Policy-based messaging firewall

摘要

An e-mail firewall applies policies to e-mail messages between a first site and second sites in accordance with administrator selectable policies. The firewall includes a simple mail transfer protocol relay for causing the e-mail messages to be transmitted between the first site and selected ones of the second sites. Policy managers enforce-administrator selectable policies relative to one or more of encryption and decryption, signature, source/destination, content and viruses.

主权项

1. A messaging firewall for restricting transmission of messages entering into or originating from within an organization having a plurality of individual users in accordance with a plurality of policies selectable by an administrator of the messaging firewall, said messaging firewall comprising:
a messaging relay, implemented at least partially on a hardware processor, for causing said messages entering into or originating from within the organization to be transmitted; and a plurality of policy managers, responsive to said messaging relay, for enforcing the administrator selectable policies, said policies comprising at least a first source/destination policy, at least a first content policy and at least a first virus policy, said policies being applicable to groups of users organized as a hierarchical directory-type structure and characterized by (i) application of the policies at higher- and lower-tiers of the hierarchical directory-type structure, wherein application at a lower-tier inherits from corresponding higher-tier policies, (ii) override and supplementation relations between such higher- and lower-tier policies, wherein a lower-tier policy overrides the higher tier where a conflict exists and supplements the higher-tier policy where no conflict exists and (iii) a plurality of administrator selectable criteria, a plurality of administrator selectable exceptions to said criteria and a plurality of administrator selectable actions associated with said criteria and exceptions, at least one of the policies specifying an operative one of the administrator selectable exceptions that is in addition to any of the override and supplementation relations between policies applied at higher- and lower-tiers of the hierarchical directory-type structure, said policy managers comprising: an access manager for restricting transmission of messages in accordance with said source/destination policy; a content manager for restricting transmission of messages in accordance with said content policy; and a virus manager for restricting transmission of messages in accordance with said virus policy, each of said messages including at least one recipient address, the firewall transmitting a message to said at least one recipient address in response to a predetermined policy result of a policy manager.