Cisco Cisco Content Security Management Appliance M160 Guía Del Usuario
Chapter 6 Managing the Cisco IronPort Spam Quarantine
6-22
Cisco IronPort AsyncOS 7.2.0 for Security Management User Guide
OL-21768-01
Synchronizing Safelist and Blocklist Settings and Databases
With the Security Management appliance, you can easily synchronize the
safelist/blocklist databases on all managed appliances.
safelist/blocklist databases on all managed appliances.
Note
Before you can synchronize safelist/blocklist databases, you need to enable the
safelist/blocklist feature and add at least one managed appliance to the Security
Management appliance. For more information about adding managed appliances,
see
safelist/blocklist feature and add at least one managed appliance to the Security
Management appliance. For more information about adding managed appliances,
see
.
To synchronize safelist/blocklist databases, click the Synchronize All
Appliances button on the Management Appliance > Centralized Services > Spam
Quarantine page.
Appliances button on the Management Appliance > Centralized Services > Spam
Quarantine page.
If you use the centralized management feature to configure multiple appliances,
you can configure administrator settings using centralized management. If you do
not use centralized management, you can manually verify that settings are
consistent across machines.
you can configure administrator settings using centralized management. If you do
not use centralized management, you can manually verify that settings are
consistent across machines.
For more information about using FTP to access appliances, see Appendix A,
`Accessing the Appliance,' on page 1.
`Accessing the Appliance,' on page 1.
Message Delivery for Safelists and Blocklists
When you enable safelists and blocklists, the Email Security appliance scans the
messages against the safelist/blocklist database immediately before anti-spam
scanning. If the appliance detects a sender or domain that matches an end user’s
safelist/blocklist setting, the message is splintered if it has multiple recipients
with different safelist/blocklist settings. For example, sender X sends a message
to both recipient A and recipient B. Recipient A has safelisted sender X, but
recipient B has no entry for the sender in either the safelist or the blocklist. In this
case, the message may be split into two messages with two message IDs. The
message sent to recipient A is marked as safelisted with an
X-SLBL-Result-Safelist header, and it skips anti-spam scanning. The message
bound for recipient B is scanned with the anti-spam scanning engine. Both
messages then continue along the pipeline (through anti-virus scanning, content
policies, and so forth), and they are subject to any configured settings.
messages against the safelist/blocklist database immediately before anti-spam
scanning. If the appliance detects a sender or domain that matches an end user’s
safelist/blocklist setting, the message is splintered if it has multiple recipients
with different safelist/blocklist settings. For example, sender X sends a message
to both recipient A and recipient B. Recipient A has safelisted sender X, but
recipient B has no entry for the sender in either the safelist or the blocklist. In this
case, the message may be split into two messages with two message IDs. The
message sent to recipient A is marked as safelisted with an
X-SLBL-Result-Safelist header, and it skips anti-spam scanning. The message
bound for recipient B is scanned with the anti-spam scanning engine. Both
messages then continue along the pipeline (through anti-virus scanning, content
policies, and so forth), and they are subject to any configured settings.