cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

MEG 7.5 strip mail headers

Jump to solution

Hi, We need to srtip outbound mail headers for security reasons, deleting the headers containig inside network IP and external too. In IronMail 6.7.x was easy but in the new MEG 7.5 ... no.

Thanks Herman.-

PD by the way this does not work... stripnotwork.PNG

1 Solution

Accepted Solutions

Re: MEG 7.5 strip mail headers

Jump to solution

Hi Herman,

I run in the same issue. I have contacted McAfee Support, and this is the answer from support:

     The header stripping option "Remove any Received-From headers to obscure network information" works as designed on McAfee Email Gateway 7.5.1.

See also the Help content on the gateway when you edit this option.

It says: "Select this to obscure any network information displayed in the Received headers. The Last Received header, added by your appliance, is not removed."

So the conclusion is: the last "From" header from your internal e-mail server to the McAfee Email Gateway will not be removed.

But....

McAfee does have another option to remove those headers.

See https://kc.mcafee.com/corporate/index?page=content&id=KB79418

This will have impact on your Outbound mail reporting, because all the outbound mail will be triggered as "monitored".

I have solved this with the following configuration: (i would suggest you test this first with a test policy rule!)

1)   Create an Outbound email policy rule, which will trigger when you send e-mail from inside to outside

2)   Under "Spam", open "Spam: Score >= ...."

3)  Tab "Basic Options"

4)  Under "Additional score-based actions" configure:

     - When the score is at least:      -50

    - Allow through (Monitor)

    - Aother Actions -> Modify headers and click on "Manage templates"

            - Click Add -> use the header name      "Received"

            - Select the option "Remove existing headers with the same name"

            - Save and close the window

    - Be sure that the options "Modify headers" and "Received" are selected

6) Add your other organization needs to this outbound policy rule.

7) Save and apply your configuration and test the effect

  

And the internal headers are gone...

anti-spam-settings-1.JPG

anti-spam-settings-2.JPG

on 2/21/14 9:35:53 AM CST
6 Replies

Re: MEG 7.5 strip mail headers

Jump to solution

That setting should take care of it.  Have you contacted support on this?  They would probably file a bug on it after confirming the issue.  (There is also a newer version available in controlled release to test).

I would test it myself, but dont have my lab set up for it at the moment.

Re: MEG 7.5 strip mail headers

Jump to solution

I don t contact support because I have no time, If you test and works let me know please.

thanks for your reply!

HS.-

Re: MEG 7.5 strip mail headers

Jump to solution

Hi Herman,

I run in the same issue. I have contacted McAfee Support, and this is the answer from support:

     The header stripping option "Remove any Received-From headers to obscure network information" works as designed on McAfee Email Gateway 7.5.1.

See also the Help content on the gateway when you edit this option.

It says: "Select this to obscure any network information displayed in the Received headers. The Last Received header, added by your appliance, is not removed."

So the conclusion is: the last "From" header from your internal e-mail server to the McAfee Email Gateway will not be removed.

But....

McAfee does have another option to remove those headers.

See https://kc.mcafee.com/corporate/index?page=content&id=KB79418

This will have impact on your Outbound mail reporting, because all the outbound mail will be triggered as "monitored".

I have solved this with the following configuration: (i would suggest you test this first with a test policy rule!)

1)   Create an Outbound email policy rule, which will trigger when you send e-mail from inside to outside

2)   Under "Spam", open "Spam: Score >= ...."

3)  Tab "Basic Options"

4)  Under "Additional score-based actions" configure:

     - When the score is at least:      -50

    - Allow through (Monitor)

    - Aother Actions -> Modify headers and click on "Manage templates"

            - Click Add -> use the header name      "Received"

            - Select the option "Remove existing headers with the same name"

            - Save and close the window

    - Be sure that the options "Modify headers" and "Received" are selected

6) Add your other organization needs to this outbound policy rule.

7) Save and apply your configuration and test the effect

  

And the internal headers are gone...

anti-spam-settings-1.JPG

anti-spam-settings-2.JPG

on 2/21/14 9:35:53 AM CST

Re: MEG 7.5 strip mail headers

Jump to solution

Thanks man, it s works!!!

Re: MEG 7.5 strip mail headers

Jump to solution

With the release of 7.6, there are now policy-based actions available.  With this the same actions are available, but instead of specifying an action based on some other rule as above, all mail passing though a policy (ie, your outbound policy) can have the action applied.  There is no way for a message to have criteria in the policy that the action would not work on.

policy_1.png

policy_action.png

This is not available on 7.5, but something to keep in mind for when you upgrade to 7.6.

Re: MEG 7.5 strip mail headers

Jump to solution

Hi Andy, thank you for your reply!

That's a really good consideration to adjust your policies when you upgrade from 7.5 to 7.6 to include your settings to use the "Policy based actions"

This is way the action is more reliable.

Btw, last week I also created a Product Enhancement Request (PER)  #25674, which is "Under Review" at this moment.

In the PER I have requested to add an option for removing the last internal "From:" header during the header stripping proces.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community