Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160
7-13
AsyncOS 8.1 for Cisco Content Security Management User Guide
Chapter 7 Managing the Cisco IronPort Spam Quarantine
Message Delivery for Safelists and Blocklists
When you enable safelists and blocklists, the Email Security appliance scans the messages against the
safelist/blocklist database immediately before anti-spam scanning. If the appliance detects a sender or
domain that matches an end user’s safelist/blocklist setting, the message is splintered if it has multiple
recipients with different safelist/blocklist settings. For example, sender X sends a message to both
recipient A and recipient B. Recipient A has safelisted sender X, but recipient B has no entry for the
sender in either the safelist or the blocklist. In this case, the message may be split into two messages with
two message IDs. The message sent to recipient A is marked as safelisted with an X-SLBL-Result-Safelist
header, and it skips anti-spam scanning. The message bound for recipient B is scanned with the
anti-spam scanning engine. Both messages then continue along the pipeline (through anti-virus
scanning, content policies, and so forth), and they are subject to any configured settings.
safelist/blocklist database immediately before anti-spam scanning. If the appliance detects a sender or
domain that matches an end user’s safelist/blocklist setting, the message is splintered if it has multiple
recipients with different safelist/blocklist settings. For example, sender X sends a message to both
recipient A and recipient B. Recipient A has safelisted sender X, but recipient B has no entry for the
sender in either the safelist or the blocklist. In this case, the message may be split into two messages with
two message IDs. The message sent to recipient A is marked as safelisted with an X-SLBL-Result-Safelist
header, and it skips anti-spam scanning. The message bound for recipient B is scanned with the
anti-spam scanning engine. Both messages then continue along the pipeline (through anti-virus
scanning, content policies, and so forth), and they are subject to any configured settings.
If a message sender or domain is blocklisted, the delivery behavior depends on the blocklist action
settings. Similar to safelist delivery, the message is splintered if there are different recipients with
different safelist/blocklist settings. The blocklisted message splinter is then quarantined or dropped,
depending on the blocklist action settings.
settings. Similar to safelist delivery, the message is splintered if there are different recipients with
different safelist/blocklist settings. The blocklisted message splinter is then quarantined or dropped,
depending on the blocklist action settings.
Note
You specify blocklist actions in the external spam quarantine settings on the Email Security appliance.
For more information, see
For more information, see
.
If you configure the blocklist action to quarantine messages, the message is scanned and eventually
quarantined. If you configure the blocklist action to delete messages, the message is deleted immediately
after safelist/blocklist scanning.
quarantined. If you configure the blocklist action to delete messages, the message is deleted immediately
after safelist/blocklist scanning.
Backing Up and Restoring the Safelist/Blocklist Database
To maintain a backup of the safelist/blocklist database, the Security Management appliance enables you
to save the database as a .csv file. The .csv file is maintained separately from the XML configuration file
that contains the appliance configuration settings. If you upgrade your appliance or run the System Setup
Wizard, first back up the safelist/blocklist database to the .csv file.
to save the database as a .csv file. The .csv file is maintained separately from the XML configuration file
that contains the appliance configuration settings. If you upgrade your appliance or run the System Setup
Wizard, first back up the safelist/blocklist database to the .csv file.
Note
You can edit the .csv file and then upload it to modify individual end users’ safelists and blocklists.
When you back up the database, the appliance saves the .csv file to the
/configuration
directory using
the following naming convention:
slbl-<serial number>-<timestamp>.csv
When you back up your Security Management appliance, you can choose whether or not to include the
Safelist/Blocklist database. See
Safelist/Blocklist database. See
.
Procedure
Step 1
On the Security Management appliance, choose Management Appliance > System Administration >
Configuration File.
Configuration File.
Step 2
Scroll down to the End-User Safelist/Blocklist Database (Spam Quarantine) section.
Step 3
Click Backup Now to back up the database to a .csv file.
Step 4
Click Select File to Restore to restore the database.