CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Request a Demo

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Request a Demo
Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
Trustwave SpiderLabs Team
Global researchers, ethical hackers, and responders
Trustwave Fusion Security Operations Platform
Unprecedented security visibility and control
Trustwave Security Colony
Access to cybersecurity threat protection resources
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP
  1. Support
  2. MailMarshal Cloud
  3. Knowledge Base

FAQ: User Registration (Licensed Users)

 

This article applies to:

  • Trustwave SEG Cloud
    • This functionality is currently optional. Mandatory use for new customers is anticipated before the end of 2020.
  • User Address Registration

Question:

  • What is SEG Cloud Address Registration?

Information:

As part of the SEG Cloud service, Trustwave provides User Registration based filtering for incoming email.

Concepts

User Registration filters out unwanted email before it is processed by the majority of content rules. You can also set User Registration filtering to reject unwanted email when an external service connects, before final receipt by SEG Cloud.

User Registration allows SEG Cloud to deliver significantly enhanced throughput and anti-spam performance, while also saving resource on your systems that would be wasted by messages addressed to invalid users.

Registration or requiring a list of valid internal users is industry standard practice for managed email services.

Setup and Management

User Registration checking is implemented by the SEG Cloud Policy Group "Invalid Recipient Handling". Messages to invalid recipients are quarantined by default.

As part of the provisioning process, Trustwave creates a User Group (email address list) called Licensed Users. Addresses in this group are recognized as valid end user email addresses for the customer. 

This group is used in a default rule: Block emails to invalid recipients, except where addressed to Licensed Users.

Trustwave adds the initial customer administrator address to this group (if it is in one of the customer's managed domains).

You can maintain the list of Licensed Users manually or automatically. 

More details about the options are provided in the SEG Cloud Customer Guide and Help.

Manual editing

  1. Log in to the SEG Cloud Console, and navigate to Policy Elements > Groups > Licensed Users. 
  2. Add email addresses to the Licensed Users group.
    • You can import lists of addresses from a text file.
    • You can manage lists with additional groups and include the groups in Licensed Users
  3. Changes normally take effect within about five minutes.
  4. Customers must add or remove members from the groups as required by changes in their list of email end users.

Automatic group synchronization using the Connector Agent (recommended)

The Trustwave Connector Agent can synchronize user group listings from your internal network (LDAP or Active Directory services) to the cloud environment.
  1. Log in to the SEG Cloud Console, and download the Connector Agent.
  2. Install and configure the Connector Agent on any workstation that has access to the SEG Cloud Console and your directory service.
  3. Configure the connection to the Console.
  4. Select the groups that contain valid users.
  5. Enable synchronization. Synchronization normally runs every four hours.
  6. In the SEG Cloud Console, navigate to Policy Elements > Groups to verify that the synchronized groups are available.
  7. Navigate to Policy Elements > Groups > Licensed Users, and add the synchronized groups to Licensed Users.
  8. You should ensure that the groups chosen to be synchronized contain all your valid email end users. SEG Cloud will then automatically receive any changes in the list of email end users.

Filtering at connection time

To apply User Registration filtering at connection time, you can simply set up the Connection rule titled Refuse emails to invalid addresses, with exceptions for the Licensed Users group or any other groups that have been applied to the default Block rule. After adding the exceptions, enable the rule.
  • You should first monitor that the default action is not blocking any messages to legitimate users. 
  • The default action allows blocked messages to be released to the user, but connection filtering discards the messages.

Trustwave MailMarshal Cloud KB article Q21152

Last Modified: September 22, 2020

 Turn On Turn Off Highlight