Messaging Gateway

HI

I am deploying a SMG VM and need help with policy creation.

What is the difference between using:

If text in From/To/Cc/Bcc Address part of the message contains 1 or more occurrences of

and

Envelope sender/receiver.

Also 10.6 does not contain the bcc component. How can we use that?

Will using envelope sender cover the "from:" part and will using envelope receiver conver "to/cc/bcc" is my the query i have in specific.

Thanks.

Hi,

Envelope sender vs. From:

Every mail is sent to you via a strict sequence, for details take a look at smtp-rfcs, eg https://tools.ietf.org/html/rfc5321

Simplified:

1. Sending Server connects to your mail server, targeted via mx-record - should receive 220 with greeting from you

2. Sends ehlo FQDN ... full qualified domain name, should be a a-record in dns - should receive 250 with capabilities like starttls, max size, etc from you

3. MAIL FROM: ... Sender specifies the envelope sender, like in earlier days done with paper envelopes - should receive 250 ok if you dont comply (senders domain is registered etc)

4. RCPT TO: ... recipient of the mail

5. DATA ... now, here goes the content, text, attachments, etc

In the beginning of the data section the sender gives (must, should, can) you subject, date, mime-version and so forth.

The sender usually gives you FROM: and TO: within the data-section again - only the coding is a bit different for smtp-address "<>" and the displayname.

Be aware of the fact outlook will only show the FROM, no way to get to the envelope sender.

Hope this will cover all your qwuestions

Regards

Thomas

HI Tom,

Thanks for the reply.

So if i am using sending an email to an id then my @gmail id would be the from: id with respect to my recipient and the envelope sender would be one of gmail servers? Is that how this works?

Also what is recommended when creating policies on the SMG.

If i am trying to make policies for a list of email ids and want to use dictionaries then the only option is using env-sender and receiver.

Will that have the same effect as when using from: and to/cc/bcc?

We are trying to create a policy for :

If text in Envelope sender part of the message contains 1 or more occurrences of "name@ourdomain.com" 

AND

If text in Envelope recipient part of the message does not contain 1 or more occurrences of "@gmail.com"

The intent is to only allow mails to gmail from ourdomain and block the rest.

But when the sender adds both gmail and any other domain to the TO field in the email the policy blocks both those instead of only allowing the gmail and blocking the other.

The BCC function means that it is a Blind Carbon Copy, as in each of the recipients are blind to the other recipients. This information is not given to us, so we cannot filter by it. Only the mail server knows about who is on the BCC list of an email.

Hi,

So if i am using ... of gmail servers? Is that how this works?
    No, usually sender and envelope sender are the same (besides some formatings for display name etc).
    Please take a look at https://en.wikipedia.org/wiki/Email, section "Header fields"

Also what is recommended when creating policies on the SMG.
    https://support.symantec.com/en_US/article.TECH90043.html

If i am trying to make policies ... only option is using env-sender and receiver.
    Use patterns and seperate your search strings with "|" - alt/addition get familiar with regex

Will that have the same effect as when using from: and to/cc/bcc?
    No

The intent is to only allow mails to gmail from ourdomain and block the rest.
But ... allowing the gmail and blocking the other.
    Don't you use Policy-Groups?!?
    But, your intent is not possible - a outbound mail using smarthost like smg are transfered as one mail containing all the different recipients and you can only trigger on the item.

Thomas

 But, your intent is not possible - a outbound mail using smarthost like smg are transfered as one mail containing all the different recipients and you can only trigger on the item

Hi Thomas,

Yes the message id remains the same when i check in the audit logs.

So such a policy is not possible at all to create? This is a requirement as our email policy.

Just to make sure the understanding is clear.

we want to allow 1 email id from one of our email domains to be able to send and receive emails only to one domain and to none other. This works when the user sends an email only to the one allowed domain but if there are two ids in the to field then either both are sent or blocked based on how we try to tweak the policies.

Thanks.

Hi,

1. Have you tried the following:

- policy group1 - normal user: not beeing able to send to external domain.

Create a content rule maching the sender domain and act with eg send notification back to user "you're not allowed"

- policy group2 - sepcial user: allowed to send

Dont apply the content rule.

Just make sure policy group 2 is above group 1!

Inbound should work similar.

2. If that does not work, think of creating a seperated send connector (if you are using exchange, groupwise should do the same ...) for that domain. By doing that exchange should separate the mails for this domain and should get to your smg as two.

3. If both of them fail think about using transport rules

4. Educate the users ;-)

Thomas