Messaging Gateway

 View Only

  • 1.  How to stop examining after defined content compliance rule

    Posted Feb 17, 2010 02:54 PM
    Hi,

    Our customer (owns virtual appliance of Brightmail Gateway, newest version) innovated e-mail security policy. In SPAM we have rule with action  "Hold message in Spam Quarantine".
    There are a lot of content compliace policies. Customer uses up to ten domains (slsp.sk, pslsp.sk, lslsp.sk, ...).

    On the second position of content compliance policy there is defined rule for inbound: if the sender mail address (comming from internet) contains local domain (slsp.sk, pslsp.sk, lslsp.sk, ..., e.g. sss.ggg@slsp.sk) (receiver mail is user.name@slsp.sk). Action: "Hold message in Spam Quarantine".

    On the sixth position there is defined rule for inbound: if in attachment there is a document file,
    "Create an incidet" and "Send notification".

    Then comes an e-mail, which is a spam and contains an attachment word document. According to Spam rule
    the mail is send to spam qarantine.
    But the mail examination continues. In the same mail there is discovered document, so it is craeted incident
    and sent notification, which receives recipient.  Recipient asks for releasing of mail, which is Spam.

    My question: how to stop examining mail after selected rule in content compliace policy. I
    I can not set in SPAM rule action "Hold message in Spam Quarantine" together with action
    "Bypass Compliance Policy", because I need to filter mail with rule on the second position of content compliance.
    Spammers use wery often sender from mail adresses with local domains  (slsp.sk). After this rule I do not
    want to continue mail examining, because the mail comes to the rule in sixth position ant there is discoverd document
    attachment. How to avoid it??

    How to solve such problem??



  • 2.  RE: How to stop examining after defined content compliance rule
    Best Answer

    Posted Feb 17, 2010 07:30 PM
    You should be able to do it with "Bypass compliance policy" action in the spam policy.  You just need to specify which compliance policy to bypass instead of choosing to bypass "All Content Compliance Policies".


  • 3.  RE: How to stop examining after defined content compliance rule

    Posted Feb 17, 2010 07:36 PM
    Besides the compliance policy that you created, you can also block messages coming to your organization from senders (spammers) outside your organization pretending to be from your domain as suggested in the following KB article:

    http://service1.symantec.com/support/ent-gate.nsf/docid/2008111714541154

    Regards,

    Adnan


  • 4.  RE: How to stop examining after defined content compliance rule

    Posted Feb 18, 2010 02:44 PM
    Hi AdnanH,

    I am ashamed. I did not know, that there is a possibility to bypass only some selected rule.

    THANK YOU VERY MUCH, IT HELPS ME.

    BY


  • 5.  RE: How to stop examining after defined content compliance rule

    Posted Feb 18, 2010 03:10 PM
    You are welcome.

    There is nothing to be ashamed of.  Nobody knows everything and we all learn new things every now and then, if not everyday.

    Thanks for marking my response as the Solution.

    Regards,

    Adnan