1
Fireeye Email Deployment Modes The EX can be deployed inline (MTA mode) or out-of-band (BCC or Span/TAP mode). In all deployment modes, the EX generates alerts and notifications when malicious emails are detected. The EX can be configured to send notifications of malicious emails to administrators.
MTA In MTA deployment, the EX serves as an MTA in the flow of mail traffic and supports Transport Layer Security (TLS). If configured for blocking, malicious emails are blocked. The EX can be configured to notify recipients when their email is blocked. Malicious emails are moved to the quarantine folder and clean emails are sent to the next-hop for delivery to the intended recipient. If configured for monitoring, emails are not blocked and no recipient notifications are sent.
FIREEYE EMAIL DEPLOYMENT MODES | version 1.0
[email protected]
2
For MTA, connect the EX between the Anti-Spam gateway and an MTA that deliver email to end-users. Clean emails are delivered from the EX to the MTA.
BCC Mode In BCC deployment, the EX does not interfere with network traffic. A copy of each email is sent from an MTA or an anti-spam gateway. The EX cannot block email in BCC mode. Any mail found to be malicious is copied to the quarantine folder. The recipient is not notified because the email is not blocked. In BCC mode, the EX monitors SMTP traffic through interface pether 3.
For BCC, connect the EX downstream from the Anti-Spam gateway or MTA. You will need to configure the EX with an IP address. You can also use the Journaling feature on your email server to achieve BCC. Configure the server to send email to the IP address of the EX.
FIREEYE EMAIL DEPLOYMENT MODES | version 1.0
[email protected]
3
SPAN/TAP In SPAN/TAP deployment, the EX does not interfere with network traffic. The EX receives a copy of each email from the SPAN or TAP appliance. The EX cannot block email in SPAN/TAP mode. Any mail found to be malicious is copied to the quarantine folder. The recipient is not notified because the email is not blocked. In SPAN/TAP mode, the EX monitors SMTP traffic through interface pether 3.
For Span/Tap, connect the EX downstream from the Anti-Spam gateway or MTA. You will need to configure the EX with an IP address.
FIREEYE EMAIL DEPLOYMENT MODES | version 1.0
[email protected]
