Symantec™ Messaging Gateway 10.9.
1 Release Notes
� Symantec™ Messaging Gateway 10.9.1 Release Notes
Table of Contents
Symantec Messaging Gateway 10.9.1 Release Notes......................................................................3
About Symantec Messaging Gateway 10.9.1................................................................................................................ 3
What's new in Symantec Messaging Gateway 10.9.1.................................................................................................. 3
Documentation..................................................................................................................................................................3
Support policy.................................................................................................................................................................. 4
Supported platforms........................................................................................................................................................ 4
Unsupported platforms....................................................................................................................................................4
Supported web browsers................................................................................................................................................ 4
Supported paths to version 10.9.1.................................................................................................................................4
Important information about installation in virtual environments.............................................................................. 5
Important information before you update to version 10.9.1........................................................................................6
After 10.9.1 installation....................................................................................................................................................8
Resolved issues in 10.9.1............................................................................................................................................... 8
Known issues in 10.9.1................................................................................................................................................. 10
Where to get more information.................................................................................................................................... 11
2
� Symantec™ Messaging Gateway 10.9.1 Release Notes
Symantec Messaging Gateway 10.9.1 Release Notes
About Symantec Messaging Gateway 10.9.1
Copyright 2025 Broadcom. All rights reserved.
Document publication date: 1/3/2025
Symantec Messaging Gateway (SMG) 10.9.1 is the update to previous versions of SMG. All functionality of SMG 10.7.x,
10.8.x, and 10.9.0 is maintained unless otherwise noted.
NOTE: You must be running SMG 10.9.0 to update to SMG 10.9.1.
What's new in Symantec Messaging Gateway 10.9.1
This release (10.9.1) includes the following key features:
• OIDC Support - Support Single-Sign-On authentication for administrators and Quarantine users.
• REST API Support - Support for REST API access to query and monitor the email processing events reported to the
Message Audit Log as well as host and mail queue status for SMG via your preferred REST tool.
This release also includes the following feature changes and updates:
• Full update of underlying operating system
• Improved efficacy, reducing the number of false positives
• Added support for TLS 1.3
• Increased visibility of licensing status
• Added a new alert for the percentage of maximum queue size
• All DSNs generated by SMG now consistent and configurable
• Security Updates
Documentation
You can access English documentation at the following website:
https://techdocs.broadcom.com/us/en/symantec-security-software/email-security/messaging-gateway/10-9-1.html
Check the following website for any issues that are found after these release notes were finalized:
https://knowledge.broadcom.com/external/article?articleNumber=276756
To access the software update description from the Control Center, click Administration > Hosts > Version. On the
Updates tab, select a version and click View Description.
To view the Symantec support policy for SMG, see the following links:
https://knowledge.broadcom.com/external/article?legacyId=tech89724
https://knowledge.broadcom.com/external/article?legacyId=tech123135
To read the translated documentation, go to https://techdocs.broadcom.com/us/en/symantec-security-software/email-
security/messaging-gateway/10-9-1.html and select the desired language from the dropdown list in the upper right corner
of the screen. SMG 10.9.1 supports French, Spanish and Japanese versions of the documentation and the product's user
interface locale.
3
� Symantec™ Messaging Gateway 10.9.1 Release Notes
NOTE
Translated documentation will be available shortly after this release is publicly available.
Support policy
Broadcom provides standard support for Symantec products, including SMG. Support is offered for only the most recent
build of the licensed software.
To view the Symantec support policy for SMG, see the following links:
https://knowledge.broadcom.com/external/article?legacyId=tech89724
https://knowledge.broadcom.com/external/article?legacyId=tech123135
Supported platforms
You can update to SMG 10.9.1 on any of the following platforms:
• HARDWARE: All supported hardware versions: 8390/S450 purchased after 2018.
For more information about SMG hardware testing support, go to the following URL:
https://knowledge.broadcom.com/external/article?legacyId=TECH123135
• Microsoft Azure.
• VMware: VMware ESXi/vSphere 7.0/8.0
• Microsoft Hyper-V: Windows Server 2016 and later
NOTE
Hyper-V installation from a VHD image is not supported.
• Linux Kernel Virtual Machine (KVM): The kernel component of KVM is included in mainline Linux as of 2.6.20. The
user space component of KVM is included in mainline QEMU as of 1.3
Unsupported platforms
Unsupported platforms are as follows:
• Any platform that is not listed in the Supported Platforms section of this document.
• Hardware platforms 8220, 8240, 8260, 8320, 8340, 8360, and 8380.
Symantec does not test software releases on appliance models for which the hardware warranty period has expired.
To determine what hardware version you have, at the command line type the following:
show --info
Supported web browsers
Access to the SMG Control Center has been tested and verified with the following web browser versions:
• Mozilla Firefox 123 or later
• Google Chrome 122 or later
Supported paths to version 10.9.1
You can use any of the following methods to update to SMG 10.9.1:
4
� Symantec™ Messaging Gateway 10.9.1 Release Notes
• Software update from version 10.9.0 on supported hardware or in a supported virtual environment. If you are on an
earlier release, you must first upgrade to 10.9.0 before attempting to upgrade to 10.9.1.
• OSRestore from ISO on supported hardware or in a supported virtual environment.
• VMware installation with OVA template.
NOTE
Broadcom provides an OVA template that can load an SMG virtual machine into VMware. This template is
designed for demonstration or testing purposes. You should use this template for deployment in a production
environment only if explicitly recommended. For any production environment, create a virtual machine
in accordance with best practices as outlined in the Symantec Messaging Gateway Installation Guide,
located here: https://techdocs.broadcom.com/us/en/symantec-security-software/email-security/messaging-
gateway/10-9-1/related-documents.html. Then install SMG using the ISO file.
Important information about installation in virtual environments
SMG 10.9.1 supports four virtual environments: VMware, Microsoft Hyper-V, Microsoft Azure, and Linux KVM.
To install on Microsoft Azure
A single method is supported for installing SMG on Azure:
VHD file Upload the SMG VHD file to Azure to create an image for installation, and use that image to create VM in
Azure.
To install on VMware
Two methods for installing on supported VMware platforms are:
ISO file You can load the ISO file into a preconfigured virtual machine.
You can use the ISO file on VMware ESXi/vSphere 7.0/8.0
OVA file You can also load the OVA, which includes the virtual machine configuration.
You can use the OVA for VMware ESXi/vSphere 7.0/8.0
To install on Hyper-V
Symantec supports one method for installing on supported Hyper-V platforms:
ISO file You can load the ISO file into a pre-configured virtual machine.
You can use the ISO file on Windows Server 2016 and above.
NOTE
Hyper-V installation from a VHD image is not supported.
See the Symantec ™ Messaging Gateway 10.9.1 Installation Guide (located at https://techdocs.broadcom.com/us/en/
symantec-security-software/email-security/messaging-gateway/10-9-1/Related-Documents.html) for instructions and
system requirements.
To install on KVM
Symantec supports one method for installing on KVM platforms:
ISO file You can deploy an instance of Symantec Messaging Gateway from an ISO image on a computer running
Linux KVM.
For an example installation of KVM on a system running the CentOS Linux distribution, see the Symantec
Messaging Gateway 10.9.1 Installation Guide.
5
� Symantec™ Messaging Gateway 10.9.1 Release Notes
See the Symantec ™ Messaging Gateway 10.9.1 Installation Guide (located at https://techdocs.broadcom.com/us/en/
symantec-security-software/email-security/messaging-gateway/10-9-1/Related-Documents.html) for instructions and
system requirements.
Important information before you update to version 10.9.1
This section describes the migration information that you should read before you update to version SMG 10.9.1. This
release includes a new underlying Operating System (Rocky Linux 9). As such, the upgrade cannot be reversed.
Additionally, several configuration elements require attention before and after the upgrade this release.
ATTENTION
Do not update the Control Center from the SMG UI. The Control Center must be updated from the
Command Line Interface. Once the Control Center is updated, you can use the SMG UI to update other
quarantines or scanners.
The best practices for all updates are listed in Best Practices for all Updates, below.
Upgrade Considerations
• Due to the nature of this release, and the upgrade of the underlying operating system, 'update download' and 'update
check' commands cannot work properly for the 10.9.1 release.
• You can only update to SMG 10.9.1 from SMG 10.9.0.
If you are updating from a release earlier than 10.9.0, you must first upgrade to that release. You can upgrade to
10.9.0 from 10.6.6 or later. Once upgraded, you should enable the new Malware configuration options for better
detection. These options use static and dynamic artificial intelligence and the relationship-based AI for file and mobile
detections.
• If you run Symantec Messaging Gateway on ESXi version 8.x, you may see this error message just prior to
upgrade: "The configured guest OS (CentOS 7 (64-bit) for this virtual machine does not match the guest that
is currently running (Rocky Linux (64-bit). You should specify the correct guest OS to allow for guest-specific
optimizations.". This is due to a change to the underlying system. This error message can be safely ignored. Following
the installation of 10.9.1, you can avoid this warning by changing the Guest OS Version for the SMG virtual machine
in ESX server to Rocky Linux 9: Actions > Edit Settings >VM Options > General Options > Guest OS version >
Rocky Linux 9 (64-bit).
NOTE
After the upgrade completes, you might not automatically return to the login screen. Instead, the system might
display a screen that offers the choices Advanced or Go Back. Reload the page in your browser to return to the
login screen.
• If you are NOT using the policy sharing feature for email content filtering introduced in Symantec Messaging Gateway
10.7.4, you may ignore the this section. If you ARE using policy sharing, you must ensure that all Control Center
instances (both Central and Remote) are updated to the same product version.
Assume the following current deployment:
Cluster 1 = CC1, which controls Scanner01C1 and Scanner02C1.
Cluster 2 = CC2, which controls Scanner01C2 and Scanner02C2.
Cluster 3 = CC3, which controls Scanner01C3 and Scanner02C3.
Further, assume that CC1 is the central Control Center and CC2 and CC3 are the remote Control Centers.
Given the above scenario, follow these steps:
1. Update CC3.
2. Update the Scanners attached to CC3 (Scanner01C3 and Scanner02C3).
3. Update CC2.
4. Update the Scanners attached to CC2 (Scanner01C2 and Scanner02C2).
6
� Symantec™ Messaging Gateway 10.9.1 Release Notes
5. Update CC1 (the central Control Center for the cluster).
6. Update the Scanners attached to CC1 (Scanner01C1 and Scanner02C1).
The above steps are provided as an example of the recommended order in which to update your Scanners. You can
update the Scanners in a different order (e.g. CC3 -> CC2 -> CC1, or CC2 -> CC3 -> CC1), as long as you update the
Control Centers and the Scanners attached to them to the same update version.
NOTE
The software update process can take several hours. During this process, mail throughput is unaffected.
However, the mail that is intended for quarantine remains in the delivery queue until migration is complete.
Table 1: Best practices for all updates
Item Description
Perform a backup Take a full system backup before you run the software update, and store it off-box.
Do not restart before the update The software update process may take several hours to complete. The system restarts automatically
process is complete. when the update completes.
Warning! If you restart before the process is complete, data corruption is likely to occur. If data
corruption occurs, the factory image must be reinstalled on the appliance.
Delete log messages. If your site policies allow it, delete all scanner and DDS log messages before you update.
Delete TLS protocols and cipher As part of every update the cipher specs and TLS protocols used by the Control Center and
configuration Quarantine will be reset. If you have modified these settings locally, those changes will be
overridden, and will need to be re-applied after the upgrade.
SMG 10.9.1 includes TLS 1.3 support.
Note your Secure DNS Secure DNS is disabled in SMG 10.9.1 by default, and needs to be manually enabled if required.
Configuration
Stop mail flow to scanners and To reduce scanner update time and complexity, stop mail flow to scanners and drain all queues.
flush queues before you update. Then start the update. The goal is to process or deliver the messages in the queues, particularly the
delivery queue, before starting the update.
To halt incoming messages, click Administration > Hosts > Configuration, and edit a scanner. On
the Services tab, click Do not accept incoming messages and click Save. Repeat the process
individually for each scanner on the system. Allow some time for messages to drain from your
queues. To check the queues, click Status > SMTP > Message Queues. Flush the messages that
are left in the queues.
Update Control Center first. Perform the update in this order: update the Control Center, flush the queues on the scanners, and
then update the scanners.
• After updating the Control Center, use the command line interface to update your scanners as
soon as possible. The Control Center can propagate configuration changes only to a scanner
using the same version of the software. Running different versions on the Control Center and
scanners for more than 24 hours is not advised.
• Making configuration changes when the Control Center and scanners are running different
versions is unsupported.
Perform software update at off- Plan to update the Control Center appliance and scanners during off-peak hours. This reduces the
peak hours. amount of mail that builds up in the queue.
After you update the Control Center, wait a few minutes for queues to clear before updating the
scanners. Software update of a scanner takes less time than the software update of the Control
Center.
Scanners cannot quarantine messages on the Control Center during the Control Center update
process. Messages may build up in a queue.
When you update a scanner, it goes offline. Scanner resources are unavailable during the update
process.
7
� Symantec™ Messaging Gateway 10.9.1 Release Notes
Item Description
Check available space on the When updating, the installation process does not pre-test the available space on the / partition
/ partition before you start the before starting the update. If the available space is insufficient, a partial installation of the new
update process. release can occur, leaving the system in an unsupported state. You should verify that at least 500
MB of space is available before you begin the update. To find out how much space is available, use
the CLI command:
monitor other_free (output is not labeled; 500 MB is 500000 in this context).
To free up space, use the CLI command:
list --temp or list --top | grep -v data
and then use the CLI command:
delete file <filename> to delete unneeded files in /tmp and /var/tmp .
Initial networking config delay. Under some circumstances, after performing the initial networking setup via the serial console,
the session will pause for one to two minutes before rebooting. The user can either just wait for
the reboot, or issue a 'reboot' command via the console. This will not otherwise affect the setup or
operation of the SMG.
Monitor the update process If you observe unexpected behavior during the software update process, or if the process fails or
carefully. appears to terminate before completion, examine the Messaging Gateway log files to verify that the
update succeeded and to determine whether further action is required.
IMPORTANT
Once the upgrade has begun and the first portion is installed, it must run to a successful installation of SMG
10.9.1. If the upgrade fails mid-process, or is interrupted, then the system will be in an unstable state, and
cannot be recovered. It must be re-installed and re-configured. If you wish to retain your configuration, you must
make a full backup before beginning the upgrade process.
After 10.9.1 installation
To verify that your appliance is running SMG version 10.9.1, log into the command line and type the following command:
show --version
Perform a LiveUpdate as soon as possible after the update completes. The virus definitions in the new version may be out
of date.
Resolved issues in 10.9.1
This section describes the issues that are resolved in SMG 10.9.1.
Table 2: Resolved issues in SMG 10.9.1
Issue Resolution
Issue ID: SMGA-3237 This issue has been resolved.
Global Informational Incidents and Quarantine Incidents are
not listed under Incident Management Folder Overview.
Issue ID: SMGA-3758 This issue has been resolved.
Bounces Notification Text not included with Delivery Status
Notification when enabled.
Issue ID: SMGA-4072 This issue has been resolved.
Expired API tokens indistinguishable from valid tokens.
8
� Symantec™ Messaging Gateway 10.9.1 Release Notes
Issue Resolution
Issue ID: SMGA-4097 This issue has been resolved.
If you enable any Sender Authentication features (DKIM,
DMARC, etc.) and remove all domains from the Domain
Authentication list on the Sender Authentication page,
then regardless of the radio button selected, the MTA will not
start up.
Issue ID: SMGA-4179 This issue has been resolved. This release includes granular options for
Max queued message alerts only trigger when the message max queued message alerts.
queue is full. There isn't an option to trigger alerts for
increments before the queue is full.
Issue ID: SMGA-4182 This issue has been resolved.
Issues handling Turkish characters in MAL.
Issue ID: SMGA-4193 This issue has been resolved.
Application error appears on Administrator page after
quarantine-only backup restore.
Issue ID: SMGA-4194 This issue has been resolved.
Custom Backup Restore: Administration policy with API view
access is not properly restored with the rest of a backup.
Issue ID: SMGA-4195 This issue has been resolved.
Custom Backup Restore: OIDC configuration is not properly
restored with the rest of a backup.
Issue ID: SMGA-4196 This issue has been resolved.
Connectivity to appliance fails after fresh install of 10.9.0.
Issue ID: SMGA-4198 This issue has been resolved.
No error is logged in BrightmailLog.log when a certificate/
key import fails.
Issue ID: SMGA-4205, SMGA-4210 A new option, Is Encrypted, is now available during policy filter
End users are unable to log into quarantine. The error text creation, and functions as expected.
reads: "A user 'x' has attempted to access a prohibited
page".
Issue ID: SMGA-4269 This issue has been resolved.
Administration > Version tabs are not clickable when using
French language.
Issue ID: SMGA-4283 Following the upgrade, if your configuration includes an SSHD ACL, you
After upgrading to SMG 10.9.1, previously-defined SSH must manually re-create it.
Access Control List content is lost.
Issue ID: SMGA-4316 This threshold for message headers has been increased.
Spam messages with an high number of message headers
are automatically blocked, even if that complexity is valid.
Issue ID: SMGA-4326 This issue has been resolved.
Host configuration on remote quarantine is editable, but
should only be edited from the CMC.
Issue ID: SMGA-4327 This issue has been resolved.
Some Korean characters in policy name are garbled.
Issue ID: SMGA-4331 This issue is caused by a behavior change in this version. If your
DNS not working on fresh install. environment uses secure DNS, take care to disable it before upgrade,
Secure DNS is disabled by default, and needs to be and to re-enable it once the upgrade concludes.
manually enabled if it is part of your configuration.
9
� Symantec™ Messaging Gateway 10.9.1 Release Notes
Issue Resolution
Issue ID: SMGA-4336 This issue has been resolved.
MTA incorrectly wraps Authentication-Results header for
sender addresses greater than 62 characters in length.
Issue ID: SMGA-4367 This issue has been resolved.
The show_usage_data command can not be used on a
Control Center-only host.
Issue ID: SMGA-4368 This issue has been resolved.
The Host Name and IP Address Mapping empty field
cannot be deleted.
Issue ID: SMGA-4369 This behavior change will provide a more functional logging result, as
The Brightmail Engine logs no longer include the Message Message ID is not a unique identifier.
ID in the log text - this has been replaced with the Message Older style:
Audit ID.
2024-07-22T11:56:49-07:00
(INFO:748986.3724523072): [27233]
[ <20.00.26243.17BAE966@smg-wab-
vm20.ren.example.net>] Adding default
destination for recipient <
[email protected]>.
Newer style:
2024-07-22T12:18:34-07:00
(INFO:753139.3087005248): [27233]
[0a21b914-59574640000b6683-04-669eb08038d6]
Adding default destination for recipient
<
[email protected]>.
In the old style example, the message ID
(<
[email protected]>)
appears in the log message. In the new style example, the Audit ID
(0a21b914-59574640000b6683-04-669eb08038d6) appears.
Issue ID: SMGA-4434 This issue has been resolved.
SMG does not use the configured proxy server when
connecting to the OpenID Connect Discovery URL.
Issue ID: SMGA-4477 This issue has been resolved.
An erroneous/ignorable error message is displayed when
enabling FIPS mode. : Error message : 2024 Oct
16 14:33:55 (err) kernel: [-] integrity:
Problem loading X.509 certificate -22
Known issues in 10.9.1
This section describes the known issues in SMG 10.9.1.
10
� Symantec™ Messaging Gateway 10.9.1 Release Notes
Table 3: Known issues in SMG 10.9.1
Issue Description
Issue ID: SMGA-4554 Once in the halted state, you can remove, then restore power to the
When issuing a shutdown command to the appliance appliance to see the expected behavior.
(either form the CLI or from the Control Center), the
system is halted, but not powered off.
Issue ID: SMGA-4509 These commands relied on elements in the previous underlying system SMG
Due to the nature of the new underlying operating was released with.
system, update download and update check
commands do not function in 10.9.1.
Where to get more information
You can access English documentation at the following website:
https://techdocs.broadcom.com/us/en/symantec-security-software/email-security/messaging-gateway/10-9-1.html
You can access translated versions of the documentation at https://techdocs.broadcom.com/us/en/symantec-security-
software/email-security/messaging-gateway/10-9-1.html. Select the desired language from the dropdown list in the upper
right corner of the screen. SMG 10.9.1 supports French, Spanish and Japanese versions of the documentation and the
product's user interface locale.
Check the following website for any issues that are found after these release notes were finalized:
https://knowledge.broadcom.com/external/article?articleNumber=276756
11
