IronPort - daily management guide - AsyncOS 7.6.1
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Configuring the Cisco <strong>IronPort</strong> Spam Quarantines Feature<br />
Configuring End User Quarantine Access<br />
4-24<br />
Cisco <strong>IronPort</strong> <strong>AsyncOS</strong> 7.6 for Email Daily Management Guide<br />
Chapter 4 Quarantines<br />
To allow end users to access the Cisco <strong>IronPort</strong> Spam quarantine directly (without requiring a<br />
notification): click Edit in the Settings column for the <strong>IronPort</strong> Spam Quarantine on the Monitor -><br />
Quarantines page. The Edit <strong>IronPort</strong> Spam Quarantine page is displayed.<br />
Step 1 Check the checkbox labeled Enable End-User Quarantine Access. Administrator users can still access<br />
the quarantine, regardless of whether the box is checked.<br />
Figure 4-17 Editing <strong>IronPort</strong> Spam Quarantine Access Settings<br />
Step 2 Specify whether or not to display message bodies before messages are released. If this box is checked,<br />
users may not view the message body via the Cisco <strong>IronPort</strong> Spam quarantine page. Instead, to view a<br />
quarantined message’s body users must release the message and view it in their mail application<br />
(Outlook, etc.). This is especially relevant to compliance issues where all viewed email must be archived.<br />
Step 3 Specify the method you would like to use to authenticate end-users when they attempt to view their<br />
quarantine directly via web browser (not via the email notification). You may use either Mailbox or<br />
LDAP authentication.<br />
Note that you can allow end user access to the Cisco <strong>IronPort</strong> Spam quarantine without enabling<br />
authentication. In this case, users can access the quarantine via the link included in the notification<br />
message and the system does not attempt to authenticate the user. If you want to enable end user<br />
access without authentication, select None in the End-User Authentication dropdown menu.<br />
LDAP Authentication: If you do not have an LDAP server or an active end user authentication<br />
query set up, click the System Administration > LDAP link to configure your LDAP server<br />
settings and end user authentication query string. For information about configuring LDAP<br />
authentication, see “LDAP Queries” in the Cisco <strong>IronPort</strong> <strong>AsyncOS</strong> for Email Advanced<br />
Configuration Guide.<br />
Mailbox Authentication: For sites without an LDAP directory to use for authentication, the<br />
quarantine can also validate user’s email addresses and passwords against and standards-based<br />
IMAP or POP server that holds their mailbox. When logging in to the web UI, the users enter their<br />
full email address and mailbox password, and the quarantine uses this to attempt to log in to the<br />
mailbox server as that user. If the login is successful, the user is authenticated and the quarantine<br />
then immediately logs out and no changes are made to the user’s inbox. Using mailbox<br />
authentication works well for sites that do not run an LDAP directory, but mailbox authentication<br />
can not present a user with messages that may have been bound for an email alias.<br />
Select the type (IMAP or POP). Specify a server name and whether or not to use SSL for a secure<br />
connection. Enter a port number for the server. Supply a domain (example.com, for example) to<br />
append to unqualified usernames.<br />
If the POP server advertises APOP support in the banner, then for security reasons (i.e., to avoid<br />
sending the password in the clear) the Cisco <strong>IronPort</strong> appliance will only use APOP. If APOP is not<br />
supported for some or all users then the POP server should be reconfigured to not advertise APOP.<br />
Step 4 Submit and commit your changes.<br />
OL-25138-01