Hi,
Our customer (owns virtual appliance of Brightmail Gateway, newest version) innovated e-mail security policy. In SPAM we have rule with action "Hold message in Spam Quarantine".
There are a lot of content compliace policies. Customer uses up to ten domains (slsp.sk, pslsp.sk, lslsp.sk, ...).
On the second position of content compliance policy there is defined rule for inbound: if the sender mail address (comming from internet) contains local domain (slsp.sk, pslsp.sk, lslsp.sk, ..., e.g.
sss.ggg@slsp.sk) (receiver mail is
user.name@slsp.sk). Action: "Hold message in Spam Quarantine".
On the sixth position there is defined rule for inbound: if in attachment there is a document file,
"Create an incidet" and "Send notification".
Then comes an e-mail, which is a spam and contains an attachment word document. According to Spam rule
the mail is send to spam qarantine.
But the mail examination continues. In the same mail there is discovered document, so it is craeted incident
and sent notification, which receives recipient. Recipient asks for releasing of mail, which is Spam.
My question: how to stop examining mail after selected rule in content compliace policy. I
I can not set in SPAM rule action "Hold message in Spam Quarantine" together with action
"Bypass Compliance Policy", because I need to filter mail with rule on the second position of content compliance.
Spammers use wery often sender from mail adresses with local domains (slsp.sk). After this rule I do not
want to continue mail examining, because the mail comes to the rule in sixth position ant there is discoverd document
attachment. How to avoid it??
How to solve such problem??