Home » McAfee Manuals » Computer Software » McAfee SMEFCE-AI-DA » Manual Viewer

McAfee SMEFCE-AI-DA Administration Guide - Page 162

Email Filtering, my Spam Quarantine Re port?

View all McAfee SMEFCE-AI-DA manuals

Add to My Manuals
Save this manual to your list of manuals

Page 162 highlights

Email Protection Administrator Guide • Set the User Creation field to Explicit. • Configure your inbound email servers to deny emails received for invalid recipients. Question: How does the user log into the Control Console for the autocreated email address? Answer: One of the following must occur before a user can log into the Control Console: • The user must receive a Spam Quarantine Report and click one of its links before they expire. • The user must request a Set Password email in the Sign in window. • An Administrator can manually set the password for the user in the Control Console. Question: Why does a Web browser open when I try to do anything on my Spam Quarantine Re port? Answer: The Spam Quarantine Report provides an easy-to-use connection into the appropriate feature in the Control Console. The Control Console is a Web-based graphical user interface and is the primary interface to Email Protection. When a user clicks a link in the Spam Quarantine Report, it causes the default Web browser to open, automatically logs the user into the Control Console, and performs the action designated in the clicked link. Email Filtering Question: I've just made a change to my policies; how long does it take before it is active? Answer: Typically, most configuration changes in the Control Console, including policy configurations, Allow and Deny lists, and changes to entity configurations, will take approximately 10-15 minutes before the configuration is effective. Depending on the system architecture, the changes must be stored and then propagated to multiple MTAs performing the processing for Email Protection. Some changes may take longer, such as deleting an entire domain with all its related data. Question: There are emails in my quarantine that I want to always receive. I clicked the "Always Allow" button, but the emails still get caught - What am I doing wrong? Answer: The user-level Allow list does not disable virus, content, or attachment filtering; it only disables the spam filtering. If the email violated any of the enabled policies, it would be filtered even if its sender address was added to the user-level Allow list. In addition, companies often send items in a format that looks like spam that a user may have opted to receive, such as electronic newsletters or emails, causing the email to be quarantined. When a user clicks the Always Allow link in the Spam Quarantine Report or the Spam Message Quarantine window, the sending email address is added to the userlevel Allow list. However, for various reasons, emails of this nature may not always come from the same address every day. Because senders often rotate the address of these types of emails, the same item could be delivered the very next day and still be blocked because the sender address does not match the previous entry in the Allow list. 154 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012

Section	Page
Contents	3
1. Overview	9
Differences in Administration for Service Providers	9
Account Management Necessary for Email Protection	9
MX Record Validation	10
Alias Domain Names	10
Auto-creation of Users	10
Email Filtering Policies	10
Types of Inbound Email Filtering	11
Anti-Spam Filtering	11
Real-time Blackhole List	12
Anti-Virus Filter	13
Content Filtering and ClickProtect	13
Attachment Filtering	14
Multi-Level Allow and Deny Lists	15
Types of Outbound Email Filtering	16
Configurable Actions for Filtered Email	16
Notifications for Filtered Email	18
User-level Policy Configurations	18
Quarantine	18
Emailed Reports of Quarantined Spam Emails	19
Customizing the Interface	19
Licensed Branding	19
Language Localization	20
Outbound Disclaimer	20
Notifications	21
Monitoring and Reporting	21
Optional Utilities	21
Spam Control for Outlook®	21
Disaster Recovery Services	22
Fail Safe	22
Email Continuity	22
2. Access Email Protection Administration	23
Who Can Access Email Protection Administration windows	23
Other Documents You Might Need	27
Email Protection Documents	27
Web Protection Service Documents	28
Message Archiving Documents	28
User Guides	28
Ensure You Can Receive Email from Your Service Provider	28
Log on to the Control Console	28
Reset Your Password from the log on window	29
3. Check the Status of Email Protection on the Overview	33
4. Set up Your Servers	37
Confirm Your Inbound Servers Setup	37
Set up Additional Inbound Servers	37
Delete an Inbound Server	38
Add IP Address of Outbound Server, If Necessary	39
Delete an Outbound Server	40
Set up a Smart Host (If Outbound Mail Defense is Turned on)	40
Add an Outbound Email Disclaimer	40
Redirect Your MX Records	41
Check Your MX Record	42
Set up User Creation Mode — SMTP Discovery or Explicit	44
5. Customize Inbound Mail Filters	47
Enterprise or Service Provider Customer	47
Create a Custom Policy (Enterprise Customer Only)	49
Configure a Virus Filter	51
Set Email Protection to Notify Users about Emails with Viruses	52
Configure a Spam Filter	53
Define the Action to Take on Spam	54
Define Additional Words That Indicate Spam	55
Set up Spam Quarantine Reports	58
Configure a Content Filter	61
Turn Off a Default Content Filter	63
Custom Content Group	64
Notify Users about Spam Content	65
Configure a Filter for HTML, Java Script, ActiveX, and Spam Beacons	66
Configure Web Hyperlink Filters (ClickProtect)	68
Upload a List of Allowed URLs	69
Download a List of Allowed URLs from the Control Console	70
Define an Attachment Filter	70
Filter by Attachment File Types	70
Filter by Attachment File Name	73
Filter Zip File Attachments	74
Notify Users about Attachment Violations	75
Allow or Deny Email to or from Specific Addresses	76
Allow Email from a Specific Address	77
Sender Policy Framework (SPF)	78
Deny Email from a Specific Address	78
Deny Email to a Specific Recipient	80
Save a Copy of an Allow, Deny, or Recipient Shield List	81
Add Allow, Deny, or Recipient Shield Addresses with a Batch File	81
Email Authentication	81
Transport Layer Security	81
Enforced SPF	83
Important SPF information:	83
Enforced DKIM	85
Create a DKIM Domain	86
More Options	86
Email Authentication Notifications tab	87
Define the Format and Text of Notifications to Users	88
Variables within a Notification	88
Define the Format and Text of Virus Notifications	89
Define the Format and Text of Content Violation Notifications	91
Define the Format and Text of Attachment Violation Notifications	92
Email Authentication	93
Email Authentication Subject Headers	94
Disaster Recovery	95
Assign a Group to the Custom Policy	96
6. Customize Outbound Mail Filters	97
Create a Custom Outbound Policy	97
Configure a Virus Filter	98
Configure a Content Filter	98
Email Encryption for Content Groups	99
Group Names	99
Define an Attachment Filter	100
Define the Format and Text of Notifications to Users	100
Assign a Group to the Custom Policy	100
7. Managing Quarantine Reports	101
Set up Quarantine Reports	101
Monitor Users’ Quarantined Email	101
Primary Email Addresses, Aliases, and Public Domain Addresses	102
Search for Quarantined Email	102
Interpret the Search Results	103
Sort the Search Results	104
Delete Quarantined Messages	105
Release Quarantined Messages	105
View Quarantines Messages	105
Monitor Your Own Quarantine	107
8. Set up Disaster Recovery Services	109
Administer Disaster Recovery Services	109
Set up Spooling for Disaster Recovery	109
Set up Notifications of Disaster Recovery	110
9. User-Level Policy Configuration	111
10. System Reports	113
Email Protection Reports	113
View an Email Protection Report	114
Change the Graphic Display of the Report	115
Download a Report	115
Traffic Overview	115
Traffic: Enforced TLS Report	117
Traffic Summary	117
Bandwidth Summary	118
Traffic: Encryption	118
Email Encryption Summary	119
Email Encryption Bandwidth Summary	119
Threats: Overview	119
Threats: Viruses	121
Threats: Spam	123
Threats: Content	125
Threats: Attachments	127
Enforced TLS: Details	129
Traffic Summary	130
Enforced SPF Report	130
ClickProtect: Overview	131
ClickProtect: Click Log	133
Quarantine: Release Overview	134
Quarantine: Release Log	136
View Details of Log Items	138
User Activity	139
Event Log	141
Audit Trail	142
Inbound Server Connections	143
Disaster Recovery: Overview	145
Disaster Recovery: Event Log	146
Administer MSP Connector	147
Configure the MSP Connection	147
Add Domains to the MSP Connection	149
Remove Domains from the MSP Connection	150
Turn on Exception Notifications for the MSP Connection	150
View an MSP Connector Audit Report	151
Download an Audit Report	155
Administer Performance Reports	155
Performance Report Descriptions	156
Inbound Messages Report, Weekly or Monthly	157
Outbound Messages Overview	159
11. Tips and Frequently Asked Questions	161
FAQs	161
User Management	161
Email Filtering	162
System Configuration	164
Tips/Techniques	167
Change Zip File Attachment Policy	167

Match case Limit results 1 per page

Email Protection Administrator Guide

154

Proprietary:

Not for use or disclosure outside McAfee without written permission.

November 2012

•

Set the

User Creation

field to

Explicit

•

Configure your inbound email servers to deny emails received for invalid recipients.

Question: How does the user log into the Control Console for the auto-

created email address?

Answer:

One of the following must occur before a user can log into the Control Console:

•

The user must receive a Spam Quarantine Report and click one of its links before they

expire.

•

The user must request a Set Password email in the

window.

•

An Administrator can manually set the password for the user in the Control Console.

Question: Why does a Web browser open when I try to do anything on

my Spam Quarantine Re port?

Answer:

The Spam Quarantine Report provides an easy-to-use connection into the

appropriate feature in the Control Console. The Control Console is a Web-based graphical

user interface and is the primary interface to Email Protection.

When a user clicks a link in the Spam Quarantine Report, it causes the default Web

browser to open, automatically logs the user into the Control Console, and performs the

action designated in the clicked link.

Email Filtering

Question: I’ve just made a change to my policies; how long does it take

before it is active?

Answer:

Typically, most configuration changes in the Control Console, including policy

configurations, Allow and Deny lists, and changes to entity configurations, will take

approximately 10-15 minutes before the configuration is effective. Depending on the

system architecture, the changes must be stored and then propagated to multiple MTAs

performing the processing for Email Protection. Some changes may take longer, such as

deleting an entire domain with all its related data.

Question: There are emails in my quarantine that I want to always

receive. I clicked the “Always Allow” button, but the emails still get

caught – What am I doing wrong?

Answer:

The user-level Allow list does not disable virus, content, or attachment filtering;

it only disables the spam filtering. If the email violated any of the enabled policies, it

would be filtered even if its sender address was added to the user-level Allow list.

In addition, companies often send items in a format that looks like spam that a user may

have opted to receive, such as electronic newsletters or emails, causing the email to be

quarantined. When a user clicks the

Always Allow

link in the Spam Quarantine Report or

the

Spam Message Quarantine

window, the sending email address is added to the user-

level Allow list. However, for various reasons, emails of this nature may not always come

from the same address every day. Because senders often rotate the address of these types

of emails, the same item could be delivered the very next day and still be blocked because

the sender address does not match the previous entry in the Allow list.