Installing Email Security Software on Exchange Server

Description

This article goes through the steps of installing SonicWall Email Security Software on an Exchange server. This is not a recommended configuration.

Resolution

CAUTION: Installing ES Software on an Exchange server is not recommended

CAUTION: Exchange uses all available resources and may impact Email Security performance.

CAUTION: Email Security Software initiates constant disk input/output and may affect overall server performance.

CAUTION: Troubleshooting Email Security may require rebooting the server.

CAUTION: Java can never be updated once the Email Security Software has been installed.

 

On Exchange, configure a receive connector to listen on port 25 to allow Exchange to receive email messages from the Email Security Software. 

On Exchange, configure a send connector to smarthost to port 2525 to allow Exchange to send email messages back to the Email Security Software.

NOTE: For Exchange 2016, follow this link for instructions on configuring an alternate port

 https://www.authsmtp.com/exchange-2016/exchange2016_alternative_port.html

 

On the Firewall, configure 2 NAT policies

  1. Inbound NAT policy to translate port 25 to port 2525 and push to a dual natured server.
  2. Outbound NAT policy to translate port 2525 to port 25 (may not be needed).

 

Disable User Access Control on the Windows server.

NOTE: If using Windows 2016, disabling UAC requires a registry edit.

http://original-network.com/script-to-disable-uac-server-on-windows-server-2016/

 

Disable all AV and endpoint security (firewall, AV, anti-malware, anything that does scanning).

Uninstall all Java.

Reboot the server.

Install software as administrator.

For the inbound path, configure SES to listen on port 2525, and to forward on email to port 25.

ImageImage

 

Configure HTTP access to port 8088 and HTTPS to 4553 on the server.  This will allow access without interfering with normal exchange traffic by using unregistered but similar ports.

 

NOTE: If you have AV software, the entire sonicwallES folder must be excluded from any form of virus scanning.

NOTE: If you have any firewall software, make sure that traffic to DMZ, LAN or where SES is located allows for 2525, 4553, and 8088 connections.

 

Related Articles

  • Invalid SFP Connected warning on SonicWall firewall when using supported 10G SFP+ Module
    Read More
  • How to exclude the domain from DHA scanning?
    Read More
  • Email Security: How to download the Outlook Junk Tool?
    Read More

Categories

Email Security
Email Security Software
not finding your answers?
Ask the Community