Quarantine for incoming mail policy content-filters

Unanswered Question
Aug 6th, 2009

We have M160 + 2xC160. Centralized Ironport Spam Quarantine in M160, and quarantine digest alerts and quarantine management working fine for spam detected messages.

Noticed, that if doing a pro-active Incoming or Outgoing Mail Filtering for Outlook 2007 restricted attachments (exe, pif, scr, reg, wsh, ... see the complete list used in a link below), and selecting Quarantine as action, those messaged triggered are being quarantined in a server based Policy quarantine, and not to centralized Ironport Spam Quarantine at all. Also these Policy quarantined messages are being quarantined siilently - either sender or recipient will not get any notification or digest about the event.


What should I do to make those pro-active content-filter rules to trigger by those unwanted email attachements, quarantine the message and either immediately send a notification to a sender or recipient, which one is found in SMTP envelope addresses and which address is routed to our protected email domains? We do not want to send these notifications outside of the house or customer namespace.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Andrew Wurster Thu, 08/06/2009 - 23:38

your content filters will be simple attachment checks of allowed versus unallowed types. the logic should be applied at the to two different content filters though - to handle internal recipients versus everyone else:

- content filter "internal_users" checks for recipients @yourdomain.com and attachment file type
action would be notify and drop/strip attachment by file info
- content filter "external_users" will be the same only have no check for recipients and therefore apply to everyone else. the action would also exclude the notification.

let me know if this helps.



This Discussion