Idea ID: 2855585

Prevent potential security exposure: document internal mail!

Status : New Idea

The SMG documentation and KB articles suggest various ways to optimize SMG filters. One such suggestion is to configure specific filters and exceptions based on message direction. I fully support that recommendation.

Most of the SMG filter discussions pertain to the SMTP interface.

  • Email entering SMG via the SMTP interface is email that is external to SMG.
  • It is not unreasonable to assume that email sent from SMG is outbound and email received by SMG is inbound.

As they say, assumptions can be dangerous and in this case particularly so!

These are the options available to us when configuring a scan policy:

SMG Policy Management.PNG

On the SMTP interface we have inbound and outbound messages but an internal message? What is that?

If you search for it you will not find an answer. There is no mention of it in the SMG documentation nor in any KB article. So, why is it important?

Email receive from an external source whose sender's domain is the same as the recipient's domain is not an inbound message. It is an internal message.

The security implications here are huge. If you have created SMTP Scan Policies for inbound and outbound mail and have not included internal mail in your inbound policy, these messages will not be scanned at all!

That oversight is easily remedied, without any product enhancements, as long as we understand how inbound messages are classified. Please add this information to the documentation ASAP!

Don't forget to vote for this.

__________
Kevin Boyle, 
Knowledge Partner

Calgary, Alberta, Canada

Labels:

Other
Administration
Parents
  • When I initially discovered that email receive from an external source whose sender's domain is the same as the recipient's domain is not considered an inbound message but an internal message, I opened a Service Request believing that this undocumented behavior was inappropriate. The response I got was that SMG was working as designed and therefore there was nothing to fix and the SR was closed.

    If a product is working as designed and customers would like to change a particular behavior it is normally considered an enhancement. That's when I created this Idea.

    I now see in the version history for Revision: 163 - created 02-Dec-2020

    • GWAV-3031 - Email sent via Internet to SMTP interface is scanned as INTERNAL

    I was unaware that a program defect had been created let alone that the behavior of SMG may have been altered.

    Since the description for GWAV-3031 simply is a statement of fact describing a particular behavior when that defect was created, there is no way to know how the processing of inbound and/or internal messages has changed or if this issue has been properly addressed.

    __________
    Kevin Boyle, 
    Knowledge Partner

    Calgary, Alberta, Canada

Comment
  • When I initially discovered that email receive from an external source whose sender's domain is the same as the recipient's domain is not considered an inbound message but an internal message, I opened a Service Request believing that this undocumented behavior was inappropriate. The response I got was that SMG was working as designed and therefore there was nothing to fix and the SR was closed.

    If a product is working as designed and customers would like to change a particular behavior it is normally considered an enhancement. That's when I created this Idea.

    I now see in the version history for Revision: 163 - created 02-Dec-2020

    • GWAV-3031 - Email sent via Internet to SMTP interface is scanned as INTERNAL

    I was unaware that a program defect had been created let alone that the behavior of SMG may have been altered.

    Since the description for GWAV-3031 simply is a statement of fact describing a particular behavior when that defect was created, there is no way to know how the processing of inbound and/or internal messages has changed or if this issue has been properly addressed.

    __________
    Kevin Boyle, 
    Knowledge Partner

    Calgary, Alberta, Canada

Children
No Data