WIXLIB

PureMessage for MicrosoftExchange 2013 and 2016startup guide

ContentsAbout this guide. 1Planning your PureMessage for Microsoft Exchange deployment. 2Deploying PureMessage for Microsoft Exchange to a single Exchange server.2Deploying PureMessage for Microsoft Exchange to multiple Exchange servers.2Installing PureMessage for Microsoft Exchange. 4System requirements. 4Preparing for installation. 4Preconfiguring updates.5Installing PureMessage for Microsoft Exchange. 6Installing a PureMessage for Microsoft Exchange console on a separate computer.8PureMessage for Microsoft Exchange Configuration Group.9Starting and configuring PureMessage for Microsoft Exchange. 11Getting started with PureMessage for Microsoft Exchange.11Set up a mail domain and upstream trusted relay. 12Connect to Active Directory. 12Setting up alerts. 14Setting up an address for alerts. 14Setting up a template for email alerts.14Ensuring anti-virus scanning is enabled.15Blocking files which may contain threats. 16Blocking spam. 17Change anti-spam settings. 17Scanning Exchange Message Stores. 18Enable store scanning and alerts.18Configure scanning of Exchange stores. 18Dealing with quarantined items.20Quarantine housekeeping. 20Dealing with quarantined messages.20Enabling end-users to access the spam quarantine website.22Setting up quarantine digest emails to users. 22Monitoring system activity.24Uninstalling PureMessage for Microsoft Exchange. 26Appendix A: Deploying PureMessage for Microsoft Exchange clusters. 27How PureMessage for Microsoft Exchange works with Exchange clusters. 27Before you install. 27Installation procedure on DAGs.28Uninstalling PureMessage for Microsoft Exchange from a cluster. 28Administering PureMessage for Microsoft Exchange on a cluster. 28Appendix B: How to configure upstream (trusted) relays. 30Which upstream relays should be defined as trusted?. 30Appendix C: How does PureMessage for Microsoft Exchange route mail?. 32Appendix D: AboutPureMessage for Microsoft Exchange mail scanning. 33SMTP scanning. 33Exchange Store scanning. 34Appendix E: Filtering attachments containing unwanted content. 35Filtering blocked phrases within attachments. 35Appendix F: Database Mirroring. 37Prepare SQL Server instances.37Install PureMessage for Microsoft Exchange with database mirroring. 38Configure PureMessage for Microsoft Exchange for database mirroring. 38PureMessage for Microsoft Exchange Glossary. 41Technical support. 44(2018/09/05)

Legal notices.45(2018/09/05)

PureMessage for Microsoft Exchange 2013 and 20161 About this guideThis guide tells you how to do the following: install PureMessage for Microsoft Exchange for Microsoft Exchange 2013 and 2016. start PureMessage for Microsoft Exchange integrate PureMessage for Microsoft Exchange with Active Directory set up alerts ensure that anti-virus scanning is enabled block file types that may contain threats set up spam blocking (if your license permits) set up Exchange store scanning deal with quarantined items enable end-users to access and deal with quarantined items monitor system activityCopyright Sophos Limited1

PureMessage for Microsoft Exchange 2013 and 20162 Planning your PureMessage forMicrosoft Exchange deploymentYou can deploy PureMessage for Microsoft Exchange to a single or multiple Exchange servers, asdescribed below.2.1 Deploying PureMessage for MicrosoftExchange to a single Exchange serverIf your network has only one Exchange server, deploying PureMessage for Microsoft Exchange isstraightforward: install PureMessage for Microsoft Exchange on the Exchange server and configureit according to your email security policy.2.2 Deploying PureMessage for MicrosoftExchange to multiple Exchange serversPureMessage for Microsoft Exchange can protect both front-end (hub transport) servers and backend (mailbox) servers.If you don't want to expose your mailbox servers directly to the internet, you can use an EdgeTransport server in your perimeter network. The Edge Transport server role is available in MicrosoftExchange Server 2013 Service Pack 1 (SP1) or later.NoteIn such hybrid environments, it is recommended that you perform anti-spam scanning on theedge server to filter spam, and install the anti-virus only version of PureMessage for MicrosoftExchange on your back-end servers that do not require anti-spam scanning.Example: Separate Exchange Edge Transport server and ExchangeMailbox serverThis example illustrates how PureMessage for Microsoft Exchange can be installed on severalExchange servers with dedicated roles.NoteInstall the appropriate version of PureMessage for Microsoft Exchange on each server. ForPureMessage for Microsoft Exchange system requirements, see knowledgebase article 118640.2Copyright Sophos Limited

PureMessage for Microsoft Exchange 2013 and 2016Figure 1: Separate Exchange Edge Transport server and Exchange Mailbox serverCopyright Sophos Limited3

PureMessage for Microsoft Exchange 2013 and 20163 Installing PureMessage for MicrosoftExchangeThis section describes how to install PureMessage for Microsoft Exchange.NoteIf you are installing PureMessage for Microsoft Exchange to an Exchange cluster, checkthe system requirements and then go to Appendix A: Deploying PureMessage for MicrosoftExchange clusters (page 27).PureMessage for Microsoft Exchange consists of two components: The PureMessage for Microsoft Exchange service. The PureMessage for Microsoft Exchange administration console.This section tells you how to install both on a single server and also how to install a separateadministration console in order to manage remote PureMessage for Microsoft Exchange servers.Installation involves the following steps: Checking the system requirements. Preparing for installation. Preconfiguring updates (Sophos Enterprise Console customers only). Installing PureMessage for Microsoft Exchange. Installing a PureMessage for Microsoft Exchange console on a separate computer (optional).3.1 System requirementsPureMessage for Microsoft Exchange 4.0.4 and later can be installed on Microsoft Exchange Server2013 and 2016. The minimum requirement for the database is Microsoft SQL Server 2008.For a full list of PureMessage system requirements, see knowledge base article 1186403.2 Preparing for installationNoteIf you are running Windows 2008 or Windows 2008 R2 Server, read e/109664.html before installing PureMessage for MicrosoftExchange.Before you begin installation, you should do the following:4 Read the PureMessage for Microsoft Exchange release notes for details of new features andknown issues. The release notes are published at puremessage-for-microsoft-exchange.aspx. Make sure that a backup has been made of the mailboxes and databases.Copyright Sophos Limited

PureMessage for Microsoft Exchange 2013 and 2016 Make sure that the Exchange Autodiscover service is configured correctly. The service is used byPureMessage for Microsoft Exchange during scanning of Exchange stores. For more information,see 119506.aspx. PureMessage for Microsoft Exchange installation may require a restart, so schedule theinstallation for a time when restarting the server will cause the least inconvenience.If you want to use spam blocking: Make sure that you have a valid anti-spam license and download credentials from Sophos so thatyou can download anti-spam updates. Make sure that PureMessage for Microsoft Exchange is installed on a computer with Internetaccess, as anti-spam updates are only available direct from Sophos. If you use Sophos Enterprise Console to protect your PureMessage for Microsoft Exchangeserver, make sure that the server is configured to download anti-spam updates directly fromSophos as described in Preconfiguring updates (page 5).If you are installing PureMessage for Microsoft Exchange on multiple servers, make sure that yourSQL server is set up for remote access. See the PureMessage for Microsoft Exchange release notesfor further details.3.3 Preconfiguring updatesIf you use PureMessage for Microsoft Exchange for spam blocking, it needs to update regularlywith the latest rules for detecting spam. These spam rules can only be downloaded directly fromSophos via the internet.If you are going to install PureMessage for Microsoft Exchange on a computer that does notalready have Sophos Anti-Virus installed, updating will be set up for you and you need take nofurther action. Go to Installing PureMessage for Microsoft Exchange (page 6).If you are going to install PureMessage for Microsoft Exchange on a computer already runningSophos Anti-Virus and managed by Sophos Enterprise Console, you must follow the instructionsbelow.NoteYou will need the username and password that you use for downloads from the Sophos website.1. Go to the computer running Sophos Enterprise Console and start Sophos Enterprise Console.2. Ensure that the computer(s) running PureMessage for Microsoft Exchange are in a group of theirown or have their own policy setting.3. Create an Updating policy (or edit the existing policy) for the group.4. In the Updating Policy dialog box, click the Secondary server tab.5. In the Secondary server dialog box, select Specify secondary server details. Then in theAddress field, click the drop-down arrow and select Sophos. Enter your username and password.6. If necessary, enter proxy details.You have preconfigured updating and are ready to install PureMessage for Microsoft Exchange.Copyright Sophos Limited5

PureMessage for Microsoft Exchange 2013 and 20163.4 Installing PureMessage for MicrosoftExchangeTo install PureMessage for Microsoft Exchange, do as follows:NoteThe following services (and any dependent services) may be stopped and started during theinstallation of PureMessage for Microsoft Exchange: Internet Information Services (IIS) Microsoft Exchange Transport service Microsoft Exchange Frontend Transport service Microsoft Exchange Information Store service Distributed File System Replication (DFSR) service1. Log on to the server as an administrator, based on your environment: If you are in a domain, log on with domain administrative privileges. If you are in a workgroup, log on with local administrative privileges.NoteMake sure you are a member of the Exchange Organization Management group.2. Visit the Sophos product download page at http://www.sophos.com/support/updates/. You willneed credentials to download products and documentation.3. Browse to the PureMessage for Microsoft Exchange page and download the PureMessage forMicrosoft Exchange for Microsoft Exchange installer package you require. Choose Anti-virus andanti-spam or Anti-virus only (as your license permits).4. Using Windows Explorer, browse to your download folder and start the installer package. Theinstallation wizard begins.NoteEnsure that the installer is not run from a network share.5. In the Welcome dialog box, click Next.6. In the License Agreement dialog box, read the agreement. If you agree with the terms, click Iaccept the terms of the license agreement and click Next.7. In the Select Features dialog box, select the components you want to install and click Next.8. In the Choose Destination Location dialog box, you see the default folder where PureMessagefor Microsoft Exchange will be installed. If you want to install it in a different folder, click Browseand select a folder. Click Next.9. In the Sophos Download Credentials dialog box, enter the User name and Password that weresupplied by Sophos.If you access the internet via a proxy, click Proxy Details and enter your proxy settings.Otherwise, click Next.6Copyright Sophos Limited