User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680

821

822

823

824

825

826

827

828

829

830

31-15

AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide

Chapter 31 Spam Quarantine

Configuring Spam Management Features for End Users

Authentication Options for End Users Accessing Spam Management Features

Note Mailbox authentication does not allow users to view messages addressed to an email alias.

Related Topics

• LDAP Authentication Process, page 31-15

• IMAP/POP Authentication Process, page 31-16

• Configuring End-User Access to the Spam Quarantine, page 31-17

• Notifying End Users About Quarantined Messages, page 31-19

• Authenticating End-Users of the Spam Quarantine, page 25-43

• About End-User Access to Safelists and Blocklists, page 31-11

LDAP Authentication Process

1. A user enters his or her username and password into the web UI login page.

2. The spam quarantine connects to the specified LDAP server either to perform an anonymous search

or as an authenticated user with the specified “Server Login” DN and password. For Active

Directory, you will usually need to have the server connect on the “Global Catalog port” (it is in the

6000s) and you need to create a low privilege LDAP user that the spam quarantine can bind as in

order to execute the search.

3. The spam quarantine then searches for the user using the specified BaseDN and Query String. When

a user’s LDAP record is found, the spam quarantine then extracts the DN for that record and attempts

bind to the directory using the user records’ DN and the password they entered originally. If this

password check succeeds then the user is properly authenticated, but the spam quarantine still needs

to determine which mailboxes’ contents to show for that user.

For End-User

Spam Quarantine Access Do This

Directly via web browser,

authentication required

and

Via a link in a notification,

authentication required

1. In the End User Quarantine Access settings, choose LDAP or Mailbox

(IMAP/POP).

2. In the Spam Notifications settings, deselect Enable login without credentials for

quarantine access.

Directly via web browser,

authentication required

and

Via a link in a notification,

authentication not required

1. In the End User Quarantine Access settings, choose LDAP or Mailbox

(IMAP/POP).

2. In the Spam Notifications settings, select Enable login without credentials for

quarantine access.

Only via a link in a notification,

authentication not required

In the End User Quarantine Access settings, choose None as the authentication method.

No access In the End User Quarantine Access settings, deselect Enable End-User Quarantine

Access.