Professional Documents
Culture Documents
COPYRIGHT Copyright 2008 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. TRADEMARK ATTRIBUTIONS AVERT, EPO, EPOLICY ORCHESTRATOR, FLASHBOX, FOUNDSTONE, GROUPSHIELD, HERCULES, INTRUSHIELD, INTRUSION INTELLIGENCE, LINUXSHIELD, MANAGED MAIL PROTECTION, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, MCAFEE.COM, NETSHIELD, PORTALSHIELD, PREVENTSYS, PROTECTION-IN-DEPTH STRATEGY, PROTECTIONPILOT, SECURE MESSAGING SERVICE, SECURITYALLIANCE, SITEADVISOR, THREATSCAN, TOTAL PROTECTION, VIREX, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. License Attributions Refer to the product Release Notes.
Contents
Email Security Appliance Best Practices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
The order in which the appliance scans email. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Suggested optimum Email Security Appliance configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Frequently asked questions about the Email Security Appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Email Security Appliance Best Practices Suggested optimum Email Security Appliance configuration
Using all these checks provides optimum protection and usage of the appliance's resources because most of the bad content and messages are dropped or blocked before the scanning phase.
Email Security Appliance Best Practices Frequently asked questions about the Email Security Appliance
To check for valid recipient addresses, go to Email | Email Configuration | Receiving Email | Recipient Authentication. In Recipient checks, select either If the recipient is not in the following list and enter email addresses to validate. You can also select Or if the recipient is not listed in LDAP and choose the Reject or Accept and ignore the recipientactions.
How do I create and use email policies? Go to Email | Email Policies | Add Policy. Do domain names in policies affect performance? McAfee recommends that you avoid using domain names in policy settings because it might be necessary to perform DNS lookups to compare the domain of the incoming connection with that of the configured ones for policy application. DNS lookups can potentially cause a delay. NOTE: If you notice a significant reduction in performance, McAfee recommends that you check: The health of the DNS server(s) The response time for DNS queries. Whether policies that have domain names configured can have the domain names replaced with IP addresses. How does policy priority work? Policies are always applied in the order that they appear in the list, that is, the topmost policy in the list takes precedence if a user or device is affected by two or more policies. When there is more than one user-defined policy, you can use the up and down arrows in the Move column to change the order of the policies (and therefore their precedence). Why can Connections and Listeners not be configured in Email Security Appliance 5.0 SMTP settings? Email Security Appliance 5.0 uses asynchronous processes to handle SMTP proxy settings which results in better concurrent connection handling capabilities. The necessary parameters are already configured on the appliance to give optimum performance and do not need to be altered.
Email Security Appliance Best Practices Frequently asked questions about the Email Security Appliance
Can email delivery be prioritized? You can prioritize email delivery by specifying per-domain settings such as the number of messages per connection, and the retry interval. To configure per domain settings, go to Email | Email Configuration | Sending Email | Queued Email Delivery | Per domain settings and add the required settings. The domain's priority is in the order of their appearance in the Per-domain settings list. How can I resolve my appliance having too many connections and a high CPU? You may experience high CPU usage because too many messages are arriving at the appliance at the same time which require a large amount of processing. To resolve the issue, try the configuration changes listed in this FAQ section. If the high CPU usage continues after the configuration changes, contact your McAfee Technical Support representative. Will having more than one RBL server configured impact appliance performance? Multiple RBL servers impact performance because the appliance does RBL lookups until it has found that the connecting IP address is blacklisted or it has no more RBL servers to check. NOTE: The default appliance RBL server is
cidr.bl.mcafee.com
. Is it beneficial to have more than one DNS server configured? It is not necessary to have more than one DNS server configured, as long as the configured server is available and responsive. If there are multiple DNS servers present, adding the addresses of those servers as part of the DNS configuration, provides fault tolerance and is not detrimental. NOTE: DNS servers are used in the order in which they appear in the list. Can I reduce or avoid email queues building up on my MTA when I proxy through an Email Security Appliance? Queues build up when: The MTA is not supplying enough messages to the appliance. To confirm whether this is happening, check the CPU and memory usage on the appliance. If they have low values, it means the appliance is not being fully utilized. The appliance is overly busy and either connection to port 25 of the appliance times out or there are excessive delays. To confirm whether this is happening, either telnet to the appliances' IP address on port 25 and check the response time or perform a packet capture on the MTA or the appliance and look for any delays between requests and responses. There are several options to keep the queues at optimum levels: Concurrently supply as many messages as possible from the MTA by either Increasing the number of connections established by the MTA with the appliance. Decreasing the number of messages sent over every connection established with the appliance. Using both these options together ensures that many messages are sent in parallel which keeps the queues low.
Email Security Appliance Best Practices Frequently asked questions about the Email Security Appliance
Change the SMTP retryer settings to handle a larger number of deferred messages at any given point in time. Contact your McAfee Technical Support representative for more information. Combine the first two solutions. NOTE: McAfee recommends you do not enable the store and forward feature on an appliance running in explicit proxy mode because it only moves queues from the MTA to the appliance.