Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1184
Views
0
Helpful
3
Replies

Personal quarantine for invalid users

Go to solution
Alibek Ismailov
Level 1
Level 1

‎01-13-2015 01:33 AM

Hello, 

1) how to prohibit on ironport to create personal Spam Quarantine for users who are invalid (nonexistent users of my domain and users from other email service (gmail.com)) and can i configure to drop messages for nonexistent users of my domain?

2) how to configure to see my outgoing messages that were put in Spam Quarantine in my personal quarantine?

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee

‎01-15-2015 07:02 PM

Hey Alibek,


For this type of setup, i would suggest using LDAP Accept checking for Recipient Validation to be done before the Anti-spam service takes action and scans emails for EUQ delivery or drop (if positive) .

This will save system resources (memory, ram, space etc.) as the email will be denied at the SMTP connection level rather than taking in the whole email where the recipient may be invalid.

This also eliminates the chances of a Spam quarantine for users who are non-existent within your domain.

 

* Info on LDAP recipient validation means to setup an LDAP server profile to work with your AD server, run LDAP accept queries and employ this query into your public listener.

 

For enquiry 2.

Please let me know what do you mean by 'my personal quarantine' 

It is possible to manipulate the email to have it send to your EUQ but it would require the recipient to be re-written so if you released the email it won't go to the original intended recipient.

 

But if it's to re-route it to a policy quarantine then it can be done with Headers + Content Filters.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee

‎01-15-2015 07:02 PM

Hey Alibek,


For this type of setup, i would suggest using LDAP Accept checking for Recipient Validation to be done before the Anti-spam service takes action and scans emails for EUQ delivery or drop (if positive) .

This will save system resources (memory, ram, space etc.) as the email will be denied at the SMTP connection level rather than taking in the whole email where the recipient may be invalid.

This also eliminates the chances of a Spam quarantine for users who are non-existent within your domain.

 

* Info on LDAP recipient validation means to setup an LDAP server profile to work with your AD server, run LDAP accept queries and employ this query into your public listener.

 

For enquiry 2.

Please let me know what do you mean by 'my personal quarantine' 

It is possible to manipulate the email to have it send to your EUQ but it would require the recipient to be re-written so if you released the email it won't go to the original intended recipient.

 

But if it's to re-route it to a policy quarantine then it can be done with Headers + Content Filters.

0 Helpful

Go to solution
Alibek Ismailov
Level 1
Level 1
In response to Mathew Huynh

‎01-16-2015 12:03 AM

About 'personal quarantine' i mean that 'Spam quarantine notifications' come to recipients, Can it come to sender from my domain?

0 Helpful

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee
In response to Alibek Ismailov

‎01-18-2015 03:23 PM

Hey Alibek,

 

From my testing on my lab environment, i was able to manipulate the email in the way so it forces the email to be sent to the spam quarantine of the sender address rather than recipient (which is the design).

 

However to do so, it requires altering of the actual email in the event the email is seen as positive spam you'll re-write the recipient so that it goes into the sender mail box, but by doing so when the email is released it will not release back to the original recipient but to the actual sender.

 

This type of behaviour is not with the system design so I went forward with mail manipulation to achieve the results desired (to an extent)

What this means is, for testing purposes (before you decide if you want to put this into production)

Create an outgoing mail policy for your test address to be using where sender is your address.

On the anti-spam settings, change positive/suspected spam to 'deliver' but add a custom header like X-IP-Spam or so.

 

Create a content filter where it will look for this header, and if the header exists.

Action would be

Change recipient to -> The sender address

Change mail destination host -> 'the.euq.queue'

 

Then enable this content filter.

 

What this filter does is, it will re-write the original intended recipient to the sender address when emails are seen as spam and will send it to the rewritten 'recipient' spam quarantine.

 

Thus will go into the spam notifications when generated.

Note: When you release this email, it will release to the rewritten recipient and not the intended recipient.

0 Helpful
Customers Also Viewed These Support Documents