Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1130
Views
0
Helpful
2
Replies

Distribution groups and ISQ

m00hshu_ironport
Level 1
Level 1

‎11-14-2008 12:32 PM

We're migrating to IronPort from Mimesweeper 5.2, and we have ALOT of Distribution groups.
In mimesweeper you can delegate end user spam quarantine access to whoever you want. That means that all spam to distribution groups (or at least the majority) can be controlled by a member of that group. The person then logs in to his own end user quarantine area, and he'll be able to manage the spam for all the distribution groups that are delegated to him.
ISQ doesn't support this...

For now, I've setup a policy that quarantines all spam and suspect spam in a local quarantine area on our C-boxes.
We currently have around 5.000 e-mails in that quarantine area. If just 1 of them is an important e-mail from a client (I haven't checked) then it's really really bad.

How are you guys dealing with this situation? - We can't be the only one having hundres of distribution groups in our AD?

Labels:
0 Helpful
2 Replies 2

m00hshu_ironport
Level 1
Level 1

‎11-19-2008 10:47 AM

20 views and no replies...

Is it because you guys don't use ISQ, or is it because you don't have public facing distribution groups? :)

0 Helpful

steven_geerts
Level 1
Level 1

‎11-23-2008 02:32 PM

Hi m00hshu,

I noticed your post and did not have a direct answer... :oops:

After reading it again a few thought pop up, let me share them with you, maybe it helps.

First of all, I think you have already noticed it: the Ironport spam filter is, compared to Mailsweeper, a major improvement for your organization. You will see less (hardly no) false positives and hardly no "missed" spam messages ending up in your users mailboxes.

This reduces the need for end users to check the captured spam for "real" mail and... (Since there will be hardly no valid mail in the quarantine) users will soon "forget" to check the quarantine. (Why spending time on a quarantine check if you already know that you will not find anything interesting).

For your information: we use the Ironports now for 2 years with a E-mail population of around 70.000 users and we have had exactly one (1) announcement of a false positive. The other way around, I used to receive around 150 spam messages a day, after the introduction of Ironport that dropped to one every two or three months.



As you might have guessed we do not use the ISQ, so I also do not have a broad experience with it.
If I remember well you can use LDAP to validate the users on the quarantine, maybe you can do some tricks there.
Another option is to configure the ISQ to send out a report about the captured spam. That report is send to the recipient address of the captured spam message. In you distribution case, the report will be received by all members of the DistGrp. not the most charming, but I guess acceptable in many cases.

good luck!

Steven.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents