McAfee SMEFCE-AI-DA - Email Security Service Inbound Administration Manual

Category
Software
Type
Administration Manual

This manual is also suitable for

McAfee SaaS Email
Protection Administrator
Guide
Updated: November 2012
Proprietary and Confidential
RESTRICTION ON USE, PUBLICATION,
OR DISCLOSURE OF PROPRIETARY
INFORMATION.
Copyright © 2012 McAfee, Inc.
This document contains information that is
proprietary and confidential to McAfee. No
part of this document may be reproduced,
stored in a retrieval system, or transmitted, in
any form or by any means (electronic,
mechanical, photocopying, recording, or oth-
erwise) without prior written permission
from McAfee. All copies of this document
are the sole property of McAfee and must be
returned promptly upon request.
McAfee, Inc.
9781 South Meridian Blvd., Suite 400
Englewood, CO 80112 USA
Direct +1 720-895-5700
Fax +1 720-895-5757
Email Protection Administrator Guide
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 2
Email Protection Administrator Guide
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission iii
Contents
Overview.....................................................................................................................1
Differences in Administration for Service Providers ............................................1
Account Management Necessary for Email Protection ........................................1
MX Record Validation ...........................................................................................2
Alias Domain Names ............................................................................................2
Auto-creation of Users .............................................................................................2
Email Filtering Policies ............................................................................................2
Types of Inbound Email Filtering ..........................................................................3
Types of Outbound Email Filtering .......................................................................8
Configurable Actions for Filtered Email ................................................................8
User-level Policy Configurations ..........................................................................10
Quarantine ...............................................................................................................10
Customizing the Interface ......................................................................................11
Licensed Branding ..............................................................................................11
Language Localization ........................................................................................12
Outbound Disclaimer ..........................................................................................12
Notifications ........................................................................................................13
Monitoring and Reporting ......................................................................................13
Optional Utilities .....................................................................................................13
Spam Control for Outlook® ...............................................................................13
Disaster Recovery Services ...................................................................................14
Fail Safe .............................................................................................................14
Email Continuity ..................................................................................................14
Access Email Protection Administration 15
Email Protection Administrator Guide
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission iv
Who Can Access Email Protection Administration windows .............................15
Other Documents You Might Need .......................................................................19
Email Protection Documents ..............................................................................19
Web Protection Service Documents ...................................................................20
Message Archiving Documents ..........................................................................20
User Guides ........................................................................................................20
Ensure You Can Receive Email from Your Service Provider .............................20
Log on to the Control Console ..............................................................................20
Reset Your Password from the log on window ...................................................21
Check the Status of Email Protection on the Overview 25
Set up Your Servers 29
Confirm Your Inbound Servers Setup .................................................................29
Set up Additional Inbound Servers .......................................................................29
Delete an Inbound Server ...................................................................................30
Add IP Address of Outbound Server, If Necessary .............................................31
Delete an Outbound Server ................................................................................32
Set up a Smart Host (If Outbound Mail Defense is Turned on) ..........................32
Add an Outbound Email Disclaimer ....................................................................32
Redirect Your MX Records ....................................................................................33
Check Your MX Record ..........................................................................................34
Set up User Creation Mode — SMTP Discovery or Explicit ................................36
Customize Inbound Mail Filters 39
Email Protection Administrator Guide
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission v
Enterprise or Service Provider Customer ............................................................39
Create a Custom Policy (Enterprise Customer Only) ..........................................41
Configure a Virus Filter ..........................................................................................43
Set Email Protection to Notify Users about Emails with Viruses ........................44
Configure a Spam Filter .........................................................................................45
Define the Action to Take on Spam ....................................................................46
Define Additional Words That Indicate Spam .....................................................47
Set up Spam Quarantine Reports ......................................................................50
Configure a Content Filter .....................................................................................53
Turn Off a Default Content Filter ........................................................................55
Custom Content Group .......................................................................................56
Notify Users about Spam Content ......................................................................57
Configure a Filter for HTML, Java Script, ActiveX, and Spam Beacons .............58
Configure Web Hyperlink Filters (ClickProtect) ..................................................60
Define an Attachment Filter ...................................................................................62
Filter by Attachment File Types .........................................................................62
Filter by Attachment File Name ..........................................................................65
Filter Zip File Attachments ..................................................................................66
Notify Users about Attachment Violations ..........................................................67
Allow or Deny Email to or from Specific Addresses ...........................................68
Allow Email from a Specific Address ..................................................................69
Deny Email from a Specific Address .................................................................70
Deny Email to a Specific Recipient ....................................................................72
Save a Copy of an Allow, Deny, or Recipient Shield List ...................................73
Add Allow, Deny, or Recipient Shield Addresses with a Batch File ....................73
Email Authentication ..............................................................................................73
Transport Layer Security ....................................................................................73
Enforced SPF .....................................................................................................75
Define the Format and Text of Notifications to Users .........................................80
Variables within a Notification .............................................................................80
Define the Format and Text of Virus Notifications ..............................................81
Define the Format and Text of Content Violation Notifications ...........................83
Email Protection Administrator Guide
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission vi
Define the Format and Text of Attachment Violation Notifications .....................84
Email Authentication ...........................................................................................85
Disaster Recovery ..................................................................................................87
Assign a Group to the Custom Policy ..................................................................88
Customize Outbound Mail Filters 89
Create a Custom Outbound Policy .......................................................................89
Configure a Virus Filter ..........................................................................................90
Configure a Content Filter .....................................................................................90
Email Encryption for Content Groups .................................................................91
Define an Attachment Filter ...................................................................................92
Define the Format and Text of Notifications to Users .........................................92
Assign a Group to the Custom Policy ..................................................................92
Managing Quarantine Reports 93
Set up Quarantine Reports ....................................................................................93
Monitor Users’ Quarantined Email ........................................................................93
Primary Email Addresses, Aliases, and Public Domain Addresses ....................94
Search for Quarantined Email ............................................................................94
Interpret the Search Results ...............................................................................95
Sort the Search Results ......................................................................................96
Delete Quarantined Messages ...........................................................................97
Release Quarantined Messages ........................................................................97
View Quarantines Messages ..............................................................................97
Monitor Your Own Quarantine ............................................................................99
Set up Disaster Recovery Services 101
Administer Disaster Recovery Services .............................................................101
Set up Spooling for Disaster Recovery .............................................................101
Set up Notifications of Disaster Recovery ........................................................102
User-Level Policy Configuration 103
System Reports 105
Email Protection Administrator Guide
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission vii
Email Protection Reports .....................................................................................105
View an Email Protection Report ........................................................................106
Traffic Overview ................................................................................................107
Traffic: Enforced TLS Report ............................................................................109
Traffic: Encryption ................................................................................................110
Threats: Overview ............................................................................................111
Threats: Viruses ...............................................................................................113
Threats: Spam .......................................................................................................115
Threats: Content ...................................................................................................117
Threats: Attachments ...........................................................................................119
Enforced TLS: Details ..........................................................................................121
Enforced SPF Report ............................................................................................122
ClickProtect: Overview .........................................................................................123
ClickProtect: Click Log ........................................................................................125
Quarantine: Release Overview ............................................................................126
Quarantine: Release Log .....................................................................................128
View Details of Log Items ....................................................................................130
User Activity ..........................................................................................................131
Event Log ..............................................................................................................133
Audit Trail ..............................................................................................................134
Inbound Server Connections ...............................................................................135
Disaster Recovery: Overview ..............................................................................137
Disaster Recovery: Event Log .............................................................................138
Email Protection Administrator Guide
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission viii
Administer MSP Connector .................................................................................139
Configure the MSP Connection ........................................................................139
Add Domains to the MSP Connection ..............................................................141
Turn on Exception Notifications for the MSP Connection .................................142
View an MSP Connector Audit Report .............................................................143
Administer Performance Reports .......................................................................147
Performance Report Descriptions ....................................................................148
Tips and Frequently Asked Questions 153
FAQs ................................................................................................................153
Tips/Techniques ...............................................................................................159
Email Protection Administrator Guide Differences in Administration for Service
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 1
1. Overview
McAfee
®
Saas Email Protection provides security services that safeguard corporations
from unsolicited spam email (junk mail), viruses, worms, and unwanted content at the
network perimeter before they can enter the internal network.
Multiple layers of McAfee Saas Email Protection provide secure and complete email
filtering to protect your users. You can enable or disable specific layers by changing the
licensed packages of features and/or through configuring the specific email policies in the
Control Console, the comprehensive graphical interface into McAfee Saas Email
Protection.
This document describes the tasks necessary to configure and maintain your McAfee Saas
Email Protection.
Differences in Administration for
Service Providers
This document is for use by Enterprise customers only. Service Provider customers do not
administer groups for Email Protection and therefore, do not assign groups to email
filtering policies. Instead, Service Provider customers assign policies directly to domains.
The capabilities for managing policies and groups, as described in this document, apply
only to Enterprise customers.
Account Management Necessary for
Email Protection
Account Management is a set of administrative windows you use to configure and manage
the entities that use or are affected by Email Protection (Email Protection), as well as the
Web Protection Service (WDS) and Message Archiving products. These entities include:
Domains
•Users
Other administrators, including other Customer Administrators, Domain
Administrators, Quarantine Managers, and Reports Managers
In addition, for Email Protection only, you use Account Management to administer groups
of users that share a common email filtering policy.
For more information, see Account Management Administrator Guide.
Auto-creation of Users Email Protection Administrator Guide
2 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
MX Record Validation
You can validate that the MX Records that are configured for your domain are properly
redirected by entering the specific DNS and/or IP address for your MTA server. The
Control Console displays the MX Record configuration as reported by the authoritative
DNS server.
See Check Your MX Record.
Alias Domain Names
You can configure alias domain names that act as virtual domains using the configurations
and email addresses defined in the primary Domain name. Email addresses are created
automatically for alias domains (for example, jsmith@yourcompanyalias.com is
automatically created for jsmith@yourcompany.com), allowing the single user to receive
email for both addresses.
For more information, see Account Management Administrator Guide.
Auto-creation of Users
The Email Protection automatically creates new user accounts if all the following is true:
SMTP Discovery is enabled. SMTP Discovery, which is enabled by default, is a
convenient way to add users to your service. However, this capability might also add
users who are not real users at your company and not add users who are real.
SMTP discovery creates users that receive eight valid emails within a 24 hour period.
A user account does not exist for the email address in the designated Domain.
The emails were not addressed to an alias domain name.
For more information, see Set up User Creation Mode — SMTP Discovery or Explicit.
Email Filtering Policies
Email Protection has default inbound and outbound mail filters to block and clean
malicious email and to quarantine email that might be malicious. The filters are
configured by using policies, which are the parameters for the filters default policies are
automatically assigned to each of your domains.
You can customize the default inbound policy for any and each domain, or any and each
group, to fit your business Email Protection.
For more information, see Customize Inbound Mail Filters.
Email Protection Administrator Guide Email Filtering Policies
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 3
Types of Inbound Email Filtering
Email Protection can filter both inbound and outbound email. Inbound filtering that is
available to be configured is as follows:
Anti-Spam Filtering
Real-time Blackhole List
Anti-Virus Filter
Content Filtering and ClickProtect
Attachment Filtering
Multi-Level Allow and Deny Lists
Anti-Spam Filtering
Spam is usually defined as unsolicited (and usually unwanted) and commercial email sent
to a large number of addresses. However, what one recipient may consider as spam,
another recipient would consider as legitimate email.
In addition, spam has become a tool of hackers and electronic terrorists who deliberately
attempt to gather proprietary information from computer systems and/or attempt to cause
harm to a company’s email system. Typically, these types of spammers deliberately use
naming standards, hijacked From: addresses, scrambled content, etc., to bypass spam
filters such as blacklists and keyword lists.
Using Stacked Classification Framework
®
, Email Protection provides the most
comprehensive and effective spam-blocking product on the market today—blocking 98%
of spam and providing an industry-leading low false positive rate (legitimate email
marked as spam).
The Stacked Classification Framework aggregates the most effective spam filters and
techniques in the industry into a spam likelihood. As appropriate, email is assigned a high
or medium likelihood of being spam. A separate email action can be assigned to each
likelihood.
The spam classification techniques include the following:
Spam FilterType Description
IP Reputation
Connection Manager
This filter operates at the front of the Stacked Classification
Framework. It rates the reputation of every incoming email, based
on IP reputation data collected by your Email Protection provider
on an on-going basis. Connections are dropped for all messages
which originate from IP addresses that are determined to carry a
reputation for sending spam.
Bayesian Statistical
Filtering
Statistical algorithms built by your Email Protection provider
identify and quantify the possibility that an email is spam based on
how often elements in that email have appeared in identified spam
emails.
Email Filtering Policies Email Protection Administrator Guide
4 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Real-time Blackhole List
The Real-time Blackhole List (RBL) is a system for creating intentional network outages
(blackholes) for the purpose of limiting the transport of known-to-be-unwanted mass
email. The RBL is a database of IP addresses that are reported to be spam sources.
Industry Heuristics Email Protection incorporates thousands of successful industry-
wide spam-fighting rules to recognize characteristics of spam.
Proprietary Heuristics Email Protection experts write and update thousands of proprietary
rules to block spam, including fraudulent phishing spam, using
real-time data from your service providers Threat Center.
URL Filtering URL filtering works by comparing embedded links found in emails
with URLs associated with identified spam.
Reputation Analysis Email Protection constantly monitors inbound email to build a list
of IP addresses and domain names to rate the reputation of the
sender based upon the percentage of spam emails received from
that address in the past.
Reputation-Based RBL
Filtering
Using up to 31 real-time blackhole lists (RBLs) of known
spammers provided by the industry, Email Protection creates a
single RBL indicator to help gauge the likelihood of an email being
sent by a known spammer. By using multiple black lists to create a
single vote and by rating the reputation of each RBL based on its
accuracy at distinguishing spammers from senders of legitimate
email helps to minimize the possibility of a non-spammer being
blocked by mistake.
Sender Policy
Framework (SPF)
The SPF classifier helps identify and block fraudulent spoofing
emails – those sent by spammers with forged “From” addresses –
from entering your email network. For each inbound email, the SPF
classifier will look up the sending domain’s Domain Naming
System (DNS) record and its list of authorized IP addresses.
Emails that carry an IP address not found on the authorized list will
be included within the Stacked Framework Classification System
for the detection of spam. By determining whether or not the
relationship between the DNS record and the IP address is
legitimate, Email Protection is able to more accurately filter out
fraudulent spoofed emails. As a result, Email Protection reduces
risk for users who might be duped by the email into divulging
confidential personal information.
Spam FilterType Description
Email Protection Administrator Guide Email Filtering Policies
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 5
Anti-Virus Filter
Email Protection provides highly effective, organization-wide virus and worm protection.
By identifying viruses and worms at your network perimeter—before they enter or leave
your messaging infrastructure— Email Protection minimizes outbreak and infection risks
to your enterprise messaging infrastructure. You can configure whether infected emails are
quarantined, denied, or stripped of infection.
Provides maximum protection using multiple, industry-leading anti-virus engines to
allow Email Protection to customize the protection to meet the latest threats.
Virus definition updates every 5 minutes provide up-to-the-minute defense against the
latest threats.
Provides safe, external virus scanning and quarantine management for protection
against viruses before they reach your network. Protects your users, networks, and
data from harm
Content Filtering and ClickProtect
Email Protection protects your organization and reduces liability and risk by automatically
identifying unwanted and malicious content before it enters or leaves your network.
You can enable any of the following types of content filtering:
Content Filter Type Description
Predefined Content
Keyword Groups
You can enable or disable predefined content keyword groups
provided by Email Protection:
•Profanity
Sexual Overtones
Racially Insensitive
Customized Content
Keyword Groups
You can define customized content keyword groups containing
terms and phrases to satisfy the business and security Email
Protection of your organization.
Multiple Levels of
HTML Filtering
You can designate the level of HTML filtering to be used (low,
medium, or high), with predefined actions for each level.
Depending on the level, malicious HTML tags and scripting
options embedded in email are stripped.
Graphic Image
Replacement
You can enable or disable the automatic replacement of images
with a transparent 1x1 pixel GIF within HTML emails.
Email Filtering Policies Email Protection Administrator Guide
6 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Attachment Filtering
Email Protection provides you the ability to control the types and sizes of allowed
attachments entering your email network. You can control attachment filtering using any
of the following:
Attachment Filter
Type
Description
Attachment Filtering
by
File Type
You can enable or disable filtering of attachments by file type. File
type is determined using the file extension, MIME content type,
and binary composition.
Attachment Filtering
by
Size
You can designate a maximum allowed size for each enabled
attachment type.
Custom Attachment
Rules by
Filename
You can configure custom rules using filenames that override the
global settings for an attachment file type. You can designate that
the rule use the entire filename or any part of the filename.
Filtering for Files
Cont
ained within a Zip
File Attachment
You can configure custom rules to cause Email Protection to
analyze the files within a zip file attachment, if possible, to
determine if a file in the zip file violates attachment policies. If the
zip file cannot be analyzed, you can designate the email action to
be applied.
Encrypted or “High
Risk” Zip
File
Attachment Rules
You can configure custom rules for emails with encrypted zip files
and/or zip files that are considered high risk (too large, too many
nested levels, etc.).
Stripping of Spam
Beacons or
Web bugs
Spam beacons and web bugs are typically transparent, 1x1 pixel
graphics embedded in HTML content that send information about
your system to the source (usually a URL) of the spam beacon or
web bug. Typically, web bugs are used on Web sites to monitor
surfing behavior, but now spammers are hiding them in their mass
mailings as spam beacons. If the graphic is not removed before an
email is opened, the spam beacon sends a signal back to the
spammers URL that lets the spammer know whether the email
was opened and if the recipient’s email address is valid. If the
spammer gets this signal, the recipient is marked as a valid email
address and is guaranteed to receive more spam in the future.
You can enable or disable the auto
matic stripping of spam beacons
or Web bugs within HTML emails.
Disabling hyperlinks
within email
with
ClickProtect
SM
ClickProtect
allows you to monitor and disable or enable whether
Web hyperlinks received in emails can be clicked and followed by
the user. With multiple levels of ClickProtect policy control,
Administrators can customize the desired level of protection. This
feature supports blocking phishing sites and accidental downloads
of viruses and worms.
Content Filter Type Description
Email Protection Administrator Guide Email Filtering Policies
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 7
Multi-Level Allow and Deny Lists
Email Protection allows you to define lists of emails that will always be denied (blacklists)
or will always be accepted (whitelists) at multiple levels. In addition, you can enable third-
party Real-time Blackhole List to be used to filter unwanted emails.
The administrator-level lists override the user-level lists in a top-down manner: global lists
first, policy set lists next, and lastly user-level lists. For example, if the same address is
added to a user-level Allow list and the policy set Deny list, the address is always denied.
At the same level, the Allow list overrides the Deny list. For example, if you designate a
range of email addresses (for example, by designating an entire domain) in the Deny list,
but then designate a single email address from that domain in the Allow list, the email
from that single address will be always accepted while the email from any other address in
the domain in the Deny list will be always denied.
The same address string cannot be added multiple times in the same list or added to both
the Allow and Deny lists.
Be aware that emails that have been quarantined by Email Protection may not need to be
added to Deny lists because they are already being blocked from entering your email
network.
Following are the types of Allow and Deny lists that are available in Email Protection:
Allow/Deny List
Type
Description
Global Deny List If your Email Protection provider determines that a Sending
SMTP has sent too many invalid incoming emails within a
specified time period, it will add the IP address for that Sending
SMTP to a Global Deny List for a designated time period (default
is 2 hours). During the denial period, all emails received from that
Sending SMTP will be automatically denied. This process helps to
protect against dictionary harvest and Denial of Service attacks.
This process can be disabled at the system level.
Policy set-level
Sender Deny Lists
and Sender Allow
Lists
Sender Deny lists indicate sender addresses from which email is
denied automatically. Sender Allow lists indicate sender addresses
from which email is allowed without spam, content, or attachment
filtering (virus filtering is always enabled unless specifically
disabled).
You can designate a single email address, entire domains or IPs, or
use wildcards to designate ranges of addresses. Optionally, you
can save these lists to a spreadsheet file.
Each policy set affects the email filtering for all user accounts in
the groups that are subscribed to that policy set.
Email Filtering Policies Email Protection Administrator Guide
8 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Types of Outbound Email Filtering
You can add outbound filtering to each package, helping to ensure the safety and
appropriateness of information being sent from your corporate email system to valued
customers or business partners.
Filter Type Description
Content
Filtering
This feature automatically prevents inappropriate,
malicious, or
confidential content from leaving your corporate email system,
allowing you to monitor and enforce your corporate email
policies.
Attachment
Filtering
Outbound attachments can be filtered by size, by MIME content
type, or by
binary content, according to your corporate email
policies.
Virus
S
canning
Outbound virus scanning stops viruses and worms from leaving
your corporate email system, preventing your enterprise from
being the source of email-borne viruses to customers, suppliers,
and partners.
Configurable Actions for Filtered Email
In Email Protection, email filtering policies control how emails are filtered within a
specific Domain and how Email Protection will respond during email filtering and
reporting. Depending on the feature package that is licensed for a domain, specific email
filters will be available to be enabled and configured. Also, depending on the enabled
email filter, various actions must be configured that define how Email Protection will
respond if an email violates the specific filter policy.
User-level Deny Lists
and Allow Lists
Maintained by you and/or the user, Deny lists indicate sender
addresses from which email is denied automatically. Allow lists
indicate sender addresses from which email is allowed without
spam filtering (all other enabled filtering will be applied).
You can designate a single email address, entire domains or IPs, or
u
se wildcards to designate ranges of addresses. Optionally, you
can save these lists to a spreadsheet file.
These lists affect only the emails received for the designated user
account
and its alias addresses (user-level lists).
Recipient Shield List You can define a list of recipient em
ail addresses for which you
want to specify special email actions (for example, you want to
deny all emails for a user who is an ex-employee). You can also
specify the email action to take if the recipient email address is
invalid in your system (permfailed by your email server as an
invalid recipient).
Allow/Deny List
Ty
pe
Description
Email Protection Administrator Guide Email Filtering Policies
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 9
Based on the defined policy configuration, each email that violated the specified policy
can have any of the following actions taken, depending on the type of policy:
Action Description
Quarantine The email is added to the respective quara
ntine area and is not sent to
the recipient email address. If the email violated a spam policy, the
email is reported in the user’s Spam Quarantine Report.
Tag The subject line of the email has a descri
ptive phrase (for example,
“[SPAM]”) added to the beginning of the subject text and the email is
sent to the recipient email address.
Deny Delivery The email is blocked automatically. Depending on the sending system’s
co
nfiguration, the email sender may or may not be notified with a 5xx
Deny email.
Do Nothing or Allow
D
elivery
The email is forwarded to the recipient email address with no
processing applied. The values in the reports and the
Overview
window will be incremented for the relevant email policy to indicate
that an email did trigger the specific policy.
Silent Copy A copy of the email is forwarded to a list of designated email address
es
with no notification to the sender or recipient.
Strip Attachment If the email had an attachment that vi
olated configured policies, this
action causes that attachment to be removed from the email and the
email is be sent to the recipient email address. Text is inserted into the
email notifying the recipient that an attachment has been stripped. Only
the attachment that violated the policy is stripped.
Clean If the email had an attachment that
contained a virus or worm, this
action attempts to remove the virus or worm and preserve the
attachment. If the clean is successful, text is inserted into the email
notifying the recipient that an attachment had contained a virus and
was cleaned. If this action is selected, a second fall-back action also
must be designated in case the Clean action fails. This action is specific
to the virus filtering policies.
Custom X-Header If the email was determined to have a high or medium likelihood of
being
spam, you can configure that a custom X-header be inserted into
the email. This X-header can be used by your email servers to perform
additional actions within your network, such as redirecting the email.
Each spam likelihood can have a different custom X-header. This
action is specific to the spam filtering policies.
Disable Filter A non-administrator user cannot disable virus filtering if it is licensed
and enabled
for a specific Domain or policy set. Only Administrators
can enable or disable virus filtering for a specific Domain or policy set.
You can designate that Email Protection first attempts to remove the
virus
from an infected attachment, and if the clean fails, perform
another action. You can designate that only the infected attachment is
stripped. and the remaining email contents and attachments are sent to
the recipient.
User-level Policy Configurations Email Protection Administrator Guide
10 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Notifications for Filtered Email
You can enable or disable email notifications to the sender and/or recipient email
addresses of email that was filtered because of virus, content keywords, or attachment.
For more information, see one of the following:
Set Email Protection to Notify Users about Emails with Viruses
Notify Users about Spam Content
Notify Users about Attachment Violations
User-level Policy Configurations
By default, policy configurations are defined for each domain and group. All emails
received for all user accounts within a domain or group are processed using the same
policy configurations.
Optionally, user-level policy configurations can be defined for individual users that
override the Domain/Group policies. Thus, if there is a conflict between a user-level
policy and any of the other types of policy configurations, the user-level policy setting will
be used. These user-level policy configurations allow customization of email actions for
each user.
User-level policies are confined to the following policies:
Enable or disable email processing for spam, virus, content keyword, attachments,
and/or HTML content.
Specify actions to take for emails if they are determined to have a high or medium
likelihood of being spam.
Configure the spam quarantine reporting
To manage the policy for an individual user, see User-Level Policy Configuration.
To establish user control of policies, see Set up Spam Quarantine Reports.
User also can have some control over their policies.
Quarantine
Email Protection provides multiple quarantine areas with different security accesses to
store and support review of suspect email outside of your email network.
Emails that violate configured policies and that have the Quarantine action applied are
sorted into multiple quarantines to ease email management and support security levels:
Spam Quarantined Messages – Accessible to all users, with users with role of User or
Reports Manager allowed to access only their own personal spam quarantine
Email Protection Administrator Guide Customizing the Interface
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 11
Virus Quarantined Messages – Accessible to only Administrators and Quarantine
Managers
Attachment Quarantined Messages – Accessible to only Administrators and
Quarantine Managers
Content Keyword Quarantined Messages – Accessible to only Administrators and
Quarantine Managers
Within each quarantine, you can do any of the following:
Delete selected emails or all emails
Release selected emails or all emails for delivery to the recipient
View selected email in a Safe View window
Add the sender email addresses to the recipients’ user-level Allow list and release the
emails (available only for quarantined spam emails)
Emailed Reports of Quarantined Spam Emails
Optionally, emails are sent to users to indicate that spam emails that have been
quarantined, using either of the following types of emails:
Spam Quarantine Report
Spam Quarantine Reports are HTML-based email notifications of quarantined spam
emails that sent to users. Multiple links in the Reports allow management of
quarantined spam email based on policy set-level and user-level configurable control
settings. When the user clicks a link, the designated action is performed and the user is
automatically logged into the Control Console.
Spam Quarantine Summary
Spam Quarantine Summaries are optional text-based email notifications of
quarantined spam email sent to users, to support email applications that are not
HTML-compatible. The user clicks the link provided in the email and is automatically
logged into the Control Console. Once logged in, the user can navigate to the relevant
window to manage the spam quarantine and modify personal settings.
Customizing the Interface
Licensed Branding
There are multiple branding levels that control the appearance and URL addresses used
within the Control Console and Spam Quarantine Reports and Summaries:
Standard – Branding uses images and addresses provided by your service provider.
Private – You control the images and addresses.
Cobrand – Branding uses images provided by you and your service provider., and
addresses provided by you.
White Label – Branding uses no identifying images and uses addresses provided by
you.
Customizing the Interface Email Protection Administrator Guide
12 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Branding levels other than Standard must be licensed separately.
For more information, see Rebrand Your User Interface in Account Management
Administrator Guide.
Language Localization
Within the Control Console, windows and features available to the non-administrative
user (whose role is User) can be provided in translated form supporting multiple
languages. When the user logs in via the log on window, he or she can select the desired
language in the Language field. Thereafter, all spam quarantine reporting emails and
window and field labels will be provided in the designated language.
The following languages are supported:
Brazilian Portuguese
Chinese Simplified
Chinese Traditional
•Danish
•Dutch
English
•Finnish
•French
•German
Italian
Japanese
Korean
Norwegian
Portuguese
Russian
Spanish
•Swedish
•Turkish
This feature is available only to non-administrative user accounts. This feature must be
enabled at the system level to be available.
As a Customer Administrator, you can set the language for a user on the users Preferences
window. See Set User Display Preferences, Including Your Own in Account Management
Administrator Guide.
Outbound Disclaimer
You can define text that will be appended to the email content to support liability or legal
requirements for your organization. Every email that was sent from your organization to
Email Protection for email filtering will have the designated text added to the end of the
email content. This feature requires that outbound filtering be licensed.
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105
  • Page 106 106
  • Page 107 107
  • Page 108 108
  • Page 109 109
  • Page 110 110
  • Page 111 111
  • Page 112 112
  • Page 113 113
  • Page 114 114
  • Page 115 115
  • Page 116 116
  • Page 117 117
  • Page 118 118
  • Page 119 119
  • Page 120 120
  • Page 121 121
  • Page 122 122
  • Page 123 123
  • Page 124 124
  • Page 125 125
  • Page 126 126
  • Page 127 127
  • Page 128 128
  • Page 129 129
  • Page 130 130
  • Page 131 131
  • Page 132 132
  • Page 133 133
  • Page 134 134
  • Page 135 135
  • Page 136 136
  • Page 137 137
  • Page 138 138
  • Page 139 139
  • Page 140 140
  • Page 141 141
  • Page 142 142
  • Page 143 143
  • Page 144 144
  • Page 145 145
  • Page 146 146
  • Page 147 147
  • Page 148 148
  • Page 149 149
  • Page 150 150
  • Page 151 151
  • Page 152 152
  • Page 153 153
  • Page 154 154
  • Page 155 155
  • Page 156 156
  • Page 157 157
  • Page 158 158
  • Page 159 159
  • Page 160 160
  • Page 161 161
  • Page 162 162
  • Page 163 163
  • Page 164 164
  • Page 165 165
  • Page 166 166
  • Page 167 167
  • Page 168 168

McAfee SMEFCE-AI-DA - Email Security Service Inbound Administration Manual

Category
Software
Type
Administration Manual
This manual is also suitable for

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI