Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 0 subscribers
  • Views 7820 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos ES100 Policy Order Process

taekwanleap

What is the thought process and logic behind the order of policies on the Sophos Email (ES100) appliances?

The Anti-Virus policy processes first.  Then Additional Policies would process next.  Then Anti-SPAM processes after that.

Why is that?  Help me understand why that makes sense because right now to me it doesn't.  But that would be due to my lack of experience in the field of filtering email and processing it for certain actions.

Or am I incorrect in how I understand the order of how policies get processed?

Just curious what the thought process is behind that philosophy.

Thanks!

:28359


This thread was automatically locked due to age.
  • 0

    Hi taekwanleap,

    You're right about the order.  The exact order is:

    - Anti-Virus

    - Data Control

    - Additional Policy

    - Allow / Block Lists

    - Anti-Spam.

    It makes sense to do the Virus policy first because if a message is malicious most admins will want to quarantine or discard it automatically.  There is little point in doing additional processing if the mail is known to be malicious.

    The rest of the rules might come down to personal preference.  However, doing the spam rules last does allow you to achieve some things that would be otherwise impossible.

    For example, you can quarantine offensive language e-mails before the spam rules so they don't appear in your spam digests.  You can also allow specific messages (based on sender, subject, header, etc) so they bypass the spam rules.

    Finally, most additional policy rules are less resource intensive than Spam rules.  So if you are using additional policies to block certain messages it makes sense to do this before spam.

    Remember though, every message will still be scanned for spam before it is delivered, unless you explicitly set other rules to 'Deliver Immediately'.  

    Can I ask if this caused you any problems with your setup?  Let me know if I can help further.

    Thanks,

    Tom.

    :28387
  • 0

    No problems but more of a nuisance.  Just did not understand the design logic and benefit behind it.  Your response helps a lot in understanding what is going on and why.  It helps so I can digest it more.

    I have a custom Additional Policy to catch and quarantine certain email (not SPAM related).  Since the Additional Policy processes prior to the Anti-SPAM policy it (the custom Additional Policy) will inadvertently catch and process email that would otherwise be classified as SPAM.

    I will have to adjust my Additional Policy or do something different.

    But I am good to go.

    Thanks!

    :28393
Unfiltered HTML