Quarantine for incoming mail policy content-filters
We have M160 + 2xC160. Centralized Ironport Spam Quarantine in M160, and quarantine digest alerts and quarantine management working fine for spam detected messages.
Noticed, that if doing a pro-active Incoming or Outgoing Mail Filtering for Outlook 2007 restricted attachments (exe, pif, scr, reg, wsh, ... see the complete list used in a link below), and selecting Quarantine as action, those messaged triggered are being quarantined in a server based Policy quarantine, and not to centralized Ironport Spam Quarantine at all. Also these Policy quarantined messages are being quarantined siilently - either sender or recipient will not get any notification or digest about the event.
What should I do to make those pro-active content-filter rules to trigger by those unwanted email attachements, quarantine the message and either immediately send a notification to a sender or recipient, which one is found in SMTP envelope addresses and which address is routed to our protected email domains? We do not want to send these notifications outside of the house or customer namespace.
Re: Quarantine for incoming mail policy content-filters
your content filters will be simple attachment checks of allowed versus unallowed types. the logic should be applied at the to two different content filters though - to handle internal recipients versus everyone else:
- content filter "internal_users" checks for recipients @yourdomain.com and attachment file type action would be notify and drop/strip attachment by file info - content filter "external_users" will be the same only have no check for recipients and therefore apply to everyone else. the action would also exclude the notification.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :