These best practices help administrators tune Symantec Messaging Gateway (SMG), to improve overall product performance and stability.
Please ensure that your SMG appliance meets the recommended requirements given in Installation Guide.
Reduce the amount of spam messages that Messaging Gateway processes to increase the resources available for valid messages. To learn how to reduce the amount of spam entering your network, see Spam control best practices for Messaging Gateway.
Consider the number and complexity of Policy Groups and Content Filtering policies. Given the number of variables involved, there is no fixed or optimum number of policies that we can provide as a guideline.
However, you should tune settings and asses the impact that Content Filtering has on performance, by testing different configurations. As a general rule, reduce the total number of policies whenever possible.
Spam could represent more than 90% of the total volume of messages you receive. Time lost deleting spam costs the most in terms of lost productivity, according to several studies
Therefore, we strongly recommend that you configure antispam policies to automatically delete spam.
Spam attacks try to open as many connections as possible. Therefore, Symantec recommends that you enable Connection Classification.
Using Connection Classification ensures that the most abusive senders cannot degrade the connection ability of your best senders.
Connection Classification automatically classifies every incoming IP address into one of 10 classes. Messaging Gateway automatically gathers local reputation data to inform the classification. Senders in the best class, because they rarely if ever send spam, benefit from the best connection parameters. Senders in the worst class are subject to the worst connection parameters. New IP addresses are initially placed into the default class.
Upon initial installation, Connection Classification is in learning mode for the first 50,000 messages. During learning mode no messages are deferred based on their connection class. Connection Classification is designed to work without any configuration. However, you can configure Connection Classification to customize the parameters for your message flow.
See the Messaging Gateway Administration Guide for more information about this topic.
Sender ID and SPF (Sender Protection Framework) help prevent spoofing.
To test if a domain has a proper SPF record using nslookup:
Instead of deleting invalid SPF messages, you can start tagging the subject lines. Then you can change the action once you are confident about using sender authentication technology.
Sending spam to quarantine introduces cost in lost productivity, and greatly increases storage and resource requirements.
If you are comfortable with the amount of false positive messages, you can configure spam to be deleted, and use quarantine only for suspected spam.
Because the data storage requirements for some reports can be high, choose an appropriate length of time to store report data.
The following extended statistics will consume a large amount of disk space. Enable these only if necessary. When enabled, do not keep these statistics for too long:
Note: Normal report data is kept for 7 days by default.
The product comes configured with low verbosity logging level by default (i.e. Warnings).
You should use higher logging levels only when troubleshooting, and in cases where you need to have more details about a certain process or component (e.g. Mail Transfer Agent).
Quarantine, log, and report information is stored in the database that runs on the Control Center.
To avoid an impact on performance, you may want to reduce the information you keep in the database as much as possible. This reduces CPU utilization and the number of reads and writes to the database, and requires less disk space.
The purpose of the expunger is to reduce the size of the data. There are separate controls for the expunger to operate on quarantine, log, and report data.
The expunger will delete information beyond the threshold settings. The quarantine and report expungers will temporarily cease communication for new reports and quarantined messages. Keep in mind that if you use quarantine for suspected spam and set the expunger to run every 4 hours, the quarantine SMTP listener will also be down while the expunger runs. Therefore, we do not recommend setting these two expungers to a value lower than 1 day. The default settings are usually the recommended ones to use.
The general guidelines for the quarantine expunger are:
Symantec recommends that you configure these processes to run during least load hours; usually the first couple hours of a day.
The default expunger times for our components are:
See the Messaging Gateway Administration Guide for more information about this topic.