[Top] [Prev] [Next] [Bottom]
MAILsweeper for SMTP acts as an SMTP mail
relay. It is deployed between the existing SMTP gateway and the
Internet mail feed.
MAILsweeper for SMTP
comprises three elements:
Following the diagram shown on the previous
page:
When deploying
MAILsweeper for SMTP a decision has to be made regarding where to
place it on the network. There are several possibilities, as
indicated on the diagram below.
1006922
- 1. On the Dirty network - see page 2-6.
- 2. On the Clean network - see page 2-9.
- 3. On the Firewall - see page 2-12.
- 4. On the SMTP gateway - see
page 2-15.
- 5. On the DMZ - see page 2-18.
MAILsweeper for SMTP
can also be configured to:
To deploy MAILsweeper for SMTP on the dirty
network follow the steps outlined below.
- 1. Install a Windows NT machine on the
dirty network, to act as the MAILsweeper host.
The machine should meet the
technical specification outlined. The machine should
also have TCP/IP and RPC services installed and
enabled. See page
2-24 for a full list of pre-requisites the
MAILsweeper host should be configured with.
- 2. Load any anti-virus tools that you
wish to use with MAILsweeper and note their locations.
You will be asked for this information later, during the
installation.
Check the release notes to
ensure compatibility between this release of
MAILsweeper and the anti-virus tools you wish to use.
-
- 3. Install MAILsweeper for SMTP.
See the Installation section on page 2-25 for
details.
- 4. Configure the SMTP gateway to
forward outgoing mail to the MAILsweeper machine.
How this is achieved varies
between gateways. Refer to the user documentation for
your gateway for more details.
- 5. Ensure that mail routing is
configured on the MAILsweeper host so that incoming mail
is forwarded to the SMTP gateway.
This is achieved by specifying
the name of the gateway that handles mail for each
particular domain that mail is being processed for.
This is shown on the next two pages.
For a packet based firewall, add
a route for your own domain to the gateway machine.
In the following example, example.com
is the name of your company email domain and gateway
is the name of the SMTP gateway.
|
See
page 2-41
for more details on setting up MAILsweeper
routing. |
For a proxy based firewall, add
a route for your own domain to the firewall. The
SMTP proxy on the firewall must route the mail to the
gateway machine.
- 6. Secure the firewall
The firewall should be secured
such that:
- Outgoing SMTP can only go to
the MAILsweeper host.
- Incoming SMTP can only come
from the MAILsweeper host.
- 7. Secure the MAILsweeper machine, see page 2-58 for
details.
To deploy MAILsweeper for SMTP on the clean
network follow the steps outlined below.
- 1. Install a Windows NT machine on the
clean network, to act as the MAILsweeper host.
The machine should meet the
technical specification outlined. The machine should
also have TCP/IP and RPC services installed and
enabled. See page
2-24 for a full list of pre-requisites the
MAILsweeper host should be configured with.
- 2. Load any anti-virus tools that you
wish to use with MAILsweeper and note their locations.
You will be asked for this information later, during the
installation.
Check the release notes to
ensure compatibility between this release of
MAILsweeper and the anti-virus tools you wish to use.
- 3. Install MAILsweeper for SMTP.
See the Installation section on page 2-25 for
details.
- 4. Configure the SMTP gateway to
forward outgoing mail to the MAILsweeper machine.
How this is achieved varies
between gateways. Refer to the user documentation for
your gateway for more details.
- 5. Ensure that mail routing is
configured so that incoming mail is forwarded to the SMTP
gateway and, for a proxy firewall, outgoing goes via the
firewall.
This is achieved by specifying
the name of the gateway that handles mail for each
particular domain that mail is being processed for.
This is shown on the next two pages.
For a packet based firewall, add
a route for your own domain to the gateway machine.
In the following example, example.com
is the name of your company email domain and gateway
is the name of the SMTP gateway.
|
See page 2-41
for more details on setting up MAILsweeper
routing.
|
For a proxy based firewall, add
a route for your domain to the gateway host and a
route for all other domains to the firewall. The
entry for all other domains (*.*) should be
the last entry on the list.
- 6. Secure the firewall
The firewall should be secured
such that:
- Outgoing SMTP can only come
from the MAILsweeper host.
- Incoming SMTP can only go to
the MAILsweeper host.
- 7. Secure the MAILsweeper machine, see page 2-58 for
details.
There are two kinds of firewall. Those known
as packet based firewalls and those known as proxy based
firewalls. MAILsweeper for SMTP can be deployed on and co-exist
with either kind of firewall.
To deploy MAILsweeper for SMTP on a packet
based firewall, for example Check Point's Firewall-1, follow the
steps outlined below.
- 1. Load any anti-virus tools that you
wish to use with MAILsweeper and note their locations.
You will be asked for this information later, during the
installation.
Check the release notes to
ensure compatibility between this release of
MAILsweeper and the anti-virus tools you wish to use.
- 2. Install MAILsweeper for SMTP.
See the Installation section on page 2-25 for
details.
- 3. Configure the firewall to ensure
that all SMTP traffic is directed via MAILsweeper.
The rules in the table below
must be set on the firewall.
Where:
- SMTP gateway refers to the
existing SMTP gateway host.
- Clean refers to the clean
network.
- Dirty refers to the dirty
network.
-
To deploy MAILsweeper for SMTP on a proxy
based firewall, for example Raptor, follow the steps outlined
below.
- 1. Load any anti-virus tools that you
wish to use with MAILsweeper and note their locations.
You will be asked for this information later, during the
installation.
Check the release notes to
ensure compatibility between this release of
MAILsweeper and the anti-virus tools you wish to use.
- 2. Install MAILsweeper for SMTP.
See the Installation section on page 2-25 for
details.
- 3. Disable the firewall's SMTP proxy so
that MAILsweeper can take its place.
- 4. Ensure that the SMTP gateway is
configured to forward outgoing mail to the firewall.
How this is achieved varies
between servers. Refer to the user documentation for
your gateway for more details.
- 5. Ensure that mail routing is
configured so that incoming mail is forwarded to the SMTP
gateway.
This is achieved by specifying
the name of the gateway that handles mail for each
particular domain that mail is being processed for.
This is shown below.
Add a route for your domain to
the gateway host.
|
See
page 2-41
for more details on setting up MAILsweeper
routing. |
To deploy MAILsweeper for SMTP on the
gateway follow the steps outlined below.
- 1. Ensure that RPC services are
installed and enabled on the gateway machine.
- 2. Load any anti-virus tools that you
wish to use with MAILsweeper and note their locations.
You will be asked for this information later, during the
installation.
Check the release notes to
ensure compatibility between this release of
MAILsweeper and the anti-virus tools you wish to use.
- 3. Install MAILsweeper for SMTP.
See the Installation section on page 2-25 for
details.
- 4. Allocate a new TCP port for routing
SMTP within the machine.
This must be a port that is not
allocated to any other service. Check the services
files to ensure that the port is free. For example,
you might allocate 20025.
- 5. Configure the gateway to listen to
the newly allocated port.
How this is achieved varies
between gateways. Refer to the user documentation for
your gateway for more details.
-
- 6. Configure the gateway to forward all
outgoing mail to the localhost.1
This forwards the outgoing mail
to MAILsweeper for checking and forwarding to its
destination. How this is achieved varies between
gateways. Refer to the user documentation for your
gateway for more details.
- 7. Add a MAILsweeper routing entry to
forward mail to the gateway.
A route must be added which
forces all mail destined for your domain to go to the
gateway listening on the newly allocated port.
If the gateway is inside a proxy
based firewall, a MAILsweeper routing entry should be
added, to ensure that mail for all other domains goes
via the firewall.
|
See
page 2-41
for more details on setting up MAILsweeper
routing. |
- 8. Secure the gateway machine, see page 2-58 for
details.
To deploy MAILsweeper for SMTP on the DMZ
follow the steps outlined below.
- 1. Install a Windows NT machine on the
DMZ, to act as the MAILsweeper host.
The machine should meet the
technical specification outlined. The machine should
also have TCP/IP and RPC services installed and
enabled. See page
2-24 for a full list of pre-requisites the
MAILsweeper host should be configured with.
- 2. Load any anti-virus tools that you
wish to use with MAILsweeper and note their locations.
You will be asked for this information later, during the
installation.
Check the release notes to
ensure compatibility between this release of
MAILsweeper and the anti-virus tools you wish to use.
- 3. Install MAILsweeper for SMTP.
See the Installation section on page 2-25 for
details.
- 4. Configure the SMTP gateway to
forward outgoing mail to the MAILsweeper machine.
How this is achieved varies
between gateways. Refer to the user documentation for
your gateway for more details.
- 5. Ensure that mail routing is
configured so that incoming mail is forwarded to the SMTP
gateway.
It may also be necessary to send
outbound mail to the firewall, if it is a proxy
firewall.
For a packet based firewall, add
a route for your own domain to the gateway machine.
In the following example, example.com
is the name of your company email domain and gateway
is the name of the SMTP gateway.
For a proxy based firewall, add
a route for your domain to the gateway host and a
route for all other domains to the firewall. The
entry for all other domains (*.*) should be
the last entry on the list.
- 6. Secure the firewall
The firewall should be secured
such that:
- Outgoing SMTP can only come
from the MAILsweeper host.
- Incoming SMTP can only go to
the MAILsweeper host.
- 7. Secure the MAILsweeper machine, see page 2-58 for
details.
You may already have a MIMEsweeper for
FireWall-1 deployed but may wish to also deploy a MAILsweeper for
SMTP, for the enhanced functionality that it can offer.
With some
modifications to your existing firewall configuration your
MIMEsweeper for FireWall-1 installation and MAILsweeper for SMTP
installation can coexist on the same network.
To deploy MAILsweeper
to coexist with MIMEsweeper for FireWall-1 follow the steps
outlined below.
- 1. Disable SMTP checking in MIMEsweeper
for FireWall-1.
-
- 2. Reconfigure the firewall by
modifying the security policy so that it does not forward
SMTP data to MIMEsweeper for FireWall-1 for validation.
This is because SMTP data can now be validated by the
MAILsweeper for SMTP installed during step 3.
-
- 3. Deploy MAILsweeper for SMTP on the
network.
See the diagram on page 2-5 and
the relevant deployment section for details on how to
achieve this.
On the Dirty network -
see page 2-6.
On the Clean network -
see page 2-9.
On the Firewall - see
page 2-12.
On the SMTP gateway -
see page
2-15.
On the DMZ - see page 2-18.
MAILsweeper can be configured to use a
dial-up connection for sending and receiving mail. This may suit
small to medium companies who do not wish to maintain a permanent
Internet connection.
At pre-defined
intervals, a dial-up connection is made to your ISP. Once
connected, a request is made to the ISP's mail server to send
your incoming mail. MAILsweeper will also attempt to deliver
outgoing mail through the normal mail routing mechanism, that is,
DNS and routing. If required, you can configure the routing such
that all outgoing mail is routed to your ISP's mail server for
forwarding, this may help to reduce connection times. When there
is no more outgoing mail to send and no more incoming mail to
receive, the dial-up connection is closed.
To configure
MAILsweeper for SMTP to use a dial-up connection follow the steps
outlined below.
- 1. Install a Windows NT machine, to act
as the MAILsweeper host.
The machine should meet the
technical specification outlined. The machine should
also have TCP/IP and RPC services installed and
enabled. See page
2-24 for a full list of pre-requisites the
MAILsweeper host should be configured with.
- 2. Load any anti-virus tools that you
wish to use with MAILsweeper and note their locations.
You will be asked for this information later, during the
installation.
Check the release notes to
ensure compatibility between this release of
MAILsweeper and the anti-virus tools you wish to use.
- 3. Install MAILsweeper for SMTP.
See the Installation section on page 2-25 for
details.
- 4. Install the Windows NT Remote Access
Service (RAS).
Dial-up support requires this
service. It is installed via the Network
icon, found in the Control Panel. Select the Services
tab and click on the Add... button to add
the new service.
- 5. Define a phone book entry for
connecting with your ISP.
MAILsweeper uses Windows NT
Dial-Up Networking (part of the Remote Access
Service) to initiate the dial-up connection. A
Dial-Up Networking phone book entry has to be
defined, specifying the phone number you need to dial
to connect to your ISP.
This entry can be defined in one
of two ways:
- By clicking on the Windows NT
4.0 Start button, pointing to Programs,
Accessories and then clicking on the Dial-Up
Networking program name.
- By clicking on the Edit
button found on the Dial-up tab of the
MAILsweeper console dialog box.
See the Dial-up support section
on page 2-49
for details.
It is recommended that you test
this dial-up connection manually, to ensure that it
is set up correctly. This can be done using Dial-up
Networking or the RASDIAL command (see page 2-51).
- 6. Configure the SMTP dial-up
connection for sending and receiving mail. This can be
configured to your own requirements.
See the Dial-up support section
on page 2-49
for details.
[Top] [Prev] [Next] [Bottom]
1 localhost is an alias to the
address 127.0.0.1 or loopback address.
msw.support@mimesweeper.com
Copyright © 1998, Content Technologies Limited. All rights
reserved.