This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Query regarding Genotype

Hi Experts!

http://sea.sophos.com/sea_docs/en/ESA/concepts/ConfigPolFilteringOptions.html

  • Enable connection-level blocking of mail from known bad senders rejects messages from known bad senders as soon as the sender information from the TCP/IP connection is received. This option is recommended because it improves performance by blocking spam before it reaches more complex tests in the policy. With this option enabled, policy blocking is also active, and messages that were last relayed from hosts in the Trusted Relays list may be blocked if the message was passed by a known bad sender earlier in the relay chain. Configure whether blocked messages are discarded or quarantined with the Action for policy-level blocked messages drop-down list.
  • Enable policy-level blocking of mail from known bad senders blocks messages from known bad senders using a policy rule. This option is not as efficient as connection-level blocking, since the entire message must be accepted by the appliance. When messages are blocked at the policy level, the action is logged for reporting. Configure whether blocked messages are discarded or quarantined with the Action for policy-level blocked messages drop-down list.

Can someone explain the difference between the two in layman terms? 

What I could perceive, was:

In the former, possible spam mail doesn't even enter our appliance but in the latter, it does for further checking. 

What exactly is policy blocking in reference to these two?

In which scenarios we use either option?

Thanks,

Vikas

:57104


This thread was automatically locked due to age.
Parents Reply Children
No Data