Cisco Cisco Email Security Appliance C650 Guía Del Usuario
4-7
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
Chapter 4 Understanding the Email Pipeline
Work Queue / Routing
Work Queue / Routing
The Work Queue is where the received message is processed before moving to the delivery phase.
Processing includes masquerading, routing, filtering, safelist/blocklist scanning, anti-spam and
anti-virus scanning, file reputation scanning and analysis, Outbreak Filters, and quarantining.
Processing includes masquerading, routing, filtering, safelist/blocklist scanning, anti-spam and
anti-virus scanning, file reputation scanning and analysis, Outbreak Filters, and quarantining.
Note
Data loss prevention (DLP) scanning is only available for outgoing messages. For information on where
DLP message scanning occurs in the Work Queue, see
DLP message scanning occurs in the Work Queue, see
Related Topics
•
•
•
•
•
•
•
Email Pipeline and Security Services
Note, as a general rule, changes to security services (anti-spam scanning, anti-virus scanning, and
Outbreak Filters) do not affect messages already in the work queue. As an example:
Outbreak Filters) do not affect messages already in the work queue. As an example:
If a message bypasses anti-virus scanning when it first enters the pipeline because of any of these
reasons:
reasons:
•
anti-virus scanning was not enabled globally for the appliance, or
•
the HAT policy was to skip anti-virus scanning, or
•
there was a message filter that caused the message to bypass anti-virus scanning,
then the message will not be anti-virus scanned upon release from the quarantine, regardless of whether
anti-virus scanning has been re-enabled. However, messages that bypass anti-virus scanning due to mail
policies may be anti-virus scanned upon release from a quarantine, as the mail policy's settings may have
changed while the message was in the quarantine. For example, if a message bypasses anti-virus
scanning due to a mail policy and is quarantined, then, prior to release from the quarantine, the mail
policy is updated to include anti-virus scanning, the message will be anti-virus scanned upon release
from the quarantine.
anti-virus scanning has been re-enabled. However, messages that bypass anti-virus scanning due to mail
policies may be anti-virus scanned upon release from a quarantine, as the mail policy's settings may have
changed while the message was in the quarantine. For example, if a message bypasses anti-virus
scanning due to a mail policy and is quarantined, then, prior to release from the quarantine, the mail
policy is updated to include anti-virus scanning, the message will be anti-virus scanned upon release
from the quarantine.
Similarly, suppose you had inadvertently disabled anti-spam scanning globally (or within the HAT), and
you notice this after mail is in the work queue. Enabling anti-spam at that point will not cause the
messages in the work queue to be anti-spam scanned.
you notice this after mail is in the work queue. Enabling anti-spam at that point will not cause the
messages in the work queue to be anti-spam scanned.
LDAP Recipient Acceptance
You can use your existing LDAP infrastructure to define how the recipient email address of incoming
messages (on a public listener) should be handled during the SMTP conversation or within the
workqueue. For more informaiton, see
messages (on a public listener) should be handled during the SMTP conversation or within the
workqueue. For more informaiton, see
. This allows the appliance to