Message Filter for IronPort Spam Quarantine (Answer ID: 481)

morrow_ironport · ‎08-02-2007

Hi ,

after a few Dual C-Series Installations I have changed the filter described in the Ironport Support KnowledgeBase (Answer ID: 481):

Original Solution:

divert-to-ISQ:
if (rcpt-to == 'joe@example.com' ) {
  insert-header("X-IronPort-Quarantine", "Policy");
}

Which needs the Mail to be rescanned by the AntiSpam Engine. If you have a Dual C-Series Setup with one Box being the IronPort Spam-Quarantine (ISQ) this would mean that a mail gets checked twice by the engines (on both machines).

I've now started to use the following filter for direct sending to the ISQ:

deliver_to_isq: 
if recv-listener == "ISQ" {
                    skip-spamcheck();
                    alt-mailhost ("the.euq.queue");
                }

The difference here is that i disable the spamcheck with skip-spamcheck(); and changing the next mailhost to the.euq.queue.
This solution is also much more resource friendly and works on both machines. The the.euq.queue is an internaly used Destination for the Spam Quarantine (no matter if external or local). So this should probably work on all installations, where a direct sending to the Spam Quarantine is needed.

Comments are more then welcome. ;-)

Best Regards,
Adrian

Bart_ironport · ‎08-02-2007

The mails will end up in the ISQ but you can't release them anymore. I think its best to combine the two. See https://www.ironportnation.com/forums/viewtopic.php?p=1452#1452 for more details.

morrow_ironport · ‎08-04-2007

Hi Bart,

the release from the ISQ works fine with my 5.1.1 AsyncOS. Have you tried this recently again?

Regards,
Adrian