What’s new in Symantec Messaging Gateway 10.6.6?

What’s new in Symantec Messaging Gateway 10.6.6?

 

SMG 10.6.6 offers a new feature “Support for Threat Isolation version 1.11” while Symantec Email Threat Isolation provides a secure execution environment for web interactions. When a user clicks a URL in an email message, Email Threat Isolation isolates the browser from the Internet. Email Threat Isolation executes all potentially malicious content. Only a safe visual stream is sent to the user.

Email Threat Isolation can be integrated with Symantec Messaging Gateway by adding a Modify URL action to your content filtering policies. When the policy triggers, the action adds a string that modifies every URL in the affected message. If a recipient clicks a link in the message, the browser redirects the request to Email Threat Isolation for isolation and execution.

Please consider below before you from version 10.6.4 to version 10.6.6

  • If you are planning to from SMG 10.6.4 to SMG 10.6.6, you must make manual changes to your sender authentication settings and policies. Make the changes after you install the 10.6.6 . If you do not make these changes, sender authentication may fail or may not work as expected.

 

  • In SMG 10.6.5, the Sender Authentication settings that set the actions for a message that failed Sender ID or SPF authentication were replaced with new content filtering policies. The content filtering policies offer an expanded list of conditions and let you specify actions for different DMARC, DKIM, SPF, and Sender ID failure conditions. These changes disable the existing policies for DKIM, SPF, and Sender ID.

 

How to adjust sender authentication settings after you to SMG 10.6.6 manually?

This version adds DMARC, and removes settings where you set sender authentication actions. These changes require some manual adjustments in your sender authentication settings and content filtering policies.

To your sender authentication settings and related content filtering policies

        1. Before you to version 10.6.6, Spam > Settings > Sender Authentication and record your current sender authentication settings.

        2. After the , Spam > Settings > Sender Authentication. Make sure that all the options that you enabled in version 10.6.4 are still enabled. Symantec recommends that you also enable DMARC authentication

        3. Content > Policies > Email. Assign the following new SPF and Sender ID softfail policies to your policy groups: Sender Authentication: SPF Softfail: Modify subject line with “[SPF Softfail]” and Sender Authentication: SenderID Softfail: Modify subject line with “[SenderID Softfail]”. Edit the actions in these policies as needed.

        4. If you enabled DMARC, assign the following content filtering policies to your policy groups: Sender Authentication: DMARC, SPF, SenderID Failure: and Sender Authentication: DMARC, SPF, SenderID Failure: Quarantine. Edit the actions in these policies as needed.

You do not need to assign any other sender authentication policies, because the DMARC policies also process DKIM, Sender ID, and SPF failures.

        5. To replace the sender authentication actions that you set in version 10.6.4, assign the Sender Authentication: SPF, SenderID Failure: Modify subject line with “[Sender Auth Failure]” policy to all your policy groups. If you changed the actions from the defaults in the previous release, you must change them in the new policy.

        6. Assign new DKIM policies to your groups as needed. The DKIM policies in the previous release included permfail and tempfail conditions. A new fail status replaces both these conditions after the .

        7. If you did not enable DMARC, but you enabled SPF or Sender ID, assign new SPF and Sender ID policies as needed.

        8. After the , the Email Content Filtering Policies page includes both the original and newly-created sender authentication policies. The new policies begin with Sender Authentication.

the following old content filtering policies:

1. DKIM Validation Failure: Modify subject line with "[DKIM Failure]"

2. SPF Validation Softfail: Modify subject line with "[SPF Softfail]"

3SenderID Validation Softfail: Modify subject line with "[SenderID Softfail]"

If you do not the old policies after you assign the new policies, SMG does not perform the new policy actions. This result is because the old policies have the Subsequent Policy Actions setting of Incidents and Notifications only. In addition, some conditions are not supported in the , so the old policies never trigger results.