Hello together,
SMA allows end user access to spam quarantine to view (EUQ) and manage spam/ham classification (SLBL). With "Enable login without credentials for quarantine access" the access is granted via link: "Via a link in a notification, authentication not required". This works fine! (LDAP is enabled to for direct web access). Users receive the notification mail, click on the link and are directly in their quarantine.
For End-User Spam Quarantine Access | Do This |
Directly via web browser, authentication required and Via a link in a notification, authentication not required | - In the End User Quarantine Access settings, choose LDAP, SAML 2.0, or Mailbox (IMAP/POP).
- In the Spam Notifications settings, select Enable login without credentials for quarantine access.
|
https://www.cisco.com/c/en/us/td/docs/security/security_management/sma/sma13-6-1/User-Guide/b_SMA_Admin_Guide_13_6_1/b_NGSMA_Admin_Guide_chapter_0101.html#con_1623537
So far so good. Next, when users will classify the messages as spam or ham (add to safe- or blocklist), they access Safelist/Blocklist feature. It is enabled. Even if the users are already in spam quarantine, they are prompted for credentials. As per help it shouldn't be: "End users access their safelist and blocklist via the spam quarantine". They are already accessing spam quarantine via link notification.
https://www.cisco.com/c/en/us/td/docs/security/security_management/sma/sma13-6-1/User-Guide/b_SMA_Admin_Guide_13_6_1/b_NGSMA_Admin_Guide_chapter_0101.html#con_1516524
Can you confirm that? Guide isn't very clear in this point.
That leads into problem for shared mailboxes / disabled accounts which are not able for explicit authentication and SLBL feature.
