The SMG documentation and KB articles suggest various ways to optimize SMG filters. One such suggestion is to configure specific filters and exceptions based on message direction. I fully support that recommendation.
Most of the SMG filter discussions pertain to the SMTP interface.
- Email entering SMG via the SMTP interface is email that is external to SMG.
- It is not unreasonable to assume that email sent from SMG is outbound and email received by SMG is inbound.
As they say, assumptions can be dangerous and in this case particularly so!
These are the options available to us when configuring a scan policy:
On the SMTP interface we have inbound and outbound messages but an internal message? What is that?
If you search for it you will not find an answer. There is no mention of it in the SMG documentation nor in any KB article. So, why is it important?
Email receive from an external source whose sender's domain is the same as the recipient's domain is not an inbound message. It is an internal message.
The security implications here are huge. If you have created SMTP Scan Policies for inbound and outbound mail and have not included internal mail in your inbound policy, these messages will not be scanned at all!
That oversight is easily remedied, without any product enhancements, as long as we understand how inbound messages are classified. Please add this information to the documentation ASAP!
Don't forget to vote for this.
Kevin Boyle, Knowledge Partner
Calgary, Alberta, Canada