Cisco Cisco Email Security Appliance C160 Mode D'Emploi
29-7
Cisco AsyncOS 8.5 for Email User Guide
Chapter 29 Spam Quarantine
Using Safelists and Blocklists to Control Email Delivery Based on Sender
When you enable safelists and blocklists, the appliance scans the messages against the safelist/blocklist
database immediately before anti-spam scanning. If the appliance detects a sender or domain that
matches a safelist or blocklist entry, the message will be splintered if there are multiple recipients (and
the recipients have different safelist/blocklist settings). For example, a message is sent to both recipient
A and recipient B. Recipient A has safelisted the sender, whereas recipient B does not have an entry for
the sender in the safelist or the blocklist. In this case, the message may be split into two messages with
two message IDs. The message sent to recipient A is marked as safelisted with an X-SLBL-Result-Safelist
header and skips anti-spam scanning, whereas the message bound for recipient B is scanned by the
anti-spam scanning engine. Both messages then continue along the pipeline (through anti-virus
scanning, content policies, and so on) and are subject to any configured settings.
database immediately before anti-spam scanning. If the appliance detects a sender or domain that
matches a safelist or blocklist entry, the message will be splintered if there are multiple recipients (and
the recipients have different safelist/blocklist settings). For example, a message is sent to both recipient
A and recipient B. Recipient A has safelisted the sender, whereas recipient B does not have an entry for
the sender in the safelist or the blocklist. In this case, the message may be split into two messages with
two message IDs. The message sent to recipient A is marked as safelisted with an X-SLBL-Result-Safelist
header and skips anti-spam scanning, whereas the message bound for recipient B is scanned by the
anti-spam scanning engine. Both messages then continue along the pipeline (through anti-virus
scanning, content policies, and so on) and are subject to any configured settings.
If a message sender or domain is blocklisted, the delivery behavior depends on the blocklist action that
you specify when you enable the safelist/blocklist feature. Similar to safelist delivery, the message is
splintered if there are different recipients with different safelist/blocklist settings. The blocklisted
message splinter is then quarantined or dropped, depending on the blocklist action settings. If the
blocklist action is configured to quarantine, the message is scanned and eventually quarantined. If the
blocklist action is configured to delete, the message is dropped immediately after safelist/blocklist
scanning.
you specify when you enable the safelist/blocklist feature. Similar to safelist delivery, the message is
splintered if there are different recipients with different safelist/blocklist settings. The blocklisted
message splinter is then quarantined or dropped, depending on the blocklist action settings. If the
blocklist action is configured to quarantine, the message is scanned and eventually quarantined. If the
blocklist action is configured to delete, the message is dropped immediately after safelist/blocklist
scanning.
Because safelists and blocklists are maintained in the spam quarantine, delivery behavior is also
contingent on other anti-spam settings. For example, if you configure the “Accept” mail flow policy in
the Host Access Table (HAT) to skip anti-spam scanning, then users who receive mail on that listener
will not have their safelist and blocklist settings applied to mail received on that listener. Similarly, if
you create a mail flow policy that skips anti-spam scanning for certain message recipients, these
recipients will not have their safelist and blocklist settings applied.
contingent on other anti-spam settings. For example, if you configure the “Accept” mail flow policy in
the Host Access Table (HAT) to skip anti-spam scanning, then users who receive mail on that listener
will not have their safelist and blocklist settings applied to mail received on that listener. Similarly, if
you create a mail flow policy that skips anti-spam scanning for certain message recipients, these
recipients will not have their safelist and blocklist settings applied.
Related Topics
•
•
Enabling Safelists and Blocklists
Before You Begin
•
The spam quarantine must be enabled. See
.
Procedure
Step 1
Select Monitor > Spam Quarantine.
Step 2
In the End-User Safelist/Blocklist (Spam Quarantine) section, select Enable.
Step 3
Select Enable End User Safelist/Blocklist Feature.
Step 4
Select Quarantine or Delete for the Blocklist Action.
Step 5
Specify the Maximum List Items Per User.
This is the maximum number of addresses or domains for each list, for each recipient. If you allow a
large number of list entries per user, system performance might be adversely affected.
large number of list entries per user, system performance might be adversely affected.
Step 6
Submit and commit your changes.