Académique Documents
Professionnel Documents
Culture Documents
Revision A
TRADEMARK ATTRIBUTIONS
McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator,
McAfee ePO, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab,
McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection,
TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and
other countries. Other names and brands may be claimed as the property of others.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS
FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU
HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR
SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A
FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET
FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF
PURCHASE FOR A FULL REFUND.
Preface 5
About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
What's in this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1 Introduction 7
How to use this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Using the McAfee Email Gateway 7.x troubleshooting tree . . . . . . . . . . . . . . . . . . 7
Index 39
This guide provides you with information about best practices for setting up and configuring your
McAfee Email Gateway appliance.
Contents
About this guide
Find product documentation
Audience
McAfee documentation is carefully researched and written for the target audience.
The information in this guide is intended primarily for:
Administrators People who implement and enforce the company's security program.
Security officers People who determine sensitive and confidential data, and define the
corporate policy that protects the company's intellectual property.
Conventions
This guide uses the following typographical conventions and icons.
Book title or Emphasis Title of a book, chapter, or topic; introduction of a new term; emphasis.
Bold Text that is strongly emphasized.
User input or Path Commands and other text that the user types; the path of a folder or
program.
User interface Words in the user interface including options, menus, buttons, and dialog
boxes.
Hypertext blue A live link to a topic or to a website.
Note: Additional information, like an alternate method of accessing an
option.
Tip: Suggestions and recommendations.
Introduction
Policy considerations
Task
1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.
To access... Do this...
User documentation 1 Click Product Documentation.
KnowledgeBase Click Search the KnowledgeBase for answers to your product questions.
Click Browse the KnowledgeBase for articles listed by product and version.
This guide contains a collection of information, tips and techniques that can be considered "best
practice" in relation to McAfee Email Gateway.
The information is targeted at McAfee Email Gateway 7.0 and later. Some of the information contained
within this guide does not apply to McAfee Email Gateway 6.7, and should not be applied to these
systems.
Contents
How to use this guide
Using the McAfee Email Gateway 7.x troubleshooting tree
Download the McAfee Email Gateway 7.x troubleshooting tree from KnowledgeBase article PD23748.
Find best practice information relating to processes, configuration and tasks that you are likely to need
during the installation and initial configuration stages of setting up your McAfee Email Gateway
appliances.
Contents
Pre-installation considerations
Initial installation and setup considerations
Initial configuration considerations
Pre-installation considerations
Give consideration to the following areas before you start installing McAfee Email Gateway.
Although some decisions that you make during the installation of your McAfee Email Gateway can be
easily changed or adapted postinstallation, others may require significant or fundamental changes. It
is best to understand the impact of some these significant changes before installing your McAfee Email
Gateway.
Before installing your McAfee Email Gateway, it is important to plan the installation and deployment.
Environmental requirements.
Information on environmental site requirements, including temperature, airflow, and space
requirements
Operating modes.
How the McAfee Email Gateway connects into your network.
Explicit proxy mode The device acts as a proxy server and a mail relay.
Whether communicating devices are aware of the existence of the device. That is, if the device is
operating in one of the transparent modes.
If you change to transparent bridge mode from explicit proxy or transparent router mode, only the
enabled IP addresses for each port are carried over.
After you select a network mode, McAfee recommends not changing it unless you move the device or
restructure your network.
In the figure, the external mail server (A) sends email messages to the internal mail server (C). The
external mail server is unaware that the email message is intercepted and scanned by the device (B).
The external mail server seems to communicate directly with the internal mail server the path is
shown as a dotted line. In reality, traffic might pass through several network devices and be
intercepted and scanned by the device before reaching the internal mail server.
In transparent bridge mode, position the device between the firewall and your router, as shown.
In this mode, you physically connect two network segments to the device, and the device treats them
as one logical network. Because the devices firewall, device, and router are on the same logical
network, they must all have compatible IP addresses on the same subnet.
Devices on one side of the bridge (such as a router) that communicate with devices on the other side
of the bridge (such as a firewall) are unaware of the bridge. They are unaware that traffic is
intercepted and scanned, therefore the device is said to operate as a transparent bridge.
The communicating network servers are unaware of the intervention of the device the devices
operation is transparent to the devices.
In transparent router mode, the device must join two networks. The device must be positioned inside
your organization, behind a firewall.
Transparent router mode does not support Multicast IP traffic or nonIP protocols, such as NETBEUI and
IPX.
Firewall rules
In transparent router mode, the firewall connects to the physical IP address for the LAN1/LAN2
connection to the management blade.
If you use transparent router mode and you do not replace an existing router, you must reconfigure part
of your network to route traffic correctly through the device.
Configure the device to use the Internet gateway as its default gateway.
Ensure your client devices can deliver email messages to the mail servers within your organization.
Explicit proxy mode is best suited to networks where client devices connect to the device through a
single upstream and downstream device.
This might not be the best option if several network devices must be reconfigured to send traffic to the
device.
In a similar way, the network must be configured so that incoming email messages from the Internet
are delivered to the device, not the internal mail server.
The device scans the traffic before forwarding it, on behalf of the sender, to the internal mail server for
delivery, as shown.
For example, an external mail server can communicate directly with the device, although traffic might
pass through several network servers before reaching the device. The perceived path is from the
external mail server to the device.
Protocols
To scan a supported protocol, SMTP, POP3 or McAfee Secure Web Mail, you must configure your other
network servers or client computers to route that protocol through the device, so that no traffic
bypasses the device.
Firewall rules
Explicit proxy mode invalidates any firewall rules set up for client access to the Internet. The firewall
sees only the physical IP address information for the device, not the IP addresses of the clients, so the
firewall cannot apply its Internet access rules to the clients.
Ensure that your firewall rules are updated. The firewall must accept traffic from McAfee Email
Gateway, but must not accept traffic that comes directly from the client devices.
The router must allow all users to connect to the McAfee Email Gateway.
The McAfee Email Gateway must be positioned inside your organization, behind a firewall, as shown
in Figure 6: Explicit proxy configuration.
Typically, the firewall is configured to block traffic that does not come directly from the device. If you
are unsure about your networks topology and how to integrate the device, consult your network
expert.
Configure the external Domain Name System (DNS) servers or Network Address Translation (NAT)
on the firewall so that the external mail server delivers mail to the device, not to the internal mail
server.
Configure the internal mail servers to send email messages to the device. That is, the internal mail
servers must use the device as a smart host. Ensure that your client devices can deliver email
messages to the mail servers within your organization.
Ensure that your firewall rules are updated. The firewall must accept traffic from the device, but
must not accept traffic that comes directly from the client devices. Set up rules to prevent
unwanted traffic entering your organization.
What is a cluster?
McAfee Email Gateway can be configured so that several appliances can function as a single scanning
system. This can be used to increase capacity, and can also provide improved redundancy in the event
of hardware failure.
Configure all appliances within the cluster to use the same Cluster Identifier. If you are setting up multiple
clusters on the same subnet, use the Cluster Identifier to specify the appliances within each cluster.
Apply updates to the failover master appliance, then the master appliance, and then to each scanning
appliance in turn.
When configuring a blade server, you will need an IP address for the master and the failover master
blades, as well as a "virtual" address that is used by the currently active master blade. Once
operational, you should use the virtual IP address to communicate with the blade server.
To prevent any DHCP servers on your network from issuing IP addresses for the scanning blades,
within the blade server, configure an Access Control List (ACL255) that drops all DHCP packets leaving
the blade server.
To prevent the onboard DHCP server from issuing IP addresses to devices outside of the blade server,
configure a second ACL (ACL256) to drop all DHCP packets entering the blade server.
Set up the Access Control Lists by logging into the web interface for the blade server interconnect
modules.
When installing the scanning blades into the blade server enclosure, they should be placed in order,
using first slot 3, then slot 4 and slot 5 until all your scanning blades are installed.
McAfee Email Gateway Virtual Appliance works in the following virtual environments:
VMware vSphere 4.x
Ensure that your hardware meets the minimum specifications for running your virtual environment.
See the VMware Knowledge Base article 1003661 available from http://www.vmware.com to get
the minimum system requirements for VMware vSphere or VMware vSphere Hypervisor 4.x. You
need a computer that has a 64bit x86 CPU.
Ensure that the virtual machine for each McAfee Email Gateway Virtual Appliance meets the
following minimum specification.
Item Specification
Processor Two virtual processors
Available virtual memory 2 GB
Free hard disk space 80 GB
Ensure you have sufficient physical network interfaces for your chosen operating mode. These
connections should be dedicated for use by the McAfee Email Gateway Virtual Appliance.
Migrating from McAfee Email and Web Security appliances version 5.6
There are several supported methods that you can choose from to manage the process in the way that
is best suited to your organization:
From a McAfee Email Gateway 7.0 installation CD, perform a new installation and restore a
configuration file from a previous version.
From a McAfee Email Gateway 7.0 installation CD, perform an upgrade from a previous version
retaining configuration and log files.
To perform the upgrade from another location, obtain the McAfee Email Gateway 7.0 ISO image
and upload it on to an McAfee Email and Web Security Appliance 5.6 using the Rescue Image feature
(System | System Administration | Rescue Image.)
Ensure you have the latest McAfee Email and Web Security Appliance 5.6 patch installed before
migrating to McAfee Email Gateway 7.0.
McAfee Email and Web McAfee Email Gateway McAfee Email Gateway
Security appliances version version 6.7.x version 7.x
5.6
Email and web scanning Dedicated email scanning Dedicated email scanning
capabilities
No secure web mail Secure Web Mail available Secure Web Mail available
Basic McAfee ePO support Basic McAfee ePO support Enhanced McAfee ePO support
Blade server support No blade server support Blade server support
McAfee Email and Web McAfee Email Gateway McAfee Email Gateway
Security appliances version version 6.7.x version 7.x
5.6
No servertosever S/MIME and Servertosever S/MIME and Servertosever S/MIME and PGP
PGP encryption PGP encryption encryption
No 2nd AV engine 2nd AV engine is a purchasable No 2nd AV engine available in
option McAfee Email Gateway 7.0
If you are installing physical hardware, observe all safety warnings and local and company procedures
regarding the lifting of heavy equipment.
Ensure that you secure access to any physical hardware that is used to host the McAfee Email
Gateway software.
Setup wizard
The initial setup is either carried out by logging into the user interface, or by running through the
console from the monitor and keyboard attached to the appliance. Both methods provide you with the
same options and choices.
Select the most relevant setup path. The available options are:
Standard Setup configures your McAfee Email Gateway in Transparent Bridge mode, selecting the
mostused options for you.
Custom Setup provides you with additional options, such as selecting the required operating mode.
Restore from a File you can export a configuration file from an existing McAfee Email Gateway
appliance and use it as the basis for a new installation.
ePO Managed Setup configure your McAfee Email Gateway appliance to be managed by McAfee
ePolicy Orchestrator (McAfee ePO).
Encryption Only Setup configure a McAfee Email Gateway appliance to act as an encryption server for
other McAfee Email Gateway appliances.
On the Password page of the setup wizard, make sure that you change the password from its default
value.
Although enabling the reverse lookup of sender IP addresses can assist in confirming the identity of
the message, carrying out this lookup introduces delays as McAfee Email Gateway queries the Domain
Name Service (DNS) server to establish the sender IP address. If you encounter performance issues
with your McAfee Email Gateway, ensure that reverse lookup of the sender IP address is disabled.
The reverse lookup settings are found at: Email | Email Configuration | Receiving Email | Permit and Deny Lists.
Do not allow null senders, as valid senders usually have a genuine MAIL FROM:
address
To block messages that do not contain any sender information, go to Email | Email Configuration |
Protocol Configuration | Protocol Settings (SMTP). Deselect Allow null senders.
Be aware that bounced messages might be rejected because they potentially have a null sender
address.
The RBL settings are found at: Email | Email Policies | Spam | Sender Authentication | RBL Configuration.
The RBL settings are found at: Email | Email Policies | Spam | Sender Authentication | RBL Configuration.
Permit and Deny lists are found at: Email | Email Configuration | Receiving Email | Permit and Deny Lists
As the role of your McAfee Email Gateway is to secure your email traffic, it makes sense that you
must first secure the McAfee Email Gateway to protect it.
Contents
Physically secure the hardware
Setting up users and user roles
Defining password policy
Restricting remote access
Securing the Mail Transfer Agent (MTA)
This can be achieved by locating the hardware in accesscontrolled server rooms, or by locating it in
cabinets that have doors on both the front and rear of the units that are kept locked.
Users and User Roles are managed from System | Users | Users and Roles.
User roles
McAfee Email Gateway includes the following administrator roles by default:
Super Administrator The Super Administrator role has access to all areas and settings within the
McAfee Email Gateway user interface.
Email Administrator The Email Administrator can access areas of the McAfee Email Gateway user
interface concerned with emailbased settings and email queues. By default, Email Administrators
can see the Dashboard, Reports, Email and Troubleshoot tabs within the user interface.
Reports Administrator The Reports Administrator role only has access to areas of the user interface
that allow the definition and running of reports. By default, the Reports Administrator can only see
the Dashboard and Reports tabs within the user interface.
You can create additional administrator roles, and can define the access rights for each new role.
Users
McAfee Email Gateway includes an admin user account. This default user account has full Super
Administrator rights.
McAfee recommends that you create additional Users, with access restricted to specific areas of
functionality within McAfee Email Gateway. At a minimum, create an Email Administrator user, and a
Reports Administrator user, using the default user roles.
You can create additional Users and User Roles as required within your organization.
These password complexity and change control settings are found at System | Users | Password
Management.
Settings relating to restricting remote access are found at System | Appliance Management | Remote
Access.
You can configure access so that only specific hosts or networks can be used to access McAfee Email
Gateway.
Before you enable outofband management, ensure that you have connected your McAfee Email
Gateway to the management network using either the dedicated outofband Network Interface on the
appliance (if applicable) or via a USBEthernet adaptor. Failure to connect the appliance to the defined
management network could result in you being unable to access the McAfee Email Gateway user
interface.
Configure antirelay
Configure the antirelay settings for your McAfee Email Gateway to prevent your appliance from being
used as an open relay by third parties to send spam messages.
Antirelay settings are found at Email | Email Configuration | Receiving Email | AntiRelay Settings.
Ensure that you define your local domains, as well as the domains from which you want to permit
email relaying, and that you want to deny email relaying. Defining a domain as a Permitted domain
ensures that email traffic from that domain is always allowed to be relayed.
Defining a domain as a Denied domain ensures that email traffic from that domain is not allowed to be
relayed, unless overridden by the Permitted connections list.
Defining a domain as a Local domain ensures that email traffic from that domain is always allowed to be
relayed, unless overridden by the Denied connections list.
Find best practice information relating to configuring policies within McAfee Email Gateway.
Contents
About policies
Scanning order
Email Configuration options
Configuring policies
About policies
McAfee Email Gateway uses policies to enable you to define your scanning requirements.
Two classes of policy are used within McAfee Email Gateway:
Scanning policies
Protocol presets
Scanning policies use both connection attributes and conversation attributes, whereas protocol presets
only use connection attributes to match against.
When a match is found, the actions configured within the matching policy are applied. If no match is
found, the email message then passes to the next listed policy. If no other policies match, the actions
configured within the default policy are applied.
Like protocol presets, scanning policies are initially determined at connection. However, scanning
policies are then reevaluated at points during the SMTP conversation, including the MAIL FROM, RCPT
TO and DATA phases of the conversation.
When the McAfee Email Gateway receives and email message that is being sent to multiple recipients
within the organization, the appliance checks the policies that apply to each recipient. If different
policies apply to different recipients, the email message is split, so that the correct policies are applied
to the message for each recipient.
Using protocol presets, you can create individual settings for email coming to or from different
domains, IP addresses or other connection criteria. For example, you can configure address
masquerading and aliases, based on the domain or IP address.
Policy order
The order in which the scanning policies appear within the McAfee Email Gateway user interface
dictates the order that they are used to scan email messages.
McAfee Email Gateway uses a "topdown" approach when scanning email messages; policy attributes
are evaluated, starting at the topmost policy and working down the policy list until a complete match
is found. The settings for the matching policy are then applied.
You should order your policies so that the most specific policies are listed at the top of the page, and
then reduce down to the default policy, which is the least specific.
You cannot change the position of the default policy in the policy list.
Scanning order
To get the most from your McAfee Email Gateway, it helps to understand the order in which scanning
happens.
To get maximum performance from your McAfee Email Gateway, it's important to block as many
messages as possible before the scanning phase. Resourceintensive checks like antivirus scanning,
content scanning and antispam scanning all occur at later stages in the scanning process.
There are a number of options that you can set to reduce the number of messages that are passed for
scanning.
Figure 4-1 Order of phases and checks performed before scanning takes place
Using all these checks provides optimum protection and usage of the appliance's resources because
most of the bad content and messages are dropped or blocked before the scanning phase.
However, if, for example, you find that you experience issues with email messages timing out when
being sent from a remote office, or from a home worker that has a slow internet connection, you can
create a protocol preset based on the IP address (or range of IP addresses) used by that office, and
can then increase the timeout values for messages coming from the specified connections.
To prevent this issue, navigate to: Email | Email Configuration | Receiving Email | Permit and Deny Lists. Add
the IP address for your firewall to the Permitted connections list.
To change this NDR period, navigate to Email | Email Configuration | Sending Email | Queued email delivery.
Adjust Time before an NDR is issued to an appropriate interval to suit your requirements.
Configuring policies
When setting up the scanning policies for McAfee Email Gateway, give consideration to what you are
trying to achieve.
Where possible, keep your policies simple. Use the optional Description fields to document the reasons
and objectives for creating each policy; this helps when trying to diagnose problems with policies not
working as you expect.
McAfee Email Gateway enables you to create policies for Inbound and Outbound email messages. You can
create multiple policies of each type, and then order them so that the most specific policies appear at
the top of the list of policies, and the least specific (the Default policy) appears at the bottom of the
list.
See also
How McAfee Email Gateway processes mail traffic through your network on page 29
Not all of these options make sense when creating generalpurpose policies, but may be useful when
dealing with, for example, specific types of unsolicited bulk email (spam) messages.
You have a similar list of connection types to those you use for your inbound connections.
How McAfee Email Gateway processes mail traffic through your network
This information describes how McAfee Email Gateway processes mail traffic through your internal and
external networks.
For example, for outbound policies, you could decide to create user groups for specific teams or
functions within your organization. You may have a group for your marketing team, another group for
your sales team, and further groups for your Customer Support and Purchasing teams. Once you have
defined your user groups, you can then create policies for each.
User groups can be created from within the Email | Email Policies | Add Policy... dialog box, or from
Email | Group Management | Email Senders and Recipients.
You can define your user groups by Sender Email Address, Recipient Email Address or, if configured, by LDAP
Query. In addition to basing your user groups of these criteria, you can choose from several different
types of match logic. These include:
is
is not
is like
is not like
Using the "not" values allow you create exception rules; rules that apply to users not included in other
groups.
Protocol presets can be configured from Email | Email Configuration | Receiving Email | Recipient
Authentication.
Depending on the configuration of your McAfee Email Gateway and your network, the following
connection types are available for you to use to define protocol presets:
Use the Directory Service wizard to set up a connection between the appliance and an LDAP server so that
the attributes in the LDAP server define behavior in your email flow. You can therefore define policies,
and update your LDAP to change email behavior. You can modify the following features in the
appliance to work with LDAP:
Recipient Authentication
Address Masquerading
Policy selection
Delivery routes
Custom queries can be created for use in policy selection using the Add Query option in the Add Directory
Service wizard.
Configure the LDAP servers to be queried by your McAfee Email Gateway from Email | Group
Management | Directory Services
Anti-virus considerations
For most applications, keeping the majority of the antivirus settings at their default values will give
the best security and performance balance.
McAfee carefully tune the antivirus settings on all their products to give the best balance between
security and performance. McAfee recommends that you do not change these settings unless advised
by your McAfee support representative.
Anti-spam considerations
Antispam settings can be tuned to better suit your specific requirements within your own email
environment.
Apply the following best practices when configuring your antispam settings.
If the Document match percentage is set too low, you increase the number of detections made, and
also increase the number of false positive detections.
Over a period of time, you should tune the Document match percentage so that you achieve an
acceptable balance between the number of genuine detections and the number of false positive
detections being made.
The algorithms used in DLP involve text normalization, common word removal, and signature
generation. An approximate guide is that one signature represents eight words of text after common
words have been removed. These figures offer a guideline only.
When searching the default set of compliance dictionaries, you can use the Language dropdown list to
sort the list into your preferred language.
This causes any compliance dictionaries that are languagespecific to be sorted into that language order.
It does not add or remove dictionaries that appear in different languages.
Before creating your own dictionaries and rules, check that suitable dictionaries do not already exist
within McAfee Email Gateway.
McAfee Email Gateway includes several forms of encryption. Configure the options most suited to
your corporate requirements.
McAfee Email Gateway can be configured to provide servertoserver encryption using Transport Layer
Security (TLS).
It can also be configured to encrypt the content of email messages using Secure Multipurpose Internet
Mail Extensions (S/MIME), PGP, and Secure Web Mail using either Push or Pull encryption.
Most forms of encryption require the exchanging of certificates to enable both parties to encrypt/
decrypt either the servertoserver communications, or the email messages themselves.
In this configuration, you direct the output of all your emailscanning appliances to the encryptiononly
appliance. This has the benefit of removing the load of both encryption and scanning from a single
appliance.
Server-to-server encryption
Use TLS to secure your servertoserver communications.
McAfee Email Gateway uses SMTP over TLS to secure the communication layer between email
servers.
Transport Layer Security works by communicating a set of parameters known as the handshake
at the start of the connection process. Once these parameters have been defined, the communications
that follow within that session are secure, in that they cannot be decoded by servers that did not
partake in the handshake. The process includes steps to discuss the ciphers to be used during the
communications, and also authentication steps to prove the identity of the servers taking part in the
communications.
The McAfee Email Gateway requests a secure connection to the receiving email server and presents
a list of cipher suites to the receiving email server.
The receiving email server then selects the strongest supported cipher from that list, and then
notifies the McAfee Email Gateway of the chosen cipher.
The servers then use Public Key Infrastructure (PKI) to establish their authenticity. This is achieved
by the exchanging of digital certificates. On occasions, these digital certificates may be validated
against the Certificate Authority (CA) that issued the certificates.
Using the server's public key, McAfee Email Gateway generates a random number as a session key,
and sends it to the receiving email server. The receiving server then decrypts this session key using
its private key.
Both the McAfee Email Gateway and the receiving email server then use this encrypted session key
to set up communications, completing the handshake process.
Once the handshake has been completed, the secure connection is used to transfer the email
messages. The connection remains secure until the connection is closed.
Configuring TLS
When configuring communications between email servers that you know to use TLS, select Always from
the Use TLS dropdown list. This will typically be used between different email servers within your own
organization, or with customers, partners or suppliers that you have regular contact with.
To set up TLS, you must exchange TLS certificates and import them into McAfee Email Gateway.
System logging enables you to monitor your McAfee Email Gateway, so that you can take any required
remedial actions to ensure that optimal performance is maintained.
Configuring the McAfee Email Gateway to use an offbox system logging server enables you to hold
more detailed information covering longer time periods. Also, this information can be easily analyzed
by third party system monitoring software.
Configure offbox logging from: System | Logging, Alerting and SNMP | System Log Settings
Then, if you suspect that your McAfee Email Gateway is performing at less than its optimal level, you
should enable more detailed logging to assist you in identifying and correcting any issues that may
occur. Depending on your circumstances, you can increase the logging levels to either middle and high
severity protocol and communication events or all protocol and communication events.
Lowering the level of logging displays a notification warning you that increasing the number of events
being logged could have a negative impact on system performance.
Select the events to log at: System | Logging, Alerting and SNMP | Logging Configuration
McAfee Email Gateway is designed to work alongside other McAfee products, including McAfee
ePolicy Orchestrator and McAfee Quarantine Manager.
Contents
Using McAfee Email Gateway with McAfee ePolicy Orchestrator
Using McAfee Email Gateway with McAfee Quarantine Manager
The McAfee Email Gateway dashboards and queries installed on McAfee ePO are designed to be
compatible with the dashboards and reports found within McAfee Email Gateway. If you modify these
items, they may no longer show information consistent with that found on the McAfee Email Gateway.
Also, any modified dashboards or queries are likely to be overwritten if you install a newer version of
the McAfee Email Gateway extension for McAfee ePO.
Schedule tasks
To prevent tasks running slowly, do not run simultaneous tasks on the same domains within McAfee
Quarantine Manager.
Firewall ports
Open up port 80 or 49500 for both directions on any firewalls between McAfee Email Gateway and
McAfee Quarantine Manager.
RunScheduled.exe
If you are using any backup software on your McAfee Email Gateway server, the MySQL install folder
should be excluded.
best practice
McAfee ePolicy Orchestrator 37 G
McAfee Quarantine Manager 37 groups
MQM 37 user 29
blade server considerations 16
H
C
hardware
change policy order 26
securing 21
cluster considerations 15
how to use this guide 7
compliance dictionaries 32
configuring NDR 27
I
configuring non-delivery reports 27
configuring the policy order 26 initial configuration 19
configuring timeouts 27
considerations
L
pre-installation 9 ldap 30
virtual appliance 16
conventions and icons used in this guide 5 M
mail traffic
D flow of 29
data loss prevention settings 31 mail transfer agent
define securing 23
role 21 McAfee Email and Web Security appliances
user 21 migrating from 17
designing McAfee Email Gateway
inbound policies 28 migrating from 17
outbound policies 28 McAfee ServicePortal, accessing 6
DLP settings 31 migration
documentation McAfee Email and Web Security appliances 17
audience for this guide 5 McAfee Email Gateway 17
product-specific, finding 6 MTA, securing 23
typographical conventions and icons 5
N
E network modes
encryption 33 explicit proxy mode 13
enforcing regulatory compliance 32 transparent bridge mode 10
transparent router mode 12
S
scanning order 26