cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2274
Views
0
Helpful
1
Replies

Spam email only quarantined by content filter not in ISQ

john-copeland
Level 1
Level 1

We have our C360 set up to quarantined positively identified spam. We also have various content filters.

Recently we have been getting emails which are positively identified as spam (as per message tracking), but they are then passed for processing to our content filters and match a content filter for adult content. The email is quarantined in our 'Adult' quarantine but not in the ISQ (Ironport Spam Quarantine).

Is this the expected action?

I thought that any email positively identified as spam would be quarantined in the ISQ and proceed no further, but it seems that email positively identified as spam is only quarantined in the ISQ if it does not match any other content filter.

This has the effect of sending out notification emails (as per our content filter setting) advising users that the spam email has been quarantined. We do not want to send notifications out for spam emails received

Is this is the usual chain of events? If I change the spam settings to drop positively identified spam will this prevent any further processing to content filters?

Any advice would be appreciated.

1 Accepted Solution

Accepted Solutions

Andreas Mueller
Level 4
Level 4

Hello John,

yes this is expected behavior, after scanning a message for spam and viruses the message will still go trough the normal workqueue. In your case I'd recommend the following:

1. Edit the Antispam settings in your mail policies. Set

'Positively-Identified Spam Settings' > 'Apply This Action to Message' to deliver.

2. Set 'Add Custom Header' to 'X-Ironport-Quarantine'.  The value can be anything. (i.e. True)

3. Create a Content Filter checking for this header, and if it exists, skip all following filters (Deliver). Or modify your existing filter not to match when that header exists.

Background:  Any message containing a X-Ironport-Quarantine header will be delivered to the spam quarantine instead the recipient destination. A quiet common way to redirect messages to that quarantine with a filter.

Hope that helps,

Andreas

View solution in original post

1 Reply 1

Andreas Mueller
Level 4
Level 4

Hello John,

yes this is expected behavior, after scanning a message for spam and viruses the message will still go trough the normal workqueue. In your case I'd recommend the following:

1. Edit the Antispam settings in your mail policies. Set

'Positively-Identified Spam Settings' > 'Apply This Action to Message' to deliver.

2. Set 'Add Custom Header' to 'X-Ironport-Quarantine'.  The value can be anything. (i.e. True)

3. Create a Content Filter checking for this header, and if it exists, skip all following filters (Deliver). Or modify your existing filter not to match when that header exists.

Background:  Any message containing a X-Ironport-Quarantine header will be delivered to the spam quarantine instead the recipient destination. A quiet common way to redirect messages to that quarantine with a filter.

Hope that helps,

Andreas

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: