Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 0 subscribers
  • Views 7821 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos ES100 Policy Order Process

taekwanleap

What is the thought process and logic behind the order of policies on the Sophos Email (ES100) appliances?

The Anti-Virus policy processes first.  Then Additional Policies would process next.  Then Anti-SPAM processes after that.

Why is that?  Help me understand why that makes sense because right now to me it doesn't.  But that would be due to my lack of experience in the field of filtering email and processing it for certain actions.

Or am I incorrect in how I understand the order of how policies get processed?

Just curious what the thought process is behind that philosophy.

Thanks!

:28359


This thread was automatically locked due to age.
Parents
  • 0

    Hi taekwanleap,

    You're right about the order.  The exact order is:

    - Anti-Virus

    - Data Control

    - Additional Policy

    - Allow / Block Lists

    - Anti-Spam.

    It makes sense to do the Virus policy first because if a message is malicious most admins will want to quarantine or discard it automatically.  There is little point in doing additional processing if the mail is known to be malicious.

    The rest of the rules might come down to personal preference.  However, doing the spam rules last does allow you to achieve some things that would be otherwise impossible.

    For example, you can quarantine offensive language e-mails before the spam rules so they don't appear in your spam digests.  You can also allow specific messages (based on sender, subject, header, etc) so they bypass the spam rules.

    Finally, most additional policy rules are less resource intensive than Spam rules.  So if you are using additional policies to block certain messages it makes sense to do this before spam.

    Remember though, every message will still be scanned for spam before it is delivered, unless you explicitly set other rules to 'Deliver Immediately'.  

    Can I ask if this caused you any problems with your setup?  Let me know if I can help further.

    Thanks,

    Tom.

    :28387
Reply
  • 0

    Hi taekwanleap,

    You're right about the order.  The exact order is:

    - Anti-Virus

    - Data Control

    - Additional Policy

    - Allow / Block Lists

    - Anti-Spam.

    It makes sense to do the Virus policy first because if a message is malicious most admins will want to quarantine or discard it automatically.  There is little point in doing additional processing if the mail is known to be malicious.

    The rest of the rules might come down to personal preference.  However, doing the spam rules last does allow you to achieve some things that would be otherwise impossible.

    For example, you can quarantine offensive language e-mails before the spam rules so they don't appear in your spam digests.  You can also allow specific messages (based on sender, subject, header, etc) so they bypass the spam rules.

    Finally, most additional policy rules are less resource intensive than Spam rules.  So if you are using additional policies to block certain messages it makes sense to do this before spam.

    Remember though, every message will still be scanned for spam before it is delivered, unless you explicitly set other rules to 'Deliver Immediately'.  

    Can I ask if this caused you any problems with your setup?  Let me know if I can help further.

    Thanks,

    Tom.

    :28387
Children
No Data
Unfiltered HTML