Configuring End-User Access to the Spam Quarantine

Administrative users can access the spam quarantine whether or not end-user access is enabled.

Before you begin

See requirements in Authentication Options for End Users Accessing Spam Management Features.

Procedure

Step 1

If you are on the legacy interface, navigate to Management Appliance > Centralized Services > Monitor > Spam Quarantine > Edit Settings, and then scroll down to End-User Quarantine Access.If you are on the new web interface, then navigate to Security Management appliance , click Service Status and hover on icon and click Edit End-User Quarantine Settings. You will be redirected to the legacy interface.

Step 2

Select Enable End-User Quarantine Access.

Step 3

Specify the method to use to authenticate end users when they attempt to view their quarantined messages.

Select This Option

More Information

None

Choose this option to make the quarantined messages accessible to the end-users via links in the spam notification without additional authentication.

Mailbox (IMAP/POP)

For sites without an LDAP directory to use for authentication, the quarantine can validate user email addresses and passphrases against a standards-based IMAP or POP server that holds their mailbox.

When logging in to the spam quarantine, end users enter their full email address and mailbox passphrase.

If the POP server advertises APOP support in the banner, then for security reasons (i.e., to avoid sending the passphrase in the clear) the Cisco appliance will only use APOP. If APOP is not supported for some or all users then the POP server should be reconfigured to not advertise APOP.

Select SSL if you have configured your server to use it. If users enter username only, you can specify a domain to add to automatically complete the email address. Enter the domain of the envelope for users logging in to “Append Domain to Unqualified Usernames.”

LDAP

Configure LDAP settings as described in the sections referenced in the Before You Begin section of this topic.

SAML 2.0

Enable single sign-on for Spam Quarantine.

Before using this option, make sure that you have configured all the settings on Management Appliance > System Administration > SAML page. See section SSO Using SAML 2.0 in the Cisco Content Security Management Appliance Guide .

Step 4

Specify whether or not to display message bodies before messages are released.

If this box is selected, users may not view the message body via the spam quarantine page. Instead, to view the body of a quarantined message, users must release the message and view it in their mail application (such as Microsoft Outlook). You can use this feature for policy and regulation compliance — for example, if a regulation requires that all viewed email be archived.

Step 5

Submit and commit your changes.

What to do next

(Optional) Customize the page that users see when they access the spam quarantine, if you have not yet done so. See setting descriptions in Enabling and Configuring the Spam Quarantine on the Legacy Web Interface.