Effectively manage and defend your network by establishing a security policy that provides parameters for legitimate email use. Afterward, use CA Gateway Security to apply and enforce your security policies.
CA recommends that CA Gateway Security and the mail server be installed on separate computers. This allows the CA Gateway Security SMTP filtering engine to review and forward all acceptable emails to the mail server without requiring any modification to the mail server configuration. If you want the mail server to forward inbound traffic to CA Gateway Security, you might need to modify the DNS MX records, after you install CA Gateway Security. Check with your ISP if your DNS MX record needs modification.
Optionally, you can also change the mail server so that it forwards outbound traffic to CA Gateway Security. If you decide to forward outbound traffic, you need to change the Smart Host setting on the mail server to the IP Address of the CA Gateway Security server using square brackets, for example [xxx.xxx.xxx.xxx].
If you are running CA Gateway Security and the mail server on the same computer and a Denial of Service (DoS) attack occurs on the mail system, both external and internal mail can be negatively affected. However, if CA Gateway Security is installed on a separate server, you can reroute mail directly to the mail server and bypass the CA Gateway Security server until the problem is resolved.
Note: When CA Gateway Security and the mail server are located on the same machine, you must modify the mail server configuration so that it does not listen to the default port of 25 on the same IP Address that CA Gateway Security is using. In this case CA recommends that you change the mail server to port 2525.