[Top] [Prev] [Next] [Bottom]




SMTP deployment


MAILsweeper for SMTP acts as an SMTP mail relay. It is deployed between the existing SMTP gateway and the Internet mail feed.

MAILsweeper for SMTP comprises three elements:

Following the diagram shown on the previous page:

When deploying MAILsweeper for SMTP a decision has to be made regarding where to place it on the network. There are several possibilities, as indicated on the diagram below.

1006922

1. On the Dirty network - see page 2-6.
2. On the Clean network - see page 2-9.
3. On the Firewall - see page 2-12.
4. On the SMTP gateway - see page 2-15.
5. On the DMZ - see page 2-18.

MAILsweeper for SMTP can also be configured to:

On the dirty network

To deploy MAILsweeper for SMTP on the dirty network follow the steps outlined below.

1. Install a Windows NT machine on the dirty network, to act as the MAILsweeper host.

The machine should meet the technical specification outlined. The machine should also have TCP/IP and RPC services installed and enabled. See page 2-24 for a full list of pre-requisites the MAILsweeper host should be configured with.

2. Load any anti-virus tools that you wish to use with MAILsweeper and note their locations. You will be asked for this information later, during the installation.

Check the release notes to ensure compatibility between this release of MAILsweeper and the anti-virus tools you wish to use.

There are several evaluation copies of anti-virus tools supplied on the installation CD-ROM. Note that the set-up software does not automatically install these anti-virus tools.
3. Install MAILsweeper for SMTP.

See the Installation section on page 2-25 for details.

4. Configure the SMTP gateway to forward outgoing mail to the MAILsweeper machine.

How this is achieved varies between gateways. Refer to the user documentation for your gateway for more details.

5. Ensure that mail routing is configured on the MAILsweeper host so that incoming mail is forwarded to the SMTP gateway.

This is achieved by specifying the name of the gateway that handles mail for each particular domain that mail is being processed for. This is shown on the next two pages.

For a packet based firewall, add a route for your own domain to the gateway machine.

In the following example, example.com is the name of your company email domain and gateway is the name of the SMTP gateway.

See page 2-41 for more details on setting up MAILsweeper routing.

For a proxy based firewall, add a route for your own domain to the firewall. The SMTP proxy on the firewall must route the mail to the gateway machine.

6. Secure the firewall

The firewall should be secured such that:

- Outgoing SMTP can only go to the MAILsweeper host.

- Incoming SMTP can only come from the MAILsweeper host.

Refer to your firewall documentation for more details.

7. Secure the MAILsweeper machine, see page 2-58 for details.

On the clean network

To deploy MAILsweeper for SMTP on the clean network follow the steps outlined below.

1. Install a Windows NT machine on the clean network, to act as the MAILsweeper host.

The machine should meet the technical specification outlined. The machine should also have TCP/IP and RPC services installed and enabled. See page 2-24 for a full list of pre-requisites the MAILsweeper host should be configured with.

2. Load any anti-virus tools that you wish to use with MAILsweeper and note their locations. You will be asked for this information later, during the installation.

Check the release notes to ensure compatibility between this release of MAILsweeper and the anti-virus tools you wish to use.

There are several evaluation copies of anti-virus tools supplied on the installation CD-ROM. Note that the set-up software does not automatically install these anti-virus tools.
3. Install MAILsweeper for SMTP.

See the Installation section on page 2-25 for details.

4. Configure the SMTP gateway to forward outgoing mail to the MAILsweeper machine.

How this is achieved varies between gateways. Refer to the user documentation for your gateway for more details.

5. Ensure that mail routing is configured so that incoming mail is forwarded to the SMTP gateway and, for a proxy firewall, outgoing goes via the firewall.

This is achieved by specifying the name of the gateway that handles mail for each particular domain that mail is being processed for. This is shown on the next two pages.

For a packet based firewall, add a route for your own domain to the gateway machine.

In the following example, example.com is the name of your company email domain and gateway is the name of the SMTP gateway.

See page 2-41 for more details on setting up MAILsweeper routing.

For a proxy based firewall, add a route for your domain to the gateway host and a route for all other domains to the firewall. The entry for all other domains (*.*) should be the last entry on the list.

6. Secure the firewall

The firewall should be secured such that:

- Outgoing SMTP can only come from the MAILsweeper host.

- Incoming SMTP can only go to the MAILsweeper host.

Refer to your firewall documentation for more details.

7. Secure the MAILsweeper machine, see page 2-58 for details.

On the firewall

There are two kinds of firewall. Those known as packet based firewalls and those known as proxy based firewalls. MAILsweeper for SMTP can be deployed on and co-exist with either kind of firewall.

Packet based firewall

To deploy MAILsweeper for SMTP on a packet based firewall, for example Check Point's Firewall-1, follow the steps outlined below.

1. Load any anti-virus tools that you wish to use with MAILsweeper and note their locations. You will be asked for this information later, during the installation.

Check the release notes to ensure compatibility between this release of MAILsweeper and the anti-virus tools you wish to use.

There are several evaluation copies of anti-virus tools supplied on the installation CD-ROM. Note that the set-up software does not automatically install these anti-virus tools.

2. Install MAILsweeper for SMTP.

See the Installation section on page 2-25 for details.

3. Configure the firewall to ensure that all SMTP traffic is directed via MAILsweeper.

The rules in the table below must be set on the firewall.

Source Destination Service Action
SMTP gateway localhost SMTP ACCEPT
Clean localhost SMTP STOP
Dirty localhost SMTP ACCEPT
Any Any SMTP STOP

Where:

- SMTP gateway refers to the existing SMTP gateway host.

- Clean refers to the clean network.

- Dirty refers to the dirty network.

Refer to your firewall documentation for more details.

Proxy based firewall

To deploy MAILsweeper for SMTP on a proxy based firewall, for example Raptor, follow the steps outlined below.

1. Load any anti-virus tools that you wish to use with MAILsweeper and note their locations. You will be asked for this information later, during the installation.

Check the release notes to ensure compatibility between this release of MAILsweeper and the anti-virus tools you wish to use.

There are several evaluation copies of anti-virus tools supplied on the installation CD-ROM. Note that the set-up software does not automatically install these anti-virus tools.
2. Install MAILsweeper for SMTP.

See the Installation section on page 2-25 for details.

3. Disable the firewall's SMTP proxy so that MAILsweeper can take its place.

Refer to your firewall documentation for more details.

4. Ensure that the SMTP gateway is configured to forward outgoing mail to the firewall.

How this is achieved varies between servers. Refer to the user documentation for your gateway for more details.

5. Ensure that mail routing is configured so that incoming mail is forwarded to the SMTP gateway.

This is achieved by specifying the name of the gateway that handles mail for each particular domain that mail is being processed for. This is shown below.

Add a route for your domain to the gateway host.

See page 2-41 for more details on setting up MAILsweeper routing.
 

On the SMTP gateway

To deploy MAILsweeper for SMTP on the gateway follow the steps outlined below.

1. Ensure that RPC services are installed and enabled on the gateway machine.
2. Load any anti-virus tools that you wish to use with MAILsweeper and note their locations. You will be asked for this information later, during the installation.

Check the release notes to ensure compatibility between this release of MAILsweeper and the anti-virus tools you wish to use.

There are several evaluation copies of anti-virus tools supplied on the installation CD-ROM. Note that the set-up software does not automatically install these anti-virus tools.
3. Install MAILsweeper for SMTP.

See the Installation section on page 2-25 for details.

4. Allocate a new TCP port for routing SMTP within the machine.

This must be a port that is not allocated to any other service. Check the services files to ensure that the port is free. For example, you might allocate 20025.

5. Configure the gateway to listen to the newly allocated port.

How this is achieved varies between gateways. Refer to the user documentation for your gateway for more details.

The SMTP gateway must be able to configure which TCP/IP port it receives mail on. It is only possible to deploy MAILsweeper for SMTP on the gateway if the gateway has this facility.
6. Configure the gateway to forward all outgoing mail to the localhost.1

This forwards the outgoing mail to MAILsweeper for checking and forwarding to its destination. How this is achieved varies between gateways. Refer to the user documentation for your gateway for more details.

7. Add a MAILsweeper routing entry to forward mail to the gateway.

A route must be added which forces all mail destined for your domain to go to the gateway listening on the newly allocated port.

If the gateway is inside a proxy based firewall, a MAILsweeper routing entry should be added, to ensure that mail for all other domains goes via the firewall.

See page 2-41 for more details on setting up MAILsweeper routing.

8. Secure the gateway machine, see page 2-58 for details.

On the DMZ

To deploy MAILsweeper for SMTP on the DMZ follow the steps outlined below.

1. Install a Windows NT machine on the DMZ, to act as the MAILsweeper host.

The machine should meet the technical specification outlined. The machine should also have TCP/IP and RPC services installed and enabled. See page 2-24 for a full list of pre-requisites the MAILsweeper host should be configured with.

2. Load any anti-virus tools that you wish to use with MAILsweeper and note their locations. You will be asked for this information later, during the installation.

Check the release notes to ensure compatibility between this release of MAILsweeper and the anti-virus tools you wish to use.

There are several evaluation copies of anti-virus tools supplied on the installation CD-ROM. Note that the set-up software does not automatically install these anti-virus tools.
3. Install MAILsweeper for SMTP.

See the Installation section on page 2-25 for details.

4. Configure the SMTP gateway to forward outgoing mail to the MAILsweeper machine.

How this is achieved varies between gateways. Refer to the user documentation for your gateway for more details.

5. Ensure that mail routing is configured so that incoming mail is forwarded to the SMTP gateway.

It may also be necessary to send outbound mail to the firewall, if it is a proxy firewall.

For a packet based firewall, add a route for your own domain to the gateway machine.

In the following example, example.com is the name of your company email domain and gateway is the name of the SMTP gateway.

See page 2-41 for more details on setting up routing.

For a proxy based firewall, add a route for your domain to the gateway host and a route for all other domains to the firewall. The entry for all other domains (*.*) should be the last entry on the list.

6. Secure the firewall

The firewall should be secured such that:

- Outgoing SMTP can only come from the MAILsweeper host.

- Incoming SMTP can only go to the MAILsweeper host.

Refer to your firewall documentation for more details.
7. Secure the MAILsweeper machine, see page 2-58 for details.

With MIMEsweeper for FireWall-1

You may already have a MIMEsweeper for FireWall-1 deployed but may wish to also deploy a MAILsweeper for SMTP, for the enhanced functionality that it can offer.

With some modifications to your existing firewall configuration your MIMEsweeper for FireWall-1 installation and MAILsweeper for SMTP installation can coexist on the same network.

To deploy MAILsweeper to coexist with MIMEsweeper for FireWall-1 follow the steps outlined below.

1. Disable SMTP checking in MIMEsweeper for FireWall-1.
 
See the MIMEsweeper for FireWall-1 manual for details on how to disable the SMTP protocol.

2. Reconfigure the firewall by modifying the security policy so that it does not forward SMTP data to MIMEsweeper for FireWall-1 for validation. This is because SMTP data can now be validated by the MAILsweeper for SMTP installed during step 3.

Refer to the FireWall-1 manual for more details.

3. Deploy MAILsweeper for SMTP on the network.

See the diagram on page 2-5 and the relevant deployment section for details on how to achieve this.

On the Dirty network - see page 2-6.

On the Clean network - see page 2-9.

On the Firewall - see page 2-12.

On the SMTP gateway - see page 2-15.

On the DMZ - see page 2-18.

Using a dial-up connection

MAILsweeper can be configured to use a dial-up connection for sending and receiving mail. This may suit small to medium companies who do not wish to maintain a permanent Internet connection.

At pre-defined intervals, a dial-up connection is made to your ISP. Once connected, a request is made to the ISP's mail server to send your incoming mail. MAILsweeper will also attempt to deliver outgoing mail through the normal mail routing mechanism, that is, DNS and routing. If required, you can configure the routing such that all outgoing mail is routed to your ISP's mail server for forwarding, this may help to reduce connection times. When there is no more outgoing mail to send and no more incoming mail to receive, the dial-up connection is closed.

To configure MAILsweeper for SMTP to use a dial-up connection follow the steps outlined below.

1. Install a Windows NT machine, to act as the MAILsweeper host.

The machine should meet the technical specification outlined. The machine should also have TCP/IP and RPC services installed and enabled. See page 2-24 for a full list of pre-requisites the MAILsweeper host should be configured with.

2. Load any anti-virus tools that you wish to use with MAILsweeper and note their locations. You will be asked for this information later, during the installation.

Check the release notes to ensure compatibility between this release of MAILsweeper and the anti-virus tools you wish to use.

There are several evaluation copies of anti-virus tools supplied on the installation CD-ROM. Note that the set-up software does not automatically install these anti-virus tools.
3. Install MAILsweeper for SMTP.

See the Installation section on page 2-25 for details.

4. Install the Windows NT Remote Access Service (RAS).

Dial-up support requires this service. It is installed via the Network icon, found in the Control Panel. Select the Services tab and click on the Add... button to add the new service.

Refer to your Windows NT documentation for more details.
5. Define a phone book entry for connecting with your ISP.

MAILsweeper uses Windows NT Dial-Up Networking (part of the Remote Access Service) to initiate the dial-up connection. A Dial-Up Networking phone book entry has to be defined, specifying the phone number you need to dial to connect to your ISP.

This entry can be defined in one of two ways:

- By clicking on the Windows NT 4.0 Start button, pointing to Programs, Accessories and then clicking on the Dial-Up Networking program name.

Refer to your Windows NT documentation for more details.

- By clicking on the Edit button found on the Dial-up tab of the MAILsweeper console dialog box.

See the Dial-up support section on page 2-49 for details.

It is recommended that you test this dial-up connection manually, to ensure that it is set up correctly. This can be done using Dial-up Networking or the RASDIAL command (see page 2-51).

6. Configure the SMTP dial-up connection for sending and receiving mail. This can be configured to your own requirements.

See the Dial-up support section on page 2-49 for details.



[Top] [Prev] [Next] [Bottom]



1 localhost is an alias to the address 127.0.0.1 or loopback address.

msw.support@mimesweeper.com

Copyright © 1998, Content Technologies Limited. All rights reserved.