McAfee Security for Microsoft Exchange 8.6.0

Anti-spam settings

Define settings for junk email folder in which to forward a spam detected on an Edge Transport or Hub Transport server. Also enable or disable settings for the McAfee GTI message reputation and McAfee GTI IP reputation feature.

Option definitions
Option Definition
System Junk Folder Address Specify the email address to which all emails categorized as spam are sent.
McAfee GTI message reputation

McAfee Global Threat Intelligence message reputation is McAfee’s comprehensive, real time, cloud-based message and sender reputation service that enables MSME to protect your Exchange server against both known and emerging message-based threats such as spam.

MSME receives millions of email queries daily, takes a fingerprint of the message content (versus the content itself, for privacy reasons) and analyzes it along many dimensions. Message reputation combines with factors such as spam-sending patterns and IP behavior to determine the likelihood that the message in question is malicious.

The score is based not only on the collective intelligence from sensors querying the McAfee cloud and the analysis performed by McAfee Labs researchers and automated tools, but also on the correlation of cross-vector intelligence from file, web, and network threat data. MSME uses this score to determine an action based on the Policy Manager | Gateway policy.

Enable To block email messages at the gateway, based on the email's message reputation score.
Perform message reputation after Anti-Spam To perform McAfee GTI message reputation after performing a scan based on the local MSME policy.
Message reputation threshold Specify a threshold value to block email messages based on the message reputation score. By default, the value is set to 80.
Action to take Select:
Drop and Quarantine — To drop the email and quarantine it in the database. When an email is dropped due to this setting, the sender will not be notified on the email delivery status.
Pass score to Anti-Spam Engine — To send the message reputation score detected by McAfee GTI to the Anti-Spam engine. This option is available only when you enable the Perform message reputation after Anti-Spam option.
McAfee GTI IP reputation IP reputation acts as the first level of protection for your Exchange environment, by safeguarding your Exchange server from unsafe email sources. It enables you to leverage the threat intelligence gathered by McAfee Global Threat Intelligence to prevent damage and data theft by blocking the email messages at the gateway, based on the source IP address.
Enable To block email messages at the gateway, based on the source IP address.
IP reputation threshold Specify a threshold value to block email messages based on the IP reputation score.
The action will be applied to all IP addresses having a reputation score greater than the selected threshold. All other email messages will be allowed through.

You can whitelist the legitimate IP addresses that are blocked by the IP reputation threshold settings in the Anti-Spam Settings page by modifying the registry values. After whitelisting the IP address, emails from the whitelisted IP address are allowed through, regardless of its reputation score.

Important: IP address whitelisting overrides only the IP reputation threshold settings. MSME further scans the email for corrupt or encrypted content, file filter, content scanning, URL reputation, and anti-malware. If there is a detection, action is taken according to the product configuration.

Before whitelisting the IP address, McAfee recommends that you verify the reputation score of the IP address from www.trustedsource.org for its legitimacy.

McAfee cannot be held liable, if you have any mailboxes that are infected by the whitelisted IP address.

For more information about configuring IP whitelisting for IP Agent using the registry, see McAfee KnowledgeBase article KB82216.

Action to take Select either of these options to take an action on an email message, based on the reputation score of the source IP address:
Drop connection and Log — To drop the email from the detected source IP address and log the action taken on the item.
Reject connection and Log — To reject the email from the source IP, by notifying the sender and log the action taken on the item.
SPF Filter Protects your systems from spoofing emails, and you can configure actions on Hard Fail and Soft Fail messages.