Following these steps ensures that you get the best performance and the most effective filtering from the message security service.
Health Check shows you the best practices and recommended settings for the message security service. You can maximize the performance of the service by making a few quick changes to your configuration. Click the Health Check tab in the Administration Console to review your settings and identify any settings that you may need to adjust.
|
Configure additional domains to ensure that all domains are filtered by the message security service.
|
If you have multiple domains, you need to add these domains to the messsage security service. Also, if you have multiple interchangeable domains (for example, jumboinc.com, jumboinc.corp.com, jumboinc.net) set up domain aliasing.
|
|
Lock down the firewall for each of your email servers so that spam and viruses can't circumvent the message security service.
|
Some virus and spam senders specifically target mail servers using low-priority DNS MX records or by looking up a server directly using an common naming convention like mail.yourdomain.com. To prevent malicious sender bypassing the message security service, we highly recommend that you add all of your domains to the service, then configure your email servers to accept mail only from the service’s data center.
See IP Ranges and Security for the email security IP addresses to use when locking down your firewall.
If you have traffic routing to multiple email servers at your site, you will need to create additional server configurations.
See Configuring Inbound Servers for detailed procedures on adding email servers and setting up load balancing and failover if you have multiple email servers.
Review the requirements for your organization’s users and email policy, and design your organizational hierarchy. For example, decide which users should have access to the Message Center, and whether obvious spam is blackholed or quarantined. For smaller groups of users, this is a relatively simple and quick task.
See Organization Hierarchy & Design for information on organizations.
|
|
Configure the default user settings for spam filtering, virus blocking, and the Message Center and Quarantine Summary (if available with your service package). For best practices and recommendations for your settings, click the Health Check tab in the Administration Console.
|
Configure and customize the notification messages for your users. The default Welcome notification is sent immediately to new users; you can also customize this notification with more information.
The Quarantine Summary sends users a convenient daily digest of the quarantined messages, and is highly recommended.
The Message Center can also be branded and customized with your logo and layout requirements.
You can also set your users’ preferred language for the Quarantine Summary notifications and Message Center. See Set Permissions for an Organization for instructions.
You can add a small group of users as a pilot group before rolling out to your company. For information on user authentication, see User Authentication.
|
|
Automatic Account Creation, an automated feature to add new users who receive valid mail
See Add Users Automatically (Automatic Account Creation). |
You can create accounts for administrators and support staff, and set authorizations for different levels of access.
We recommend you set up alerts for Delivery Manager and Spool Manager. If your email server becomes unavailable, the message security service can send you a notification.
Spooling of email is an optional feature. For more information about your service package and options, contact your account manager or vendor.
See Spool Manager for the procedure.
Blatant Spam Blocking, which is enabled by default for new accounts, automatically deletes most obvious junk messages. This feature can stop more than half of all spam, by detecting the most blatant spam messages, and automatically blocking or blackholing (deleting) them. Blatant Spam Block reduces the amount of spam you must manage and your users see in their Message Center.
|
|
If necessary, set up Connection Manager for automatic attack blocking. Set the “Virus Outbreak” sensitivity to Very High.
|
Connection Manager, which detects and blocks attacks against your email servers based on sending IP behaviors, is highly recommended for all customers. For new accounts, Connection Manager protection is turned on and set to “Normal” sensitivity against all attacks (Directory Harvest Attacks, Spam Attacks, and Email Bombs). Be sure to set Virus Outbreak sensitivity to “Very High.” (Click the Health Check tab in the Administration Console for additional recommendations and best practices.)
If you are using a mail server that issues asynchronous bounces (such as Microsoft Exchange), enable the Directory Harvest Attack feature to handle these bounces once you have set up a majority of your users.
|
|
Content Manager (if available with your service package)
|
|
|
Attachment Manager (if available with your service package)
|
|
|
Industry Heuristics (if available with your service package)
|
|
|
Protect against Directory Harvest Attacks with Connection Manager or Non-Account Bouncing.
|
There are two common methods for protecting against Directory Harvest Attacks: Non-Account Bouncing and Connection Manager. Connection Manager includes a setting called Asymmetric Bounce. These are two similar but very distinct settings on your server.
Non-Account Bouncing is an organization setting, set in your user organization. If enabled, Non-Account Bouncing rejects mail to any address not registered in Perimeter Manager.
It is important to add every address, alias and mailing list before you enable Non-Account Bouncing. Users not added will never receive outside mail.
Connection Manager is set on the email config level, as an Inbound Servers setting. It includes the ability to detect Directory Harvest Attacks. If a sender sends email to many invalid addresses in a short period of time, Connection Manager will block all mail from that sender.
Usually, Connection Manager bases this decision on SMTP error codes from your server, but some servers (including Microsoft Exchange) do not send these codes. In this case, you can enable Asymmetric Bounce. If Asymmetric Bounce is enabled, Connection Manager compares the recipient addresses on incoming email to your registered user list. If a enough recipients are not on your user list, Connection Manager blocks email from that sender.
Add your users before enabling Asynchronous Bounce. If you have not added your users, Connection Manager may block valid senders. However, unlike Non-Account Bouncing, you don't need to add every user. If you have added 90% of your users added, it is safe to enable Asynchronous Bounce.
Both Non-Account Bouncing and Connection Manager (with Asynchronous Bounce) will protect your server from the heavy load of a Directory Harvest Attack, and both require that you have added users. Non-Account Bouncing is a complete block of all unregistered accounts, while Connection Manager blocks a sender when a threat is detected.
After you have added all users, aliases and mailing lists to the message security service, and established a policy for adding new users, consider enabling Non-Account Bouncing.
Non-Account Bouncing blocks all mail send to addresses not listed in the message security service. This provides protection against directory harvest attacks, but will block all mail to addresses not registered in the message security service.
|
a.
|
Be sure that you have set up a support contact with your provider for emergency service. If you have access to the support portal, set up a support portal account.
|
|
c.
|
Set up an internal process for the unlikely event of a service outage (for example, changing MX records and firewall settings).
|
|
d.
|
Be aware of the troubleshooting procedures for mail flow and filtering.
For troubleshooting mail flow problems, see Test Tools & Mail Flow Troubleshooting and Spam Filters. |