Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
612
Views
5
Helpful
3
Replies

Help with Mail Policies confusion

Greg Muszynski
Level 1
Level 1

‎09-22-2015 10:10 AM

I find myself confused with Mail Policies.  I do get Content Filters as they are simple IF THAN condition / action combinations.  IF this condition is meet THAN take this action, simple I get it. 

Why than are there also conditions on the Mail Policies, isn't that redundant.

For example if we have an Incoming Mail Policy called Bill Gates.  Why should we define a Following Sender of Bill.Gates@microsoft.com in the Mail Policy instead of just leaving it on Any Sender and Any Recipient and then simply relying on the Content Filters to provide the logic?

To me it seems like there is some overlap and more opportunity for error and we can miss some messages if Bill has multiple email addresses for example Bill@microsoft.com as well as Bill.Gates@microsoft.com and you only put one in the Mail Policy yet add both to a Dictionary in the Content Filter.

I hope I did not confuse you all and I hope you set me straight, I have been using IronPort for a long time and as I sit here today and stare at our Mail Policies some created by previous administrators, I find myself asking why are these things set up this way

 

 

 

Labels:
0 Helpful
3 Replies 3

Ken Stieers
VIP
VIP

‎09-22-2015 12:06 PM

There are a couple of things to keep in mind:

The policy decision is based on to/from info only. Content filters can dig far deeper, and I think there's more of a performance hit (though I'm speculating on that...)

The policy decision is also where you can turn on/off things like malware scanning/spam scanning/etc. you can't do any of that at the content filter level.

 

And gut feel, I think the mail policy decision is probably meant for bigger swaths... sure you can manage it one address at a time, but I don't think that's the intent...

 

Mathew Huynh
Cisco Employee
Cisco Employee
In response to Ken Stieers

‎09-23-2015 11:57 PM

I believe Ken has hit the nail on the head here.

Essentially, yes you can create a content filter for that specific user for when sender condition AND another condition matches -> take XXXXXX action.

However in the instances you want this action for many different senders (and with version 9+ you can put sender + recipient mixture) then your content filter will be a very long (and resource expensive) filter, also at the same time you may have a lot more filters to create and manage due to ever changing requirements.

 

Secondly, having policies allows custom security service to be used with more finite customization available with header additions and such. also lets you separate what content filter you would like to match for groups/users in a more efficient manner or so to speak.

 

Regards,

Matthew

0 Helpful

exMSW4319
Level 3
Level 3

‎09-25-2015 07:42 AM

I may be re-iterating what others have posted, but mail policies are the simplest and most effective way to branch the flow of mail into (and out of) your organisation.

You can get yourself in a mess arranging your filters / rules in the best order and qualifying them with conditions and final actions, but the most effective route I've found is to just write a new policy.

It's possibly a bit easier on the CPU too?

0 Helpful
Customers Also Viewed These Support Documents