performed on the entire attachment. If multiple policies were violated, the Attachment Filename Policies override the policies defined in the Allowed attachment types area.

■ Do Nothing: The email is sent to the recipient with no filtering or notification.

Update Policy Click this button to save only the changes in the Additional Attachment Policies area. If you exit this page without clicking the Update Policy button, all unsaved changes in this area are discarded.

Finished Click this button to return to the Current Policies page.

Table 3-13 Attachment Control Policies page options

Option Descriptions

Page 84: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

84 Managing domain and user policiesSpecifying notification policies

Table 3-14 describes the options that are available on the Current Notifications page.

Table 3-14 Current notifications page options

Option Description

Domain Designates which domain’s notification policies are being configured.

Policy Conditions Indicates the condition that will generate a notification email.

■ Message contains a virus: Designates what notifications will be sent if an email violates virus policies.

■ Content keyword violation: Designates what notifications will be sent if an email violates content keyword policies.

■ Attachment violation: Designates what notifications will be sent if an email violates attachment policies.

Notify on Designates what actions will generate a notification email for each policy condition.

Notify Sender Click to enable or disable whether the sender will receive a notification email in the case of a policy violation. You cannot check this field until a notification has been created using the View/Edit Notification page.

View/Edit command Opens the View/Edit Notification page, which allows you to configure the specific notification settings for the sender.

Notify Recipient checkboxes

Designates whether the recipient will receive a notification email in the case of a policy violation. You cannot check this field until a notification has been created using the View/Edit Notification page.

Finished Click this button to apply all changes on this page and return to the Current Policies page. If you exit this page without clicking the Finished button, all unapplied changes are discarded.

Reset Click this button to set all the notification fields to the previously applied changes. You must click the Finished button to apply the changes.

Uncheck All Click this button to disable all the notifications on this page. You must click the Finished button to apply the changes.

This button is available only if some of the notification fields are checked and the changes have been saved.

Page 85: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

85Managing domain and user policiesSpecifying notification policies

Viewing and editing notification optionsYou can configure a template of how the notification email that is sent to the sender or recipient will appear. You must define one notification email template for each combination of sender and recipient and the notification type that you want to use (for example, you can define one attachment notification email template for the sender and one attachment notification email template for the recipient).

Within the notification message, you can use variables to automatically insert content from the system. For example, the variable $(DATE)inserts the date when the notification email was sent. You can manually type the variables or you can insert a variable by clicking the appropriate button in the Message area.

Variable syntax requires $({name_of_variable}), where {name_of_variable} is replaced with the predefined variable name (without the curly braces). See the help text at the bottom of the page for a list of the available variables that you can use within the notification emails.

Table 3-15 describes available options on the View/Edit Notification page.

Check All Click this button enable all the notifications on this page. You must click the Finished button to apply the changes.

This button is available only if none of the notification fields are checked and the changes have been saved.

Table 3-14 Current notifications page options

Option Description

Table 3-15 View/Edit Notification page options

Onscreen Item Description

Back to Notifications Configuration

Click this menu option to return to the Current Notifications page. If you did not click the Create or the Update button, all unapplied changes on this page are discarded.

Active Designates whether this notification email template is active and available for use.

Notify Designates who shall receive notification emails built from this notification email template.

■ Recipient: This notification email template would be sent to the recipient email address.

■ Sender: This notification email template would be sent to the sender email address.

Page 86: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

86 Managing domain and user policiesSpecifying notification policies

Conditions Designates which email policy violation would use this notification email template.

■ Message contains a virus: This notification email template is used if an email violated virus policies.

■ Content keyword violation: This notification email template is sent if an email violated content keyword policies.

■ Attachment violation: This notification email template is sent if an email violated attachment policies.

From Designates what email address is listed as the From: address in the notification email template.

■ $(POSTMASTER): Uses the default email address configured for the domain.

■ Email address: Lets you type a specific email address.

Reply-to Designates what email address is used if the recipient of the notification email template clicks the Reply button in his/her email application.

■ $(POSTMASTER): Uses the default email address configured for the Domain.

■ Email address: Lets you type a specific email address.

Subject Type the text to be used as the subject for the notification email template.

Table 3-15 View/Edit Notification page options

Onscreen Item Description

Page 87: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

87Managing domain and user policiesSpecifying notification policies

Message Click the appropriate button to insert the indicated variable at the cursor location in the Email Text field:

■ ACTION: Inserts a variable that automatically indicates the action that was applied to the email that violated the policy.

■ DATE: Inserts a variable that automatically indicates the date when the email was received that violated the policy.

■ DOMAIN: Inserts a variable that automatically indicates the domain that received the email that violated the policy.

■ SENDER: Inserts a variable that automatically indicates the sender’s email address (From: address) from the email that violated the policy.

■ MSG_HEADER: Inserts a variable that automatically indicates the email header information from the email that violated the policy.

■ REASON: Inserts a variable that automatically indicates the reason why the email violated the policy.

■ SIZE: Inserts a variable that automatically indicates the size, including attachments, of the email that violated the policy.

■ SUBJECT: Inserts a variable that automatically indicates the subject of the email that violated the policy.

■ TO: Inserts a variable that automatically indicates the recipient’s email address (To: address) from the email that violated the policy.

Email Text Type text or insert variables using the Message buttons to build the body content of the notification email template.

Create Click this button to create a notification email template for the designated sender, recipient, and condition combination. This button is available only if there is no notification email template currently defined for that combination.

If you inserted incorrect variables into the Edit Text field, an error message appears in the Preview area and you will not be able to apply the changes by clicking the Create button.

Update Click this button to apply all changes on this page to the notification email template. This button is available only if there is a notification email template current defined for the sender, recipient, and condition combination.

If you inserted incorrect variables into the Edit Text field, an error message appears in the Preview area and you will not be able to apply the changes by clicking the Update button.

Table 3-15 View/Edit Notification page options

Onscreen Item Description

Page 88: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

88 Managing domain and user policiesAbout user-level policy configurations

About user-level policy configurationsBy default, policy configurations are defined for each domain and all email messages that received for all user accounts within a domain are processed using the same policy configurations.

Domain Administrators or higher-level user roles can define user-level policy configurations for individual users that override the domain policies. These user-level policy configurations allow customization of email actions for each user.

User-level policies are confined to the following policies:

■ Enable or disable email processing for spam, content keyword, attachments, or HTML content.

■ Specify actions to take for email messages if they are determined to have a high or medium likelihood of being spam.

You can define user-level policy configurations when you manually create a new user account or by editing an existing account.

For more information about a specific policy, see the policy descriptions for domain level policies in“About domain policies” on page 58.

For more information about individual user policies or about working in Symantec Hosted Mail Security Console, see the Symantec Hosted Mail Security Console and Spam Quarantine User’s Guide.

About distribution listsThe Distribution List Management feature lets you create lists of email addresses that should receive a copy of an email message that violates a specific

Cancel Click this button to discard all unapplied changes on this page and reset the information for this notification email template to the previously applied settings.

Preview Indicates a sample notification email using the settings defined on this page for this notification email template.

If you inserted incorrect variables into the Edit Text field, an error message appears here and you will not be able to apply the changes by clicking the Update or Create button.

Table 3-15 View/Edit Notification page options

Onscreen Item Description

chuck_egress
Note
Change to "Customer Administrator user roles can define..."
Page 89: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

89Managing domain and user policiesAbout Fail Safe protection

policy. This feature lets you copy the email without notifying the sender or recipient and is called a silent copy.

To use this feature, you must enable the Silent Copy option in the domain policy configuration settings. The distribution lists apply only to the designated domain.Is there a way to copy lists between domains? Have cross-domain lists? Is email sent to entire list?

Table 3-16 describes the options that are available on the Distribution List Management page.

About Fail Safe protectionSymantec Hosted Mail Security includes Fail Safe Disaster Recovery protection to ensure that your messages are not lost if your inbound mail server becomes

Table 3-16 Distribution List Management page options

Onscreen Item Description

Selected List Designates which distribution list is being modified. When a list is selected in this field, the Distribution List area displays the email addresses in the selected list.

Scope Indicates which domain will use this distribution list.

New List Click this button to create a new distribution list. Where is it saved? Why is it a separate list file, instead of being saved in the database?

Once the new list is added, you must designate which email addresses are included in the new list using the New Member box.

Rename List Click this button to rename the distribution list displayed in the Selected List box.

Delete List Click this button to delete immediately the distribution list displayed in the Selected List box. This action is irreversible.

New Member Type the complete email address Can this be an email address that is not in the domain? that will be added to the distribution list displayed in the Selected List box.

Add>> Click this button to add the email address in the New Member box to the Distribution List area.

<<Remove Click this button to remove immediately the selected email address in the Distribution List area.

Distribution List area

Indicates the list of email addresses that are included in the distribution list displayed in the Selected List box.

chuck_egress
Note
There is no way to copy these between domains or have a cross-domain list. Yes, the email is sent to all addresses in the distribution list (which could ostensibly just be one email address).
chuck_egress
Note
Yes.
chuck_egress
Note
Not sure. MX Logic could answer for us.
Page 90: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

90 Managing domain and user policiesAbout Fail Safe protection

unavailable to receive mail. If you have multiple inbound servers, Symantec Hosted Mail Security will attempt to connect to your other servers first. It starts the fail safe service only if all of your mail servers are unavailable.

The Fail Safe feature stores your email messages until your inbound server becomes available. This process is called spooling. Symantec Hosted Mail Security will spool up to 1 GB of your messages up to five days.

When your inbound server becomes available, Symantec Hosted Mail Security sends these stored emails to your mail server (called unspooling) in first-in, first-out order.

You can configure the Fail Safe feature to start automatically as soon as the Symantec Hosted Mail Security determines that your inbound server is unavailable. You can also manually start the Fail Safe feature in cases of known outages (for example, you are performing maintenance on your inbound server).

You can define notifications for those who should be notified when Fail Safe spooling or unspooling messages. To ensure that these notifications are received in the case where your inbound servers are unavailable, the contact email addresses must be defined in domains and on servers other than the inbound servers that you have configured in Symantec Hosted Mail Security (for example, a paging service).

Table 3-17 describes options for Fail Safe spooling and unspooling.

Table 3-17 Fail Safe Spooling options

Option Description

Spool Method set to Automatic (recommended)

Once Symantec Hosted Mail Security determines that your inbound server is not available and after the designated time delay, Fail Safe automatically begins spooling emails for later delivery. A notification is sent to the contacts designated for Fail Safe for that domain.

Emails continue to be spooled until Symantec Hosted Mail Security determines your inbound server is available.

■ If your inbound server becomes available, new emails are processed and sent directly to your inbound server. Thus, spooled messages do not interfere with normal email processing.

■ Spooled emails will remain in spool storage until they are unspooled or automatically deleted from the spool after 5 days. If the email is automatically deleted, a bounce message is sent to the sender.

Page 91: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

91Managing domain and user policiesAbout Fail Safe protection

Spool Method set to Manual and Started

If the Spool Method is set to Manual and spooling has been manually started, Fail Safe starts spooling received emails immediately.

Fail Safe does not determine if your inbound server is available.

Messages continue to be spooled until they are unspooled either manually or automatically.

Spool Method set to Manual and Not Started

This Spool Method turns off the Fail Safe feature. Messages are sent to your inbound server if the server is available. Emails are denied (tempfailed) if your inbound server is not available.

Unspool Method set to Automatic (Recommended)

Once Symantec Hosted Mail Security determines that your inbound server is available and after the designated time delay, Fail Safe automatically sends any spooled emails to your inbound server (unspooling).

Unspool Method set to Manual and Started

If the Unspool Method is set to Manual and unspooling has been manually started, Fail Safe will start sending spooled emails immediately to your inbound server. Fail Safe does not confirm if your inbound server is available before starting the unspooling. If your inbound server is unavailable, these emails will be denied (tempfailed).

You can test the connection to your inbound server before starting manual unspooling.

Unspool Method set to Manual and Not Started

Fail Safe will not attempt to send spooled emails to your inbound server. After 5 days, the spooled emails will be automatically deleted from the spool and a bounce message will be sent to the sender.

Table 3-17 Fail Safe Spooling options

Option Description

Page 92: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

92 Managing domain and user policiesAbout Fail Safe protection

Page 93: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

Chapter

4

Working with message quarantines

Symantec Hosted Mail Security places messages that violate antivirus, spam, attachment, or content filtering policies into quarantines.

All quarantined messages show the primary email address as the recipient email address. If an email that was addressed to an alias email address is quarantined, the recipient email address is changed to the associated primary email address. Any email messages that are released from any of the quarantine areas are sent to the primary email address. Messages that you delete are purged from the quarantine. By default, the quarantines are automatically purged every seven days. You can view more details about a quarantined message by using the Safe Message View feature. For information about Safe Message View, see“Safe Message View” on page 97.

Viruses QuarantineThe Viruses Quarantine lets you manage messages that are quarantined for viruses. This quarantine can only be managed by users with Quarantine Manager or Administrator roles. Users cannot access this quarantine.

You can view all messages that are in this quarantine, or you can filter on inbound or outbound messages.

◆ To reach the Viruses Quarantine, click Quarantine.

Table 4-1 describes the options that are available on this page.

Table 4-1 Virus Quarantined Messages page options

Onscreen Item Descriptions

check box Designates whether this email is selected for a command (for example, to be deleted).

chuck_egress
Note
add "other" after "or".
Page 94: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

94 Working with message quarantines

Spam QuarantineThe Spam Quarantine lets you manage email messages that were quarantined as potential spam. Quarantined spam messages are reported in Spam Quarantine Reports that are sent to the primary email address for each recipient. Users can manage their own quarantined spam emails through links in the Spam Quarantine Report or by logging into the console.

Note: This page is not available for a Reports Manager if spam filtering has not been enabled for the domain where the email address for the Reports Manager is defined.

You can view all messages that are in this quarantine, or you can filter on inbound or outbound messages.

◆ To reach the Spam Quarantine, click Quarantine>Spam.

Table 4-2 describes the onscreen items on this page.

Date Indicates the date when this email was received.

From Indicates the email address that sent this email (sender email address). Click this command to view the email contents on a Safe Message View page.

To Indicates the email address to which this email was sent (recipient email address).

Subject Indicates the text that was in the subject header of this email.

Virus Indicates which virus was detected in this email.

Size Indicates the total file size of this email, including all attachments.

Table 4-1 Virus Quarantined Messages page options

Onscreen Item Descriptions

Table 4-2 Spam Quarantined Messages options

Option Description

check box Designates whether this email is selected for a command (for example, to be deleted).

Date Indicates the date when this email was received.

Page 95: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

95Working with message quarantines

Attachments QuarantineThe Attachments Quarantine lets you manage email messages that are quarantined because they contained file attachments that violated attachment policies. This quarantine must be managed by users with Quarantine Manager or Administrator rights. Users cannot access this quarantine area.

You can view all messages that are in this quarantine, or you can filter on inbound or outbound messages.

◆ To reach the Attachments Quarantine, click Quarantine>Attachments.

Table 4-3 describes the options that are available on this page.

Table 4-3 Attachments Quarantine options

From Indicates the email address that sent this email (sender email address). Click this command to view the email contents on a Safe Message View page.

To Indicates the email address to which this email was sent (recipient email address).

Subject Indicates the text that was in the subject header of this email.

Spam Score Indicates what score the email received during spam analysis, indicating probability that this email is spam.

A spam score of 90% - 98.99% is considered medium likelihood if default settings are used.

A spam score of 99% or higher is considered high likelihood if default settings are used.

Size Indicates the total file size of this email, including all attachments.

Table 4-2 Spam Quarantined Messages options

Option Description

Option Description

check box Designates whether this email is selected for a command (for example, to be deleted).

Date Indicates the date when this email was received.

From Indicates the email address that sent this email (sender email address). Click this command to view the email contents on a Safe Message View page.

chuck_egress
Note
add "other" after "or"
Page 96: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

96 Working with message quarantines

Content QuarantineThe Content Quarantine lets you manage email messages that were quarantined because they contained content that violated content filtering polices. This quarantine must be managed by users with Quarantine Manager or Administrator rights. Users cannot access this quarantine.

You can view all messages that are in this quarantine, or you can filter on inbound or outbound messages.

◆ To reach the Content Quarantine, click Quarantine>Content Keyword.

Table 4-4 describes the options available on this page.

Table 4-4 Content Quarantine options

To Indicates the email address to which this email was sent (recipient email address).

Subject Indicates the text that was in the subject header of this email.

Attachment Indicates the file name of the attachment that violated the attachment policies

Size Indicates the total file size of this email, including all attachments.

Option Description

Option Description

check box Designates whether this email is selected for a command (for example, to be deleted).

Date Indicates the date when this email was received.

From Indicates the email address that sent this email (sender email address). Click this command to view the email contents on a Safe Message View page.

To Indicates the email address to which this email was sent (recipient email address).

Subject Indicates the text that was in the subject header of this email.

Keyword Indicates the specific keyword policy that this email violated (for example, "Confidential").

Size Indicates the total file size of this email, including all attachments.

chuck_egress
Note
add "other" after "or"
Page 97: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

97Working with message quarantines

Safe Message ViewSymantec Hosted Mail Security lets you view more information about the contents of a message to help you determine whether to release it or delete it.

◆ To view more information about a quarantined message (including the contents), mouseover the email address in the From column and click the hyperlink.

Table 4-5 describes the options that are available on this page.

Table 4-5 Safe Message View page options

Option Description

Quarantine Index Click this menu option to return to the quarantine page from you which accessed this page.

From Indicates the email address that sent this email (sender email address).

To Indicates the email address to which this email was sent (recipient email address).

Subject Indicates the text that was in the subject header of this email.

Date Indicates the date when this email was received.

Status Indicates the status of this email.

Attachments Indicates information about the attachments, if any, to this email with a description of the reason for filtering.

Contents description

If enabled, indicates the body content of the email. If not enabled, indicates that the user must release the email to view the contents. This feature is enabled or disabled on the Spam Quarantine Reporting Policies page.

release Click this button to release the email, which causes it to be sent to the primary email address of the recipient.

delete Click this button to delete the email.

Page 98: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

98 Working with message quarantines

Page 99: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

Chapter

5

Reports and logs

This chapter includes the following topics:

■ About reports and logs

■ Traffic Overview report

■ Virus Threats report

■ Spam Threats report

■ Content Threats report

■ Attachments Threats report

■ ClickProtect Overview report

■ ClickProtect Log report

■ Quarantine Release Overview report

■ Quarantine Release Log report

■ User Activity report

■ Event Log report

■ Audit Trail report

■ Inbound Server Connections report

■ FailSafe Overview report

■ FailSafe Event Log report

Page 100: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

100 Reports and logsAbout reports and logs

About reports and logsSymantec Hosted Mail Security includes reporting and statistics tools that let you analyze trends, policy actions, and traffic summaries. Some of this information includes the following:

■ Email traffic loads

■ Email that was quarantined due to viruses, spam, attachments, and content

■ Email that was released from quarantine

■ Top inbound and outbound users

■ Event logs that display actions taken for virus, spam, and other policy violations

■ Audit trails that track activity in the system, including logins and system changes

Many reports contain graphical information that can be displayed in multiple formats. Each format is represented by an icon, which you can select to change how the information is presented.The following lists the icons and the graphic types that each displays.

Traffic Overview reportThe Traffic Overview report displays overview information about the inbound and outbound email traffic for the designated domain for the selected date or date range. This report includes the following information:

■ Total email volume

■ Average emails per hour

■ Average email size

■ Bandwidth used for email

This icon displays the graphic as a bar graph.

This icon displays the graphic as a line graph.

This icon displays the graphic as a solid (filled) line graph.

This icon displays the graphic as a pie chart.

chuck_egress
Note
Note: All reports now feature a "Download" option. You can either state this in once sentence or put the Download option in each of the charts below".
Page 101: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

101Reports and logsTraffic Overview report

Table 5-1 describes the information that is provided in this report.

Table 5-1 Traffic Overview Report

Item Description

Traffic Trends Indicates the number of inbound and outbound emails for the designated domain and date range.

Click one of the graphic display icons to present the data in an alternate format.

Traffic Summary Indicates information about inbound and outbound email traffic for the designated domain and date range as follows:

■ Inbound Messages: Indicates the total number of inbound emails received.

■ Average Inbound Messages/Hour: Indicates the average number of inbound emails received each hour.

■ Outbound Messages: Indicates the total number of outbound emails sent.

■ Average Outbound Messages/Hour: Indicates the average number of outbound emails sent each hour.

Bandwidth Trends Indicates the bandwidth, in kilobytes, used by inbound and outbound email for the designated domain and date range.

Click one of the graphic display icons to present the data in an alternate format.

Bandwidth Summary

Indicates information about the bandwidth used by inbound and outbound email for the designated domain and date range as follows:

■ Inbound Total Bandwidth: Indicates the total bandwidth used by received inbound emails.

■ Average Inbound Messages Size: Indicates the average size of inbound emails.

■ Total Outbound Bandwidth: Indicates the total bandwidth used by sent outbound emails.

■ Average Outbound Messages Size: Indicates the average size of sent outbound emails.

Page 102: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

102 Reports and logsThreats Overview report

Threats Overview reportThe Threats Overview Report displays overview information about email violations by policy type for the designated domain for the selected date or date range

Table 5-2 describes the items that are included in the report.

Table 5-2 Threats Overview Report

Item Description

Inbound Threat Trends

Indicates the total number of inbound emails that violated each policy type for the designated domain and date range. Data for each policy type is color-coded as indicated in the legend below the graphic.

Click one of the graphic display type icons to present the data in an alternate format.

Inbound Threat Summary

Indicates information about the number of inbound emails that violated each policy type for the designated Domain and date range as follows:

■ Total Viruses: Indicates the total number of inbound emails that contained known viruses.

■ Infection Rate: Indicates the percentage of inbound emails that contained known viruses versus the total number of received inbound emails.

■ Total Spam Identified: Indicates the total number of inbound emails filtered for potential spam.

■ Spam Volume: Indicates the percentage of inbound emails that were filtered for potential spam.

■ Spam Beacons Detected: Indicates the total number of spam beacons detected in inbound emails. Note that each email may contain multiple spam beacons.

■ Content Keyword Violations: Indicates the total number of inbound emails that violated the content keyword policies.

■ Attachment Policy Violations: Indicates the total number of inbound emails that had attachments that violated the attachment policies.

Outbound Threat Trends

Indicates the total number of outbound emails that violated each policy type for the designated Domain and date range. Data for each policy type is color-coded as indicated in the legend below the graphic.

Click one of the graphic display type icons to present the data in an alternate format.

Page 103: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

103Reports and logsThreats Overview report

Outbound Threat Summary

Indicates information about the number of outbound emails that violated each policy type for the designated domain and date range as follows:

■ Total Viruses: Indicates the total number of outbound emails that contained known viruses.

■ Infection Rate: Indicates the percentage of outbound emails that contained known viruses versus the total number of sent outbound emails.

■ Total Spam Identified: Indicates the total number of outbound emails filtered for potential spam.

■ Spam Volume: Indicates the percentage of outbound emails that were filtered for potential spam.

■ Spam Beacons Detected: Indicates the total number of spam beacons detected in outbound emails. Note that each email may contain multiple spam beacons.

■ Content Keyword Violations: Indicates the total number of outbound emails that violated the content keyword policies.

■ Attachment Policy Violations: Indicates the total number of outbound emails that had attachments that violated the attachment policies.

Table 5-2 Threats Overview Report

Item Description

Page 104: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

104 Reports and logsVirus Threats report

Virus Threats reportThe Virus Threats report displays information about emails that violated the virus policies for the designated domain for the selected date or date range.

Table 5-3 describes the items that are included in Virus Threats report.

Table 5-3 Threats: Viruses Report

Item Description

Virus Volume Trends Indicates the total number of emails that contained known viruses.

Click one of the graphic display type icons to present the data in an alternate format.

Virus Detection Summary area

Indicates information about the emails that contained viruses:

■ Total Viruses Inbound: Indicates the total number of inbound emails that contained known viruses (infected emails).

■ Inbound Infection Rate: Indicates the percentage of infected inbound emails versus the total number of received inbound emails.

■ Total Viruses Outbound: Indicates the total number of infected outbound emails.

■ Outbound Infection Rate: Indicates the percentage of infected outbound emails versus. the total number of sent outbound emails.

■ Disinfected (cleaned): Indicates the total number of infected emails that had their viruses successfully removed and the emails were forwarded to their destinations.

■ Stripped: Indicates the total number of infected emails that had the infected attachments stripped and then were forwarded to their destinations.

Top Inbound Viruses Indicates the most frequently encountered viruses in inbound emails, in the order of most frequent to less frequent, and the total number of encounters for each virus.

Virus Policy Actions Indicates the percentage of policy actions applied to infected emails.

Click one of the graphic display type icons to present the data in an alternate format.

Top Outbound Viruses

Indicates the most frequently encountered viruses in outbound emails, in the order of most frequent to less frequent, and the total number of encounters for each virus.

Page 105: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

105Reports and logsSpam Threats report

Spam Threats reportThe Spam Threats Report displays information about email messages that violated the spam policies for the designated domain for the selected date or date range.

Table 5-4 describes the items that are included in the Spam Threats Report.

Table 5-4 Threats: Spam Report

Item Description

Spam Volume Trends

Indicates the total number of emails that violated spam policies.

Click one of the graphic display type icons to present the data in an alternate format.

Spam Detection Summary

Indicates information about the emails that violated spam policies:

■ Total Inbound Spam Identified: Indicates the total number of inbound emails that violated spam policies.

■ Inbound Spam Volume: Indicates the percentage of inbound emails that violated spam policies versus. the total number of received inbound emails.

■ Total Outbound Spam Identified: Indicates the total number of outbound emails that violated spam policies.

■ Spam Beacons Detected: Indicates the total number of spam beacons detected in email messages. Note that each email may contain multiple spam beacons.

■ RBL: Indicates the total number of emails that were filtered by the Real-time Blackhole List (RBL).

■ DUL: Indicates the total number of emails that were filtered by the Dial-up User List (DUL).

■ RSS: Indicates the total number of emails that were filtered by the Relay Spam Stopper (RSS).

Spam Policy Actions Indicates the percentage of policy actions applied to the emails that violated spam policies.

Click one of the graphic display type icons to present the data in an alternate format.

chuck_egress
Note
Remove the last three bullets. RBL, DUL and RSS are not supported by Hosted Mail Security any longer.
Page 106: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

106 Reports and logsContent Threats report

Content Threats reportThe Content Threats Report displays information about emails that violated the content keyword policies for the designated domain for the selected date or date range.

Table 5-5 describes the items that are included in the Content Threats page.

Table 5-5 Threats: Content Report

Item Description

Content Policy Violation Trends

Indicates the total number of emails that violated the content keyword policies.

Click one of the graphic display type icons to present the data in an alternate format.

Content Group Violations

Indicates information about the emails that violated content keyword policies:

■ Profanity: Indicates the total number of emails that contained keywords from the Profanity content group.

■ Racially Insensitive: Indicates the total number of emails that contained keywords from the Racially Insensitive content group.

■ Sexual Overtones: Indicates the total number of emails that contained keywords from the Sexual Overtones content group.

■ Custom Content Groups: Indicates the total number of emails that contained keywords from the content groups that were created in the Policy Configuration page.

Content Policy Actions

Indicates the percentage of policy actions applied to the emails that violated content keyword policies.

Click one of the graphic display type icons to present the data in an alternate format.

Page 107: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

107Reports and logsAttachments Threats report

Attachments Threats reportThe Attachments Threats Report displays information about emails that had attachments that violated the attachment policies for the designated domain for the selected date or date range.

Table 5-6 describes the items that are included in the report.

Table 5-6 Threats: Attachments Report

Item Description

Attachment Policy Violation Trends

Indicates the total number of emails that had attachments that violated the attachment policies.

Click one of the graphic display type icons to present the data in an alternate format.

Attachment Summary

Indicates information about the emails that had attachments that violated the attachment policies:

■ Average Attachment Size: Indicates the average size of attachments encountered in emails.

■ Executables: Indicates the total number of executables received as attachments.

■ Scripts: Indicates the total number of script files received as attachments.

■ Office Documents: Indicates the total number of Microsoft Office documents (for example, *.doc or *.xls files) received as attachments.

■ Audio: Indicates the total number of audio files (for example, *.wav or *.mp3 files) received as attachments.

■ Images: Indicates the total number of filtered graphic files (for example, *.gif or *.bmp files) received as attachments.

■ Compressed Archives: Indicates the total number of archive files (for example, *.zip or *.tar files) received as attachments.

Attachment Policy Actions

Indicates the percentage of policy actions applied to the emails that had attachments that violated the attachment policies.

Click one of the graphic display type icons to present the data in an alternate format.

Page 108: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

108 Reports and logsClickProtect Overview report

ClickProtect Overview reportThe ClickProtect Overview Report displays overview information about ClickProtect processing. ClickProtect processing tracks URLs received in emails that were clicked and followed by the user or that were blocked, depending on the ClickProtect policy configurations.

Table 5-7 describes the items that are included in the report.

Table 5-7 ClickProtect: Overview Report

Onscreen Item Description

ClickProtect Trends Indicates the numbers of emails that contained hyperlinks and that contained hyperlinks that were clicked by the recipients.

■ Green: Total number of emails that contained hyperlinks.

■ Purple: Number of emails that contained hyperlinks that were clicked by the recipients.

Click one of the graphic display type icons to present the data in an alternate format.

ClickProtect Statistics

Indicates information about the emails that contained hyperlinks that were processed by ClickProtect:

■ Messages with links: Indicates the total number of emails that contained hyperlinks.

■ Messages with multiple links: Indicates the total number of emails that contained multiple hyperlinks.

■ Total clicks: Indicates the total number of times that a recipient clicked a hyperlink in an email.

■ Total allowed click throughs: Indicates the total number of times that a recipient was allowed to access the destination designated in a clicked hyperlink.

■ Total denied click throughs: Indicates the total number of times that a recipient was prevented from accessing the destination designated in a clicked hyperlink.

■ Number of individuals that clicked: Indicates the total number of recipients that attempted to click a hyperlink in an email.

■ Spam messages with clicks: Indicates the total number of spam emails that contained hyperlinks clicked by recipients.

■ Messages with links on the ClickProtect Allow List: Indicates the total number of emails that contained hyperlinks that were listed on the ClickProtect Allow list.

Page 109: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

109Reports and logsClickProtect Log report

ClickProtect Log reportThe ClickProtect Log report displays information about hyperlinks in emails that were clicked by recipients.

Table 5-8 describes the items that are included in this report.

Quarantine Release Overview reportThe Quarantine Release Overview report displays overview information about emails that were released from all the quarantine areas within Symantec Hosted Mail Security for the designated domain for the selected date or date range.

Table 5-9 describes the items that are available in the report.

Table 5-8 ClickProtect: Log Report

Item Description

Download Click this command to save the displayed information in a Microsoft Excel spreadsheet.

Timestamp Indicates the date and time when the hyperlink was clicked in the filtered email.

From Indicates the email address that sent this email (sender email address).

To Indicates the email address to which this email was sent (recipient email address).

Subject Indicates the text that was in the subject header of this email.

URL Indicates the URL destination defined in the clicked hyperlink.

Score Indicates the spam likelihood score that was assigned to the email by Symantec Hosted Mail Security.

Table 5-9 Quarentine: Release Overview Report

Item Description

Inbound Quarantine Release Trends

Indicates the total number of emails that were quarantined and then released in all the quarantine areas.

Click one of the graphic display type icons to present the data in an alternate format.

Page 110: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

110 Reports and logsQuarantine Release Overview report

Inbound Spam Release Summary

Indicates information about the emails that were quarantined as potential spam and then released.

■ Total Spam Quarantined: Indicates the total number of emails that were quarantined as potential spam.

■ Total Spam Released: Indicates the total number of emails released from the spam quarantine.

■ Release Percent: Indicates the percent of emails released from the spam quarantine versus. the total number of emails that were quarantined as potential spam.

■ Total # of individuals: Indicates the total number of user accounts (email addresses) that had emails released from the spam quarantine.

Inbound Virus Release Summary

Indicates information about the emails that were quarantined because of viruses and then released.

■ Total Virus Quarantined: Indicates the total number of emails that were quarantined because of viruses.

■ Total Virus Released: Indicates the total number of emails released from the virus quarantine.

■ Release Percent: Indicates the percent of emails released from the virus quarantine versus. the total number of emails that were quarantined because of viruses.

■ Total # of individuals: Indicates the total number of user accounts (email addresses) that had emails released from the virus quarantine.

Inbound Content Release Summary

Indicates information about the emails that were quarantined because of content and then released.

■ Total Content Quarantined: Indicates the total number of emails that were quarantined because of content.

■ Total Content Released: Indicates the total number of emails released from the content quarantine.

■ Release Percent: Indicates the percent of emails released from the content quarantine versus the total number of emails that was quarantined because of content.

■ Total # of individuals: Indicates the total number of user accounts (email addresses) that had emails released from the content quarantine.

Table 5-9 Quarentine: Release Overview Report

Item Description

Page 111: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

111Reports and logsQuarantine Release Log report

Quarantine Release Log reportThe Quarantine Release Log Report displays detailed information about emails that were released from all the quarantine areas within Symantec Hosted Mail Security for the designated domain for the selected date or date range.

Table 5-10 describes the items that are included in the report.

Inbound Attachment Release Summary

Indicates information about the emails that were quarantined because of attachments and then released.

■ Total Attachment Quarantined: Indicates the total number of emails that were quarantined because of attachments.

■ Total Attachment Released: Indicates the total number of emails released from the attachment quarantine.

■ Release Percent: Indicates the percent of emails released from the attachment quarantine versus the total number of emails that were quarantined because of attachments.

■ Total # of individuals: Indicates the total number of user accounts (email addresses) that had emails released from the attachment quarantine.

Table 5-9 Quarentine: Release Overview Report

Item Description

Table 5-10 Quarantine: Release Log Report

Item Description

Display# Designates which type of quarantine release events to display.

■ All Events: Displays release events for all the quarantines.

■ Spam: Displays release events for the spam quarantine.

■ Attachments: Displays release events for the attachment quarantine.

■ Content: Displays release events for the content quarantine.

■ Viruses: Displays release events for the virus quarantine.

Download# Click this command to save the displayed information in a Microsoft Excel spreadsheet.

Type column Indicates the reason why this email was quarantined.

■ Spam: Email violated spam policies.

■ Virus: Email contained a known virus.

■ Attach: Email attachment violated the attachment policies.

■ Content: Email contained content that violated the content policies, including keywords and HTML.

Page 112: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

112 Reports and logsUser Activity report

User Activity reportThe User Activity Report displays the user accounts (email addresses) that have received the most inbound emails and have sent the most outbound emails for the designated domain for the selected date or date range.

Table 5-11 describes the items that are included in the report.

From Indicates the email address that sent this email (sender email address”).

To Indicates the email address to which this email was sent (recipient email address).

Subject Indicates the text that was in the subject header of this email.

Release Date column Indicates the date when this email was released from quarantine.

Size column Indicates the total file size of this email, including all attachments.

Table 5-10 Quarantine: Release Log Report

Item Description

Table 5-11 User Activity Report

Item Description

Download Click this command to save the displayed information in a Microsoft Excel spreadsheet.

Top Inbound Users Indicates data about the user accounts that received the highest number of inbound emails.

Email Addresses Indicates the recipient email addresses that received the most inbound email, in order of volume.

Messages Indicates the total number of emails received by each email address.

Size Indicates the size of the largest email, including attachments, received by each email address.

Top Outbound Users Indicates data about the user accounts that sent the highest number of outbound emails.

Email Addresses Indicates the sender email addresses that sent the most outbound email, in order of volume.

Messages Indicates the total number of emails sent by each email address.

Page 113: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

113Reports and logsEvent Log report

Event Log reportThe Event Log displays information about the actions that were performed within the content, virus, or attachment quarantines for the designated domain and date range. This information includes actions that were performed automatically by Symantec Hosted Mail Security and actions that were performed manually.

Table 5-12 describes the information that is included in the Event Log.

Size Indicates the size of the largest email, including attachments, sent by each email address.

Table 5-11 User Activity Report

Item Description

Table 5-12 Event Log

Item Description

Display Designates which set of event log items to display.

■ All Events: Displays event log items for actions performed for all the quarantines.

■ Attachments: Displays only event log items for actions performed on emails that had attachments that violated the attachment policies.

■ Content: Displays only event log items for actions performed on emails that violated the content keyword policies.

■ Viruses: Displays only event log items for actions performed on emails that contained known viruses.

Inbound/Outbound Designates whether event log items for inbound emails or outbound emails are displayed.

■ Inbound Only: Designates that only inbound emails are display.

■ Outbound Only: Designates that only outbound emails are displayed.

■ Inbound & Outbound: Designates that both inbound and outbound emails are displayed.

Download Click this command to save the displayed information in a Microsoft Excel spreadsheet.

Type Indicates the type of policy that the filtered email violated.

Page 114: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

114 Reports and logsAudit Trail report

Audit Trail reportThe Audit Trail report displays the audit log items for all actions performed by users within the Symantec Hosted Mail Security Console for the designated domain and date range, including logons and configuration changes.

Table 5-13 describes the items that are included in the report.

Timestamp Indicates the date and time when the action was performed on the filtered email.

From Indicates the email address that sent this email (sender email address).

To Indicates the email address to which this email was sent (recipient email address).

Subject Indicates the text that was in the subject header of this email.

Details Indicates the reason for the action (for example, if the email contained a virus, the virus name is shown).

Action Indicates the action that was applied to the email.

Table 5-12 Event Log

Item Description

Table 5-13 Audit Trail Report

Onscreen Item Description

Download Click this command to save the displayed information in a Microsoft Excel spreadsheet.

Audit Trail Items Indicates the audit trail items for actions performed in the console for the designated domain and date range.

Timestamp Indicates the date and time when the action was performed in the console.

Domain Indicates the domain where the action was performed.

Details Indicates a description of the action that performed, including the user role and user name (email address) of the user that performed the action.

Page 115: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

115Reports and logsInbound Server Connections report

Inbound Server Connections reportThe Inbound Server Connections Report displays information about the connections made to the inbound server mail transfer agents (MTA) during processing.

Table 5-14 describes the items that are included in this report.

Table 5-14 Inbound Server Connections Report

Item Description

Display Volume Trends For

Designate which inbound servers to display.

Connection Volume Trends for All Servers

Indicates the total number of successful and unsuccessful connections to the designated servers.

Click one of the graphic display type icons to present the data in an alternate format.

Overall Failure Rate Indicates the percentage of connection failures to the designated servers.

Total Successes Indicates the total number of successful connections to the designated servers.

Total Failures Indicates the total number of unsuccessful attempts to connect to the designated servers.

Server:Port Indicates the server address and port being reported.

Failure Rate % Indicates the percentage of connection failures to this server and port.

Success Indicates the total number of successful connections to this server and port.

Fail Indicates the total number of unsuccessful attempts to connect to this server and port.

Page 116: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

116 Reports and logsFailSafe Overview report

FailSafe Overview reportThe FailSafe Overview report displays information about emails that were spooled and unspooled by Symantec Hosted Mail Security.

Table 5-15 describes the items that are included in this report.

Table 5-15 FailSafe: Overview Report

Item Description

FailSafe Trends – Messages

Indicates the total number of spooled and unspooled emails processed by FailSafe over the designated time period.

Click one of the graphic display type icons to present the data in an alternate format.

FailSafe Summary - Messages

Indicates the numbers of emails processed by FailSafe.

■ Spooled Messages: Indicates the number of emails that were spooled, either automatically or manually.

■ Unspooled Messages: Indicates the number of emails that were unspooled, either automatically or manually.

FailSafe Trends – Bytes

Indicates the amount of spool storage used by spooled and unspooled emails processed by FailSafe over the designated time period.

Click one of the graphic display type icons to present the data in an alternate format.

FailSafe Summary – Bytes

Indicates details of the file size of spooled and unspooled emails processed by FailSafe over the designated time period.

■ Spooled Bytes: Indicates the amount of spool storage used by spooled emails.

■ Unspooled Messages: Indicates the amount of spool storage freed by unspooled emails.

Page 117: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

117Reports and logsFailSafe Event Log report

FailSafe Event Log reportThe FailSafe Event Log report displays information about the actions that were performed using the FailSafe feature. This includes actions that were performed automatically by Symantec Hosted Mail Security and actions that were performed manually by users.

Table 5-16 describes the items that are included in the report

Table 5-16 FailSafe Event Log

Onscreen Description

Timestamp Indicates the date and time when the action was performed in FailSafe.

Event Indicates the event log items for FailSafe actions performed for the designated domain and date range.

Initiated By column Indicates the responsible party that performed the FailSafe action. If an action was manually performed, indicates the user role and user name of the person who performed the action.

Page 118: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

118 Reports and logsFailSafe Event Log report

Page 119: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

Chapter

6

Troubleshooting and frequently asked questions

Question: Can a user see another user’s quarantined messages?

Answer: Login access to the Symantec Hosted Mail Security Console is user-specific. Unless the user has logged in as an Administrator or Quarantine Manager, the user will not be able to see quarantined emails or any other data for any other user. Report Managers will be able to see data in the reports if it is user-specific (for example in the User Activity Report page.

Question: I see email addresses in the User Management page that aren’t real or that I didn’t add.

Answer: Symantec Hosted Mail Security delivers all email that is addressed to your domains, unless the email is rejected by your mail transfer agents (MTA) or the email has been filtered because it violated a defined policy.

If the SMTP Discovery feature is enabled, Symantec Hosted Mail Security automatically creates user accounts for new email addresses, if certain conditions have been met.

Thus, you may see email addresses in the User Management page that may be invalid in your system, but your MTA accepted. You can either manually delete these user accounts or they will be automatically deleted after a default time period if no logins are detected to these user accounts. Logins from the Spam Quarantine Report are included.

Question: How does a user log into the Symantec Hosted Mail Security Console for the auto-created email address?

Page 120: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

120 Troubleshooting and frequently asked questions

Answer: The user must receive a Spam Quarantine Report before that user can log into the console. Alternatively, a Domain Administrator or higher-level user role can manually set the password for the user.

Question: I just redirected my MX Record. How can I make sure that my email is coming through Symantec Hosted Mail Security?

Answer: Once the MX Record has been redirected and the entities (Customer, Domain) have been configured, messages can be sent from a sender outside of the system to a user provisioned on the domain. To see if the message was received in your system from Symantec Hosted Mail Security, monitor email processing flow in the Overview page.

You should be aware that email servers don’t always accept changes immediately after the redirection of the MX Record. This means that some email servers may still send email directly to your MTA and not to the redirected MX Record for the first 2-3 days after the redirection.

Question: Why am I redirecting the MX Record and how does my email get back to me?

Answer: Symantec Hosted Mail Security intercepts email using the redirection of the MX Record. When any email message is sent, the sending email server looks at the MX Record to verify the email server to which the message should be delivered. Symantec Hosted Mail Security captures your domain’s email traffic by acting as the email server for the domain, routing the traffic through its filters, and then delivering the traffic to your email server.

In a similar way, if you have enabled outbound email filtering, you would configure your sending email server to send your email to the Symantec Hosted Mail Security service.

Question: Why does a Web browser open when I try to do anything on my Spam Quarantine Report?

Answer: When a user clicks a command hyperlink in the Spam Quarantine Report, it causes the default Web browser to open, automatically logs the user into the console, and performs the action designated in the command hyperlink. The console is a Web-based graphical user interface and is the primary interface to Symantec Hosted Mail Security. The Spam Quarantine Report provides an easy-to-use connection into the appropriate feature in the console.

Question: I’ve just made a change to my policies, how long does it take before it is active?

Answer: Most configuration changes in the console, including policy configurations, Allow and Deny lists, and changes to system configurations, will take approximately 10-15 minutes before the configuration is effective. Depending on the system architecture, the changes must be stored and then

chuck_egress
Note
Change to, "Alternatively, a Customer Administrator user role can manually..."
Page 121: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

121Troubleshooting and frequently asked questions

propagated to multiple MTAs performing the processing for Symantec Hosted Mail Security. Some changes may take longer, such as deleting an entire domain with all its related data.

Question: My server went down for a short period of time – what happened to our company’s messages?

Answer: Symantec Hosted Mail Security attempts to connect to all the servers that are configured for your Domain in the order designated in the Preference column, from the lowest number to the highest number. If Symantec Hosted Mail Security cannot establish a connection with any of your email server(s), it will deliver a temporary failure message to the sending email server. When this occurs, the sending email server will usually attempt to redeliver the message again.

Most email servers are set to keep trying to deliver the message for an extended period of time before they finally stop and permanently fail the message. This frequency varies by mail server configuration.

If you enable the FailSafe Disaster Recovery feature, Symantec Hosted Mail Security will spool up to 1 GB of your messages up to 5 days if Symantec is unable to deliver your messages because your mail servers are down.

Question: There are messages in my quarantine that I want to always receive. I clicked the “Always Allow” button, but the messages still get caught – What am I doing wrong?

Answer: Companies often send items in a format that looks like spam, such as electronic newsletters or messages that an user may have opted to receive, causing the message to be quarantined. When you click the Always Allow command link in the Spam Quarantine Report, the sending email address is added to your Allow list. However, for various reasons, messages of this nature may not always come from the same address every day. Because senders often rotate the address of these types of messages, the same item could be delivered the next day and still be blocked because the sender address does not match the previous entry in the Allow list.

To help prevent this situation, you can use wildcards to designate an entire domain or part of an email address (if there is a common pattern) to be added in the Allow list, thus accepting all mail from the domain or email addresses that matched the designated pattern.

Question: Why is the Symantec Hosted Mail Security service refusing connections from my inbound email servers?

Answer: If the Symantec Hosted Mail Security service received a minimum of 20 attempted connections from an IP address where more than 60 percent of the recipients are invalid, it adds the IP address to a temporary “global blacklist” for

Page 122: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

122 Troubleshooting and frequently asked questions

4 hours. After the time period has passed, the service will remove the IP address from the temporary global blacklist and again accept connections from it.

This process helps protect against directory harvest attacks, where spammers are attempting all combinations of email addresses to glean valid email addresses for subsequent spamming. It also helps protect against denial of service attacks.

This feature and its configurations are controlled at the system level.

Question: What do we do if unwanted messages are delivered anyway?

If you receive a message that you believe should have been handled as spam, you should first verify the following:

Check that the email addresses were not added to an Allow list by either you or your administrator (see “Working with Sender Allow and Deny lists” on page 60).

Confirm that you did turn off the spam filtering feature (see “About user-level policy configurations” on page 88”).

Confirm with your administrator that the domain policy settings have not been changed to allow the message to bypass filtering (for example, the sender address has been added to the global Allow list, or the spam filtering feature has been turned off at the domain level).

For more information about reporting false positives and missed spam to Symantec, see “Contacting Technical Support” on page 23.

Page 123: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

Glossary

Allow List An option to create a list that causes all email from the listed addresses to be delivered (unless they contain a virus, in which case they will be filtered according to the Virus Policies configured for your Domain).

Attachment Any file attached to an email message; these are usually encoded to cross the Internet properly and decoded once they are received.

Denial of Service A form of email attack specifically designed to prevent the normal functioning of a system, and thereby to prevent lawful access to that system and its data by its authorized users. Denial of service can be caused by the destruction or modification of data, by bringing down the system, or by overloading the system's servers to the extent that service to authorized users is delayed or prevented.

Deny Delivery An option to refuse messages because they contain a virus, unwanted content, attachments or HTML, or are probably spam.

Deny List An option to create a list of unacceptable senders (using email, Domain, or IP addresses). This option ensures that any email from these addresses will never be delivered to your enterprise.

Dictionary Harvest Attack A form of email attack where multiple attempts are made to connect using a “dictionary” of words or strings in an attempt to either harvest valid recipient email addresses or to bring down or overload the DNS’s system. During a directory harvest attack, typically no data is sent; the attacker is merely attempt to successfully connect.

Distributed Denial of Service A form of Denial of Service email attack where multiple computers have been hijacked and forced to send emails to a designated DNS in an attempt to bring down or overload the system. A recent example of a such an attack was performed by the MyDoom worm.

Domain Name Server (DNS) Database of Internet domain names and addresses that translate to Internet Protocol (IP) addresses. Also used to designate a registered domain name of a server as defined in the DNS.

Domain A network of computers administered as a unit that share part of a common IP address.

Domain Record Data (DRD) All information required to manage a Domain and process mail for that Domain in Symantec Hosted Mail Security.

Page 124: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

124 Glossary

DUL Dial-up User List. A database maintained by MAPS of known spammers who use direct connections to send spam email to victim’s mail servers.

Email Attack Malicious attacks on an email system in an attempt either to gather proprietary or confidential information or to bring down or overload the email system.

IP addresses Internet Protocol addresses. Numeric addresses used by the Internet to uniquely identify servers in the system. Typical format resembles “123.123.23.2.” For readability, an IP address usually has a DNS name associated with it.

Junk Email See Spam.

Lightweight Directory Access Protocol (LDAP)

A protocol for accessing information directories, such as host names and IP addresses.

Multipurpose Internet Mail Extensions (MIME)

A standard for encoding attachments so that they can be sent over the Internet.

Message Transfer Agent (MTA)

Program responsible for routing and delivering incoming email to individual users (SMTP or email server).

Mail Exchange Record (MX Record)

Entry in a DNS database identifying the mail server that handles email for a specific domain.

Portal Server The Web front-end server within a pod where the Symantec Hosted Mail Security console is accessed.

Quarantine If configured to do so, Symantec Hosted Mail Security will hold messages that contain viruses, unwanted attachments or content, or that are suspected to be spam. These messages are kept safely away from an enterprises’ network (in quarantine). Administrators can review, delete, or release all types of quarantined messages. Message recipients can review, delete, or release only their quarantined spam messages.

RBL Realtime Blackhole List. A system maintained by MAPS to create intentional network outages (blackholes) for the purpose of blocking spam. The RBL is essentially a database of known spammer addresses.

Recipient Data Record (RDR) Data record defining each user’s configuration and information.

Recipient The person for whom an email message is intended (To: address).

RSS Relay Spam Stopper: A database maintained by MAPS of known spam-relaying mail servers.

SMTP Simple Mail Transport Protocol. Most common protocol for sending email.

Spam Unsolicited commercial email, also called “junk email.”

Page 125: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

125Glossary

Tag An option to place a “tag” or warning within the subject line of a suspicious message to warn the recipient that the message may contain unwanted content, or may be spam email.

Virus Parasitic code or programs that attach themselves to files on computers without users’ knowledge to cause damage or inconvenience to users and their systems. Many files affected by viruses can be cleaned, where the virus is removed from the file.

Worm Code or programs loaded into the memory of computers without users’ knowledge that were created to cause damage or inconvenience to users and their systems. Worms are different from viruses in that there is no clean option available. Worms must be deleted from memory to clean the system.

Page 126: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

126 Glossary

Page 127: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

Index

Aadministrator roles

customer administrator 31domain administrator 31quarantine manager 31reports manager 31

alias domain search 32allow and deny lists

about 19Always Allow command 121antispam classification

options 67antispam content group

create 68options 68view 68

antispam content groupsabout 68content strings 68

antispam filtering policiesabout 66

antivirus policiesnotifications 66options 65

Attachments Threats report 107atttachment quarantine

about 95Audit Trail report 114authentication methods

about 49Internet Message Access Protocol (IMAP) 49LDAP 49password authentication 49Post Office Protocol (POP3) 49

auto-created email address 119

Bblock messages

by subject line 14

CClickProtect Log report 109ClickProtect policies

options 78specifiy 77

ClickProtect report 108configuration changes 120content compliance

customized content keyword categories 20language identification blocking 20predefined content keyword categories 20spam beacon blocking 20spam-specific keyword categories 20URL click-through protection 20

content filteringdictionaries 21

content groupscreate 74options 74view 74

content policiesabout 74

customer servicecontacting 23

Ddenial of service

automatic protection 14distribution list management

about 88options 89

domain accountsmanage 32

domain configurationview 33

domain namesadd 34delete 35

domain policiesabout 58view 58

Page 128: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

128 Index

domain search 32

Eemail addresses

add alias 44convert primary to alias 47delete 45delete alias 46delete multiple aliases 47delete primary 46

email aliaseslimit per user 44

Event Log report 113

Ffail safe spooling

about 89options 90

FailSafe Disaster Recovery 121FailSafe Event Log report 117FailSafe Overview report 116false positives 24file attachment policies

options 80file attachment pollicies

configure 79

Ggroup policy sets

about 54add users 54create group 54subscribe a group 55

Hheuristics

automatic scanning 14hierarchy levels 30HTML shield policies

about 76options 77

Iinbound email

Mail Exchange settings 27inbound email policy

configuration policies 58inbound Mail Exchange records

redirect 27inbound server

configure settings 28Inbound Server Connections report 115infected files

allow delivery 15clean the message 15deny delivery 15quarantine the message 15strip attachment 15

Internet Access Message Protocol (IMAP) authentication

select 53

Llanguage identification blocking

about 22language policies

specify 78LDAP authentication

select 50

Mmessage quarantines

about 93

Nnotification

options 85notification options

view 85notification policies

options 84specify 83

notificationsedit 85

Ooutbound email policy

configure 59outbound server

settings 29

Page 129: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

129Index

Ppassword authentication

select 49Post Office Protocol (POP3) authentication

select 52

QQuarantine Release Log report 111Quarantine Release Overview report 109quarantined messages 119

RRecipient Shield list

about 63options 63

redirected MX Record 120reports

about 100Attachments Threats 107Audit Trail 114ClickProtect Log 109ClickProtect Overview 108Content Threats 106Event Log 113FailSafe Event Log 117FailSafe Overview 116icons 100Inbound Server Connections 115Quarantine Release Log 111Quarantine Release Overview 109Spam Threats 105Threats Overview 102Traffic Overview 100User Activity 112Virus Threats 104

Ssafe message view

about 97Sender Allow and Deny lists

about 60designate domain 61designate email address 60use wildcard characters 61

Sender Allow listoptions 61

Sender Deny list

options 62SMTP Discovery 119spam beacon blocking

about 21spam filtering types

heuristic filters 17language filters 18MIME attachment signature filters 18reputation service 17signature filters 18URL filters 18

spam filtersabout 16

spam quarantineabout 94

spam quarantine messagesoptions 94

Spam Quarantine report 120spam quarantine reporting

configure 70spam reporting policies

options 71Spam Threats report 105suspected spam 23Symantec Bloodhound 15Symantec Hosted Mail Security

about 12functionality 12more information 22refused connections 121virus threat protection 13

Symantec Hosted Mail Security Console 26new password request 26Overview page 26URL access 26

Symantec Probe Network 16Symantec Security Response 16

Ttechnical support

contacting 23Threats Content report 106Threats Overview report 102Traffic Overview report 101

Uunwanted messages 122URL click-through protection

Page 130: Symantec Hosted Mail Security Administration Guide · 12 Introducing Symantec Hosted Mail Security About Symantec Hosted Mail Security About Symantec Hosted Mail Security Symantec

130 Index

about 21user accounts

add automatically through SMTP Discovery 41add manually 38add multiple in batches manually 39allowable characters 37batch file 37create 36create manually 36delete 36delete automatically through SMTP

Discovery 42delete manually 40edit 48entry format 38manage 35manage with email addresses 43

User Activity report 112user aliases

add 44prevent users 44

user configurationview 48

User Management 119user roles 30, 31

access rights 42user-level policies

configure 88

Vview policies

edit 58virus scan 14virus signatures

scanning for 14Virus Threats report 104viruses quarantine

about 93options 93


Recommended