Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
392
Views
2
Helpful
3
Replies

Ironport ESA C195 quarantine not storing any emails

jjtech
Level 1
Level 1

‎02-28-2024 10:47 PM

Hello,

We have a Cisco ESA Ironport C195 and we had an Anti Spoofing Inbound rule configured that was set to drop suspected emails and notify us by email, however we decided to change it to Quarantine and notify, so we enabled Quarantine and added the Quarantine action to the rule and enabled keep a duplicate copy of the message .

 

But the issue that we're facing is we're getting notified of emails by mail and we can find the suspected emails in Message Tracking, however when we go to Quarantine, there are no emails at all.

What else could I be missing ?

Thank you,

Labels:
0 Helpful
3 Replies 3

Ken Stieers
VIP
VIP

‎02-29-2024 08:10 AM

Which Quarentine are you looking in? Assuming you're using a Content Filter and using the Quarantine action, these mails will go to Policy quarantines, where the users can't see them... maybe check the retention on that quarantine to make sure its not getting deleted too quickly? and the space allocated to quarantines?  

0 Helpful

Pulkit Mittal
Spotlight
Spotlight

‎03-03-2024 03:37 PM

Please check to ensure you are selecting the right policy quarantine box that it is referring to in the Antispoof rule while checking for the messages. Also, check the number of days the quarantine box will hold the email for. Example: 5 days will mean that the email will be deleted after 5 days of retention period. IF you are checking the message tracking for a message more than 5 days old then in this case you would have lost the email from the quarantine. Else, I suggest to reach out to TAC support if the email under quarantine is within the retention period, which is highly unlikely but possible in case of an issue.

Regards,

Pulkit

Please mark this helpful if you are happy with the response, and accept the solution.

Dustin Anderson
VIP
VIP

‎03-14-2024 09:30 AM

You will want to also check your order of actions. If you had send email then drop and added quarantine at the end, the drop will end the session and never hit the quarantine, so you would want to move it above the drop.

This is a guess at the issue without seeing it.

Customers Also Viewed These Support Documents