Cisco Cisco Email Security Appliance C160 Mode D'Emploi
10-6
Cisco AsyncOS 9.1 for Email User Guide
Chapter 10 Mail Policies
Message Splintering
Note
New MIDs (message IDs) are created for each message splinter (for example, MID 1 becomes MID 2
and MID 3). For more information, see the “Logging” chapter. In addition, the
and MID 3). For more information, see the “Logging” chapter. In addition, the
trace
function shows
which policies cause a message to be split.
Policy matching and message splintering in Email Security Manager policies obviously affect how you
manage the message processing available on the appliance.
manage the message processing available on the appliance.
Related Topics
•
Managed Exceptions
Because the iterative processing of each splinter message impacts performance, Cisco recommends
configuring your content security rules on a managed exception basis. In other words, evaluate your
organization’s needs and try to configure the feature so that the majority of messages will be handled by
the default mail policy and the minority of messages will be handled by a few additional “exception”
policies. In this manner, message splintering will be minimized and you are less likely to impact system
performance from the processing of each splinter message in the work queue.
configuring your content security rules on a managed exception basis. In other words, evaluate your
organization’s needs and try to configure the feature so that the majority of messages will be handled by
the default mail policy and the minority of messages will be handled by a few additional “exception”
policies. In this manner, message splintering will be minimized and you are less likely to impact system
performance from the processing of each splinter message in the work queue.
W
o
rk
Queu
e
Message Filters
(filters)
↓
message for all recipients
Anti-Spam
(antispamconfig, antispamupdate)
Email Sec
u
rity Man
age
r Sca
nni
ng (Per
Re
cip
ien
t)
Messages are splintered immediately after
message filter processing but before anti-spam
processing:
message filter processing but before anti-spam
processing:
message for all recipients
matching policy 1
message for all recipients
matching policy 2
message for all other recipients
(matching the default policy)
Anti-Virus
(antivirusconfig,
antivirusupdate)
File Reputation and Analysis
(Advanced Malware Protection)
(Advanced Malware Protection)
(ampconfig)
Content Filters
(policyconfig -> filters)
Outbreak Filters
(outbreakconfig, outbreakflush,
outbreakstatus, outbreakupdate)
Data Loss Prevention
(policyconfig)
Note
DLP scanning is only performed on
outgoing messages.
outgoing messages.