Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Distribution groups and ISQ

We're migrating to IronPort from Mimesweeper 5.2, and we have ALOT of Distribution groups.
In mimesweeper you can delegate end user spam quarantine access to whoever you want. That means that all spam to distribution groups (or at least the majority) can be controlled by a member of that group. The person then logs in to his own end user quarantine area, and he'll be able to manage the spam for all the distribution groups that are delegated to him.
ISQ doesn't support this...

For now, I've setup a policy that quarantines all spam and suspect spam in a local quarantine area on our C-boxes.
We currently have around 5.000 e-mails in that quarantine area. If just 1 of them is an important e-mail from a client (I haven't checked) then it's really really bad.

How are you guys dealing with this situation? - We can't be the only one having hundres of distribution groups in our AD?

New Member

Re: Distribution groups and ISQ

20 views and no replies...

Is it because you guys don't use ISQ, or is it because you don't have public facing distribution groups? :)

New Member

Re: Distribution groups and ISQ

Hi m00hshu,

I noticed your post and did not have a direct answer... :oops:

After reading it again a few thought pop up, let me share them with you, maybe it helps.

First of all, I think you have already noticed it: the Ironport spam filter is, compared to Mailsweeper, a major improvement for your organization. You will see less (hardly no) false positives and hardly no "missed" spam messages ending up in your users mailboxes.

This reduces the need for end users to check the captured spam for "real" mail and... (Since there will be hardly no valid mail in the quarantine) users will soon "forget" to check the quarantine. (Why spending time on a quarantine check if you already know that you will not find anything interesting).

For your information: we use the Ironports now for 2 years with a E-mail population of around 70.000 users and we have had exactly one (1) announcement of a false positive. The other way around, I used to receive around 150 spam messages a day, after the introduction of Ironport that dropped to one every two or three months.

As you might have guessed we do not use the ISQ, so I also do not have a broad experience with it.
If I remember well you can use LDAP to validate the users on the quarantine, maybe you can do some tricks there.
Another option is to configure the ISQ to send out a report about the captured spam. That report is send to the recipient address of the captured spam message. In you distribution case, the report will be received by all members of the DistGrp. not the most charming, but I guess acceptable in many cases.

good luck!


CreatePlease to create content