A message relay computer relays messages (virus reports, etc.) between computers running Endpoint Security and Control or Sophos Anti-Virus and your management server. Reasons for using a message relay computer include:
The computer that acts as a message relay:
Note: As a guide, a correctly specified and configured message relay with sufficient resources should be capable of supporting 4000 to 8000 endpoints, however, Sophos recommends no more than 5000 endpoints per Message Relay for best performance.
Applies to the following Sophos product(s) and version(s) Enterprise Console
There are three main steps to setting up a message relay:
The procedure listed above must be performed for each message relay to be configured. The detailed instructions for setting up a message relay are listed below.
In order to configure a message relay, you must change some settings in the mrinit.conf file contained in its update location; therefore, each message relay will need a separate Distribution point.
You must create a new distribution point for each package to be deployed; however, the distribution points can share the mrinit.conf file if they will use the same message relay.
The file mrinit.conf contains the router configuration information for the Distribution point. It must be edited to specify the message router’s IP address. As the message router settings are identical for all packages in one Distribution point, once edited, you can copy the mrinit.conf file to the other packages in the group.
\\[Server1]\SophosUpdate\CIDs\Sxxx\[package name]
In the above example this could be "ParentRouterAddress"="10.1.200.65,MRComputer.Sales.Acme,MRComputer"
\\[Server1]\SophosUpdate\CIDs\Sxxx\[package name]\rms\
Important:
Note: If User Account Control (UAC) is enabled on the computer ensure you open a command prompt as administrator ('Run as administrator') even if you are logged on with an administrative account.
Adding entry for \rms\mrinit.conf
Adding entry for \mrinit.conf
Read catalog file cidsync.upd
Updating checksum
Updating legacy checksum
These lines confirm that the file mrinit.conf was found, and was added to the catalogue of files to be downloaded by Sophos AutoUpdate on your endpoints, and on the message relay computer.
In Enterprise Console:
In Enterprise Console: \\[Server1]\SophosUpdate\
Note: If you are using "Sophos" as Secondary update location it is recommended to enable the option "Allow location roaming" to prevent the client from changing the Message Relay configuration as long as it is getting updates from Sophos.
Set up the message relay computer first
Deploy to the endpoint computers
HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Messaging System\Router\ | ParentAddress
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router | ParentAddress
The Sophos Message Routers on the workstations are configured to report to the message relay computer as their parent, rather than directly to the management server. Message relays are thus managed computers which act as parent routers for other computers. However, because a message relay computer is expected to have a potentially large number of connected child routers, server-grade operating systems and hardware are required. The message relay's settings are modified by the process described above in order to handle the increased message load.
[HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Messaging System\Router] "ConnectionCache"=dword:00005020 "NumSenderThreads"=dword:00000008 "ConnectRetriesPause"=dword:00000064 "TotalConnectRetryTimeSecs"=dword:0000000a "GetterInterval"=dword:00000078 "GetterShortInterval"=dword:00000078 "NumNotificationThresholdThreads"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Messaging System\Router] "NumORBThreads"=dword:00000010
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.