Re: no Enable end-user quarantine access stops IronPort spam notificat

DrByte · ‎02-14-2024

We want to send end users spam notifications (that their is some email in spam, that they can review for false positives)

But we do not want give users the ability to release spam emails

It stands out that it is impossible to remove the "Release" link from spam notification as described here:

https://bst.cisco.com/quickview/bug/CSCwd60015

So there is a checkbox "Enable end-user quarantine access" and it seemingly prevent users to release the spam email

but unchecking this checkbox stops spam notifications at all - users do not receive spam notifications when this checkbox unchecked

So question is:

How to prevent users from releasing spam emails on their own, and why spam notifications stop coming after unchecking this checkbox?

Thank You

msaalim · ‎03-25-2024

Hello,

The goal of the End-User Quarantine (EUQ) feature is to lessen the burden on the email administrator by empowering end-users to handle their own spam emails. If your intention is only to inform end-users of spam without providing them access to the EUQ, there's an alternative approach you can implement.
Here's what you can do:
     1. Turn off the EUQ access from the spam quarantine settings that you enabled.
     2. Create a new email notification template by going to the Text Resources section.
     3. Within the Anti-Spam settings, configure the X-IronPort-Quarantine header to tag emails that are confirmed or      suspected to be spam.
     4. Set up a new Content Filter with the specific condition to check for the X-IronPort-Quarantine header and the corresponding action to trigger the notification template you created.
     5. Apply this content filter to your mail policies.
By following these steps, you can notify users about spam emails without granting them direct access to the quarantine to release the email.

Hope this helps.

no Enable end-user quarantine access stops IronPort spam notifications