This article applies to:
- Trustwave ECM/MailMarshal Exchange 7.0
Question:
- How do I use the Message Release External Command with MailMarshal Exchange 7.0?
Background:
Some MailMarshal Exchange administrators set up rules that quarantine small volumes of email for specific reasons. For instance, an Acceptable Use Policy could require that the sender or an administrator must "click to confirm" before sending or receiving some types of content.
MailMarshal Exchange provides a message release function for these situations. Message Releasing allows MailMarshal Exchange to send an email notification when it quarantines a message. Simply by replying to the notification, a user can release the original message from quarantine.
Automatic Message Release should be used sparingly as it tends to defeat the purpose of MailMarshal Exchange.
Procedure:
MailMarshal Exchange 7.0 provides the same Message Release functionality as other MailMarshal versions. However the functionality is not configured by default.
To use automatic message release:
- Create a MailMarshal External Command definition using the executable MEXReleaseMessage.exe
See the below screen capture for recommended settings:
- Create or modify a MailMarshal rule which moves certain messages to a folder.
- In this rule, include a rule action which sends a notification message. The body of this message must contain the variable {ReleaseProcessRemaining} or {ReleasePassThrough}.
- The {ReleaseProcessRemaining} variable causes the message to be processed through additional rules, as specified in the Release Action of the rule that quarantined it. For more information, see Move the message. This option is more secure and recommended.
- The {ReleasePassThrough} variable causes the message to be queued for delivery with no further processing of rules.
- The message template must include a plain text message body. It may include a HTML body as well.
- The From address must be one which guarantees that replies will pass through MailMarshal Exchange. The address need not be valid but it must be well-formed. Use an address within your domains, or a domain name that does not exist.
- For example, you could send from MessageRelease@Release.example.com
- A message template Automatic Message Release Outbound could appear as follows:
A message you sent was blocked by MailMarshal.
From: {Sender}
To: {Recipient}
Subject: {Subject}
Message: {MessageName}This message is eligible for our Self-Service Message Release service.
If you want your original message to be released, reply to this email without editing it. Your message will be automatically released and your request logged.
The blocked email will be automatically deleted after 5 days.
If you have any questions, please contact {Administrator}.
Message Release code: {ReleaseProcessRemaining}
- To process message release requests, create a MailMarshal Exchange rule similar to the following:
Where addressed to MessageRelease@Release.example.com
Run the external command Message Release
And write log message(s) with Release Requests
And delete the message
Authentication
If MailMarshal Exchange is used in an array with separate Array Manager and processing servers, the Message Release external command must run using a Windows credential that the Array Manager can validate. You can enter specific account credentials for the Message Release external command, using command line parameters in the External Command definition. See the Options section below.
Notification
If you want to be notified of failed message release attempts, you can run the external command as a rule condition rather than an action. The Message Release executable returns 0 on success and 1 on failure.
Options
The Message Release external command has the following syntax:
MEXReleaseMessage [-u username] [-p password] [-d domain] [-r recipient] [-l] {MessageName}
{MessageName} is a MailMarshal variable. The braces are part of the variable syntax. You must include this literal string in the command parameters.
To use the options, edit the external command definition. In the properties, change the parameters field to include the required options.
The options are further described as follows:
-u {username}
-p {password}
-d {domain}
Use these options to run the external command as a specific Windows user. Specifying a user and password is generally necessary.
-l leave message in folder
-r send only to named recipient
By default the Message Release executable releases the message to all recipients and deletes the message after releasing it. Using these options can result in a message being sent to a user more than once. You can use two parameters to modify release behavior:
- To leave a copy of the message on the server after releasing it, change the parameters field to include -l {MessageName} (the parameter is a lower case letter L).
- You can also configure the message release facility to release the message only to the user requesting it. Typically you would use this option in the case of incoming messages addressed to more than one user. To implement this function, change the parameters field to include -r {From}. The message will be released only to the email address from which the request was sent. This need not be one of the original recipients. The message will be left on the server and can be released again.