Cisco Cisco Email Security Appliance C670 User Guide
10-6
Cisco AsyncOS 9.5 for Email User Guide
Chapter 10 Mail Policies
Message Splintering
•
The recipient
ann@example.com
will receive the anti-spam, anti-virus, outbreak filters, and content
filters defined in policy #1.
•
The recipient
larry@example.com
will receive the anti-spam, anti-virus, outbreak filters, and
content filters defined in policy #2, because the sender (
@lawfirm.com
) and the recipient (
ANY
)
matches.
Message Splintering
Intelligent message splintering is the mechanism that allows for differing recipient-based content
security rules to be applied independently to message with multiple recipients.
security rules to be applied independently to message with multiple recipients.
Each recipient is evaluated for each policy in the appropriate mail policy table (Incoming or Outgoing)
in a top-down fashion.
in a top-down fashion.
Each policy that matches a message creates a new message with those recipients. This process is defined
as message splintering:
as message splintering:
•
If some recipients match different policies, the recipients are grouped according to the policies they
matched, the message is split into a number of messages equal to the number of policies that
matched, and the recipients are set to each appropriate “splinter.”
matched, the message is split into a number of messages equal to the number of policies that
matched, and the recipients are set to each appropriate “splinter.”
•
If all recipients match the same policy, the message is not splintered. Conversely, a maximum
splintering scenario would be one in which a single message is splintered for each message
recipient.
splintering scenario would be one in which a single message is splintered for each message
recipient.
•
Each message splinter is then processed by anti-spam, anti-virus, Advanced Malware Protection
(incoming messages only), DLP scanning (outgoing messages only), Outbreak Filters, and content
filters independently in the email pipeline.
(incoming messages only), DLP scanning (outgoing messages only), Outbreak Filters, and content
filters independently in the email pipeline.
The following table illustrates the point at which messages are splintered in the email pipeline.
Wo
rk
Q
u
e
u
e
Message Filters
(filters)
message for all recipients
Anti-Spam
(antispamconfig, antispamupdate)
E
m
ail Sec
u
rit
y
M
ana
ge
r Scan
nin
g
(Per
Rec
ipi
ent)
Messages are splintered immediately after
message filter processing but before anti-spam
processing:
message filter processing but before anti-spam
processing:
message for all recipients
matching policy 1
message for all recipients
matching policy 2
message for all other recipients
(matching the default policy)
Anti-Virus
(antivirusconfig,
antivirusupdate)
File Reputation and Analysis
(Advanced Malware Protection)
(Advanced Malware Protection)
(ampconfig)
Graymail Management
Content Filters
(policyconfig -> filters)
Outbreak Filters
(outbreakconfig, outbreakflush,
outbreakstatus, outbreakupdate)
Data Loss Prevention
(policyconfig)
Note
DLP scanning is only performed on
outgoing messages.
outgoing messages.