Cisco Cisco Email Security Appliance X1070 トラブルシューティングガイド
How does the spam quarantine handle spam sent
to internal aliases or distribution lists?
to internal aliases or distribution lists?
Document ID: 118237
Contributed by Chris Haag and Stephan Bayer, Cisco TAC Engineers.
Aug 12, 2014
Contents
Many times, spam is sent to an "alias" or distribution list. These aliases are expanded or splintered into a
single message for each "true" recipient in the alias) either on the appliance itself or within the backend
groupware server.
single message for each "true" recipient in the alias) either on the appliance itself or within the backend
groupware server.
Spam sent to these addresses can result in many users receiving spam from to a single message. When
considering spam sent to aliases and the Spam Quarantine (ISQ), it is important to know that all LDAP
aliasing, expansion and rewriting is done before messages are tagged as spam postive or delivered to the
Quarantine. As a result, the behavior of the Spam Quarantine will differ based on where the expansion takes
place.
considering spam sent to aliases and the Spam Quarantine (ISQ), it is important to know that all LDAP
aliasing, expansion and rewriting is done before messages are tagged as spam postive or delivered to the
Quarantine. As a result, the behavior of the Spam Quarantine will differ based on where the expansion takes
place.
If the Email Secuity appliance has been configured to do the alias expansion, each envelope recipient will
have their own separate quarantined message to act on. Where expansion is done on the backend system, a
single message is quarantined and the entire alias group will receive the digest notification. In this case, any of
the alias members can go in and release or delete the message.
have their own separate quarantined message to act on. Where expansion is done on the backend system, a
single message is quarantined and the entire alias group will receive the digest notification. In this case, any of
the alias members can go in and release or delete the message.
Note, if one of the recipients of the digest releases the message from the quarantine, and the alias expansion
happens on the ESA, then the release will only affect that one recipient. However, if the expansion happens on
the groupware server the message will be released or deleted for all members of that distribution list.
happens on the ESA, then the release will only affect that one recipient. However, if the expansion happens on
the groupware server the message will be released or deleted for all members of that distribution list.
Updated: Aug 12, 2014
Document ID: 118237