SlideShare a Scribd company logo

GFI MailSecurity's Deployment Strategies

GFI Software
GFI Software

GFI MailSecurity can be deployed as an SMTP gateway or as a VS API version for Exchange 2000/2003. This technical white paper describes each operating mode and helps you decide which to deploy and whether you should deploy both.

Technology
1 of 9
Download to read offline
GFI White Paper GFI MailSecurity™ deployment strategies Which operating mode(s) to use in your network environment GFI MailSecurity can be deployed as an SMTP gateway or as a VS API version for Microsoft Exchange Server™. This white paper describes each operating mode and helps you decide which to deploy and whether you should deploy both.
Contents Introduction 3 Why use both VS API and SMTP gateway modes? 3 About GFI MailSecurity SMTP gateway mode 3 GFI MailSecurity VS API Exchange mode 3 Limitations of using the VS API Exchange mode 4 Comparison between SMTP Gateway mode and VS API mode 4 How to deploy GFI MailSecurity 5 GFI MailEssentials and GFI MailSecurity running on the same machine 8 About GFI® 8 GFI MailSecurity deployment strategies 2
Introduction GFI MailSecurity can be deployed in two operating modes: Either as an SMTP gateway or as a VS API version for Microsoft Exchange Server. It can be used in three ways, either by using one of these modes or by using both in tandem. This paper describes the GFI MailSecurity operating modes in detail and helps you choose the best way to deploy GFI MailSecurity on your network. Why use both VS API and SMTP gateway modes? GFI MailSecurity is an email content security package that supports both an SMTP gateway mode and a VS API mode. For optimum security, we recommend deploying both. This is because both operating modes have unique capabilities that enable you to ensure better security for your network and mail server. In SMTP gateway mode, GFI MailSecurity checks all inbound and outbound mail before this reaches your mail server. For GFI MailSecurity to do this, you must install it in front of your mail server. In VS API mode, GFI MailSecurity is installed on your Exchange Server and checks inbound, outbound and internal mail, using the Microsoft VS API interface. If possible, you should deploy both versions. For administration and performance reasons, it is better to perform the more complex and time-intensive checks at the gateway level. If you were to apply those rules to internal mail, you would end up having to moderate a lot of mail. However, the VS API mode should still be deployed on the Exchange Server, in order to stop a virus outbreak spreading (that could have entered the network via floppy, CD, web or notebook) or in order to monitor and/or stop internal users using email exploits to steal data. You can also use it to prevent unauthorized users from sending executable attachments, which they might use to gain information from users who have more rights on the network. About GFI MailSecurity SMTP gateway mode If you wish to install GFI MailSecurity at the perimeter of your network, or if you do not have Microsoft Exchange Server, you must install GFI MailSecurity in SMTP gateway mode. In SMTP gateway mode, GFI MailSecurity checks all inbound and outbound mail before this reaches your mail server. To do this, GFI MailSecurity must be the first to receive all mails destined for your mail server and it must be the last “stop” for outbound mail, i.e., mails destined for the Internet. For this to happen, GFI MailSecurity must act as a gateway for all email. This set-up is also known as “Smart host” or “Mail relay” server. Effectively, GFI MailSecurity will act as a mail relay server. GFI MailSecurity VS API Exchange mode If you have Microsoft Exchange Server, GFI MailSecurity can integrate with Exchange via the Microsoft Virus Scanning API (VS API). What is VS API (Exchange Virus Scanning API) and why use it? Microsoft Exchange Server provides a virus scanning API that is implemented at a very low-level in the Exchange store. This allows a virus scanning application to run with high performance and guarantees that the message will be scanned before any client can access a message or attachment. This low-level access facilitates the elimination of viruses such as the Melissa virus. In addition, VS API reduces scalability issues that can arise when a particular server has a large number of users/mailboxes. VS API’s real-time scan allows messages and attachments to be scanned once before delivery, rather than multiple times determined by the number of mailboxes the message is delivered to. This single-instance scanning also helps prevent messages from being rescanned when a message is copied. For more information about VS API, see http://support.microsoft.com/default.aspx?scid=kb;EN-US;q285667. GFI MailSecurity deployment strategies 3
Limitations of using the VS API Exchange mode Although VS API is a recommended way to perform content checking and antivirus on Exchange Server, there are a number of limitations that you should be aware of as a system administrator: »» The Virus Scanning API only scans information stores. That means that if you have installed GFI MailSecurity for Exchange on a front-end server, for example, internal mail will not be scanned, because mail is not being stored on the front-end server. Only incoming and outgoing emails will be scanned by GFI MailSecurity. You need to be more careful with applying attachment rules since these might affect internal traffic; attachment rules that are too stringent can result in too much quarantined mail. Also, MAPI applications running on Exchange might be using .vbs or .exe files. »» Outgoing mails that have been approved need to be resent by the user. For example, if an executable is quarantined and approved, the user will receive a message saying that he/she has 24 hours to resend that executable. The reason for this is that the recipient of the message is not always known with 100% certainty in VS API mode. »» In VS API mode, mail is processed in parts. The Exchange VS API interface passes mails to GFI MailSecurity per message part, i.e., the body, attachment 1, attachment 2, etc. This means that message parts are quarantined, not whole messages. Therefore, all rules are applied to a message part. For example, you cannot delete an entire mail if it has a particular content, but only the message part containing that content. »» In VS API mode, some performance decrease will occur in mail delivery. This is inevitable as all mail has to be checked before the user accesses it. Typically, the delay is approximately 1 second or less, but a mail with a large 15 megabyte attachment, for example, might take more time to scan. Every VS API-based antivirus solution will suffer from this performance decrease, although of course the less checks that are done, the less performance decrease there will be. Comparison between SMTP Gateway mode and VS API mode SMTP gateway VS API Scans internal mail No Yes Scans inbound/outbound mail Yes Yes Requires Windows 2000/2003/2008 Yes Yes Requires Active Directory No Yes Requires Exchange 2000/2003/2007 No Yes Mail processed in parts No Yes Can run on same machine as Yes Yes GFI MailEssentials Can run if you have Exchange 5.5 Yes No Can run if you have Notes or SMTP server Yes No Can run in DMZ or as mail relay Yes No Ticketing system needed* No Yes 100% Inbound/internal mail detection** Yes No *SMTP gateway version has more information about the email and can therefore quarantine outbound mail without the need for a ticketing system. **SMTP gateway version has more information about the email and can therefore better determine if it is an inbound or an outbound mail. GFI MailSecurity deployment strategies 4
How to deploy GFI MailSecurity Deployment option 1 If you have a smaller Exchange network and do not want to have a separate mail relay in the DMZ, use VS API mode only; or if you prefer Gateway mode only. GFI MailSecurity deployment strategies 5
Deployment option 2 If you do not have Exchange Server, deploy GFI MailSecurity in SMTP Gateway mode. So if you have Exchange 5.5, Lotus Notes or another SMTP/POP3 server, you must use SMTP gateway mode. GFI MailSecurity deployment strategies 6
Deployment option 3 If you have a larger network with one or more Exchange Servers, we recommend you deploy GFI MailSecurity both on the Exchange 2000/2003 machine in VS API mode, as well as at the perimeter of your network in SMTP Gateway mode. This is the ideal deployment scenario: the main advantage of this deployment is that you can have stricter rules on inbound and outbound mail and less strict rules on internal mail. GFI MailSecurity deployment strategies 7
GFI MailEssentials and GFI MailSecurity running on the same machine GFI MailEssentials and GFI MailSecurity are companion products and can easily run on the same machine. GFI MailEssentials adds essential email tools to your Exchange Server including anti-spam, disclaimers, mail archiving, Internet mail reporting, server-based auto replies and POP3 downloading. Special bundle pricing applies when GFI MailEssentials and GFI MailSecurity are purchased together. About GFI GFI Software provides web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions for small to medium-sized enterprises (SMEs) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMEs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com. 8
USA,»CANADA»AND»CENTRAL»AND»SOUTH»AMERICA GFI 1019 may11 15300 Weston Parkway, Suite 104, Cary, NC 27513, USA Telephone: +1 (888) 243-4329 Fax: +1 (919) 379-3402 ussales@gfi.com UK»AND»REPUBLIC»OF»IRELAND Magna House, 18-32 London Road, Staines, Middlesex, TW18 4BP, UK Telephone: +44 (0) 870 770 5370 Fax: +44 (0) 870 770 5377 sales@gfi.co.uk EUROPE,»MIDDLE»EAST»AND»AFRICA GFI House, San Andrea Street, San Gwann, SGN 1612, Malta Telephone: +356 2205 2000 Fax: +356 2138 2419 sales@gfi.com AUSTRALIA»AND»NEW»ZEALAND 83 King William Road, Unley 5061, South Australia Telephone: +61 8 8273 3000 Fax: +61 8 8273 3099 sales@gfiap.com Disclaimer © 2011. GFI Software. All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document is provided for informational purposes only and is provided “as is” with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI makes no claim, promise or guarantee about the completeness, accuracy, recency or adequacy of information and is not responsible for misprints, out- of-date information, or errors. GFI makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical.

Recommended

Ivan Turčinović: JAVACRO '15 - Reactive I/O
Ivan Turčinović: JAVACRO '15 - Reactive I/OIvan Turčinović: JAVACRO '15 - Reactive I/O
Ivan Turčinović: JAVACRO '15 - Reactive I/O
Ivo Završki
 
Match point
Match pointMatch point
Match point
eva gerpe
 
MadridDevops September 2014: "From chef09 to chef11, one approach to devops"
MadridDevops September 2014: "From chef09 to chef11, one approach to devops"MadridDevops September 2014: "From chef09 to chef11, one approach to devops"
MadridDevops September 2014: "From chef09 to chef11, one approach to devops"
Antonio Peña
 
Computer skills (ch1)
Computer skills (ch1)Computer skills (ch1)
Computer skills (ch1)
DrSamahAhmed
 
Yaiza tapia POWER POINT CASTE BALNEARIO.
Yaiza tapia POWER POINT CASTE BALNEARIO. Yaiza tapia POWER POINT CASTE BALNEARIO.
Yaiza tapia POWER POINT CASTE BALNEARIO.
yaizatapia
 
Centroamerica ILAEV Bus tour 2014.ppt
Centroamerica ILAEV Bus tour 2014.pptCentroamerica ILAEV Bus tour 2014.ppt
Centroamerica ILAEV Bus tour 2014.ppt
Iskcon Panama
 
Revista Oficial ANECPLA: Infoplagas. Nº 51 JUN 2013
Revista Oficial ANECPLA: Infoplagas. Nº 51 JUN 2013Revista Oficial ANECPLA: Infoplagas. Nº 51 JUN 2013
Revista Oficial ANECPLA: Infoplagas. Nº 51 JUN 2013
ANECPLA
 
ERP Future 2014 - ERP für KMU?
ERP Future 2014 - ERP für KMU?ERP Future 2014 - ERP für KMU?
ERP Future 2014 - ERP für KMU?
WernerHehenwarter
 

Recommended

Ivan Turčinović: JAVACRO '15 - Reactive I/O
Ivan Turčinović: JAVACRO '15 - Reactive I/OIvan Turčinović: JAVACRO '15 - Reactive I/O
Ivan Turčinović: JAVACRO '15 - Reactive I/O
Ivo Završki
 
Match point
Match pointMatch point
Match point
eva gerpe
 
MadridDevops September 2014: "From chef09 to chef11, one approach to devops"
MadridDevops September 2014: "From chef09 to chef11, one approach to devops"MadridDevops September 2014: "From chef09 to chef11, one approach to devops"
MadridDevops September 2014: "From chef09 to chef11, one approach to devops"
Antonio Peña
 
Computer skills (ch1)
Computer skills (ch1)Computer skills (ch1)
Computer skills (ch1)
DrSamahAhmed
 
Yaiza tapia POWER POINT CASTE BALNEARIO.
Yaiza tapia POWER POINT CASTE BALNEARIO. Yaiza tapia POWER POINT CASTE BALNEARIO.
Yaiza tapia POWER POINT CASTE BALNEARIO.
yaizatapia
 
Centroamerica ILAEV Bus tour 2014.ppt
Centroamerica ILAEV Bus tour 2014.pptCentroamerica ILAEV Bus tour 2014.ppt
Centroamerica ILAEV Bus tour 2014.ppt
Iskcon Panama
 
Revista Oficial ANECPLA: Infoplagas. Nº 51 JUN 2013
Revista Oficial ANECPLA: Infoplagas. Nº 51 JUN 2013Revista Oficial ANECPLA: Infoplagas. Nº 51 JUN 2013
Revista Oficial ANECPLA: Infoplagas. Nº 51 JUN 2013
ANECPLA
 
ERP Future 2014 - ERP für KMU?
ERP Future 2014 - ERP für KMU?ERP Future 2014 - ERP für KMU?
ERP Future 2014 - ERP für KMU?
WernerHehenwarter
 
El Siste ma Solar
El Siste ma SolarEl Siste ma Solar
El Siste ma Solar
pingui
 
Paper Mmulfpuna Mpi Cparra Fmancia
Paper Mmulfpuna Mpi Cparra FmanciaPaper Mmulfpuna Mpi Cparra Fmancia
Paper Mmulfpuna Mpi Cparra Fmancia
FcoKraken
 
Blogger tercer
Blogger tercerBlogger tercer
Blogger tercer
Gabriel Garcia
 
Eurosega Sevilla abogados de empresas
Eurosega Sevilla abogados de empresasEurosega Sevilla abogados de empresas
Eurosega Sevilla abogados de empresas
Escuela de Formación del Franquiciado EUROSEGA
 
Vendor Landscape: Email Security Gateway
Vendor Landscape: Email Security GatewayVendor Landscape: Email Security Gateway
Vendor Landscape: Email Security Gateway
Info-Tech Research Group
 
Kumite
KumiteKumite
Kumite
Escuela Virtual de Deportes
 
Localizarea electronica a publicatiilor in biblioteca
Localizarea electronica a publicatiilor in bibliotecaLocalizarea electronica a publicatiilor in biblioteca
Localizarea electronica a publicatiilor in biblioteca
Biblioteca Universitatii "Dunarea de Jos" din Galati
 
Test y pruebas de caja Negra y caja Blanca
Test y pruebas de caja Negra y caja BlancaTest y pruebas de caja Negra y caja Blanca
Test y pruebas de caja Negra y caja Blanca
Manuel Murcia
 
Japón terremoto 10 mar 2011
Japón terremoto 10 mar 2011Japón terremoto 10 mar 2011
Japón terremoto 10 mar 2011
Luis Cantón
 
Recursos gesofera minerales y rocas
Recursos gesofera minerales y rocasRecursos gesofera minerales y rocas
Recursos gesofera minerales y rocas
Gemita165
 
Temario ETP
Temario ETPTemario ETP
Temario ETP
Carlos García
 
Functional training idde 4 pilares
Functional training idde 4 pilaresFunctional training idde 4 pilares
Functional training idde 4 pilares
Cesar Chavez Calderon
 
Starbucks corporation plan marketing
Starbucks corporation plan marketingStarbucks corporation plan marketing
Starbucks corporation plan marketing
Centro Educativo San Javier
 
Hitos tecnologicos
Hitos tecnologicosHitos tecnologicos
Hitos tecnologicos
Alumnos Instituto Grilli
 
9 Learning Strategies from Knowledge to Know-How
9 Learning Strategies from Knowledge to Know-How9 Learning Strategies from Knowledge to Know-How
9 Learning Strategies from Knowledge to Know-How
LinkedIn Learning Solutions
 
How to simplify Email oriented workflow with - Visendo SMTP Extender
How to simplify Email oriented workflow with - Visendo SMTP Extender How to simplify Email oriented workflow with - Visendo SMTP Extender
How to simplify Email oriented workflow with - Visendo SMTP Extender
Johannes Cosmin dumitru
 
ServiceMix 4 -- Integrating OSGi with JBI
ServiceMix 4 -- Integrating OSGi with JBIServiceMix 4 -- Integrating OSGi with JBI
ServiceMix 4 -- Integrating OSGi with JBI
Gert Vanthienen
 
Mail store server4 manual-en
Mail store server4 manual-enMail store server4 manual-en
Mail store server4 manual-en
guest8e6971
 
The Art of Message Queues - TEKX
The Art of Message Queues - TEKXThe Art of Message Queues - TEKX
The Art of Message Queues - TEKX
Mike Willbanks
 
Tips for web security
Tips for web securityTips for web security
Tips for web security
kareowebtech
 
Tips for web security
Tips for web securityTips for web security
Tips for web security
kareowebtech
 
CoLabora - Exchange Online Protection - June 2015
CoLabora - Exchange Online Protection - June 2015 CoLabora - Exchange Online Protection - June 2015
CoLabora - Exchange Online Protection - June 2015
CoLaboraDK
 

More Related Content

Viewers also liked

El Siste ma Solar
El Siste ma SolarEl Siste ma Solar
El Siste ma Solar
pingui
 
Paper Mmulfpuna Mpi Cparra Fmancia
Paper Mmulfpuna Mpi Cparra FmanciaPaper Mmulfpuna Mpi Cparra Fmancia
Paper Mmulfpuna Mpi Cparra Fmancia
FcoKraken
 
Vendor Landscape: Email Security Gateway
Vendor Landscape: Email Security GatewayVendor Landscape: Email Security Gateway
Vendor Landscape: Email Security Gateway
Info-Tech Research Group
 
Recursos gesofera minerales y rocas
Recursos gesofera minerales y rocasRecursos gesofera minerales y rocas
Recursos gesofera minerales y rocas
Gemita165
 

Viewers also liked (15)

El Siste ma Solar
El Siste ma SolarEl Siste ma Solar
El Siste ma Solar
 
Paper Mmulfpuna Mpi Cparra Fmancia
Paper Mmulfpuna Mpi Cparra FmanciaPaper Mmulfpuna Mpi Cparra Fmancia
Paper Mmulfpuna Mpi Cparra Fmancia
 
Blogger tercer
Blogger tercerBlogger tercer
Blogger tercer
 
Eurosega Sevilla abogados de empresas
Eurosega Sevilla abogados de empresasEurosega Sevilla abogados de empresas
Eurosega Sevilla abogados de empresas
 
Vendor Landscape: Email Security Gateway
Vendor Landscape: Email Security GatewayVendor Landscape: Email Security Gateway
Vendor Landscape: Email Security Gateway
 
Kumite
KumiteKumite
Kumite
 
Localizarea electronica a publicatiilor in biblioteca
Localizarea electronica a publicatiilor in bibliotecaLocalizarea electronica a publicatiilor in biblioteca
Localizarea electronica a publicatiilor in biblioteca
 
Test y pruebas de caja Negra y caja Blanca
Test y pruebas de caja Negra y caja BlancaTest y pruebas de caja Negra y caja Blanca
Test y pruebas de caja Negra y caja Blanca
 
Japón terremoto 10 mar 2011
Japón terremoto 10 mar 2011Japón terremoto 10 mar 2011
Japón terremoto 10 mar 2011
 
Recursos gesofera minerales y rocas
Recursos gesofera minerales y rocasRecursos gesofera minerales y rocas
Recursos gesofera minerales y rocas
 
Temario ETP
Temario ETPTemario ETP
Temario ETP
 
Functional training idde 4 pilares
Functional training idde 4 pilaresFunctional training idde 4 pilares
Functional training idde 4 pilares
 
Starbucks corporation plan marketing
Starbucks corporation plan marketingStarbucks corporation plan marketing
Starbucks corporation plan marketing
 
Hitos tecnologicos
Hitos tecnologicosHitos tecnologicos
Hitos tecnologicos
 
9 Learning Strategies from Knowledge to Know-How
9 Learning Strategies from Knowledge to Know-How9 Learning Strategies from Knowledge to Know-How
9 Learning Strategies from Knowledge to Know-How
 

Similar to GFI MailSecurity's Deployment Strategies

ServiceMix 4 -- Integrating OSGi with JBI
ServiceMix 4 -- Integrating OSGi with JBIServiceMix 4 -- Integrating OSGi with JBI
ServiceMix 4 -- Integrating OSGi with JBI
Gert Vanthienen
 
Mail store server4 manual-en
Mail store server4 manual-enMail store server4 manual-en
Mail store server4 manual-en
guest8e6971
 
The Art of Message Queues - TEKX
The Art of Message Queues - TEKXThe Art of Message Queues - TEKX
The Art of Message Queues - TEKX
Mike Willbanks
 
Enterprise Integration with WSO2 ESB
Enterprise Integration with WSO2 ESBEnterprise Integration with WSO2 ESB
Enterprise Integration with WSO2 ESB
WSO2
 

Similar to GFI MailSecurity's Deployment Strategies (12)

How to simplify Email oriented workflow with - Visendo SMTP Extender
How to simplify Email oriented workflow with - Visendo SMTP Extender How to simplify Email oriented workflow with - Visendo SMTP Extender
How to simplify Email oriented workflow with - Visendo SMTP Extender
 
ServiceMix 4 -- Integrating OSGi with JBI
ServiceMix 4 -- Integrating OSGi with JBIServiceMix 4 -- Integrating OSGi with JBI
ServiceMix 4 -- Integrating OSGi with JBI
 
Mail store server4 manual-en
Mail store server4 manual-enMail store server4 manual-en
Mail store server4 manual-en
 
The Art of Message Queues - TEKX
The Art of Message Queues - TEKXThe Art of Message Queues - TEKX
The Art of Message Queues - TEKX
 
Tips for web security
Tips for web securityTips for web security
Tips for web security
 
Tips for web security
Tips for web securityTips for web security
Tips for web security
 
CoLabora - Exchange Online Protection - June 2015
CoLabora - Exchange Online Protection - June 2015 CoLabora - Exchange Online Protection - June 2015
CoLabora - Exchange Online Protection - June 2015
 
FME 2020 Unleashed: Automating
FME 2020 Unleashed: AutomatingFME 2020 Unleashed: Automating
FME 2020 Unleashed: Automating
 
Writing Acceptance Tests Using Fitnesse
Writing Acceptance Tests Using FitnesseWriting Acceptance Tests Using Fitnesse
Writing Acceptance Tests Using Fitnesse
 
Enterprise Integration with WSO2 ESB
Enterprise Integration with WSO2 ESBEnterprise Integration with WSO2 ESB
Enterprise Integration with WSO2 ESB
 
Top 15 Exchange Questions that Senior Admin ask - Jaap Wesselius
Top 15 Exchange Questions that Senior Admin ask - Jaap WesseliusTop 15 Exchange Questions that Senior Admin ask - Jaap Wesselius
Top 15 Exchange Questions that Senior Admin ask - Jaap Wesselius
 
Tigahost
TigahostTigahost
Tigahost
 

More from GFI Software

Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013
GFI Software
 

More from GFI Software (20)

Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013
 
Network Environments
Network EnvironmentsNetwork Environments
Network Environments
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage Devices
 
Hybrid Technology
Hybrid TechnologyHybrid Technology
Hybrid Technology
 
Email Continuity
Email ContinuityEmail Continuity
Email Continuity
 
Understanding Data Backups
Understanding Data BackupsUnderstanding Data Backups
Understanding Data Backups
 
Data Backups
Data BackupsData Backups
Data Backups
 
Master Class Series
Master Class SeriesMaster Class Series
Master Class Series
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
Security and SMBs
Security and SMBsSecurity and SMBs
Security and SMBs
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Deploying GFI EventsManager™
Deploying GFI EventsManager™Deploying GFI EventsManager™
Deploying GFI EventsManager™
 
How to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log ManagementHow to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log Management
 
How to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManagerHow to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManager
 
Email Security Solutions
Email Security SolutionsEmail Security Solutions
Email Security Solutions
 
Maxmp greylisting
Maxmp greylistingMaxmp greylisting
Maxmp greylisting
 
Messaging and Web Security
Messaging and Web SecurityMessaging and Web Security
Messaging and Web Security
 
How to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkHow to Keep Spam Off Your Network
How to Keep Spam Off Your Network
 
How to Block NDR Spam
How to Block NDR SpamHow to Block NDR Spam
How to Block NDR Spam
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware product
 

Recently uploaded

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 

GFI MailSecurity's Deployment Strategies

  • 1. GFI White Paper GFI MailSecurity™ deployment strategies Which operating mode(s) to use in your network environment GFI MailSecurity can be deployed as an SMTP gateway or as a VS API version for Microsoft Exchange Server™. This white paper describes each operating mode and helps you decide which to deploy and whether you should deploy both.
  • 2. Contents Introduction 3 Why use both VS API and SMTP gateway modes? 3 About GFI MailSecurity SMTP gateway mode 3 GFI MailSecurity VS API Exchange mode 3 Limitations of using the VS API Exchange mode 4 Comparison between SMTP Gateway mode and VS API mode 4 How to deploy GFI MailSecurity 5 GFI MailEssentials and GFI MailSecurity running on the same machine 8 About GFI® 8 GFI MailSecurity deployment strategies 2
  • 3. Introduction GFI MailSecurity can be deployed in two operating modes: Either as an SMTP gateway or as a VS API version for Microsoft Exchange Server. It can be used in three ways, either by using one of these modes or by using both in tandem. This paper describes the GFI MailSecurity operating modes in detail and helps you choose the best way to deploy GFI MailSecurity on your network. Why use both VS API and SMTP gateway modes? GFI MailSecurity is an email content security package that supports both an SMTP gateway mode and a VS API mode. For optimum security, we recommend deploying both. This is because both operating modes have unique capabilities that enable you to ensure better security for your network and mail server. In SMTP gateway mode, GFI MailSecurity checks all inbound and outbound mail before this reaches your mail server. For GFI MailSecurity to do this, you must install it in front of your mail server. In VS API mode, GFI MailSecurity is installed on your Exchange Server and checks inbound, outbound and internal mail, using the Microsoft VS API interface. If possible, you should deploy both versions. For administration and performance reasons, it is better to perform the more complex and time-intensive checks at the gateway level. If you were to apply those rules to internal mail, you would end up having to moderate a lot of mail. However, the VS API mode should still be deployed on the Exchange Server, in order to stop a virus outbreak spreading (that could have entered the network via floppy, CD, web or notebook) or in order to monitor and/or stop internal users using email exploits to steal data. You can also use it to prevent unauthorized users from sending executable attachments, which they might use to gain information from users who have more rights on the network. About GFI MailSecurity SMTP gateway mode If you wish to install GFI MailSecurity at the perimeter of your network, or if you do not have Microsoft Exchange Server, you must install GFI MailSecurity in SMTP gateway mode. In SMTP gateway mode, GFI MailSecurity checks all inbound and outbound mail before this reaches your mail server. To do this, GFI MailSecurity must be the first to receive all mails destined for your mail server and it must be the last “stop” for outbound mail, i.e., mails destined for the Internet. For this to happen, GFI MailSecurity must act as a gateway for all email. This set-up is also known as “Smart host” or “Mail relay” server. Effectively, GFI MailSecurity will act as a mail relay server. GFI MailSecurity VS API Exchange mode If you have Microsoft Exchange Server, GFI MailSecurity can integrate with Exchange via the Microsoft Virus Scanning API (VS API). What is VS API (Exchange Virus Scanning API) and why use it? Microsoft Exchange Server provides a virus scanning API that is implemented at a very low-level in the Exchange store. This allows a virus scanning application to run with high performance and guarantees that the message will be scanned before any client can access a message or attachment. This low-level access facilitates the elimination of viruses such as the Melissa virus. In addition, VS API reduces scalability issues that can arise when a particular server has a large number of users/mailboxes. VS API’s real-time scan allows messages and attachments to be scanned once before delivery, rather than multiple times determined by the number of mailboxes the message is delivered to. This single-instance scanning also helps prevent messages from being rescanned when a message is copied. For more information about VS API, see http://support.microsoft.com/default.aspx?scid=kb;EN-US;q285667. GFI MailSecurity deployment strategies 3
  • 4. Limitations of using the VS API Exchange mode Although VS API is a recommended way to perform content checking and antivirus on Exchange Server, there are a number of limitations that you should be aware of as a system administrator: »» The Virus Scanning API only scans information stores. That means that if you have installed GFI MailSecurity for Exchange on a front-end server, for example, internal mail will not be scanned, because mail is not being stored on the front-end server. Only incoming and outgoing emails will be scanned by GFI MailSecurity. You need to be more careful with applying attachment rules since these might affect internal traffic; attachment rules that are too stringent can result in too much quarantined mail. Also, MAPI applications running on Exchange might be using .vbs or .exe files. »» Outgoing mails that have been approved need to be resent by the user. For example, if an executable is quarantined and approved, the user will receive a message saying that he/she has 24 hours to resend that executable. The reason for this is that the recipient of the message is not always known with 100% certainty in VS API mode. »» In VS API mode, mail is processed in parts. The Exchange VS API interface passes mails to GFI MailSecurity per message part, i.e., the body, attachment 1, attachment 2, etc. This means that message parts are quarantined, not whole messages. Therefore, all rules are applied to a message part. For example, you cannot delete an entire mail if it has a particular content, but only the message part containing that content. »» In VS API mode, some performance decrease will occur in mail delivery. This is inevitable as all mail has to be checked before the user accesses it. Typically, the delay is approximately 1 second or less, but a mail with a large 15 megabyte attachment, for example, might take more time to scan. Every VS API-based antivirus solution will suffer from this performance decrease, although of course the less checks that are done, the less performance decrease there will be. Comparison between SMTP Gateway mode and VS API mode SMTP gateway VS API Scans internal mail No Yes Scans inbound/outbound mail Yes Yes Requires Windows 2000/2003/2008 Yes Yes Requires Active Directory No Yes Requires Exchange 2000/2003/2007 No Yes Mail processed in parts No Yes Can run on same machine as Yes Yes GFI MailEssentials Can run if you have Exchange 5.5 Yes No Can run if you have Notes or SMTP server Yes No Can run in DMZ or as mail relay Yes No Ticketing system needed* No Yes 100% Inbound/internal mail detection** Yes No *SMTP gateway version has more information about the email and can therefore quarantine outbound mail without the need for a ticketing system. **SMTP gateway version has more information about the email and can therefore better determine if it is an inbound or an outbound mail. GFI MailSecurity deployment strategies 4
  • 5. How to deploy GFI MailSecurity Deployment option 1 If you have a smaller Exchange network and do not want to have a separate mail relay in the DMZ, use VS API mode only; or if you prefer Gateway mode only. GFI MailSecurity deployment strategies 5
  • 6. Deployment option 2 If you do not have Exchange Server, deploy GFI MailSecurity in SMTP Gateway mode. So if you have Exchange 5.5, Lotus Notes or another SMTP/POP3 server, you must use SMTP gateway mode. GFI MailSecurity deployment strategies 6
  • 7. Deployment option 3 If you have a larger network with one or more Exchange Servers, we recommend you deploy GFI MailSecurity both on the Exchange 2000/2003 machine in VS API mode, as well as at the perimeter of your network in SMTP Gateway mode. This is the ideal deployment scenario: the main advantage of this deployment is that you can have stricter rules on inbound and outbound mail and less strict rules on internal mail. GFI MailSecurity deployment strategies 7
  • 8. GFI MailEssentials and GFI MailSecurity running on the same machine GFI MailEssentials and GFI MailSecurity are companion products and can easily run on the same machine. GFI MailEssentials adds essential email tools to your Exchange Server including anti-spam, disclaimers, mail archiving, Internet mail reporting, server-based auto replies and POP3 downloading. Special bundle pricing applies when GFI MailEssentials and GFI MailSecurity are purchased together. About GFI GFI Software provides web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions for small to medium-sized enterprises (SMEs) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMEs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com. 8
  • 9. USA,»CANADA»AND»CENTRAL»AND»SOUTH»AMERICA GFI 1019 may11 15300 Weston Parkway, Suite 104, Cary, NC 27513, USA Telephone: +1 (888) 243-4329 Fax: +1 (919) 379-3402 ussales@gfi.com UK»AND»REPUBLIC»OF»IRELAND Magna House, 18-32 London Road, Staines, Middlesex, TW18 4BP, UK Telephone: +44 (0) 870 770 5370 Fax: +44 (0) 870 770 5377 sales@gfi.co.uk EUROPE,»MIDDLE»EAST»AND»AFRICA GFI House, San Andrea Street, San Gwann, SGN 1612, Malta Telephone: +356 2205 2000 Fax: +356 2138 2419 sales@gfi.com AUSTRALIA»AND»NEW»ZEALAND 83 King William Road, Unley 5061, South Australia Telephone: +61 8 8273 3000 Fax: +61 8 8273 3099 sales@gfiap.com Disclaimer © 2011. GFI Software. All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document is provided for informational purposes only and is provided “as is” with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI makes no claim, promise or guarantee about the completeness, accuracy, recency or adequacy of information and is not responsible for misprints, out- of-date information, or errors. GFI makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical.