Cisco Cisco Email Security Appliance C170 Guía Del Usuario
4-8
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 4 Understanding the Email Pipeline
Message Filters
Message filters allow you to create special rules describing how to handle messages and attachments as
they are received. Filter rules identify messages based on message or attachment content, information
about the network, message envelope, message headers, or message body. Filter actions allow messages
to be dropped, bounced, archived, quarantined, blind carbon copied, or altered.
they are received. Filter rules identify messages based on message or attachment content, information
about the network, message envelope, message headers, or message body. Filter actions allow messages
to be dropped, bounced, archived, quarantined, blind carbon copied, or altered.
For more information, see the “Using Message Filters to Enforce Email Policies” chapter in the Cisco
IronPort AsyncOS for Email Advanced Configuration Guide.
IronPort AsyncOS for Email Advanced Configuration Guide.
Multi-recipient messages are “splintered” after this phase, prior to Email Security Manager. Splintering
messages refers to creating splinter copies of emails with single recipients, for processing via Email
Security Manager.
messages refers to creating splinter copies of emails with single recipients, for processing via Email
Security Manager.
Email Security Manager (Per-Recipient Scanning)
Safelist/Blocklist Scanning
End user safelists and blocklists are created by end users and stored in a database that is checked prior
to anti-spam scanning. Each end user can identify domains, sub domains or email addresses that they
wish to always treat as spam or never treat as spam. If a sender address is part of an end users safelist,
anti-spam scanning is skipped, and if the sender address is listed in the blocklist, the message may be
quarantined or dropped depending on administrator settings. For more information about configuring
safelists and blocklists, see the “Quarantines” chapter in the Cisco IronPort AsyncOS for Email Daily
Management Guide.
to anti-spam scanning. Each end user can identify domains, sub domains or email addresses that they
wish to always treat as spam or never treat as spam. If a sender address is part of an end users safelist,
anti-spam scanning is skipped, and if the sender address is listed in the blocklist, the message may be
quarantined or dropped depending on administrator settings. For more information about configuring
safelists and blocklists, see the “Quarantines” chapter in the Cisco IronPort AsyncOS for Email Daily
Management Guide.
Anti-Spam
The Anti-Spam feature involves Cisco IronPort Anti-Spam scanning. Anti-spam scanning offers
complete, Internet-wide, server-side anti-spam protection. It actively identifies and defuses spam attacks
before they inconvenience your users and overwhelm or damage your network, allowing you to remove
unwanted mail before it reaches your users’ inboxes, without violating their privacy.
complete, Internet-wide, server-side anti-spam protection. It actively identifies and defuses spam attacks
before they inconvenience your users and overwhelm or damage your network, allowing you to remove
unwanted mail before it reaches your users’ inboxes, without violating their privacy.
Anti-spam scanning can be configured to deliver mail to the Cisco IronPort Spam Quarantine (either on-
or off-box). Messages released from the Cisco IronPort Spam Quarantine proceed directly to the
destination queue, skipping any further work queue processing in the email pipeline.
or off-box). Messages released from the Cisco IronPort Spam Quarantine proceed directly to the
destination queue, skipping any further work queue processing in the email pipeline.
See
for more information.
Anti-Virus
Your Cisco IronPort appliance includes integrated virus scanning engines. You can configure the
appliance to scan messages and attachments for viruses on a per-“mail policy” basis. You can configure
the appliance to do the following when a virus is found:
appliance to scan messages and attachments for viruses on a per-“mail policy” basis. You can configure
the appliance to do the following when a virus is found:
•
attempt to repair the attachment
•
drop the attachment
•
modify the subject header
•
add an additional X- header
•
send the message to a different address or mailhost