McAfee MAP-3300-SWG Product Guide - Page 94
Benefits of using Recipient Authentication, Greylisting, Table 71, Option definitions
UPC - 731944547008
View all McAfee MAP-3300-SWG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 94 highlights
Overview of Email features Email Configuration Benefits of using Recipient Authentication Greylisting email messages from unknown senders causes messages from these senders to be rejected for a period of time. If the sending email system is legitimate, it will follow the correct protocols for re-delivering previously rejected messages. However, most "zombie" networks that are used to send spam messages do not comply with these protocols, and therefore messages from them are blocked. Recipient checks are useful tools in preventing directory-harvest attacks and flooding attacks (where large volumes of email messages are directed at your email servers, in the hope that some will get through to valid email addresses). Recipient checks work by you providing information about your genuine recipients of email messages within your organization. This information may already be available from your LDAP servers. You can also import lists of recipient email addresses from a file. Directory harvest prevention compares the number of email messages being sent to known and unknown email addresses within your organization. From this, the appliance can identify when a directory harvest is taking place, and can take steps to minimize the impact of the attack. Greylisting Use this section to create a grey list, which is effective against attacks from unknown senders such as zombie networks. Greylisting temporarily rejects email from new senders to resist spam attacks. Table 71 Option definitions Option Protocol preset Accept SMTP callback requests Initial retry delay Unretried record lifetime Definition Specifies the policy (and network group) to which these settings apply. If selected, overcomes delays caused by devices that use SMTP callbacks to prevent spam. Specifies how long to reject any early attempt to resend the email. The default value is 3600 seconds (1 hour). Many mail servers typically try to resend after one hour. The range is up to 86400 seconds (1 day). Specifies how long to keep a record, where the sender has not tried to send another message. After this time, the appliance deletes the record of any triplet that has not be retried. We recommend a value below 8 hours. The range is up to 96 hours (4 days). Default value is 4 hours. Greylisted record lifetime Maximum number of records Specifies how long to keep a greylisted record. The appliance deletes records of triplets that have not been referenced for some time. The range is up to 2160 hours (90 days). Default value is 864 hours (36 days), which is suitable for occasional mail like monthly newsletters. Specifies the maximum number of greylisted records. When the number of records approaches this value, the appliance starts deleting old records. The range is 50,000 to 2,000,000. Default value is 2000000. 94 McAfee Email and Web Security Appliances 5.6.0 Product Guide