Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi
7-9
AsyncOS 8.1 for Cisco Content Security Management User Guide
Chapter 7 Managing the Cisco IronPort Spam Quarantine
•
Mailbox authentication: For sites without an LDAP directory for authentication, the quarantine
can validate users’ email addresses and passwords against a standards-based IMAP or POP server
that holds their mailboxes. When logging in to the web UI, users enter their full email address and
mailbox password. The quarantine uses this information to log in to the mailbox server as the user.
If the login is successful, the user is authenticated and the quarantine logs out of the mailbox server
without making any changes to the user’s Inbox. Mailbox authentication is recommended for sites
that do not use an LDAP directory. However, mailbox authentication cannot provide a user with
quarantined messages that were sent to multiple email aliases.
can validate users’ email addresses and passwords against a standards-based IMAP or POP server
that holds their mailboxes. When logging in to the web UI, users enter their full email address and
mailbox password. The quarantine uses this information to log in to the mailbox server as the user.
If the login is successful, the user is authenticated and the quarantine logs out of the mailbox server
without making any changes to the user’s Inbox. Mailbox authentication is recommended for sites
that do not use an LDAP directory. However, mailbox authentication cannot provide a user with
quarantined messages that were sent to multiple email aliases.
Select the type of mailbox server (IMAP or POP). Specify a server name and whether or not to use
SSL for a secure connection. Enter a port number for the server. Supply a domain (for example,
company.com) to append to unqualified user names.
SSL for a secure connection. Enter a port number for the server. Supply a domain (for example,
company.com) to append to unqualified user names.
If the POP server advertises APOP support in the banner, then for security reasons (namely, to avoid
sending the password in the clear) the appliance uses APOP only. If APOP is not supported for some
users, then the POP server should be reconfigured so that it does not advertise APOP.
sending the password in the clear) the appliance uses APOP only. If APOP is not supported for some
users, then the POP server should be reconfigured so that it does not advertise APOP.
–
LDAP: If you do not have an LDAP server or an active end user authentication query set up,
choose Management Appliance > System Administration > LDAP to configure your LDAP
server settings and end user authentication query string. For information about configuring
LDAP authentication, see
choose Management Appliance > System Administration > LDAP to configure your LDAP
server settings and end user authentication query string. For information about configuring
LDAP authentication, see
.
–
None: You can allow end user access to the Cisco IronPort Spam Quarantine without enabling
authentication. In this case, users can access the quarantine by clicking a link in the notification
message, and the system does not use mailbox or LDAP authentication.
authentication. In this case, users can access the quarantine by clicking a link in the notification
message, and the system does not use mailbox or LDAP authentication.
Step 6
Specify whether or not to display message bodies before messages are released from the quarantine.
If this check box is selected, users cannot view the message body through the Cisco IronPort Spam
Quarantine page. Instead, to view a quarantined message, users must release the message and view it in
their mail application (for example, Microsoft Outlook). You can use this feature for policy and
regulation compliance — for example, if a regulation requires that all viewed email be archived.
Quarantine page. Instead, to view a quarantined message, users must release the message and view it in
their mail application (for example, Microsoft Outlook). You can use this feature for policy and
regulation compliance — for example, if a regulation requires that all viewed email be archived.
Step 7
Submit and commit your changes.
Configuring Spam Notifications for End Users
Spam notifications are email messages sent to email users when they have messages in the
Cisco IronPort Spam Quarantine. Notifications contain a list of quarantined spam or suspected spam for
the user. Notifications also include a link for users to view their quarantined messages. Once enabled,
notifications are sent according to the schedule that you specify.
Cisco IronPort Spam Quarantine. Notifications contain a list of quarantined spam or suspected spam for
the user. Notifications also include a link for users to view their quarantined messages. Once enabled,
notifications are sent according to the schedule that you specify.
Spam notifications can provide a way for end users to log in to the quarantine without using LDAP or
mailbox authentication. Users access the quarantine through the email notifications that they receive (if
notifications are enabled for the quarantine). Clicking a message subject logs the user in to the web UI
for the quarantine.
mailbox authentication. Users access the quarantine through the email notifications that they receive (if
notifications are enabled for the quarantine). Clicking a message subject logs the user in to the web UI
for the quarantine.
Note
This login method does not display quarantined messages for other aliases that the end user may have.
Also, if the notification was sent to a distribution list that was expanded after the appliance processed it,
then multiple recipients might have access to the same quarantine for the list.
Also, if the notification was sent to a distribution list that was expanded after the appliance processed it,
then multiple recipients might have access to the same quarantine for the list.
Because of the way the appliance generates spam notifications, users may receive multiple spam
notifications for their email aliases or if they use multiple email addresses. You can use the alias
consolidation feature to prevent some occurrences of multiple notifications. If you do not have an
notifications for their email aliases or if they use multiple email addresses. You can use the alias
consolidation feature to prevent some occurrences of multiple notifications. If you do not have an