3.6.1 Quarantine emails on another mail server

MetaDefender Email Gateway Security does not provide access to quarantined files for each email users other than access to administrator for all the quarantined emails. If your email server (either hosted or on-site mail server) has quarantine management capability for each user, it is recommended to quarantine email on your email server. By default, MetaDefender Email Gateway Security will quarantine emails in its own quarantine but you can change this behaviour.

External quarantine summary

 

Key

Value

Registry key name

HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\Metadefender Email Security

N/A

Registry value name (blocked emails)

external_quarantine_block

1

Registry value name (allowed-and-sanitized emails)

external_quarantine_sanitize

1

Email header

X-Metadefender-To-Quarantine

True

Quarantine mode

MetaDefender Email Gateway Security supports two quarantine modes for each of blocked, and allowed-and-sanitized emails independently, in an exclusive fashion (there is an exclusive or relation between the two: either this, or that):

  1. Internal

  2. External

Changing quarantine mode will allow you to quarantine emails –that are detected as blocked or allowed-and-sanitized by MetaDefender Email Gateway Security– on a different email server.

When external_quarantine_block is set to 1 the original copy of any blocked emails will be delivered with the X-Metadefender-To-Quarantine header added.
When external_quarantine_sanitize is set to 1 the original copy of any allowed-and-sanitized emails will be delivered with the X-Metadefender-To-Quarantine header added.

Default

By default MetaDefender Email Gateway Security uses the internal quarantine mode for both blocked and allowed-and-sanitized emails (neither the value external_quarantine_block nor the external_quarantine_sanitize exist under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\Metadefender Email Security; see the 152677101 section).

External quarantining design

The external quarantine support is designed in the following way:

  1. A header is appended to the original (potentially harmful) email,

    Header

    Value

    X-Metadefender-To-Quarantine

    True

  2. The (potentially harmful) email gets delivered to the original recipient,

  3. The receiving email server is configured to quarantine emails that contain this header.

Configuration

Prerequisites

  1. Quarantine must be enabled for blocked and/or allowed-and-sanitized emails (see 3.6 Quarantine configuration) for emails to be quarantined at all

Setup

  1. Stop MetaDefender Email Gateway Security service

    > net stop mdemailsecurity
  2. Enable or disable external quarantine support for blocked emails:

    1. Enable external quarantine (and disable internal quarantine) support for blocked emails by setting the value external_quarantine_block under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\Metadefender Email Security (DWORD) to 1

      > reg add "HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\Metadefender Email Security" /v external_quarantine_block /t REG_DWORD /d 1
    2. Disable external quarantine (and enable internal quarantine) support for blocked emails by deleting the value external_quarantine_block under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\Metadefender Email Security

      > reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\Metadefender Email Security" /v external_quarantine_block
  3. Enable or disable external quarantine support for allowed-and-sanitized emails:

    1. Enable external quarantine (and disable internal quarantine) support for allowed-and-sanitized emails by setting the value external_quarantine_sanitized under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\Metadefender Email Security (DWORD) to 1

      > reg add "HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\Metadefender Email Security" /v external_quarantine_sanitize /t REG_DWORD /d 1
    2. Disable external quarantine (and enable internal quarantine) support for allowed-and-sanitized emails by deleting the value external_quarantine_sanitize under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\Metadefender Email Security

      > reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\Metadefender Email Security" /v external_quarantine_sanitize
  4. Start MetaDefender Email Gateway Security service

    > net start mdemailsecurity

Example

The following screenshot shows the source of an email delivered for external quarantining. Please note the position of the X-Metadefender-To-Quarantine header added to the email.

images/download/attachments/331075/image2017-9-21_16-2-31.png