Operation Modes

Deep Discovery Email Inspector can act as a Mail Transfer Agent (MTA mode), or as an out-of-band appliance (BCC mode or SPAN/TAP mode).

For details, see the Deep Discovery Email Inspector Installation and Deployment Guide.

To configure the operation mode, go to Administration > System Settings > Operation Mode.

Note:

The internal Postfix server cannot be used to send email notifications in BCC or SPAN/TAP mode.

For more information on specifying an external SMTP server, see Configuring the Notification SMTP Server.

Table 1. Operation Modes

Mode

Description

MTA mode

(Default)

As an inline MTA, Deep Discovery Email Inspector protects your network from harm by blocking malicious email messages in the mail traffic flow. Deep Discovery Email Inspector delivers safe email messages to recipients.

BCC mode

As an out-of-band appliance, Deep Discovery Email Inspector receives mirrored traffic from an upstream MTA to monitor your network for cyber threats. Deep Discovery Email Inspector discards all replicated email messages without delivery.

SPAN/TAP mode

As an out-of-band appliance, Deep Discovery Email Inspector receives mirrored traffic from a SPAN/TAP device to monitor your network for cyber threats. Deep Discovery Email Inspector discards all replicated email messages without delivery.

If you select SPAN/TAP mode, you must add at least one monitoring rule. For more information, see Monitoring Rules for SPAN/TAP Mode.

Note:

Deep Discovery Email Inspector virtual appliances installed in Microsoft Hyper-V do not support SPAN/TAP mode.

The following table lists the availability of the features in each operating mode.

Table 2.
Feature/Service

MTA mode

BCC mode

SPAN/TAP mode

Message modification (tag, stamp, strip, clean up, rewrite URL, add X-headers, sanitize file, encrypt message, etc.)

Yes

No

No

Message notification

Yes

No

Yes (using an external SMTP server)

Message delivery

Yes

No

No

Message quarantine

Yes

No

No

Message archiving

Yes

No

No

DKIM signing

Yes

No

No

End-User Quarantine

Yes

No

No

Sender authentication (SPF, DKIM, DMARC)

Yes

No

No

Email Reputation Services (ERS)

Yes

No

No

Sender filtering

Yes

No

No

Alerts

Yes

Yes

Yes

Alert notification and reports

Yes

Yes (using an external SMTP server)

Yes (using an external SMTP server)

Queue management

Yes

Yes

Yes

Deep Discovery Director integration

Yes

Yes

Yes