1 Reply Latest reply on Jan 22, 2015 11:34 AM by bblanchard

    MEG in monitor mode

    rhinomike

      Hi there,

       

      I am currently running another antispam solution and I'm interested in increasing my defence by adding a second antispam / av engine into my email flux.

       

      My original idea is to achieve something like:

       

      Untitled Diagram.png

       

      Where:

       

      1. MTA is responsible for RBL type blocks

      2. the MEG is passively monitoring messages, scanning them with AV, Anti-spam and anti-phishing engines

      3. The other AntiSPAM tool checks DKIM, SPF, av, etc etc etc.

      4. Exchange cras... Ops! I mean, stores the mail on behalf of user.

       

      I understand I can configure the MEG to skip the MTA hop when checking SPF. But my question is: Can I configure the MEG to behave like a postfix content_filter or a sendmail milter or simply be configured not to add the "Received: from mta.blablablah.net"

       

      The idea is that even if other SPAM tool is unable to skip a hop when doing SPF checks, it would still be able to perform SPF checks (DKIM is not usually an issue).

       

      I thank you in advance.

        • 1. Re: MEG in monitor mode
          bblanchard

          This should be possible.

          In your Email configuration under the "Receiving emails", enter the IP address of your MTA.Then in the "Sending Emails" section, add the domain names and associated relay, which in this case would be your other antispam tool.

          In the Email Policy section, simply disable the engines you do not want to use and configure the one you would like to use.

          As for the headers, it will add "received from" headers by default. If you want to remove them, there are workarounds. I suggest you read this post :

           

          https://community.mcafee.com/thread/62265

           

          Hope this answers your question