McAfee SMEFCE-AI-DA - Email Security Service Inbound Administration Manual page 166

Transfer Agent (MTA) servers (a.k.a. inbound servers) on your premises configured in
each domain. if you change the addressing in your network for your inbound servers, you
must update the configurations in Email Protection.
At any time in Email Protection, you may change configuration of the IP address of your
inbound servers. Be prudent when making changes to your delivery MTA configuration as
any applied modifications will be enabled instantly and affect inbound SMTP routing.
Question: I want to temporarily stop filtering a domain's emails, but I do
not want to delete the domain's information. How do I do this?
Answer: You can set the inbound servers for the Domain to be inactive. This action causes
all emails received for that domain to be tempfailed. Be aware that email traffic for that
domain will still consume bandwidth because it is likely that the sending email servers
will reattempt multiple times to send the email until it finally permfails the email as
"undeliverable." This process matches standard SMTP protocols.
Question: Why is Email Protection refusing connections from my
inbound email servers?
Answer: If Email Protection received a minimum of 20 attempted connections from an IP
address where more than 60% of the recipients are invalid, it adds the IP address to a
temporary "global blacklist" for 4 hours (by default – the time period is configurable at the
system level). After the time period has passed, Email Protection will remove the IP
address from the temporary global blacklist and again accept connections from it.
This process helps protect against Dictionary Harvest Attacks, where spammers are
attempting all combinations of email addresses to glean valid email addresses for
subsequent spamming. It also helps protect against Denial of Service attacks.
This feature and its configurations are controlled at the system level. The above values are
the defaults.
Question: The Internet Explorer Content Advisor keeps blocking the
Control Console. How do I prevent that?
Answer: You must disable the Content Advisor feature of the Internet Explorer to be able
to use the Control Console. Do the following to disable the Content Advisor feature if it is
enabled:
1 In the Internet Explorer window, click Tools | Internet Options.
2 In the Internet Options window, click the Content tab.
3 In the Content Advisor area in the Content tab, click the Disable button.
If there is an Enable button, but no Disable button, this means that Content Advisor is
already disabled. Click the Cancel button until you return to the browser window.
4 Enter the password in the Supervisor Password Required dialog.
5 Click the OK button.
6 Continue clicking the OK button until you return to the Internet Explorer window.
158 Proprietary: Not for use or disclosure outside McAfee without written permission.
Email Protection Administrator Guide
November 2012