Manualshelf

User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680
281282283284285286287288289290
10-5
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 10 Mail Policies
Message Splintering
The message for recipient jane@newdomain.com will receive the anti-spam, anti-virus, outbreak
filters, and content filters defined in policy #3.
The message for recipient john@example.com will receive the settings defined in policy #5.
Because the recipient bill@example.com does not match the engineering LDAP query, the message
will receive the settings defined by the default policy.
This example shows how messages with multiple recipients can incur message splintering. See Message
Splintering, page 10-5 for more information.
Example 3
Sender bill@lawfirm.com sends a message to recipients ann@example.com and larry@example.com:
The recipient ann@example.com will receive the anti-spam, anti-virus, outbreak filters, and content
filters defined in policy #1.
The recipient larry@example.com will receive the anti-spam, anti-virus, outbreak filters, and
content filters defined in policy #2, because the sender (
@lawfirm.com) and the recipient (ANY)
matches.
Message Splintering
Intelligent message splintering is the mechanism that allows for differing recipient-based content
security rules to be applied independently to message with multiple recipients.
Each recipient is evaluated for each policy in the appropriate mail policy table (Incoming or Outgoing)
in a top-down fashion.
Each policy that matches a message creates a new message with those recipients. This process is defined
as message splintering:
If some recipients match different policies, the recipients are grouped according to the policies they
matched, the message is split into a number of messages equal to the number of policies that
matched, and the recipients are set to each appropriate “splinter.
If all recipients match the same policy, the message is not splintered. Conversely, a maximum
splintering scenario would be one in which a single message is splintered for each message
recipient.
Each message splinter is then processed by anti-spam, anti-virus, Advanced Malware Protection
(incoming messages only), DLP scanning (outgoing messages only), Outbreak Filters, and content
filters independently in the email pipeline.
Table 10-2 illustrates the point at which messages are splintered in the email pipeline.
Table 10-2 Message Splintering in the Email Pipeline