Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Deploying Deep Discovery Email Inspector (DDEI) in BCC mode with McAfee Email Gateway (MEG)

    • Updated:
    • 5 Jan 2016
    • Product/Version:
    • Deep Discovery Email Inspector 2.0
    • Deep Discovery Email Inspector 2.1
    • Platform:
    • N/A N/A
Summary

Emails are forwarded directly to the end-users without any delay, via upstream MTA, when Deep Discovery Email Inspector (DDEI) is deployed in blind carbon copy (BCC) mode. When this happens, the upstream MTA also need to BCC those emails to DDEI.

Details
Public
To fix the issue, implement the BCC deployment mode using McAfee Email Gateway (MEG) as the upstream MTA. Do the following:
  1. Login to DDEI’s web console.
  2. Go to Administration > System Settings.

    System Settings

  3. In the Operation Mode section, select BCC Mode.

    Enable BCC Mode

  4. Click Save.
  1. Login to MEG web console.
  2. Go to Email > Email Policies, and then click Add Policy.

    Email Policies

  3. Create a rule and select the policy conditions based on your demand. It is recommended to use your domain name to match this rule.
     
    You may use an existing policy for your domain because MEG allows you to set an antivirus, antispam, and content filter under one policy.
  4. Click Policy based actions under the DDEI rule, then do the following:
      • Uncheck Use the same setting as <rule_name> .
      • Under If an email matches this policy, select Allow Through (Monitor).
      • Under Notification email options, tick the following:
        • Send one or more notification emails.
        • Deliver an audit copy to ‘Auditing Email List’.
     
    It is recommended to enable the antivirus rule in this policy. In case an email contains a known virus and was detected by MEG, it will not send a BCC to DDEI. This also make sense because DDEI is used to detect unknown threats.

    Policy Based Action Settings

  5. Click Notifications and Routing, then do the following:
    • Uncheck Use the same setting as <rule_name>.
    • Add the BCC address. To do this, do the following:
      1. Click the Email Recipients tab.
      2. Choose the Edit button for Auditing Email list. The Edit Recipient List window opens.
      3. Click Add, and then add the BCC Address in.
     
    It is recommended to use a virtual domain for DDEI. If you use admin@yourdomain.com and the upstream MTA does not support smart host with priority, the BCC email might be forwarded to the downstream MTA/MDA directly. Here, donnie_shi@ddeicncorelab.com is just an example.

    Notification and Routing Settings

    Edit Recipient List

  6. Click Apply.

    Click Apply

  7. Go to MEG Web Console > Email > Email Configuration > Sending Email, and then add one relay entry.
  8. On the Add Relay list window, provide the following:
    • Domain name for the BCC Address in the Domain Name box.
    • IP Address of DDEI in the Relay Host box.
    Add Relay List
  9. Choose OK.
  10. Click Apply for the changes to take effect.
  11. Send an email to verify if DDEI receives the BCC. If it did not work, contact Trend Micro Technical Support.
Premium
Internal
Rating:
Category:
Configure; Deploy
Solution Id:
1113258
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.