Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi
7-12
AsyncOS 8.2 for Cisco Content Security Management User Guide
Chapter 7 Managing the Spam Quarantine
Step 5
Submit and commit your changes.
Step 6
Repeat for each managed Email Security appliance.
Synchronizing Safelist and Blocklist Settings and Databases
With the Security Management appliance, you can easily synchronize the safelist/blocklist databases on
all managed appliances.
all managed appliances.
Note
Before you can synchronize safelist/blocklist databases, you need to enable the safelist/blocklist feature
and add at least one managed appliance to the Security Management appliance. For more information
about adding managed appliances, see
and add at least one managed appliance to the Security Management appliance. For more information
about adding managed appliances, see
To synchronize safelist/blocklist databases, click the Synchronize All Appliances button on the
Management Appliance > Centralized Services > Spam Quarantine page.
Management Appliance > Centralized Services > Spam Quarantine page.
If you use the centralized management feature to configure multiple appliances, you can configure
administrator settings using centralized management. If you do not use centralized management, you can
manually verify that settings are consistent across machines.
administrator settings using centralized management. If you do not use centralized management, you can
manually verify that settings are consistent across machines.
For more information about using FTP to access appliances, see Appendix A, `IP Interfaces and
Accessing the Appliance,' on page 1.
Accessing the Appliance,' on page 1.
Message Delivery for Safelists and Blocklists
When you enable safelists and blocklists, the Email Security appliance scans the messages against the
safelist/blocklist database immediately before anti-spam scanning. If the appliance detects a sender or
domain that matches an end user’s safelist/blocklist setting, the message is splintered if it has multiple
recipients with different safelist/blocklist settings. For example, sender X sends a message to both
recipient A and recipient B. Recipient A has safelisted sender X, but recipient B has no entry for the
sender in either the safelist or the blocklist. In this case, the message may be split into two messages with
two message IDs. The message sent to recipient A is marked as safelisted with an X-SLBL-Result-Safelist
header, and it skips anti-spam scanning. The message bound for recipient B is scanned with the
anti-spam scanning engine. Both messages then continue along the pipeline (through anti-virus
scanning, content policies, and so forth), and they are subject to any configured settings.
safelist/blocklist database immediately before anti-spam scanning. If the appliance detects a sender or
domain that matches an end user’s safelist/blocklist setting, the message is splintered if it has multiple
recipients with different safelist/blocklist settings. For example, sender X sends a message to both
recipient A and recipient B. Recipient A has safelisted sender X, but recipient B has no entry for the
sender in either the safelist or the blocklist. In this case, the message may be split into two messages with
two message IDs. The message sent to recipient A is marked as safelisted with an X-SLBL-Result-Safelist
header, and it skips anti-spam scanning. The message bound for recipient B is scanned with the
anti-spam scanning engine. Both messages then continue along the pipeline (through anti-virus
scanning, content policies, and so forth), and they are subject to any configured settings.
If a message sender or domain is blocklisted, the delivery behavior depends on the blocklist action
settings. Similar to safelist delivery, the message is splintered if there are different recipients with
different safelist/blocklist settings. The blocklisted message splinter is then quarantined or dropped,
depending on the blocklist action settings.
settings. Similar to safelist delivery, the message is splintered if there are different recipients with
different safelist/blocklist settings. The blocklisted message splinter is then quarantined or dropped,
depending on the blocklist action settings.
Note
You specify blocklist actions in the external spam quarantine settings on the Email Security appliance.
For more information, see
For more information, see
.
If you configure the blocklist action to quarantine messages, the message is scanned and eventually
quarantined. If you configure the blocklist action to delete messages, the message is deleted immediately
after safelist/blocklist scanning.
quarantined. If you configure the blocklist action to delete messages, the message is deleted immediately
after safelist/blocklist scanning.