INFO: What fields does MailMarshal check for User Matching?

Expand / Collapse
 

INFO: What fields does MailMarshal check for User Matching?


This article applies to:

  • Trustwave SEG/MailMarshal SMTP
  • Trustwave ECM/MailMarshal Exchange

Question:

  • What fields does MailMarshal check for User Matching?
  • Why is the "from" or "to" address shown in my email client not matched by MailMarshal rules?

Information:

MailMarshal rules use the following data when matching addresses:

Where addressed from and Except where addressed from:
In Content Analysis rules (also known as Standard rules in earlier versions), these conditions check BOTH the originator address header field AND the envelope sender (return-path). The conditions trigger if either address is in the list you provided.

Note that in MailMarshal SMTP Connection rules (also known as Receiver rules), these conditions check only the return-path, because the header information is not available at this stage of processing.

Where addressed to and Except where addressed to:
These conditions check ONLY the envelope information (RCPT TO). A header "To" field is not required by the standards for email formatting (RFCs).

Notes:

In many cases of legitimate email, the header sender field matches the return-path. However this is not always true. For instance, mailing lists and role addresses (such as helpdesks) often use a return-path different from the visible From address.

If you are constructing a whitelist or blacklist of addresses, to ensure good matching use the addresses of the return-path and RCPT TO.

You can review message logs to determine the appropriate return-path and recipient addresses.

  • In MailMarshal 6.9 and above, you can review the log for a message easily by viewing the message in the Console and selecting the Content Analysis Log tab.
  • For earlier versions, you can see this information most easily if you have moved or copied the message and associated log to a folder.

The first line of the Content Analysis (Engine) log will appear in the following format:

Message From: <fromaddress@senderdomain.com>, Return-Path: <returnpath@senderdomain.com>, Recipients: recip@recipientdomain.com

The Return-Path recorded by MailMarshal is the address that was used as the SMTP MAIL FROM: (in MailMarshal Exchange, the From address assigned by Exchange).


To contact Trustwave about this article or to request support:


Rate this Article:
     

Related Articles



Add Your Comments


Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster
.

Details
Article ID: 12238
Last Modified: 12/13/2010
Type: INFO
Rated 4 stars based on 1 vote
Article has been viewed 4,455 times.
Options