Determining Outbound/Inbound/Internal mail
This section applies only to the Exchange VS API mode
GFI MailSecurity uses a set of rules to determine whether a mail is
inbound, internal or outbound. In some cases it may be important to
understand the logic used. This logic is based on determining if the
user is present in Active Directory or not.
When is a mail outbound?
GFI MailSecurity will assume a mail is outbound if the sender is an
internal user and the recipient is an external user. To determine
whether a sender or recipient is external or internal, GFI MailSecurity
makes an Active Directory query. If the user is present, he is assumed
to be an internal user.
When is a mail inbound?
GFI MailSecurity will assume a mail is inbound if the sender is an
external user and the recipient is an internal user. It will use AD to
determine whether the sender/recipient is external or internal.
When is a mail internal?
If both the sender and the recipient appear in Active Directory then the
mail is internal. Because of various reasons, we can not determine
100% if an email is internal or inbound. This is the reason why, for
security reasons, you can not create separate rules for internal mail.
Assuming you would set up more relaxed rules for internal mail, a
security hole might appear.
What if the mail has multiple recipients, both internal and
In this case, all rules will be applied. So if a mail contains an internal
recipient that has a specific rule specified, the rule will be applied. If
the mail also contains an outbound rule linked to the sender, then this
rule will be applied also.
User synchronization with Exchange 5.5
If you are using GFI MailSecurity in gateway mode with Microsoft
Exchange server 5.5, GFI MailSecurity installs a synchronization
service that updates the GFI MailSecurity user database
automatically. This eliminates the hassle of synchronizing users
manually between Exchange Server 5.5 and GFI MailSecurity.