Emails are forwarded directly to the end-users without any delay, via upstream MTA, when Deep Discovery Email Inspector (DDEI) is deployed in blind carbon copy (BCC) mode. When this happens, the upstream MTA also need to BCC those emails to DDEI.
To fix the issue, implement the BCC deployment mode using McAfee Email Gateway (MEG) as the upstream MTA. Do the following:
- Log in to the MEG web console.
Go to Email > Email Policies, and then click Add Policy.
Create a rule and select the policy conditions based on your demand. It is recommended to use your domain name to match this rule.You may use an existing policy for your domain because MEG allows you to set an antivirus, antispam, and content filter under one policy.
Click Policy based actions under the DDEI rule, then do the following:
It is recommended to enable the antivirus rule in this policy. In case an email contains a known virus and was detected by MEG, it will not send a BCC to DDEI. This also make sense because DDEI is used to detect unknown threats.
- Uncheck Use the same setting as <rule_name> .
- Under If an email matches this policy, select Allow Through (Monitor).
Under Notification email options, tick the following:
- Send one or more notification emails.
- Deliver an audit copy to ‘Auditing Email List’.
Click Notifications and Routing, then do the following:
It is recommended to use a virtual domain for DDEI. If you use email@example.com and the upstream MTA does not support smart host with priority, the BCC email might be forwarded to the downstream MTA/MDA directly. Here, firstname.lastname@example.org is just an example.
- Uncheck Use the same setting as <rule_name>.
Add the BCC address. To do this, do the following:
- Click the Email Recipients tab.
- Choose the Edit button for Auditing Email list. The Edit Recipient List window opens.
- Click Add, and then add the BCC Address in.
- Click Apply.
- Go to MEG Web Console > Email > Email Configuration > Sending Email, and then add one relay entry.
On the Add Relay list window, provide the following:
- Domain name for the BCC Address in the Domain Name box.
- IP Address of DDEI in the Relay Host box.
- Choose OK.
- Click Apply for the changes to take effect.
- Send an email to verify if DDEI receives the BCC. If it did not work, contact Trend Micro Technical Support.