Cisco Cisco Email Security Appliance C160 Betriebsanweisung
6-5
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 6 Email Security Manager
•
If some recipients match different policies, the recipients are grouped according to the policies they
matched, the message is split into a number of messages equal to the number of policies that
matched, and the recipients are set to each appropriate “splinter.”
matched, the message is split into a number of messages equal to the number of policies that
matched, and the recipients are set to each appropriate “splinter.”
•
If all recipients match the same policy, the message is not splintered. Conversely, a maximum
splintering scenario would be one in which a single message is splintered for each message
recipient.
splintering scenario would be one in which a single message is splintered for each message
recipient.
•
Each message splinter is then processed by anti-spam, anti-virus, DLP scanning (outgoing messages
only), Outbreak Filters, and content filters independently in the email pipeline.
only), Outbreak Filters, and content filters independently in the email pipeline.
Note
Email DLP scanning is only available for outgoing messages.
Table 6-2
Message Splintering in the Email Pipeline
Note
New MIDs (message IDs) are created for each message splinter (for example, MID 1 becomes MID 2
and MID 3). For more information, see the “Logging” chapter in the Cisco IronPort AsyncOS for Email
Daily Management Guide. In addition, the trace function shows which policies cause a message to be
split.
and MID 3). For more information, see the “Logging” chapter in the Cisco IronPort AsyncOS for Email
Daily Management Guide. In addition, the trace function shows which policies cause a message to be
split.
Policy matching and message splintering in Email Security Manager policies obviously affect how you
manage the message processing available on the appliance.
manage the message processing available on the appliance.
Managed Exceptions
Because the iterative processing of each splinter message impacts performance, Cisco recommends
using the Incoming and Outgoing Mail Policies tables of Email Security Manager to configure policies
on a managed exception basis. In other words, evaluate your organization’s needs and try to configure
the feature so that the majority of messages will be handled by the default policy and the minority of
using the Incoming and Outgoing Mail Policies tables of Email Security Manager to configure policies
on a managed exception basis. In other words, evaluate your organization’s needs and try to configure
the feature so that the majority of messages will be handled by the default policy and the minority of
W
o
rk
Q
ueu
e
Message Filters
(filters)
↓
message for all recipients
Anti-Spam
(antispamconfig, antispamupdate)
Email Sec
u
ri
ty Man
age
r Sca
nnin
g
(Per
Re
cip
ien
t)
Messages are splintered immediately after
message filter processing but before anti-spam
processing:
message filter processing but before anti-spam
processing:
message for all recipients
matching policy 1
message for all recipients
matching policy 2
message for all other recipients
(matching the default policy)
Anti-Virus
(antivirusconfig,
antivirusupdate)
Content Filters
(policyconfig -> filters)
Outbreak Filters
(outbreakconfig, outbreakflush,
outbreakstatus, outbreakupdate)
Data Loss Prevention
(policyconfig)
Note
DLP scanning is only performed on
outgoing messages.
outgoing messages.