7 Replies Latest reply on Mar 5, 2014 11:42 AM by danielsch

    quarantine digest - personal list of all spam and isolated emails for users

      Hello,

       

      we enabled the quarantine digest messages for spam and isolated emails. Every recipient (ldap) gets a daily message, if new emails are in the quarantine. But this messages are only listing new quarantined objects since the last quarantine digest.

       

      So, if the user deletes the digest-mail, he can't release the possibly false spam message anymore by himself. In Web-Gateway 6.8.7 (formerly Webwasher) the user got an extra link to his personal "spam-queue", but where's this function in Mail-Gateway 7?

       

      Thanks,

      tmkt

        • 1. Re: quarantine digest - personal list of all spam and isolated emails for users
          echelon

          I installed the McAfee Quarantine Manager.  These is option to download a working version (eval or licensed.)  It is mentioned in the McAfee Gateway documentation , and you can download the MQM documention.  But I had to contact tech support for a download.

           

           

          It  installs on a Windows server and provides an IIS front end for users and admin's to look at the currently quarantied messages.  

           

          I don't quite understand why McAfee seeems to have buried this product.

          • 2. Re: quarantine digest - personal list of all spam and isolated emails for users
            Regis

            I've been attempting to install and configure it... and I have my suspicions as to why.     But I'm circling the support wagons and hoping for the best.

             

             

            I'd be curious if anyone's got MQM up and running and working as designed anywhere who'd be willing to admit it.    What OS?   

             

            The messaging team and I are attempting to go the MQM route after a sales pitch from one very enthusiastic support engineer that touts the user flexibility of quarantine management in one location, as well as an ancillary benefit of having a separate box to fill disk on potentially before filling a MQM box's disk (i.e. MQM filling up somehow under the durress of a mail flood wouldn't stop routing mail, but doing the same to a MEG...might).   Also, obviating the possibility of getting a separate quarantine mail message from each MEG server potentially would be a drag--a problem which MQM also solves.

             

            However, that's all only a benefit if MQM is able to be installed and run. Which so far has been an adventure under Win 2008 R2 sp1..where I'm through the install, quarantining mail, but as yet been unable to compel the MQM to successfully send any notification emails...or, any mails at all (despite manual telnets to port 25 proving out the network and mail server paths).  

             

            Message was edited by: Regis on 10/9/12 10:18:07 PM CDT
            • 3. Re: quarantine digest - personal list of all spam and isolated emails for users
              echelon

              I have it working on Windows 2003 R2 SP2 32-bit. 

               

              Under Settings  &  Diagnostics -> Task Manager-> Scheduled Task, I have a schedule task to send a daily digest to all users.

               

              to verify that notifications were working, Under Settings -& Diagnostics -> Task Manager-> Immediate Tasks-  I could run a "user based digest" task.

               

               

              There seem to be two locations to define mail.

               

               

               

              1.  Settings -& Diagnostics -> Default -> Mail server.  I don't actually have anything defined there.    I think I tested notification messages before making sure that the mail server was defined and found that it worked anyway.     I do get user quarantine reports but I don't think I get the administrator status reports anyway.

               

               

              2. Administrator Management -> Manager domains -

              Click the check box next to your domain and click "modify configuration" (not modify/view.) And select mail server.  I think this will override the above entry.   I currently have it set to the mcafee gateway rather that my internal mail server-  the summaries get to me anyway but they go through an extra hop .    I need to fix that because sometimes that spam suimmaries themselves get quarantined.

              • 4. Re: quarantine digest - personal list of all spam and isolated emails for users
                Regis

                echelon, thanks.  Yeah, those were the places where our task was defined, and that immediate task to send mail or send out quarantines were all among what wasn't working (or leaving hide nor hair of  clues for failures in the product log).  Even a packet capture showed that nothing was happening from an smtp or ldap perspective.

                 

                Finally while being bored waiting on hold for a support tech to talk to an L3 tech, I decided "screw it, I'm going to restart the quarantine manager service"  ... and guess what?    The world started making sense.

                 

                This doesn't inspire confidence in the product of course, but ... it did make it start working for the first time for me.   I have users imported from ldap now, and my shceduled quaratine task actually worked last night.  Things are looking up.   

                 

                I've deployed to a 2008R2 sp1 server fwiw, and one thing for those attempting a similar feat:  YOU MUST DISABLE UAC  if you hope to get into the configure database interface.  I'm using MySQL as the database backend, on-box.

                 

                Next task:   configure IIS to actually use SSL.   McAfee quietly leaves this as an exercise to the reader in the  product guide.   

                • 5. Re: quarantine digest - personal list of all spam and isolated emails for users
                  echelon

                  I enabled SSL for IIS. I also disable non-HTTPS connections to the IIS server.  

                  I had to then make some changes on the McAfee Gateway (v 7)  quarantine settings.   I unchecked the "Use HTTP" box.  This changed the port to 49500.    I also had to use the IP address not the host name of the MQM server.     I think the issue is that you can specify that the  McAfee gateway to use HTTPS (port 443.)   

                   

                   

                  • 6. Re: quarantine digest - personal list of all spam and isolated emails for users
                    Regis

                    The problem is that MQM as it is today... doesn't support secure delivery of mail from MEG to MQM.  You can send it plaintext over port 80 using http, or you can send it plaintext using the legacy protocol over 49500 (and Mcafee says at some point the 49500 stuff will go away).

                     

                    However, with your strategy, at least the (insecurely authenticated, I'm sure)  POST requests from quarantine messages will go over the wire http perhaps.  

                     

                    McAfee seems at least aware that this state of affairs is an embarassment for a security company and I hope there are plans for them to clean this up.  

                    • 7. Re: quarantine digest - personal list of all spam and isolated emails for users
                      danielsch

                      This is a quit old discussion but I have not found a newer one.

                      For us the on-box quarantine option from the MEG 7.5 is quit sufficient. We don't need more different queues or anything more scalable.

                       

                      We use the frequency "Hourly" to get the user informed. That is fine for us.

                       

                      But it is happen quit often that user delete this information mail and then the user has no possibility to release or delete this mails.

                      How described, the Ironmail had this link option, why the MEG don't offer a possibility to list all the mails at the quarantine?

                       

                      I'm not sure, but just for this we have to install a extra server to us the Mcafee Quarnatine Manager?