Configuring Message Passthrough Policies

Document created by user.oxriBaJeN4 Employee on Sep 12, 2015Last modified by user.oxriBaJeN4 Employee on May 28, 2019
Version 15Show Document
  • View in full screen mode

When processing a message, Mimecast explodes it and its attachments into the raw components, indexes the text, and recompiles the attachment based on the header information regarding the attachment type (e.g. mime or content type). If this is set incorrectly, attachment corruption may occur. Message Passthrough policies can be used to bypass these activities and deliver messages in their original format.


Messages handled by a Message Passthrough policy don't have their content exploded, and can't be exported from the Mimecast archive. However our data ingestion team can provide these messages via a data exgestion request, and they can also be forwarded by an administrator with content viewing rights from the Mimecast archive.

Spam scanning, virus scanning, and attachment checks are still performed on messages when a Message Passthrough policy is applied, but we advise using a bypass policy with caution. They could allow a new virus outbreak to go undetected whilst signatures are being updated, and could negate the Mimecast virus Service Level Agreement.

Usage Examples


Consider the following examples:

  • You can configure a Passthrough policy if, for example, your organization is developing software using .EXE files for updates and these files are held by Mimecast due to a Suspicious Message Structure check. Configuring a Message Passthrough policy will allow the files to be delivered to the internal user as intended, instead of being held by Mimecast. This should typically only be created after testing with Mimecast Support has been completed.
  • Other policies are still applied to a message if the Passthrough policy is configured. For example, if both a Message Passthrough and an Attachment Management policy is configured, the Attachment Management policy action takes precedence. If there are no other policies that apply, the raw file is delivered to the recipient.


Configuring a Message Passthrough Policy


To configure a Message Passthrough policy:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item. A menu dropdown is displayed.
  3. Select the Gateway | Policies menu item. 
  4. Click on Message Passthrough. A list of policies is displayed.
  5. Either select the:
    • Policy to be changed.
    • New Policy button to create a policy.
  6. Complete the Options section as required:
    Policy NarrativeProvide a description for the policy to allow you to easily identify it in the future.
    Select Option

    Select whether to explode or not to explode the message content.

  7. Complete the Emails From and Emails To sections as required:
    Field / OptionDescription
    Addresses Based OnSpecify the email address characteristics the policy is based on. This option is only available in the "Emails From" section:
    The Return Address This default setting applies the policy to the SMTP address match, based on the message's envelope or true address (i.e. the address used during SMTP transmission).
    Applies From / ToSpecify the Sender characteristics the policy is based on. For multiple policies, you should apply them from the most to least specific. The options are:
    EveryoneIncludes all email users (i.e. internal and external). This option is only available in the "Emails From" section.
    Internal AddressIncludes only internal organization addresses.
    External AddressIncludes only external organization addresses. This option is only available in the "Emails From" section.
    Email DomainEnables you to specify a domain name to which this policy is applied. The domain name is entered in the Specifically field.
    Address GroupsEnables you to specify a directory or local group. If this option is selected, click on the Lookup button to select a group from the Profile Group field. Once a group has been selected, you can click on the Show Location field to display the group's path.
    Address AttributesEnables you to specify a predefined Attribute. The attribute is selected from the Where Attribute drop down list. Once the Attribute is specified, an attribute value must be entered in the Is Equal To field. This can only be used if attributes have been configured for user accounts.
    Individual Email AddressEnables you to specify an SMTP address. The email address is entered in the Specifically field.
  8. Complete the Validity section as required:
    Field / OptionDescription
    Enable / DisableUse this to enable (default) or disable a policy. If a date range has been specified, the policy will automatically be disabled when the end of the configured date range is reached.
    Set Policy as PerpetualIf the policy's date range has no end date, this field displays "Always On" meaning that the policy never expires.
    Date RangeUse this field to specify a start and / or end date for the policy. If the Eternal option is selected, no date is required.
    Policy OverrideThis overrides the default order that policies are applied. If there are multiple applicable policies, this policy is applied first unless more specific policies of the same type are configured with an override.
    Bi-DirectionalIf selected the policy is applied when the policy's recipient is the sender, and the sender is the recipient.
    Source IP Ranges (n.n.n.n/x)Enter any required Source IP Ranges for the policy. These only apply if the source IP address used to transmit the message data, falls inside or matches the range(s) configured. IP ranges should be entered in CIDR notation.
  9. Click on the Save and Exit button.


See Also...