Configure the ESA to Move Positive Spam and/or Suspect Spam to Spam Quarantine
In order to quarantine your Suspect Spam and/or Positively Identified Spam messages, complete these steps:
On the ESA, click Mail Policies > Incoming Mail Policies and then the anti-spam column for the Default Policy.
Change the action of either the Positively Identified Spam or Suspect Spam to send to the Spam Quarantine."
Repeat the process for any other ESAs you might have configured for External Spam Quarantine. If you made this change at the cluster level you will not have to repeat it as the change will be propogated to the other appliances in the cluster.
Submit and commit changes.
At this point, mail that would have otherwise been delivered or dropped will get quarantined.
Configure External Spam Quarantine on the SMA
The steps to configure External Spam Quarantine on the SMA are the same as the previous section with a few exceptions:
On each of your ESAs, you will need to disable the local quarantine. Choose Monitor > Quarantines.
On your ESA, choose Security Services > Spam Quarantine and click Enable External Spam Quarantine.
Point the ESA to the IP address of your SMA and specify the port you would like to use. The default is Port 6025.
Ensure Port 6025 is open from the ESA to the SMA. This port is for delivery of quarantined messages from ESA > SMA.
This can be validated by with a telnet test from the CLI on the ESA on port 6025. If a connection opens and stays open you should be set.
tarheel.rtp> telnet 22.214.171.124 6025 Trying 126.96.36.199... Connected to steelers.rtp. Escape character is '^]'. 220 steelers.rtp ESMTP
Ensure you have configured the IP/hostname to access the spam quarantine, such as in "Enable Quarantine Ports and Specify a Quarantine URL at the Interface".
Verify that messages arrive to the spam quarantine from your ESAs. If the spam quarantine does not show any messages, there might be an issue with connectivity from ESA > SMA on port 6025 (see previous steps).
Configure Spam Quarantine Notification
On the ESA, choose Monitor > Spam Quarantine.
On the SMA you would navigate to the Spam Quarantine settings in order to perform the same steps.
Log in with your LDAP account. If this fails, check the External authentication LDAP profile and enable End-User Quarantine Access (see previous steps).
Configure Administrative User Access to the Spam Quarantine
Use the procedure in this section in order to allow administrative users with these roles to manage messages in the Spam Quarantine: Operator, Read-Only Operator, Help Desk, or Guestroles, and custom user roles that include access to the Spam Quarantine.
Administrator-level users, which include the default admin user and Email Administrator users, can always access the Spam Quarantine and do not need to be associated with the Spam Quarantine feature using this procedure.
Note: Non-Administrator-level users can access messages in the Spam Quarantine, but they cannot edit the quarantine settings. Administrator-level users can access messages and edit the settings.
In order to enable administrative users who do not have full Administrator privileges to manage messages in the Spam Quarantine, complete these steps:
Make sure you have created users and assigned them a user role with access to the Spam Quarantine.
On the Security Management appliance, choose Management Appliance > Centralized Services > Spam Quarantine.
Click Enable or Edit Settings in the Spam Quarantine Settings section.
In the Administrative Users area of the Spam Quarantine Settings section, click the selection link for Local Users, Externally Authenticated Users, or Custom User Roles.
Choose the users to whom you want to grant access to view and manage messages in the Spam Quarantine.
Repeat if needed for each of the other types of Administrative Users listed in the section (Local Users, Externally Authenticated Users, or Custom User Roles).