Configure SMTP and IMAP Email Management
There are configuration fields in the JATP Web UI for various SMTP options, but IMAP allows for no configuration at this time. IMAP is either permitted or denied based on scanning verdicts and policies configured on the SRX Series device.
By default, for both SMTP and IMAP, attachments are allowed unless they are found to be malicious. If an attachment is malicious, it appears in the Incidents tab with the threat source and target listed as an email address. Quarantining of email attachments is not supported at this time.
With Email Management, enrolled SRX devices transparently submit potentially malicious email attachments to JATP for inspection. Once an attachment is evaluated, JATP assigns the file a threat score. That score is between 0 and 1, with 1 being the most malicious.
JATP assigns threat scores using the following values. Note that JATP and SRX use different threat level thresholds. See the JATP and SRX Series Threat Level Comparison Chart for information.
Table 1: Threat Score Values
If an email contains no attachments, it is allowed to pass without any analysis.
Benefits of Email Management
Allows attachments to be checked against allowlists and blocklists.
Prevents users from opening potential malware received as an email attachment.
Emails are checked against global blocklists and allowlists using information such as Envelope From (MAIL FROM), Envelope To (RCPT TO), Body Sender, Body Receiver. If an email matches the allowlist, that email is allowed through without any scanning. If an email matches the blocklist, it is considered to be malicious and is treated as such.
To configure SMTP email management options:
- From the Config tab, navigate to System Profiles > SRX settings. The SMTP configuration fields are in the middle of the page.
- You can configure JATP to take one of the following actions
when an email attachment is determined to be malicious:
Action to take:
Deliver malicious messages with warning headers added—When you select this option, headers are added to emails that most mail servers recognize and filter into Spam or Junk folders.
Permit—You can select to permit the email and the recipient receives it intact.
X-Distribution (Bulk, Spam)—Use this header for messages that are sent to a large distribution list and are most likely spam. You can also select “Do not add this header.”
X-Spam-Flag—This is a common header added to incoming emails that are possibly spam and should be redirected into spam or junk folders. You can also select “Do not add this header.”
Subject Prefix—You can prepend headers with information for the recipient, such as "Possible Spam."
- Click the Submit button to finish and save.