Cisco Cisco Email Security Appliance C160 Guía Del Usuario
4-3
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 4 Understanding the Email Pipeline
Email Pipeline Flows
Figure 4-2
Email Pipeline — Work Queue
Drop Message
Bounce Message
Deliver Message
Send message to
quarantine
Encrypt and deliver
message
Start SMTP client
conversation
Yes
No, Bounce
Acti on is B ounce
All other actions
No
No, OR Yes and action is deliver
No, Yes and message i s repaired, OR Yes and message sent as attachment.
All other actions
Acti on is Deliver
Acti on is Encrypt & Del iver
Yes, blocklist action is
delete
Yes, blocklist
act ion is
quarantine
Yes, safelist
Yes, act ion is
quarantine
No, Yes and infected attachment is dropped, OR Unknown and appliance is not configured to quarantine unknown fi les
No, OR Yes and action is deliver
Unknown, act ion
is quarantine
Yes, act ion is
quarantine
Acti on is Encrypt
& Del iver
Acti on is Deliver
Yes, message is
quarantined
Acti on is Deliver
Yes, act ion is
quarantine
No, OR Yes and message is modified
Acti on is Skip
Outbreak Filt ers
No, Drop
Acti on is Drop
Yes, act ion is Bounce
Yes, act ion is Dr op
Yes, act ion is Dr op
Yes, act ion is Dr op
Acti on is Drop
Acti on is B ounce
Yes, act ion is Dr op
Receive message in
the work queue
Do the LDAP acceptance queries indicate this is a valid recipient?
(Configured to occur during the work queue)Yes
Envelope Sender and some email headers are rewritten based on a
table or LDAP query (masquerading)
Messages are created for each alias target according to
LDAP routing queries
Message filters are applied to messages, and an action is taken
Is the sender address in the end-user safelist or blocklist database?
Is the message identified as spam?
(May be skipped due to configuration)
Is the message identified to have a virus?
(May be skipped due to configuration)
Does a message attachment contain a threat?
(Behavior depends on configuration)
Content filters are applied, and an action is taken
(May be skipped due to configuration)
Do the outbreak filters indicate an outbreak is present?
(Outbound) Does the RSA DLP Engine detect a DLP violation?
If the message is not spam, virus, and threat positive, add graymail safe
unsubscribe banner (May be skipped due to configuration)
Acti on is Drop
Acti on is B ounce
Is the message identified to have a graymail?
(May be skipped due to configuration)