This article describes how to use Gateway Policies to apply granular control to the flow of email messages as they are processed by Mimecast, including rules for email traffic, attachment handling, spam filtering, and security settings, with details on required definitions for specific policies.
Overview
Mimecast Gateway Policies are a set of rules, applied to either Inbound or Outbound messages, that affect the email traffic flow.
Gateway Policies can:
- Stop email flow (e.g. Hold for Review, Block Policies).
- Prevent data leaks (e.g. Content Examination, Document Services Policies).
- Handle attachments.
- Handle spam.
Policy Types
There are a number of Policy types, each of which has a specific purpose as outlined below. Each Policy has a set of options. Some policies allow more specific settings to be configured by use of a separately configured definition. Where this is the case, the table below states this.
The Policies available to you depend on the Mimecast products you've purchased.
A number of default Policies are provided with each Mimecast installation, with the available policies being dependent on the Mimecast products purchased. As there are policies for specific pieces of Mimecast functionality, each policy is listed by it's Policy Type (e.g. Blocked Senders, Stationery).
The table below lists the Policy Types describes what they do, and says whether a definition is required.
| Policy | Description | Definition |
|---|---|---|
| Address Alteration | Modifies the email addresses of inbound or outbound messages as they are processed, based on either the sender/recipient email address or header/envelope information. | Yes |
| Address Alterations Bypass | Overrides an existing Address Alterations policy. | No |
| Anti-Spoofing | Blocks unwanted inbound spoofed emails. | No |
| Anti-Spoofing SPF Based Bypass | Ensures your internal users can still receive communication sent by a trusted third party on your behalf. | No |
| Attachment Block on Size | Blocks delivery of attachments over specific file size. The recipient receives only the email body, with a message informing them of the attachment's removal. | No |
| Attachment Hold on Size | Places delivery of messages with attachments over specific file size, on the Administrator On Hold queue. The recipient receives a notification to this effect. | No |
| Attachment Link on Size | Strips an attachment from an email if it exceeds a specified size. The recipient receives only the email body, with a notification containing a link that allows them to download the attachments. | No |
| Attachment Management | Provides a list of attachments that can be used to configure what attachment types should be allowed, blocked, linked, or held. | Yes |
| Attachment Management Bypass | Overrides an existing Attachment Block on Size, Attachment Link on Size, or Attachment Management policy. | No |
| Auto Allow | Overrides emails from users listed in the Auto Allow database from being subjected to the typical IP reputation and spam checks. Instead, they are only scanned for viruses. | No |
| Auto Allow Creation | Creates exceptions for an Auto Allow policy. | No |
| Auto Response | Automatically issues a response to the senders of inbound emails to Mimecast. | Yes |
| AV Scan on Release | Re-scans a held email for spam and viruses after it has been released by either the Administrator or a user. | No |
| Blocked Senders | Restricts messages to or from specific email addresses or domains. | No |
| Content Examination | Prevents email delivery by specifying what content to look for, and what action should be taken if a match is found. Matches emails are sent to the Held queue. Additionally, notifications can be sent to specific senders/recipients or groups of users. | Yes |
| Content Examination Bypass | Ensures certain users, groups, or domains are not subjected to a particular Content Examination Policy. | Yes |
| Content Overseers | Configures a group of users to review, release, or reject held emails. | No |
| Content Preservation (Days / Minutes) | Decrease the retention period of particular messages (in days or minutes) to a value less than your Maximum Account Retention. | No |
| Delivery Failure Retry Count | Allows you to define how many retries attempts Mimecast should make before issuing a bounce to the sender. | No |
| Delivery Routing | Specifies the route used to deliver emails to and from Mimecast, including details of the delivery destination (e.g. the Host Name or IP Address of the email server). | Yes |
| Digest Sets | Configures email notifications that give the end-user direct control over emails that have been quarantined by Mimecast security policies. | Yes |
| DNS Authentication | Controls the types of email authentication checks that are performed when Mimecast receives an email. | Yes |
| Document Services | Strips revision information from documents, including document properties, author credentials, tracked changes, comments, and Microsoft Visual Basic for Applications macros. | Yes |
| Document Services Bypass | Ensures certain users, groups or domains are not subjected to a particular Content Examination policy. | No |
| Address Alteration Bypass | Ensures that email is never altered by a Stationery Layout, Address Alteration, Attachment Link on Size, Document Services, or Scan Settings policy. | No |
| Email Size Limits | Sets an email size limits for both inbound and outbound emails. Any emails exceeding the specified size will be rejected. | No |
| Forwarding Address | Sets a rule that an email from / to specific email addresses are not delivered to the original recipient, but delivered to an alternate address. | Yes |
| Geographical Restriction | Allows administrators to permit or block IP addresses listed in our country-specific IP database, thereby controlling which countries can connect to the Mimecast Gateway. | Yes |
| Greylisting | Allows you to receive emails from legitimate senders, whose Message Transfer Agent has not been correctly configured. | No |
| Group Carbon Copy | Enables individuals or Groups to be blindly copied on emails. | No |
| Message Actions | Allows Mimecast for Outlook or Mimecast for Mac users to control the way emails is sent. | No |
| Message Passthrough | Bypasses Mimecast's data optimization activities whereby the message content is exploded or attachments saved under the single instance storage mechanism. Instead, emails are delivered as the original raw file. | No |
| Message Sanitization Bypass | Bypasses the checks made to ensure a message structure conforms to RFC standards. | No |
| Metadata Preservation (Days / Minutes) | Limits the life of message metadata (in days or minutes) to a value less than your company's maximum account retention period. | No |
| Notification Sets | Controls the system notifications generated for certain email delivery events. | Yes |
| Permanent MX Resolution Failure | Allows administrators to specify a threshold of delivery attempts. After the threshold is reached, an outbound message should be hard bounced if the MX resolution performed by the Mimecast Message Transfer Agent (MTA) results in a permanent failure. | No |
| Permitted Senders | Ensures inbound emails bypass security checks (reputation and spam checks) but not virus checks. Emails are delivered directly to internal recipients, without the risk of the message being rejected or placed in the Held queue. | No |
| Reputation | Specifies the reputation checks applied to Inbound emails. | Yes |
| Secure Delivery | Specifies how Transport Layer Security (TLS) technology is used to protect the confidentiality and data integrity, thereby ensuring emails are transmitted through an SSL encrypted tunnel. | Yes |
| Secure Messaging | Secure Messaging allows internal users to transmit confidential messages to external recipients. | Yes |
| Secure Messaging Bypass | Disables secure messaging functionality that allows internal users to transmit confidential messages to external recipients. | No |
| Secure Receipt | Specifies how emails from a sender are received by Mimecast using Transport Layer Security (TLS). | No |
| Sieve Sub Address | Bypasses the check to reject inbound emails where the internal recipient address holds a Sieve Sub extension. | No |
| Smart Tag Assignment | Links emails to Smart Tags based on the sender and recipient details. | No |
| Smart Tag Bypass (Administrative / Personal) | Overrides a Smart Tag Assignment policy (for either an administrative or personal use). | No |
| Spam Scanning | Configures spam scanning to check the content of all inbound emails. Spam Scanning can be configured to apply to different levels of sensitivity and actions, should the policy be triggered. | Yes |
| Controls if and when to apply Stationery to an email. | Yes | |
| Stationery Exclusion | Bypasses an existing Stationery policy. | No |
| Suspected Malware | Provides protection against previously unknown threats. | Yes |
| Suspected Malware Bypass | Bypasses an existing Suspected Malware policy. | No |
| Attachment Protection | Controls whether email attachments are safe, and how the recipient can access them. | Yes |
| Attachment Protection Bypass | Bypasses an existing Targeted Threat Protection - Attachment Protect policy. | No |
| Impersonation Protection | Controls email identifiers that might trigger the policy. | Yes |
| Impersonation Protection Bypass | Bypasses an existing Targeted Threat Protection - Impersonation Protection Policy. | No |
| URL Protection | Controls the URLs in emails, and how the recipient accesses the web content. |
Yes |
| URL Protection Bypass | Bypasses an existing Targeted Threat Protection - URL Protect policy. | No |
Comments
Please sign in to leave a comment.