Configuration Settings with a Gateway
If you have a Cisco Email Security appliance or similar gateway in place, consider using the following policy settings.
|
Setting Name |
Recommended Selection |
|---|---|
|
Secure Email Gateway (SEG) |
Yes, Secure Email Gateway is present, and indicate header |
|
Message Analysis |
Unwanted message analysis (Spam and Graymail) off |
|
Remediation Actions |
Threats – Move to Quarantine |
It is important to indicate that a Secure Email Gateway (SEG) is present and which header can be used to identify it in incoming journals so Secure Email Threat Defense can determine the true originating sender of a message. Without this configuration it may appear that all messages come from the SEG, which could result in false positive convictions.
For information on verifying or configuring the header on Cisco Secure Email Cloud Gateway (formerly CES) or Cisco Secure Email Gateway (formerly ESA), see https://docs.ces.cisco.com/docs/configuring-asyncos-message-filter-to-add-sender-ip-header-for-cloud-mailbox.
If you are using Microsoft 365 as your message source, we also recommend bypassing your appliance so journals are sent directly from Microsoft 365 to Secure Email Threat Defense. You can do this by adding a connector in Microsoft 365, as described in Setup for Journal Message Sources.