User Guide
10-6
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 10 Mail Policies
Message Splintering
Note New MIDs (message IDs) are created for each message splinter (for example, MID 1 becomes MID 2
and MID 3). For more information, see the “Logging” chapter. In addition, the
trace function shows
which policies cause a message to be split.
Policy matching and message splintering in Email Security Manager policies obviously affect how you
manage the message processing available on the appliance.
Related Topics
• Managed Exceptions, page 10-6
Managed Exceptions
Because the iterative processing of each splinter message impacts performance, Cisco recommends
configuring your content security rules on a managed exception basis. In other words, evaluate your
organization’s needs and try to configure the feature so that the majority of messages will be handled by
the default mail policy and the minority of messages will be handled by a few additional “exception”
policies. In this manner, message splintering will be minimized and you are less likely to impact system
performance from the processing of each splinter message in the work queue.
Work Queue
Message Filters
(filters)
message for all recipients
Anti-Spam
(antispamconfig, antispamupdate)
Email Security Manager Scanning (Per Recipient)
Messages are splintered immediately after
message filter processing but before anti-spam
processing:
message for all recipients
matching policy 1
message for all recipients
matching policy 2
message for all other recipients
(matching the default policy)
Anti-Virus
(antivirusconfig,
antivirusupdate)
File Reputation and Analysis
(Advanced Malware Protection)
(ampconfig)
Content Filters
(policyconfig -> filters)
Outbreak Filters
(outbreakconfig, outbreakflush,
outbreakstatus, outbreakupdate)
Data Loss Prevention
(policyconfig)
Note DLP scanning is only performed on
outgoing messages.