Overview
The GFI MailEssentials Quarantine feature provides a central store where all emails detected as spam or malware are retained. This ensures that users do not receive spam and malware in their mailbox and processing on the mail server is reduced.
This article outlines the features available in the Quarantine interface as well as the different actions that can be taken on quarantined emails.
The MailEssentials Quarantine Store is accessible from the GFI MailEssentials interface by navigating to GFI MailEssentials > Quarantine.
Introduction
MailEssentials maintains a separate Quarantine database for the filtered Spam emails. The database technology used is Microsoft ESE (Extensible Storage Engine). The Quarantine Store is a central repository within MailEssentials where all blocked emails are retained until they are reviewed by an administrator.
If the free disk space drops below 1 GB, the Quarantine module will send a warning email to the administrator. If the disk space falls below 512 MB, it will send another email to the administrator and switch from quarantining emails to the database to Tagging the emails and delivering them to the users' mailboxes.
Administrators and email users can review quarantined emails by accessing the quarantine interface from a web browser. GFI MailEssentials can also send regular email reports to email users to review their blocked emails.
- To quarantine spam or malicious emails, change the filters' and engines' actions to Quarantine email.
- The Quarantine Store requires disk space to retain the organization’s spam email or malware for a number of days. The amount of disk space required depends on:
- The quantity received
- How long it is retained
- On average, 100,000 spam or malware emails of 5 KB each will require approximately 600 MB of disk space to store the email and its metadata.
- If the free disk space where the Quarantine Store is saved is 512 MB or less, GFI MailEssentials stops quarantining spam and malware; it is instead tagged and delivered to recipients’ mailboxes until free disk space increases to more than 512 MB. This ensures that the disk will not run out of space.
Refer to the following sections for more information on configuring the GFI MailEssentials Quarantine as well as a detailed explanation of possible actions that can be taken on quarantined emails.
The next section will discuss the following topics in detail:
- Searching quarantined emails
- Search Folders
- Working with Quarantined emails
- Quarantine Options
- Quarantine Store location and Public URL
Description
Searching the Quarantine
The Quarantine Store is accessible from the GFI MailEssentials interface and allows the management of quarantined emails.
To access the GFI MailEssentials Quarantine Store, log in to the configuration UI and navigate to GFI MailEssentials > Quarantine.
There are various ways to search for content in the Quarantine Store:
- Search through both Malware and Spam
- Search for Malware and Content only
- Search for Spam Only
Refer to this linked article for more information on Searching the Quarantine
Search Folders
A Search Folder is a folder that has a custom search query associated with it and displays all quarantined emails that match the search query.
MailEssentials provides some default Search Folders that are accessible from the Quarantine node on the UI as shown below:
It is also possible, from the Search Folders screen, to create Custom Search Folders based on custom search queries for example:
- A search folder that displays only outbound emails quarantined by the Virus Scanning Engines.
- A search folder that displays inbound emails quarantined in a particular date range and addressed to a particular user.
- A search folder that displays emails that meet specific search criteria
- A search folder that displays the results of a previously defined search query.
To display quarantined emails in a particular search folder you simply click on the Search Folder name from the UI.
The Search Folders node enables you to create Search folders and set an auto-purge value (in days) such that when a quarantined email exceeds the specified number of days in the quarantine, the email is automatically deleted.
Working with Quarantined Emails
Within GFI MailEssentials there are a number of actions you can take on quarantined emails. The Quarantine Store is accessible from the GFI MailEssentials interface and the administrator can manage quarantined emails.
To access the GFI MailEssentials Quarantine Store and view Quarantined Emails, navigate to GFI MailEssentials > Quarantine.
Once you are inside the Quarantine store, the following functionalities are available:
Viewing quarantined emails
Searching within the Quarantine or using default or customized search folders yields a list of quarantined emails.
The results page is split into two tabs:
- Malware and Content - Displays emails blocked by anti-malware engines and content filtering rules.
- Spam - Displays emails blocked by the anti-spam filters.
Select the Malware and Content tab or the Spam tab to view quarantined emails for the specific quarantined email type. The results page provides the following options:
| Option | Description |
|---|---|
| Back | Returns you to the previous screen. |
| Approve | Enables you to approve single or multiple emails. |
| Delete | Delete a single or multiple emails. |
| Rescan | Rescans emails using current antivirus signatures (which may be more up to date than the antivirus signatures that quarantined the email in the first place). Select one or more emails and click Rescan to rescan. |
| Module | The module that identified the email as to be quarantined. |
| Block Reason | The reason/rule that triggered the action to quarantine the email. |
| Sender | The email address of the sender |
| Recipients | The email address of the recipient |
| Subject | The email subject as sent by the sender. |
| Date | The date when email was quarantined |
| Source | The location from where the email was quarantined |
| Item Source |
Enables selecting a source to filter the display with. Available options are:
|
| Page size | Enables customizing how many emails per page are currently displayed. Choose a number to view the maximum number of items per page. |
From the Quarantined Items details page, review the email details and perform the following actions.
| Action | Description |
|---|---|
| Approve | Approves email. |
| Sanitize and Approve | Sanitizes email and approves. |
| Rescan | Rescans emails using current antivirus signatures (which may be more up to date than the antivirus signatures that quarantined the email in the first place). |
| Delete | Deletes email. |
| Delete and Notify | Deletes the email and notifies the user. |
| Download Item |
Downloads quarantined email to a location you choose in .eml format. Warning: Emails in the Quarantine Store may contain malicious content. Use this feature with caution. |
The following is an example email in the quarantine:
Approving Quarantined Emails
There might be instances where you might want to approve an email blocked by GFI MailEssentials. GFI MailEssentials allows the administrator to approve a quarantined email so that it is released from the Quarantine Store and delivered to its intended recipients.
To approve emails:
- Use the search features described in the previous sections to return a list of quarantined emails.
- Select the checkbox next to the quarantined email(s) to approve and click Approve.
Sanitize and Approve Emails
GFI MailEssentials also enables you to remove the item that caused the email to be quarantined and send the email to the recipient.
To sanitize and approve emails:
- Use the search features described in the previous sections to return a list of quarantined emails.
- Click on an email to view its details.
- Click Sanitize and Approve.
Back to top
Permanently Delete Quarantined Emails
- Use the search features described in the previous sections to return a list of quarantined emails.
- Select the checkbox next to the quarantined email(s) and click Delete.
Delete Quarantined Emails and Notify the User
The Delete and Notify feature enables notifying recipients when deleting emails from the quarantine.
To delete and notify recipients:
- Use the search features described in the previous sections to return a list of quarantined emails.
- Click on an email to view its details.
- Click Delete and Notify.
Quarantine Options
The Quarantine Options node is used to configure spam retention, user quarantine reports, quarantined malware, and emails sent to nonexistent recipients.
User quarantine reports are emails sent to users on a regular basis with a list of blocked spam for that user. Using this list, users can check and approve any legitimate emails. Email blocked by the Malware and Content Filtering filters are not shown in the user quarantine reports.
Quarantine Store Location and Public URL
The Quarantine Store location and the Quarantine Public URL are configured from the MailEssentials Switchboard
The Quarantine Store location is the Quarantine Store location where quarantined emails are stored. By default, this is located in the GFI MailEssentials installation path. This might however need to be moved to an alternate location in cases where, for example, you might be running out of disk space.
The Quarantine Public URL provides access to the Quarantine Page from an external location. By default, this is based on the GFI MailEssentials IIS Virtual directory settings provided during installation. This however might need to be changed if you are sending quarantine digest emails or notifications that are accessed outside of the internal network. When this is the case, the URL should be changed to be reached publicly through the Internet.
- Launch the GFI MailEssentials Switchboard from Start > Programs > GFI MailEssentials > Switchboard.
- From the Quarantine tab, click Browse to select an alternate location for the Quarantine Store.
- Important: Ensure that the disk partition where the Quarantine Store is saved has sufficient disk space. Spam emails will not be quarantined if the free disk space is less than 512 MB. On reaching 512 MB, email quarantine operation will stop and spam will be tagged and delivered to recipients' mailboxes until free disk space increases to more than 512 MB
- Provide an alternate URL as the URL to use to access the quarantine from an external location outside your organization,
- Click OK to save setup.
