McAfee DLP Prevent Email Settings

Disable SMTP scanning, add permitted hosts and more MTAs, and specify Transport Layer Security (TLS) settings.

Tip:

Best practice: To stop the appliance being an open relay, specify permitted hosts that can receive email.

At times of heavy email traffic, having more than one Smart Host can help to distribute the load.

Table 1: Option definitions
Option Definition
Enable SMTP Enabled by default. Close the SMTP ports on appliances dedicated to analyzing ICAP traffic.
Smart Hosts
  • Round-robinMcAfee DLP Prevent delivers messages to the list of MTAs using a round-robin approach.
  • Host — Add details of the MTAs that you want to use to deliver messages. McAfee DLP Prevent attempts to deliver the messages to the MTAs from the top to the bottom of the list. Use the arrows to set the priority.
Permitted Hosts
  • Accept mail from any hostMcAfee DLP Prevent accepts messages from any computer.
  • Accept mail from these hosts only — When selected, you can type the details of permitted hosts that McAfee DLP Prevent can receive messages from. Enter the details of the host using its IP address with subnet, domain name, or wildcard domain name.

You can create groups of permitted hosts using subnets or wildcard domains. To add more than one subnet, you must create separate entries for each.

Transport Layer Security
  • Inbound communication
    • Always — Rejects email from the sending MTA if their communication does not try to start encryption.
    • Never — Connections to McAfee DLP Prevent never use TLS encryption.
    • Opportunistic — This is the default setting. If available, the connection uses TLS encryption.
  • Outbound communication
    • Always — Always use TLS to send messages.

      If the Smart Host is not configured with TLS, McAfee DLP Prevent sends a 550 (Denied by policy. TLS conversation required) error message.

    • Never — Connections to the Smart Host never use TLS encryption.
    • Opportunistic — This is the default setting. If available, the connection uses TLS encryption.