Learn best practices for deploying Symantec Messaging Gateway (SMG) appliances.
Before deploying new mail gateways, you need to ensure your environment is a trusted source of mail. Due to the high number of spam found across the Internet, ISPs and companies are very strict about accepting mail from new sources. This article will help you meet those standards.
If you are deploying multiple Messaging Gateway hosts, Symantec recommends that all of them are placed in the same geographical location.
If Messaging Gateway hosts must be deployed in different remote locations and communication issues occur between hosts (i.e. outdated statistics, timeouts, host status not available on the GUI, etc), Symantec recommends that you have one Messaging Gateway Control Center at each location.
Ensure you have DNS records for the Messaging Gateway scanners. Most ISP's and companies will rely on accurate information, so make sure the hostnames in your DNS matches the MTA hostname on the Messaging Gateway scanners.
Keep in mind that you may have different hostnames and MTA hostnames across Messaging Gateway appliances. The MTA hostname is used to validate the MX record and can be easily changed.
Generally, you must have proper MX, A and PTR records for each host that will handle email.
Sender ID is DNS-based, and helps maintain your sender reputation. See Sender ID on Microsoft.com.
Note: Symantec also supports this technology with Messaging Gateway, accessible by clicking Spam > Settings, and then clicking the Sender Authentication tab. Here we perform the same check against other external domains.
Enable outbound spam scanning on Messaging Gateway
By default, Messaging Gateway will not enable antispam scanning for outbound traffic. However, there are cases where this may help mitigate threats coming from your internal environment to the Internet that were previously unknown.
To enable outbound spam scanning
Log in to the SMG Control Center.
Click Administration > Users > Policy Groups.
In the right pane, click Default.
Click the Spam tab.
Check Enable outbound email spam scanning for this group.
In the drop-down menu, select the appropriate policies for Spam and Suspected Spam.
Note: You can customize these policies later under the Spam tab.