How does MailMarshal Exchange work?


This article applies to:

  • MailMarshal Exchange

Question:

How does MailMarshal Exchange work?

 

Information:

MailMarshal Exchange is a content filtering product that 'plugs' into Microsoft Exchange. It relies on the Exchange/IIS framework for mail transportation.

  • MailMarshal Exchange 5.2 and below is used with Microsoft Exchange 2000 or Microsoft Exchange 2003.
  • MailMarshal Exchange 5.3 is used with Exchange 2007.
  • MailMarshal Exchange 7.0 is used with Exchange 2007 or Exchange 2010 and supports multiple processing nodes in an array architecture.

MailMarshal Exchange Components

MailMarshal Exchange email processing uses the following system services:

  • Controller - coordinates and directs the MailMarshal Exchange Engine and Exchange Stub services.
  • Engine - unpacks each e-mail message and splits it into its individual components. It then tests the whole message and each component against the rules that have been set up in the Configurator.
  • Exchange Stub (version 5.2) - intercepts messages from the Exchange Advanced Queue and when engine processing is complete, places them in the Pickup Directory, for delivery by Exchange.
  • Exchange Agent (version 5.3 and above) - Collects messages from the Exchange Categorizer and when engine processing is complete, places them in the Replay Directory, for delivery by Exchange.

Operation of MailMarshal Exchange is monitored and controlled through three applications:

  • Configurator - used to configure settings and rules.
  • Console - used to monitor the flow of e-mail and manage quarantined e-mail messages.
  • Reports (5.X versions) - used to generate reports based on information about e-mail messages that are logged to the database. Version 7.X reporting is through Marshal Reporting Console.
MailMarshal Exchange 7.X also includes an Array Manager service that manages configuration, hosts database operations, and provides user interface connections.

How does MailMarshal Exchange interact with Exchange?

MailMarshal Exchange operation in all versions of Exchange is very similar. The Exchange interface differs for each version of Exchange.

Exchange 2000/2003 (MailMarshal Exchange 5.2)

The message extraction and insertion process consists of three main stages:

  1. Message Extraction from Exchange
    The MailMarshal Exchange Stub monitors the Exchange Advanced Queue. It checks each message to determine if has already been processed.

    If a message has not been processed, it is extracted into a .mml file and put in the incoming directory.

    If a message has already been processed, it is left in the Advanced Queue for delivery by Exchange.

  2. Message Scanning by MailMarshal
    The Engine processes the message against the rules. If the message triggers on a terminal rule, then the .mml file is moved to a quarantine folder. If the message does not trigger on a terminal rule, the message envelope details (i.e. sender, recipients etc.) are extracted from the .mml file and are put in a .env file. The .mml file and .env file are put in the ProcessedOK directory.

  3. Message Insertion to Exchange
    The Exchange Stub moves the .mml file from the ProcessedOK directory to the Exchange Pickup directory, ready for delivery by Exchange. It also resets the message properties based on the information in the .env file and sets a flag in the message to indicate that the message has been processed.

 

 

Exchange 2007/2010 (MailMarshal Exchange 5.3 and 7.0)

The message extraction and insertion process consists of three main stages:

  1. Message Extraction from Exchange
    The MailMarshal Exchange Agent interfaces with the Exchange Categorizer. It checks each message to determine if has already been processed.

    If a message has not been processed, it is extracted into a .mml file and put in the MailMarshal Exchange Incoming directory.  

  2. Message Scanning by MailMarshal
    The Engine processes the message against the rules. If the message triggers on a terminal rule, then the .mml file is moved to a quarantine folder. If the message does not trigger on a terminal rule, the message envelope details (i.e. sender, recipients etc.) are extracted from the .mml file and are put in a .env file. The .mml file and .env file are put in the ProcessedOK directory.
  3. Message Insertion to Exchange
    The MailMarshal Exchange Agent moves the .mml file from the ProcessedOK directory to the Exchange Replay directory, ready for delivery by Exchange. It also resets the message properties based on the information in the .env file and sets a flag in the message to indicate that the message has been processed.

Exchange 2007/2010 (MailMarshal ECM 7.1)

The message extraction and insertion process consists of three main stages:

  1. Message Extraction from Exchange
    The MailMarshal Exchange Agent interfaces with the Exchange Categorizer. It checks each message to determine if has already been processed.

    If a message has not been processed, it is extracted into a .mml file and put in the MailMarshal Exchange Incoming directory.  

    The Agent also holds a message object to enable quick return to Exchange once the message is processed.  

  2. Message Scanning by MailMarshal
    The Engine processes the message against the rules. If the message triggers on a terminal rule, then the .mml file is moved to a quarantine folder. If the message does not trigger on a terminal rule, the message envelope details (i.e. sender, recipients etc.) are extracted from the .mml file and are put in a .env file. The .mml file and .env file are put in the ProcessedOK directory.

    The Engine checks whether the Agent is waiting for the message. If the Agent is waiting, the Engine places the message in the Sending directory. If not, the Engine places the message in the Replay directory.

    • The Replay directory method is used for notifications that originate in MailMarshal, for messages released from quarantine, and for new "editions" created when a message must be split (for instance if a message has multiple recipients and different rules apply to each). The Replay directory is also used as a fallback method if services are stopped unexpectedly.
  3. Message Insertion to Exchange
    The MailMarshal Exchange Agent manages re-insertion to Exchange. If the Agent already has an object available, this process is significantly more efficient than in earlier versions.

 

This article was previously published as:
NETIQKB29652
Marshal KB346

Last Modified 3/21/2011.
https://support.trustwave.com/kb/KnowledgebaseArticle10545.aspx