We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Quarantine Options

  • Last updated on

By default, the Barracuda Email Security Gateway does not quarantine incoming messages, but you may want to enable quarantine if, for example, your organization requires it, or if you want to reduce load on the mail server while giving users a chance to determine what they consider to be "spam" or "not spam". There are three options available for configuring quarantine with the Barracuda Email Security Gateway as described below, with the pros and cons of each.

Turning Quarantine Off

Barracuda Networks recommends disabling quarantine unless, for example, your organization has a business requirement to provide quarantine of messages suspected to be spam or you don’t want those messages stored on the mail server. Disabling quarantine means less management either by the administrator or by the user and, in the case of per-user quarantine, saves system resources that would otherwise be used to store the messages until the user delivers or deletes them.

An alternative to using quarantine is tagging email that may be spam based on scoring or are otherwise identified as possible spam. Benefits include:

  • No messages are stored on the Barracuda Email Security Gateway, thus saving system resources
  • The user doesn’t have an extra quarantine inbox to manage
  • Tagged messages, with a keyword such as "[BULK]" prepended to the subject line, can be filtered by the subject line to a separate folder for later examination by the user (see the BASIC > Spam Checking page and the BLOCK/ACCEPT pages to configure spam scoring and criteria for tagging messages).

To disable Quarantine completely:

  • Check the Disable check box next to "Quarantine" in the Spam Scoring Limits section of the BASIC > Spam Checking page
  • Make sure nothing on the BLOCK/ACCEPT pages is set to Quarantine

Using Global Quarantine

With global quarantine there is almost no difference in use of system resources versus having quarantine turned off because messages aren’t stored on the Barracuda Email Security Gateway; they are forwarded to a mailbox as designated by the administrator. Global quarantine identifies email to quarantine, rewrites the "From" address of the message and sends it to the Quarantine Delivery Address specified on the BASIC > Quarantine page. The subject line of each message is prepended with the Quarantine Subject Text (for example, [QUAR], as specified on the same page). Global quarantine does require some time and effort by the administrator to manage quarantined messages. Global quarantine can be enabled at the system level or at the domain level.

Enabling global quarantine on the Barracuda Email Security Gateway provides the administrator with complete control over how quarantined messages are handled, and it saves system resources because messages are not stored on the appliance.

To set up global quarantine:

  • From the BASIC > Quarantine page, set the Quarantine Type to Global and configure settings as described below for global quarantine.
  • From the BASIC > Spam Checking page, if you want messages to be quarantined based on score, make sure that the Disable check box next to Quarantine in the Spam Scoring Limits section is NOT checked.
  • Set filters on the BLOCK/ACCEPT pages to Quarantine per your organization's policies.
  • Enter a Quarantine Delivery Address on the BASIC > Quarantine page.This mailbox can either be on the mail server that the Barracuda Email Security Gateway protects or a remote mail server. Note: If you have a Barracuda Email Security Gateway 400 or above, you can specify the quarantine delivery address on a per-domain basis by going to the DOMAINS tab and clicking the Manage Domains link, then using the BASIC > Quarantine page for that domain to configure the address.

Messages determined to be quarantined by the Barracuda Email Security Gateway will have the subject line prepended by the Quarantine Subject Text as entered on the BASIC > Quarantine page. The default text is [QUAR]. This allows you to identify quarantined messages when you have them delivered to a mailbox that also receives non-quarantine messages.

Note that with global quarantine, users will have no control over whitelisting or blocklisting of email addresses, which they do have with per-user quarantine. Allowing them this control by using per-user quarantine can help reduce the number of messages processed by the Barracuda Email Security Gateway. However, if using global quarantine, users can communicate domains, IP addresses or email addresses that should be white or blocklisted to the administrator to configure at the global level.

Using Per-user Quarantine

Providing a user with a quarantine inbox gives them greater control over how their messages are quarantined, but also requires them to manage their quarantine inbox on the Barracuda Email Security Gateway. Since per-user quarantine entails storing quarantined messages on the Barracuda Email Security Gateway until the user delivers or deletes, them, you may want to only provide a quarantine inbox to a subset of power users. For details about managing the quarantine inbox, please see the Barracuda Email Security Gateway User 's Guide.

When enabling per-user quarantine on the Barracuda Email Security Gateway, keep in mind that quarantined email stored on the Barracuda Email Security Gateway requires storage capacity, so system load will vary with the average size of emails.

If the email patterns of your organization are such that many emails include large attachments (as with architecture firms, marketing firms, etc.), the system may push the edge of performance more quickly than if emails tend to be small in size. See the Mail/Log Storage indicator in the Performance Statistics pane of the BASIC > Dashboard page to monitor disk storage on the Barracuda Email Security Gateway.

To set up per-user quarantine:

  • On the BASIC > Quarantine page, select the Quarantine Type to be Per-User and configure settings as described below for global quarantine. 
  • From the BASIC > Spam Checking page, if you want messages to be quarantined based on score, make sure that the Disable check box next to Quarantine in the Spam Scoring Limits section is NOT checked.
  • Set filters on the BLOCK/ACCEPT pages to Quarantine per your organization's policies.

If Per-User quarantine is set by the administrator, the Domain Admin can either enable or disable Per-User quarantine at the domain level.

From the USERS > User Features page the administrator can choose to allow the user to decide whether to deliver quarantined messages to their regular email address associated with their account or to their quarantine inbox. This can alternatively be decided for the user by preventing them from accessing this setting. From this page the administrator can also allow the user to control their whitelist (allowed) and blocklist (blocked) of email addresses.

For the Barracuda Email Security Gateway 300 and higher, be sure to set a Retention Policy (see the USERS > Retention Policies page) before enabling per-user quarantine in order to prevent running out of quarantine space.

Where Do the Quarantined Messages Go?

If the administrator sets Quarantine Type to Per-User on the BASIC > Quarantine page and the New User Quarantine State feature is set to On, the Barracuda Email Security Gateway will automatically create quarantine accounts for all users listed in the authentication server or local database as configured at the domain level. Account holders can then log into the Barracuda Email Security Gateway and view their Quarantine Inbox to view and take actions with quarantined messages.

If a user's quarantine inbox is disabled (by an administrator or a Domain Admin or Helpdesk account, or by the user), emails sent to that user that would normally have been placed in quarantine will simply be delivered to the user's regular mailbox with the subject line prepended with a quarantine tag.

Linking Domains for One Quarantine Inbox

In some cases it may be practical to direct all quarantined email to one quarantine inbox on the Barracuda Email Security Gateway. You may employ one or more "power users" to manage it, or allow all users to log in to the same inbox.

Using only one quarantine inbox for all users greatly simplifies management of per-user quarantine because you only have to configure user features (from the BASIC > User Features page) for ONE inbox. The Linking Domains feature, configurable on the BASIC > Quarantine page, allows the option for all domains protected by this Barracuda Email Security Gateway be treated as if they were alternate names for the default domain name for the system. So, for example, if the Default Domain for the system as specified on the BASIC > IP Configuration page is mybarracuda.com, then user@domain1.com will be treated as user@mybarracuda.com when determining user validity and preferences, and will have a quarantine inbox under the name user@mybarracuda.com.

The Quarantine Inbox

When an account holder with the User role logs in to the Barracuda Email Security Gateway, they will see the QUARANTINE INBOX and PREFERENCES tabs. They can view and choose to whitelist, deliver or delete quarantined emails from the QUARANTINE INBOX page and configure their account settings from the PREFERENCES page to the extent that their account permissions allow as described below under Controlling Access to Account Features. Domain Admin and Helpdesk account holders will see the QUARANTINE INBOX and PREFERENCES tabs when they click the Manage Account link in the upper-right corner of the web interface.

For details on how all account holders log into and manage their quarantine inbox, please see the Barracuda Email Security Gateway User 's Guide.

Alias Linking

This feature allows one quarantine account to receive quarantined email for multiple accounts, using the Explicit Users to Accept For section of the USERS > Valid Recipients page. Note that this account, if entered on one line only with associated accounts for which it should receive email, is not considered a Valid Recipient. This account needs to be added on a separate line to also be considered a Valid Recipient. The quarantine account that receives quarantined email for other accounts does not need to belong to the same domain as the others.

 

Last updated on