Showing results for 
Search instead for 
Did you mean: 
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.2-020
Cloud Gateway Email Status Portal Support & Downloads
Email and Web Manager: 14.1.0-239
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in:
Encryption Bug Search
Encryption Plug-in:
Cloud Mailbox Notification Service
Outlook Add-in(s): More info


X-IronPort-Quarantine header Safelist compatibility


I have config a content filter that for some condition, the X-IronPort-Quarantine will be add to header, so the email will send to spam quarantine, however, if a user add those sender email to the spam quarantine safelist, it sill quarantine instead of send to user inbox. is there any ways to workaround ?





You can bypass header value from massage filter.

If user think that mail coming from same domain. And think that it contains trustworthy mails, than he can add the header of that mail to the message filter and bypass spam check for executing the same.

thanks for your reply AshokJat, however, how can end user(inbox user) add message filter?

I have this same issue.  Did you ever figure out how to solve this?

no idea yet

I opened a TAC case to ask this question.  It's not the answer we were hoping for.  Here is their response:

The mail passes through the anti-spam engine  with the sender marked in the safe-list. Then the mail will pass through the remaining further engines in the incoming mail policy. Since the mail is tagged with the X-IronPort  tag,  in the later coming content filter  it will be sent to quarantine . The X-IronPort  Tag  has nothing to do with the SAFE-LIST. The X-ironport Tag is the real culprit behind it. Removing the TAG itself would be the only way , so the mail can go without a problem.

Would you not be able to add in the following within the filter?

If header does or does not exist:

header("X-SLBL-Result") != "^SAFE-LISTED$"

Chris, Good call!  I think that will work  I already check X-Ironport-Case-Suspect and X-Ironport-Case-Graymail before I add X-IronPort-Quarantine, so I'll just add X-SLBL-Result to the conditions.  Thank you!

Recognize Your Peers
Content for Community-Ad