Professional Documents
Culture Documents
GFI MailSecurity's Deployment Strategies
GFI MailSecurity's Deployment Strategies
Contents
Introduction Why use both VS API and SMTP gateway modes? About GFI MailSecurity SMTP gateway mode GFI MailSecurity VS API Exchange mode Limitations of using the VS API Exchange mode Comparison between SMTP Gateway mode and VS API mode How to deploy GFI MailSecurity GFI MailEssentials and GFI MailSecurity running on the same machine About GFI 3 3 3 3 4 4 5 8 8
Introduction
GFI MailSecurity can be deployed in two operating modes: Either as an SMTP gateway or as a VS API version for Microsoft Exchange Server. It can be used in three ways, either by using one of these modes or by using both in tandem. This paper describes the GFI MailSecurity operating modes in detail and helps you choose the best way to deploy GFI MailSecurity on your network.
The Virus Scanning API only scans information stores. That means that if you have installed GFI MailSecurity for Exchange on a front-end server, for example, internal mail will not be scanned, because mail is not being stored on the front-end server. Only incoming and outgoing emails will be scanned by GFI MailSecurity. You need to be more careful with applying attachment rules since these might affect internal traffic; attachment rules that are too stringent can result in too much quarantined mail. Also, MAPI applications running on Exchange might be using .vbs or .exe files. Outgoing mails that have been approved need to be resent by the user. For example, if an executable is quarantined and approved, the user will receive a message saying that he/she has 24 hours to resend that executable. The reason for this is that the recipient of the message is not always known with 100% certainty in VS API mode. In VS API mode, mail is processed in parts. The Exchange VS API interface passes mails to GFI MailSecurity per message part, i.e., the body, attachment 1, attachment 2, etc. This means that message parts are quarantined, not whole messages. Therefore, all rules are applied to a message part. For example, you cannot delete an entire mail if it has a particular content, but only the message part containing that content. In VS API mode, some performance decrease will occur in mail delivery. This is inevitable as all mail has to be checked before the user accesses it. Typically, the delay is approximately 1 second or less, but a mail with a large 15 megabyte attachment, for example, might take more time to scan. Every VS API-based antivirus solution will suffer from this performance decrease, although of course the less checks that are done, the less performance decrease there will be.
VS API
Yes Yes Yes Yes Yes Yes Yes No No No Yes No
*SMTP gateway version has more information about the email and can therefore quarantine outbound mail without the need for a ticketing system. **SMTP gateway version has more information about the email and can therefore better determine if it is an inbound or an outbound mail.
If you have a smaller Exchange network and do not want to have a separate mail relay in the DMZ, use VS API mode only; or if you prefer Gateway mode only.
Deployment option 2
If you do not have Exchange Server, deploy GFI MailSecurity in SMTP Gateway mode. So if you have Exchange 5.5, Lotus Notes or another SMTP/POP3 server, you must use SMTP gateway mode.
Deployment option 3
If you have a larger network with one or more Exchange Servers, we recommend you deploy GFI MailSecurity both on the Exchange 2000/2003 machine in VS API mode, as well as at the perimeter of your network in SMTP Gateway mode. This is the ideal deployment scenario: the main advantage of this deployment is that you can have stricter rules on inbound and outbound mail and less strict rules on internal mail.
About GFI
GFI Software provides web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions for small to medium-sized enterprises (SMEs) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMEs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com.
USA,CANADAANDCENTRALANDSOUTHAMERICA
15300 Weston Parkway, Suite 104, Cary, NC 27513, USA Telephone: +1 (888) 243-4329 Fax: +1 (919) 379-3402 ussales@gfi.com
UKANDREPUBLICOFIRELAND
Magna House, 18-32 London Road, Staines, Middlesex, TW18 4BP, UK Telephone: +44 (0) 870 770 5370 Fax: +44 (0) 870 770 5377 sales@gfi.co.uk
EUROPE,MIDDLEEASTANDAFRICA
GFI House, San Andrea Street, San Gwann, SGN 1612, Malta Telephone: +356 2205 2000 Fax: +356 2138 2419 sales@gfi.com
AUSTRALIAANDNEWZEALAND
83 King William Road, Unley 5061, South Australia Telephone: +61 8 8273 3000 Fax: +61 8 8273 3099 sales@gfiap.com
Disclaimer 2011. GFI Software. All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document is provided for informational purposes only and is provided as is with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI makes no claim, promise or guarantee about the completeness, accuracy, recency or adequacy of information and is not responsible for misprints, outof-date information, or errors. GFI makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical.