If your network is
configured as described in
incoming mail from the Internet is received by appliances in the outer DMZ.
Clean mail is sent along to the mail transfer agent (MTA) (groupware) in the
inner DMZ and eventually to the end users within the corporate network.
Spam and suspected
spam (depending on your mail flow policy settings) is sent to the spam
quarantine on the Security Management appliance. End users may then access the
quarantine and elect to delete spam and release messages that they would like
to have delivered to themselves. Messages remaining in the spam quarantine are
automatically deleted after a configurable amount of time.
Messages that are
released from the external quarantine on the Security Management appliance are
returned to the originating Email Security appliance for delivery. These
messages do not normally pass through the following processes before delivery:
HAT and other policy or scanning settings, RAT, domain exceptions, aliasing,
incoming filters, masquerading, bounce verification, and the work queue.
An Email Security
appliance that is configured to send mail to a Security Management appliance
will automatically expect to receive mail released from the Security Management
appliance and will not reprocess those messages when they are received back.
For this to work, the IP address of the Security Management appliance must not
change. If the IP address of the Security Management appliance changes, the
receiving Email Security appliance will process the message as it would any
other incoming message. You should always use the same IP address for receiving
and delivery on the Security Management appliance.
Management appliance accepts mail for quarantining from the IP addresses
specified in the spam quarantine settings. To configure the spam quarantine on
the Security Management appliance, see the Cisco Content Security Management
Appliance User Guide.
Mail released by the
Security Management appliance is delivered to the primary and secondary hosts
(content security appliance or other groupware host) as defined in the spam
quarantine settings (see the Cisco Content Security Management Appliance User
Guide). Therefore, regardless of the number of Email Security appliances
delivering mail to the Security Management appliance, all released mail,
notifications, and alerts are sent to a single host (groupware or content
security appliance). Take care not to overburden the primary host for delivery
from the Security Management appliance.