cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.2-020
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.1.0-239
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

1165
Views
5
Helpful
7
Replies
ivan.yeung
Beginner

X-IronPort-Quarantine header Safelist compatibility

Hi,

I have config a content filter that for some condition, the X-IronPort-Quarantine will be add to header, so the email will send to spam quarantine, however, if a user add those sender email to the spam quarantine safelist, it sill quarantine instead of send to user inbox. is there any ways to workaround ?

 

7 REPLIES 7
AshokJat
Beginner

Hi,

 

You can bypass header value from massage filter.

If user think that mail coming from same domain. And think that it contains trustworthy mails, than he can add the header of that mail to the message filter and bypass spam check for executing the same.

thanks for your reply AshokJat, however, how can end user(inbox user) add message filter?

I have this same issue.  Did you ever figure out how to solve this?

no idea yet

I opened a TAC case to ask this question.  It's not the answer we were hoping for.  Here is their response:

The mail passes through the anti-spam engine  with the sender marked in the safe-list. Then the mail will pass through the remaining further engines in the incoming mail policy. Since the mail is tagged with the X-IronPort  tag,  in the later coming content filter  it will be sent to quarantine . The X-IronPort  Tag  has nothing to do with the SAFE-LIST. The X-ironport Tag is the real culprit behind it. Removing the TAG itself would be the only way , so the mail can go without a problem.

Would you not be able to add in the following within the filter?

If header does or does not exist:

header("X-SLBL-Result") != "^SAFE-LISTED$"

Chris, Good call!  I think that will work  I already check X-Ironport-Case-Suspect and X-Ironport-Case-Graymail before I add X-IronPort-Quarantine, so I'll just add X-SLBL-Result to the conditions.  Thank you!

Create
Recognize Your Peers
Content for Community-Ad