6 Replies Latest reply on Feb 26, 2014 1:20 AM by wilbertk

    MEG 7.5 strip mail headers

    HermanSchenk

      Hi, We need to srtip outbound mail headers for security reasons, deleting the headers containig inside network IP and external too. In IronMail 6.7.x was easy but in the new MEG 7.5 ... no.

       

      Thanks Herman.-

       

       

      PD by the way this does not work... stripnotwork.PNG

        • 1. Re: MEG 7.5 strip mail headers
          andyclements

          That setting should take care of it.  Have you contacted support on this?  They would probably file a bug on it after confirming the issue.  (There is also a newer version available in controlled release to test).

           

          I would test it myself, but dont have my lab set up for it at the moment.

          • 2. Re: MEG 7.5 strip mail headers
            HermanSchenk

            I don t contact support because I have no time, If you test and works let me know please.

            thanks for your reply!

             

            HS.-

            • 3. Re: MEG 7.5 strip mail headers
              wilbertk

              Hi Herman,

               

              I run in the same issue. I have contacted McAfee Support, and this is the answer from support:

               

                   The header stripping option "Remove any Received-From headers to obscure network information" works as designed on McAfee Email Gateway 7.5.1.

               

              See also the Help content on the gateway when you edit this option.

              It says: "Select this to obscure any network information displayed in the Received headers. The Last Received header, added by your appliance, is not removed."

               

               

              So the conclusion is: the last "From" header from your internal e-mail server to the McAfee Email Gateway will not be removed.

               

              But....

               

              McAfee does have another option to remove those headers.

              See https://kc.mcafee.com/corporate/index?page=content&id=KB79418

              This will have impact on your Outbound mail reporting, because all the outbound mail will be triggered as "monitored".

               

              I have solved this with the following configuration: (i would suggest you test this first with a test policy rule!)

               

              1)   Create an Outbound email policy rule, which will trigger when you send e-mail from inside to outside

              2)   Under "Spam", open "Spam: Score >= ...."

              3)  Tab "Basic Options"

              4)  Under "Additional score-based actions" configure:

                   - When the score is at least:      -50

                  - Allow through (Monitor)

                  - Aother Actions -> Modify headers and click on "Manage templates"

                          - Click Add -> use the header name      "Received"

                          - Select the option "Remove existing headers with the same name"

                          - Save and close the window

                  - Be sure that the options "Modify headers" and "Received" are selected

               

              6) Add your other organization needs to this outbound policy rule.

              7) Save and apply your configuration and test the effect

                

              And the internal headers are gone...

               

              anti-spam-settings-1.JPG

               

               

               

              anti-spam-settings-2.JPG

               

              on 2/21/14 9:35:53 AM CST
              • 4. Re: MEG 7.5 strip mail headers
                HermanSchenk

                Thanks man, it s works!!!

                • 5. Re: MEG 7.5 strip mail headers
                  andyclements

                  With the release of 7.6, there are now policy-based actions available.  With this the same actions are available, but instead of specifying an action based on some other rule as above, all mail passing though a policy (ie, your outbound policy) can have the action applied.  There is no way for a message to have criteria in the policy that the action would not work on.

                  policy_1.png

                  policy_action.png

                   

                  This is not available on 7.5, but something to keep in mind for when you upgrade to 7.6.

                  • 6. Re: MEG 7.5 strip mail headers
                    wilbertk

                    Hi Andy, thank you for your reply!

                     

                    That's a really good consideration to adjust your policies when you upgrade from 7.5 to 7.6 to include your settings to use the "Policy based actions"

                    This is way the action is more reliable.

                     

                    Btw, last week I also created a Product Enhancement Request (PER)  #25674, which is "Under Review" at this moment.

                    In the PER I have requested to add an option for removing the last internal "From:" header during the header stripping proces.