User Group Pruning


This article applies to:

  • Trustwave MailMarshal (SEG) 6.7 and above
  • Trustwave ECM/MailMarshal Exchange 7.X

Question:

  • Why should I prune MailMarshal user groups?
  • How does MailMarshal prune user group entries?
  • What additional settings are available to control user group pruning behavior?

Information:

MailMarshal allows you to automatically "harvest" or add user entries (email addresses) to user groups by Rule action. This rule action is commonly used to identify valid addresses that will be exempt from spam checks.

Over time, the harvested groups can grow very large. Configuring MailMarshal can become difficult and reloading configuration can be very slow.

Pruning allows you to limit the size of harvested groups. You can prune based on the length of time since an address was last "seen" by MailMarshal, and/or based on a size limit for the group.

For basic information about pruning, see the User Guide and Help.

What is "Seen"?

The following information further explains how MailMarshal logs "seen" addresses.

  • Addresses are "seen" by the Receiver in MailMarshal SMTP, and by the Engine in MailMarshal Exchange.
  • The matching of "seen" addresses searches for explicit matches in all child groups of all groups used in a rule.
  • Groups that are not used by the rules will not be loaded in the MailMarshal Controller and therefore members of such groups will not always be marked "seen". If an email address is not a member of any group that is used by the rules, it will not be "seen". If an email address is a member of a group that is used by the rules, then the address will be "seen" also in groups that are not loaded.
  • Some email software (such as Outlook Express and possibly other software) stops sending recipient information after one recipient has been rejected for any reason. If you send a message through MailMarshal SMTP, addressed to A, B and C in that order, and B is rejected by a receiver rule, A and B will be "seen" but not C.
  • The Configurator or Management Console shows the "last seen" time for each user in user groups. Be aware that this information is not updated in real time, but can be up to 6 hours behind.
  • Pruning is never applied to groups that are retrieved from LDAP or Active Directory connectors.

Last Modified 3/1/2020.
https://support.trustwave.com/kb/KnowledgebaseArticle12772.aspx