It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

How do I set up Global or Per-User Quarantine on my Email Security Gateway?

  • Type: Knowledgebase
  • Date changed: one year ago

Solution #00004307



This solution applies to all Email Security Gateways.


Depending on the model, there are two different types of Quarantine available on the Email Security Gateway. The first is Global Quarantine, which sends quarantined mail to one address for an administrator to review and distribute. The other is Per-User Quarantine, which creates individual accounts and allows users to manage their own quarantined mail.


Setting Quarantine Type ? Global or Per-User

You need to choose the Quarantine type under Basic > Quarantine and complete the settings based on the type chosen.

Note: Models 400 and above have per-domain Quarantine settings. You will need to configure quarantine type for each domain under:

On firmware 3.5.x and below: Domains > Edit Domain
On firmware 4.0.x and above: Domains > Manage Domain

Quarantine Type

On models 300 and above, you will have a choice of either Global or Per-User Quarantine. The differences are detailed below.

Global quarantine allows only one central delivery location for each domain. Global quarantine uses fewer system resources on the Email Security Gateway because email is not stored on the appliance and it does not create multiple user accounts. Note: Email Security Gateway models 100 and 200 only have Global Quarantine functionality.

Per-User quarantine allows users to maintain a personal quarantine inbox on the Email Security Gateway. Permissions can be assigned to the users in Users > User Features. This function is available on models 300 and above.


Quarantine Scoring

All email that passes the initial layers of protection on a Email Security Gateway will be assigned a score based on a Barracuda rule set. The higher the score, the more likely the email is spam. Quarantine is designed for messages that score in the middle ? where you may not be sure if messages in this range will be spam or legitimate email. This score will vary for different organizations. The score settings can be modified and will be in different sections based on the model of your Spam Firewall:

Model 300 and below: Basic > Spam Scoring
Model 400 and above: Domain > Edit Domain

Quarantine scoring is disabled if the score is set to 10, otherwise quarantine score should always be between Tag and Block score. Note: other settings on your Email Security Gateway can be configured to quarantine certain messages. For example, messages triggering Barracuda Reputation, IP Blocks, Sender Domain Blocks, and Email Sender Blocks, can all be configured to quarantine messages.

Global Quarantine Configuration

Quarantine Delivery Address is the default mailbox to which all quarantined messages are delivered when the Quarantine Type is set to "Global". This mailbox can either be located on the mail server that the Email Security Gateway protects (e.g., or a remote mail server (e.g., Please refer to Basic > Spam Scoring to determine which messages are quarantined. On some models, this setting can be changed on a per-domain basis.

Quarantine Subject Text is the message or phrase prepended to the subject line of a quarantined message. This text identifies quarantined messages when they are delivered to a mailbox that receives both quarantined and non-quarantined messages.

Per-User Quarantine Configuration

Quarantine Reply-To Address is the "From" address of all correspondence sent to users regarding the user's Per-User quarantine area. Any replies to that correspondence are sent to the "Reply-To" address specified here.

Quarantine Host is the IP address or hostname that appears to users in all quarantine and welcome emails from the system. It is recommended that this be set to a hostname so that users are able to reach the Email Security Gateway from their old notifications even after any possible changes in IP addresses. Note: It is important to set this value if users need to reach the Email Security Gateway via a forwarded or an external IP address, especially if the Email Security Gateway is not already configured with one.

If you are clustering two or more Email Security Gateways, you can choose to dedicate a single Email Security Gateway as the Quarantine Host to serve up the end-user interface through which users will access their quarantine inboxes, even though their actual quarantine inbox (primary or secondary) may be hosted by another Email Security Gateway in the cluster. By not directing email to the Quarantine Host, you can:

  • Enhance network security by limiting end-user access (port 8000 by default) and administration to only one Email Security Gateway on the Internet.
  • Insulate the user interface performance from any peaks in email volume
    See the Advanced > Clustering page for details about using the clustering feature.


New User Quarantine State controls whether or not the Email Security Gateway automatically creates a new user account the first time a message directed to a valid recipient (as identified in either the local database or your LDAP, RADIUS or POP server) needs to be quarantined. If set to Off, only the accounts that are created manually on the Users > User Add/Update page will have access to per-user capabilities. See the Email Security Gateway Administrator's Guide at for more information about new account creation and configuration.

Note that accounts can be manually created at the global level by the administrator or at the domain level by the Domain Admin role. If Quarantine Type is Per-User at the global level but this setting is No, and if the Domain Admin has NOT manually created an account for a user for whom messages are quarantined, those quarantined messages will be sent to that user's regular mailbox.


Link Domains allows the option for all domains protected by your Email Security Gateway to be treated as if they were alternate names for the default domain name. For example, will be treated as when determining user validity and preferences, and will have a quarantine inbox under the name

Notification Interval is the default frequency at which users are notified when messages are in their quarantine. This setting can be changed by the user unless that functionality is disabled from the Users > User Features page.

Notification Start Time is the time when the quarantine notification process starts. Notifications of any newly quarantined items are sent to those users who have notifications enabled.


Link to this page: