Best practices for deploying Symantec Messaging Gateway (SMG) appliances.
Symantec recommends multiple SMG hosts are placed in the same physical location.
If Messaging Gateway hosts must be deployed in different remote locations and communication issues occur between hosts (i.e. outdated statistics, timeouts, host status not available on the GUI, etc), Symantec recommends that you have one Messaging Gateway Control Center at each location.
Each hostname must have a proper A and PTR record in your DNS. To ensure you have proper entries, use nslookup.
The following commands must return the same results for each host that you query.
Note: This command asks if you have an A record against the hostname mx.domain.com.
Note: This command asks if you have a PTR record against the IP address 10.10.10.2.
Note: This means that host mx.example.com resolves to IP address 10.10.10.2. The opposite is also true: IP address 10.10.10.2 resolves back to mx.example.com
Sender Policy Framework helps protect against email forgery, and Symantec highly recommended you have DNS records for it.
To set up these records, see:
Sender ID is DNS-based, and helps maintain your sender reputation. See Sender ID on Microsoft.com.
Note: Symantec also supports this technology with Messaging Gateway, accessible by clicking Spam > Settings, and then clicking the Sender Authentication tab. Here we perform the same check against other external domains.
By default, Messaging Gateway will not enable antispam scanning for outbound traffic. However, there are cases where this may help mitigate threats coming from your internal environment to the Internet that were previously unknown.
Note: This setting can be enabled per group, so you can enable it only for a set of addresses or users. For more information, see Whitelist outbound traffic when email spam scanning is enabled for outbound messages
These tools and guidelines will help you solve issues around deployments.