Cisco Cisco Email Security Appliance C170 Guía Del Usuario
27-35
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 27 Quarantines
Using Safelists and Blocklists to Control Email Delivery Based on Sender
Creating and Maintaining Safelists and Blocklists
The safelists and blocklists are created and maintained by end users. However, an administrator enables
the feature and configures delivery settings for email messages matching entries in the blocklist. To
create and maintain safelists and blocklists, the administrators and end-users complete the following
tasks:
the feature and configures delivery settings for email messages matching entries in the blocklist. To
create and maintain safelists and blocklists, the administrators and end-users complete the following
tasks:
•
Administrator tasks. Administrators enable and configure the Spam Quarantine, enable the
Safelist/Blocklist feature, backup and restore the Safelist/Blocklist database, synchronize the
Safelist/Blocklist database between different appliances, and troubleshoot safelist and blocklist
issues via logs, alerts, and custom headers. For more information about administrator tasks, see
Safelist/Blocklist feature, backup and restore the Safelist/Blocklist database, synchronize the
Safelist/Blocklist database between different appliances, and troubleshoot safelist and blocklist
issues via logs, alerts, and custom headers. For more information about administrator tasks, see
•
End-user tasks. End-users create their safelist and blocklist settings via the end-user spam
quarantine. End users may need to log in (instead of clicking the link in the Spam Quarantine
notification) to access their safelist/blocklist settings. From the end-user spam quarantine, end-users
can create safelists and blocklists from the Options menu. Or, end-users can create safelist settings
from the list of quarantined emails. For details about end-user tasks, see
quarantine. End users may need to log in (instead of clicking the link in the Spam Quarantine
notification) to access their safelist/blocklist settings. From the end-user spam quarantine, end-users
can create safelists and blocklists from the Options menu. Or, end-users can create safelist settings
from the list of quarantined emails. For details about end-user tasks, see
Message Delivery For Safelists and Blocklists
When you enable safelists and blocklists, the appliance scans the messages against the safelist/blocklist
database immediately prior to anti-spam scanning. If the appliance detects a sender or domain that
matches an end user’s safelist/blocklist setting, the message will be splintered if there are multiple
recipients (and the recipients have different safelist/blocklist settings). For example, a message is sent
to both recipient A and recipient B. Recipient A has safelisted the sender, whereas recipient B does not
have an entry for the sender in either safelist or blocklist. In this case, the message may be split into two
messages with two message IDs. The message sent to recipient A is marked as safelisted with an
X-SLBL-Result-Safelist header, and skips anti-spam scanning, whereas the message bound for recipient
B is scanned with the anti-spam scanning engine. Both messages then continue along the pipeline
(through anti-virus scanning, content policies, etc.), and are subject to any settings configured.
database immediately prior to anti-spam scanning. If the appliance detects a sender or domain that
matches an end user’s safelist/blocklist setting, the message will be splintered if there are multiple
recipients (and the recipients have different safelist/blocklist settings). For example, a message is sent
to both recipient A and recipient B. Recipient A has safelisted the sender, whereas recipient B does not
have an entry for the sender in either safelist or blocklist. In this case, the message may be split into two
messages with two message IDs. The message sent to recipient A is marked as safelisted with an
X-SLBL-Result-Safelist header, and skips anti-spam scanning, whereas the message bound for recipient
B is scanned with the anti-spam scanning engine. Both messages then continue along the pipeline
(through anti-virus scanning, content policies, etc.), and are subject to any settings configured.
If a message sender or domain is blocklisted, the delivery behavior depends on the blocklist action
settings. Similar to safelist delivery, the message is splintered if there are different recipients with
different safelist/blocklist settings. The blocklisted message splinter is then quarantined or dropped,
depending on the blocklist action settings. If the blocklist action is configured for quarantine, the
message is scanned and eventually quarantined. If the blocklist action is configured as drop, the message
is dropped immediately after safelist/blocklist scanning.
settings. Similar to safelist delivery, the message is splintered if there are different recipients with
different safelist/blocklist settings. The blocklisted message splinter is then quarantined or dropped,
depending on the blocklist action settings. If the blocklist action is configured for quarantine, the
message is scanned and eventually quarantined. If the blocklist action is configured as drop, the message
is dropped immediately after safelist/blocklist scanning.
Because the safelist and blocklists are maintained in the Spam Quarantine, delivery behavior is also
contingent on other anti-spam settings. For example, if you configure the “Accept” mail flow policy in
the HAT to skip anti-spam scanning, then users who receive mail on that listener will not have their
safelist and blocklist settings applied to mail received on that listener. Similarly, if you create a mailflow
policy that skips anti-spam scanning for certain message recipients, these recipients will not have their
safelist and blocklist settings applied.
contingent on other anti-spam settings. For example, if you configure the “Accept” mail flow policy in
the HAT to skip anti-spam scanning, then users who receive mail on that listener will not have their
safelist and blocklist settings applied to mail received on that listener. Similarly, if you create a mailflow
policy that skips anti-spam scanning for certain message recipients, these recipients will not have their
safelist and blocklist settings applied.
Overview of Creating and Maintaining Safelists and Blocklists
To use safelists and blocklists, complete the following tasks: