6.4 Understanding User Matching

MailMarshal performs user matching using the SMTP email addresses and sender IP addresses associated with a message. When you create policy groups and rules, you can include a number of User Matching conditions. User Matching conditions can refer to individual SMTP addresses, wildcard patterns of addresses, and user groups. Some “From” user matching conditions can also refer to MailMarshal IP Groups.

All the User Matching conditions in a policy group or rule must match (evaluate true) in order for MailMarshal to evaluate any other rule conditions.

The available User Matching conditions include the following:

Where message is incoming

Matches if the message is addressed to a domain that is included in the MailMarshal Local Domains list.

Where message is outgoing

Matches if the message is addressed to a domain that is not included in the MailMarshal Local Domains list.

Where addressed to group

Matches if the recipient of the message is found in the list of groups specified.

Information 

Note: Whenever a condition requires a “group,” the list can contain individual email addresses, wildcard patterns to match sets of addresses such as domains, and MailMarshal user groups. Certain “From” conditions can also contain MailMarshal IP Groups. Conditions that use the same group list to match both “To” and “From” do not allow IP Group matching.

For more information about wildcard characters, see “Wildcard Characters”.

For more information about which email addresses in a message MailMarshal checks, see Trustwave Knowledge Base article Q12238.

 

Where addressed from group

Matches if the sender of the message is found in the list of groups specified. Allows IP groups.

Where addressed either to or from group

Matches if the recipient or sender of the message is found in the list of groups specified.

Where addressed both to group and from group

Requires two lists of groups. Allows IP groups in the “From” clause. Matches if the recipient of the message is found in the first list of groups specified, and the sender of the message is found in the second list of groups specified.

Except where addressed to group

Matches if the recipient of the message is not found in the list of groups specified.

Except where addressed from group

Matches if the sender of the message is not found in the list of groups specified. Allows IP groups.

Except where addressed either to or from group

Matches if the recipient or sender of the message is not found in the list of groups specified.

Except where addressed both to group and from group

Requires two lists of groups. Allows IP groups in the “From” clause. Matches if the recipient of the message is not found in the first list of groups specified, and the sender of the message is not found in the second list specified.

Tip 

Tip: “Except” matching criteria are the key to creating exception based policies. Rules that apply to all recipients with the exception of small specific groups help to ensure that security policies are uniformly applied. For instance, a rule might apply Where the message is incoming except where addressed to Managers.

 

Trustwave MailMarshal 10.1.0 User Guide March 2024
< Previous Section   |   Next Section >
Full document: see MailMarshal Documentation.