Cisco Cisco Email Security Appliance X1070 Guía Del Usuario
42-3
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 42 Centralizing Services on a Cisco Content Security Management Appliance
Working with an External Spam Quarantine
Messages that are released from the external quarantine on the Security Management appliance are
returned to the originating Email Security appliance for delivery. These messages do not normally pass
through the following processes before delivery: HAT and other policy or scanning settings, RAT,
domain exceptions, aliasing, incoming filters, masquerading, bounce verification, and the work queue.
returned to the originating Email Security appliance for delivery. These messages do not normally pass
through the following processes before delivery: HAT and other policy or scanning settings, RAT,
domain exceptions, aliasing, incoming filters, masquerading, bounce verification, and the work queue.
An Email Security appliance that is configured to send mail to a Security Management appliance will
automatically expect to receive mail released from the Security Management appliance and will not
reprocess those messages when they are received back. For this to work, the IP address of the Security
Management appliance must not change. If the IP address of the Security Management appliance
changes, the receiving Email Security appliance will process the message as it would any other incoming
message. You should always use the same IP address for receiving and delivery on the Security
Management appliance.
automatically expect to receive mail released from the Security Management appliance and will not
reprocess those messages when they are received back. For this to work, the IP address of the Security
Management appliance must not change. If the IP address of the Security Management appliance
changes, the receiving Email Security appliance will process the message as it would any other incoming
message. You should always use the same IP address for receiving and delivery on the Security
Management appliance.
The Security Management appliance accepts mail for quarantining from the IP addresses specified in the
spam quarantine settings. To configure the spam quarantine on the Security Management appliance, see
the Cisco Content Security Management Appliance User Guide.
spam quarantine settings. To configure the spam quarantine on the Security Management appliance, see
the Cisco Content Security Management Appliance User Guide.
Mail released by the Security Management appliance is delivered to the primary and secondary hosts
(content security appliance or other groupware host) as defined in the spam quarantine settings (see the
Cisco Content Security Management Appliance User Guide). Therefore, regardless of the number of
Email Security appliances delivering mail to the Security Management appliance, all released mail,
notifications, and alerts are sent to a single host (groupware or content security appliance). Take care not
to overburden the primary host for delivery from the Security Management appliance.
(content security appliance or other groupware host) as defined in the spam quarantine settings (see the
Cisco Content Security Management Appliance User Guide). Therefore, regardless of the number of
Email Security appliances delivering mail to the Security Management appliance, all released mail,
notifications, and alerts are sent to a single host (groupware or content security appliance). Take care not
to overburden the primary host for delivery from the Security Management appliance.
Migrating from a Local Spam Quarantine to an External Quarantine
If you are currently using the local spam quarantine on an Email Security appliance but would like to
migrate to an external spam quarantine hosted on a Security Management appliance — while retaining
access to the messages in the local quarantine — you should prevent new messages from entering the
local quarantine during the transition.
migrate to an external spam quarantine hosted on a Security Management appliance — while retaining
access to the messages in the local quarantine — you should prevent new messages from entering the
local quarantine during the transition.
Consider the following possible strategies:
•
Configuring anti-spam settings — Configure the anti-spam settings on your mail policy specifying
the Security Management appliance as the alternate host. This action sends new spam to the external
quarantine while still allowing access to the local quarantine.
the Security Management appliance as the alternate host. This action sends new spam to the external
quarantine while still allowing access to the local quarantine.
•
Setting a shorter expiration time — Configure the Schedule Delete After setting on the local
quarantine to a shorter duration.
quarantine to a shorter duration.
•
Deleting all of the remaining messages — To delete all remaining messages in the local quarantine,
disable the quarantine and the click the “Delete All” link on the local quarantines page (see
disable the quarantine and the click the “Delete All” link on the local quarantines page (see
). This link only becomes available when a local
spam quarantine with messages still contained in it has been disabled.
You should now be ready to enable the external quarantine and disable the local quarantine.
Note
If both the local quarantine and the external quarantine are enabled, the local quarantine is used.
Enabling an External Spam Quarantine and External Safelist/Blocklist
You can enable only one external spam quarantine on an Email Security appliance.