test

Configuring Brightmail with Sun Java System Messaging Server

ProcedureTo Install Symantec Brightmail

  1. Download the latest Symantec Brightmail AntiSpam release from the following location:

    http://ses.symantec.com/trybrightmail

    Note –

    The version for download at the time of this publication was BAS 6.0.1.

    You will also receive a Symantec license file through email. Be sure to register the Symantec Brightmail software later.

  2. Obtain the Symantec Brightmail AntiSpam.

    You need the Symantec Brightmail SDK for a Messaging Server host that has Symantec Brightmail filtering enabled. You copy and untar the Symantec Brightmail SDK on the Messaging Server host. Deployments with Symantec Brightmail server-only hosts (that is, a multi-node deployment where the Symantec Brightmail server is running on a separate host from the Messaging Server host) don’t need the Symantec Brightmail SDK on such Brightmail server-only hosts. Contact your Symantec sales representative to access the Symantec Brightmail SDK.

  3. Copy the Symantec Brightmail SDK tar file to a new directory on the Messaging Server host where the SDK should initially be unpacked.

  4. Untar the Symantec Brightmail SDK into its own directory.

    For example:

    tar -xvf tar -xvf BSDK_6*_*.tar

    This creates a BSDK subdirectory with the following directories files, as shown in the following example (the installation directory is SYMSDK):


    /SYMSDK/BSDK/
/SYMSDK/BSDK/docs/
/SYMSDK/BSDK/docs/LEGAL.NOTICES.txt
/SYMSDK/BSDK/docs/bas_sdk_60.pdf
/SYMSDK/BSDK/etc/
/SYMSDK/BSDK/etc/bmiconfig_client.xml
/SYMSDK/BSDK/etc/bmiconfig.xsd
/SYMSDK/BSDK/include/
/SYMSDK/BSDK/include/bmi_api.h
/SYMSDK/BSDK/lib/
/SYMSDK/BSDK/lib/libbmiclient_loader.a
/SYMSDK/BSDK/lib/libbmishareddata.so
/SYMSDK/BSDK/lib/libxml2.so.2
/SYMSDK/BSDK/lib/libxml2_single.so.2
/SYMSDK/BSDK/lib/libbmiclient.so.1
/SYMSDK/BSDK/lib/libbmiclient_single.so.1
/SYMSDK/BSDK/lib/libbmiclient.so
/SYMSDK/BSDK/lib/libbmiclient_single.so
/SYMSDK/BSDK/lib/libxml2.so
/SYMSDK/BSDK/lib/libxml2_single.so

  5. Change the permissions on the preceding directories and files so that Message Server can read the bmiconfig_client.xml file.

    For example, if Messaging Server is running as mailsrv:mail, then the mailsrv user should have permissions to read and write to the bmiconfig_client.xml file. That is, perform a chmod -R 755 base_dir/BSDK, or at least make sure that the permissions are ReadWriteXExecute by any group, as shown below.


    # pwd
/SYMSDK/BSDK

# ls -arlt
total 1734
-rwxr-xr-x   1 mailsrv  mail      432843 Jun 28  2004 libbmiclient.so.1
-rwxr-xr-x   1 mailsrv  mail      432843 Jun 28  2004 libbmiclient.so
drwxr-xr-x   3 mailsrv  mail         512 Jun 20 14:44 ..
-rwxr-xr-x   1 mailsrv  mail         745 Jun 30 11:45 bmiconfig_client.xml
drwxr-xr-x   2 mailsrv  mail         512 Jul 10 15:26 .

  6. Install the Symantec Brightmail server.

    ./install

  7. Select the following options:

    • Brightmail Scanner

    • Choose the default folder

    • Default Install Folder: /opt/symantec/sbas/Scanner

    • Log Folder (default: /var/log/brightmail)

    • Install Set: Brightmail Server only

    Tip –

    Brightmail Server only is not the default.

  8. Register Symantec Brightmail server. This step happens automatically as part of the installation.

    /opt/symantec/sbas/Scanner/sbin/register.sh

    Specify the valid licence file you got from Step 1.

    For example:


    # /opt/symantec/sbas/Scanner/sbin/register.sh
Please enter the path to a valid license file: /export/brightmail/1425886.7.slf
Connecting to Brightmail. This may take a few minutes.
Verifying Certificate...
Registration Successful.

    You are now enabled to retrieve Symantec Brightmail rules from Symantec Security Response.

  9. Change the ownership of cert.pem under the /opt/symantec/sbas/Scanner/etc directory so that the mailwall user can access cert.pem.


    # ls -arlt cert.pem
-rw-r--r--   1 root     other       1892 Jul 10 14:19 cert.pem
# chown mailwall:bmi cert.pem
# ls -arlt cert.pem
-rw-r--r--   1 mailwall bmi         1888 Jun 29 16:14 cert.pem

  10. Change the ownership of the directory so that the Messaging Server user (in the following example mailsrv:mail) can access this directory.

    chown -R mailsrv:mail /opt/symantec/

    Note –

    The IMTA_USER option in the MTA tailor file (typically /opt/SUNWmsgsr/config/imta_tailor) is how the MTA knows who its user is.

  11. Make backup copies of the bmiconfig.xml (from the scanner= server) and bmiconfig_client.xml (from the SDK) files.

  12. Modify the bmiconfig_client.xml file, replacing the HOST and the PORT (where the server is listening). Also, configure the Symantec Brightmail client log file, CLIENT.LOG, which is the path to the Symantec Brightmail client log file. Make sure Messaging Server can write to this file.

    For example, if Symantec Brightmail server is running on a host named host1.red.example.com and it is listening on port 41000, then your modification would look like this:

    <servers> <server host="host1.red.example.com" port="41000"></server>

  13. Set the LD_LIBRARY_PATH:


    LD_LIBRARY_PATH=/opt/SUNWmsgsr/lib:/usr/local/lib:/opt/sun/messaging
/brightmail:/opt/symantec/sbas/Scanner/lib

    Also, add base_dir/BSDK/lib to the LD_LIBRARY_PATH on the host running Messaging Server.

  14. Start the Symantec Brightmail server:

    /etc/init.d/mailwall start