search cancel

Performance best practices for Messaging Gateway

book

Article ID: 177324

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

These best practices help administrators tune Symantec Messaging Gateway (SMG), to improve overall product performance and stability.

Resolution

Spam control

Reduce the amount of spam messages that Messaging Gateway processes to increase the resources available for valid messages. To learn how to reduce the amount of spam entering your network, see Spam control best practices for Messaging Gateway.

Policy groups and content filtering policies

Consider the number and complexity of Policy Groups and Content Filtering policies. Given the number of variables involved, there is no fixed or optimum number of policies that we can provide as a guideline.

However, you should tune settings and asses the impact that Content Filtering has on performance, by testing different configurations. As a general rule, reduce the total number of policies whenever possible.

Spam policies

Spam could represent more than 90% of the total volume of messages you receive. Time lost deleting spam costs the most in terms of lost productivity, according to several studies

Therefore, we strongly recommend that you configure antispam policies to automatically delete spam.

MTA settings

Spam attacks try to open as many connections as possible. Therefore, Symantec recommends that you enable Connection Classification.

  1. In the SMG Control Center, navigate to Reputation > Policies > Connection Classification.
  2. On the Connection Classification page, check Enable Connection Classification.

Using Connection Classification ensures that the most abusive senders cannot degrade the connection ability of your best senders.

Connection Classification automatically classifies every incoming IP address into one of 10 classes. Messaging Gateway automatically gathers local reputation data to inform the classification. Senders in the best class, because they rarely if ever send spam, benefit from the best connection parameters. Senders in the worst class are subject to the worst connection parameters. New IP addresses are initially placed into the default class.

Upon initial installation, Connection Classification is in learning mode for the first 50,000 messages. During learning mode no messages are deferred based on their connection class. Connection Classification is designed to work without any configuration. However, you can configure Connection Classification to customize the parameters for your message flow.

See the Messaging Gateway Administration Guide for more information about this topic.

Use sender authentication technologies

Sender ID and SPF (Sender Protection Framework) help prevent spoofing.

To enable sender authentication

  1. In the SMG Control Center, navigate to Spam > Sender Authentication.
  2. Check both the SPF and Sender ID checkboxes.
  3. Select Authenticate all domains.

To test if a domain has a proper SPF record, use the following tools:

To use nslookup to determine if a specific domain has the proper SPF record in place:

  1. Open a command prompt.
  2. Type nslookup -querytype=TXT domain.com
    A proper response will return something like:

    domain.com text = "v=spf1 ip4:192.168.1.1 ip4:192.168.2.1 -all"

    IMPORTANT: If the domain does not have the "-all", this means it is not intended for use, and that the SPF record is still in a testing state.

Instead of deleting invalid SPF messages, you can start tagging the subject lines. Then you can change the action once you are confident about using sender authentication technology.

Quarantine management and suspected spam

Sending spam to quarantine introduces cost in lost productivity, and greatly increases storage and resource requirements.

If you are comfortable with the amount of false positive messages, you can configure spam to be deleted, and use quarantine only for suspected spam.

Report settings

Because the data storage requirements for some reports can be high, choose an appropriate length of time to store report data.

The following extended statistics will consume a large amount of disk space. Enable these only if necessary. When enabled, do not keep these statistics for too long:

  • Sender domains
  • Senders
  • Sender HELO domains
  • Sender IP connections
  • Recipient domains
  • Recipients

Note: Normal report data is kept for 7 days by default.

Logging level

The product comes configured with low verbosity logging level by default (i.e. Warnings).

You should use higher logging levels only when troubleshooting, and in cases where you need to have more details about a certain process or component (e.g. Mail Transfer Agent).

Storage thresholds

Quarantine, log, and report information is stored in the database that runs on the Control Center.

To avoid an impact on performance, you may want to reduce the information you keep in the database as much as possible. This reduces CPU utilization and the number of reads and writes to the database, and requires less disk space.

Expunger settings

The purpose of the expunger is to reduce the size of the data. There are separate controls for the expunger to operate on quarantine, log, and report data.

The expunger will delete information beyond the threshold settings. The quarantine and report expungers will temporarily cease communication for new reports and quarantined messages. Keep in mind that if you use quarantine for suspected spam and set the expunger to run every 4 hours, the quarantine SMTP listener will also be down while the expunger runs. Therefore, we do not recommend setting these two expungers to a value lower than 1 day. The default settings are usually the recommended ones to use.

The general guidelines for the quarantine expunger are:

  • Global and per user quarantine limits how no impact whatsoever on insertion throughput.
  • These limits may be exceeded temporarily until the next expunger cycle enforces them.
  • Date-based expunging is the fastest option.
  • Global thresholds are slower but can give more precise control over disk space and message count. The latter being important for quarantine search query performance.
  • Per-user thresholds can be very expensive to enforce, and are not recommended for larger deployments such as more than 5.000 users.

Symantec recommends that you configure these processes to run during least load hours; usually the first couple hours of a day.

The default expunger times for our components are:

  • Quarantine Expunger: 1 A.M.
  • Log Expunger: 2 A.M.
  • Report Expunger: 3 A.M.

See the Messaging Gateway Administration Guide for more information about this topic.

Additional references

See Antispam effectiveness for Messaging Gateway.