Cisco Cisco Content Security Management Appliance M1070 ユーザーガイド
7-8
AsyncOS 8.3.5 for Cisco Content Security Management User Guide
Chapter 7 Spam Quarantine
Using Safelists and Blocklists to Control Email Delivery Based on Sender
When you enable safelists and blocklists, the appliance scans the messages against the safelist/blocklist
database immediately before anti-spam scanning. If the appliance detects a sender or domain that
matches a safelist or blocklist entry, the message will be splintered if there are multiple recipients (and
the recipients have different safelist/blocklist settings). For example, a message is sent to both recipient
A and recipient B. Recipient A has safelisted the sender, whereas recipient B does not have an entry for
the sender in the safelist or the blocklist. In this case, the message may be split into two messages with
two message IDs. The message sent to recipient A is marked as safelisted with an X-SLBL-Result-Safelist
header and skips anti-spam scanning, whereas the message bound for recipient B is scanned by the
anti-spam scanning engine. Both messages then continue along the pipeline (through anti-virus
scanning, content policies, and so on) and are subject to any configured settings.
database immediately before anti-spam scanning. If the appliance detects a sender or domain that
matches a safelist or blocklist entry, the message will be splintered if there are multiple recipients (and
the recipients have different safelist/blocklist settings). For example, a message is sent to both recipient
A and recipient B. Recipient A has safelisted the sender, whereas recipient B does not have an entry for
the sender in the safelist or the blocklist. In this case, the message may be split into two messages with
two message IDs. The message sent to recipient A is marked as safelisted with an X-SLBL-Result-Safelist
header and skips anti-spam scanning, whereas the message bound for recipient B is scanned by the
anti-spam scanning engine. Both messages then continue along the pipeline (through anti-virus
scanning, content policies, and so on) and are subject to any configured settings.
If a message sender or domain is blocklisted, the delivery behavior depends on the blocklist action that
you specify when you enable the safelist/blocklist feature. Similar to safelist delivery, the message is
splintered if there are different recipients with different safelist/blocklist settings. The blocklisted
message splinter is then quarantined or dropped, depending on the blocklist action settings. If the
blocklist action is configured to quarantine, the message is scanned and eventually quarantined. If the
blocklist action is configured to delete, the message is dropped immediately after safelist/blocklist
scanning.
you specify when you enable the safelist/blocklist feature. Similar to safelist delivery, the message is
splintered if there are different recipients with different safelist/blocklist settings. The blocklisted
message splinter is then quarantined or dropped, depending on the blocklist action settings. If the
blocklist action is configured to quarantine, the message is scanned and eventually quarantined. If the
blocklist action is configured to delete, the message is dropped immediately after safelist/blocklist
scanning.
Because safelists and blocklists are maintained in the spam quarantine, delivery behavior is also
contingent on other anti-spam settings. For example, if you configure the “Accept” mail flow policy in
the Host Access Table (HAT) to skip anti-spam scanning, then users who receive mail on that listener
will not have their safelist and blocklist settings applied to mail received on that listener. Similarly, if
you create a mail flow policy that skips anti-spam scanning for certain message recipients, these
recipients will not have their safelist and blocklist settings applied.
contingent on other anti-spam settings. For example, if you configure the “Accept” mail flow policy in
the Host Access Table (HAT) to skip anti-spam scanning, then users who receive mail on that listener
will not have their safelist and blocklist settings applied to mail received on that listener. Similarly, if
you create a mail flow policy that skips anti-spam scanning for certain message recipients, these
recipients will not have their safelist and blocklist settings applied.
Related Topics
•
•
Enabling Safelists and Blocklists
Before You Begin
•
The spam quarantine must be enabled. See
.
•
Configure the Email Security appliance to use an external safelist/blocklist. See instructions for
setting up an external spam quarantine in the documentation for your Email Security appliance.
setting up an external spam quarantine in the documentation for your Email Security appliance.
Procedure
Step 1
Select Management Appliance > Centralized Services > Spam Quarantine.
Step 2
In the End-User Safelist/Blocklist (Spam Quarantine) section, select Enable.
Step 3
Select Enable End User Safelist/Blocklist Feature.
Step 4
Specify the Maximum List Items Per User.
This is the maximum number of addresses or domains for each list, for each recipient. If you allow a
large number of list entries per user, system performance might be adversely affected.
large number of list entries per user, system performance might be adversely affected.
Step 5
Select the update frequency. This value determines how often AsyncOS updates the safelists/blocklists
on the Email Security appliances that use the external spam quarantine. The significance of this setting
is described in
on the Email Security appliances that use the external spam quarantine. The significance of this setting
is described in
.