- SSH Key Management: Functionality has been included to allow the use of public/private key pairs for automated remote login. This enables the use of many
of the command line functions from an automated system via SSH, with increased security. Previously, using this command automatically from a script required
passwords to be stored in clear text within scripts. Which presents a security risk.
- ACL Synchronization: Version 5.5 includes user account synchronization functions. These functions allow credentials to be pulled from one system, and
uploaded to another system. This ensures that the same set of usernames, and passwords exist on all systems.
- ASDB Administration: The asdbadmin command line interface has been enhanced to allow querying of an IP's spam reputation remotely. The asdbadmin
show command in conjunction with the SSH Key Management feature will allow spam reputations to be accessed from external systems if required.
- Bucket Utilization: A command is now available to display the bucket utilization in real-time. This functionality displays the number of connections currently
assigned to each bucket, as well as the utilization percentage, and optionally, the system wide statistics.
- TCPDump access: A new command, tcpdump, which allows the real-time inspection of traffic passing through the appliance for diagnostic purposes. For
performance reasons, the use of specific filters is required when executing this command. Please see the Symantec Mail Security 8160 Implementation
Guide for further details.
- LCD Control: Allows the text on the LCD display for the Dell 1950-based appliances to be displayed. This can be used to identify appliances in a rack or set
general messages to be displayed.
- Diagnosis per IP Improvements: The Diagnosis per IP feature has been improved to capture the envelope sender, and recipients. They are now stored
inside the header of the message on disk for later analysis.
- No alert sent when software updates were available: The previous version, 5.1, had a known issue that prevented notifications from being sent when a
newer version was available. This also prevented notifications regarding 5.5 from being sent. This has been fixed.
- Maximum reconnect timeout value enforced: The reconnect timeout value now has a maximum limit, that is enforced to prevent a configuration that causes
all memory to be exhausted. The new limit is 7200 seconds. However, Symantec recommends using the default value, except in special circumstances.
- Default Pass-thru stage bandwidth limit increase: The bandwidth available to new connections using resources from the Default bucket has been increased
to accommodate larger sites.
- Libasrshm prevented messages from being sampled: Certain SMTP command sequences could prevent messages from being sampled, and therefore
preventing them from contributing to the spam reputation of an IP address. This condition has been corrected in version 5.5.
- Issues with the e1000 driver: Some issues were reported related to the e1000 driver that caused network errors, and interrupted traffic. This problem was
not common. The driver configuration has been updated to prevent this.
- Stunnel logging: The stunnel daemon logging level has been increased to provide better diagnostic capabilities.
This KB summarizes important information to be aware of in version 5.5 of Symantec Mail Security 8160. This release is predominantly a hardware
support release to accommodate the new Dell 1950 MLK III platform. This platform includes additional memory and processor cores that enable
increased message sampling capacity.