11-24-2014 12:55 AM
I have recently created a new Mail Flow Policy which is added to a new HAT entry.
Is there a way to quarantine mails picked up by the Mail Flow Policy for review before release?
11-24-2014 10:40 AM
Create a content filter and add it to this policy.
Have the conent filter match all mails, and either add the X-IronPort-Quarantine header which puts in in the spam quarantine, or create a policy quarantine, and have it quarantine to there...
11-25-2014 12:31 AM
Thanks for the reply. I currently cannot find an entry to match against in the content filters to pick up how a mail was classified in the Mail Flow Policy. Is this a new functionality that I am not aware of, we are currently running 7.6.3-019. I don't see any X-Headers stating which Mail Flow Policy was matched and I am not matching against SBRS.
11-25-2014 08:39 AM
Yeah, sorry, I was thinking incoming mail policy, not mailflow policy.
Depending upon how you set up your sender groups, you could use reputation score...
11-26-2014 12:16 AM
Indeed, I agree and already have something in place for borderline mailservers based on SBRS to notify users that there may be an issue with the mail. This comes into play when the SBRS passes the previous threshold of -1 and is below 0.
Poor_Reputation: if (reputation <= 0.0) { edit-header-text("Subject", "(.*)", "[SUSPECT: Poor Reputation]\\1"); add-heading("Poor_Reputation"); duplicate-quarantine("Suspect-Copy"); }
However, I have added a further Mail Flow Policy for SORBS and SPAMCOP where SBRS is ignored and these lists are checked before the accept policy. Rather than dropping these I wanted to Quarantine them for investigation.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide