PROBLEM
We need to run a Libraesva ESG POC in a transparent mode with Libraesva ESG deployed in front of a Symantec SMG gateway. In short all messages originating from the internet will go through Libraesva ESG for tagging and then delivered to Symantec SMG, for the effective analysis and blocking. What changes do I need to make to my Symantec SMG Gateway to accept messages passed by Libraesva ESG?
SOLUTION
You need to refer to Symantec SMG manual, section: “Specifying internal mail hosts for non-gateway deployments“, or Symantec HOWTO126617
From this guide:
Internal mail hosts are mail transfer agents (MTAs) that pass email from the Internet to a Scanner. If your Scanners are at the Internet gateway, you do not need to specify internal mail hosts. However, if your network is configured with one or more MTAs that are, with respect to inbound mail flow, upstream from your Scanners, you must specify the IPv4 addresses or IPv6 addresses of these MTAs as internal mail hosts. IPv6 addresses can be specified as addresses or ranges.
If your network has MTAs that are upstream from Symantec Messaging Gateway, it is important to specify these MTAs as internal mail hosts for the following reasons:
-
Email from upstream MTAs to Scanners will likely contain some spam messages. Scanners will see all external email as coming from the IP addresses of the gateway MTAs. If you have enabled Connection Classification, this may result in all email arriving from the Internet being deferred.
-
Scanners will not be able to determine the IP address of a sender. Sender groups that match IP addresses such as Local Bad Sender IPs will not function properly.
In addition to internal mail hosts you can add, Symantec Messaging Gateway displays a series of IP address ranges in the internal hosts list.
Follow these procedures to add or delete internal mail hosts from which the Scanner is always allowed to receive mail.
To add an internal mail host to the list of allowed hosts
-
From the Control Center, click Administration > Hosts > Configuration.
-
Check the Scanner that you want to configure.
-
Click Edit.
-
Click the Internal Mail Hosts tab.
-
Specify the IP address for an internal mail host.
You can specify an IPv4 address or an IPv6 address.
Individual IPv6 addresses can be specified in any standard IPv6 format and are stored and displayed in shortened format. Ranges are expressed in CIDR notation, as a combination of an address part and a prefix.
-
Click Add.
-
Click Save to store the information.
To delete an internal mail host
-
From the Control Center, click Administration > Hosts > Configuration.
-
Check the Scanner you want to configure.
-
Click Edit.
-
Click the Internal Mail Hosts tab.
-
Select an internal mail host.
-
Click Delete.
If you delete any of the default internal mail hosts, a warning message appears.
-
Click Save to store the information.