03-19-2018 06:24 PM - edited 03-08-2019 07:35 PM
Hi,
So I have the below requirements:
The objective is to gain a current understanding as to the quantity and type of inbound email with *@client.com to understand the consequence of eventually blocking or quarantining this mail. I need to fully understanding the consequence of blocking any inbound email first by;
1. Maintaining current workflow - The email needs to still go though its normal/current path of inspections, checks, and sent to the staff member’s mailbox as per the current process/workflow within Ironport – provided it is not malicious of course. No change here and I am assuming there is very little email coming inbound from our domain.
2. Take a copy of this inbound email with *@client.com to better understand the current business needs versus the consequence of blocking or quarantining this email in the future. What is this email? Where is it coming from? Why? Who is the recipient? Who is the sender? What is the actual risk? I am hoping we can send this copy to a quarantine queue somewhere in Ironport for 30 days and then just auto delete.
Can anyone please point me to the right direction
Solved! Go to Solution.
03-20-2018 06:39 PM
The duplicate quarantine action sends a copy of the email to the quarantine and the original email would continue processing normally.
Also, the action to be taken at the end of retention period and the time to retain can be configured by you when you add or modify a quarantine.
Regards,
Libin Varghese
03-19-2018 08:06 PM
To get details about an email from @domain.com you can navigate to Monitor -> Message Tracking and perform a search based on the sender or recipient.
To get a copy of specific email to go to a quarantine you can create an incoming/outgoing content filter to look at the sender/recipient domain and perform the duplicate quarantine action (basically quarantine action with duplicate message box checked).
You have also create a new policy quarantine with a custom retention time under Monitor -> Policy, Virus and Outbreak quarantines.
Regards,
Libin Varghese
03-20-2018 06:17 PM
Hi Libin,
Thanks a lot for your reply. I would just like to check if this will actually block those emails if you assign them in a policy quarantine and what would happen to the email after the retention period. We do not want to block those emails but just create a copy so we can further understand the behaviour.
Thanks in advance,
Regards,
Jayson
03-20-2018 06:39 PM
The duplicate quarantine action sends a copy of the email to the quarantine and the original email would continue processing normally.
Also, the action to be taken at the end of retention period and the time to retain can be configured by you when you add or modify a quarantine.
Regards,
Libin Varghese
03-20-2018 09:08 PM
Hi Libin,
Thanks a lot for the reply. I will try the solution you provided.
Regards,
Jayson
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide