How Gateway processes messages

Secure Email Gateway is typically located inside your organization's DMZ. It receives incoming mail for your organization, and outgoing mail from your mail servers, and processes each message according to your content security policy. The main policy outcome for each message may be 'deliver', 'hold' (place in a message area), 'non-deliver', 'drop' (delete), or 'relay to another server'.

• If the policy outcome for an incoming message is 'deliver', the Gateway typically sends the message to your internal mail server.
• If the policy outcome for an outgoing message is 'deliver', the Gateway typically routes the message using DNS, or sends it on to your external mail server.

The following steps describe the processing of incoming mail.

1. Secure Email Gateway is contacted by an upstream mail server.
2. Secure Email Gateway uses its SpamLogic Settings to identify spam at the Gateway perimeter. If SpamLogic identifies the connecting server or message as spam-related, the Gateway can reject the message without any further processing.
3. Assuming a message is allowed through the SpamLogic perimeter defenses, Secure Email Gateway places it on the Waiting for Analysis queue under the Messages menu, where it awaits processing by the Gateway Policy Engine.
4. Secure Email Gateway invokes the policy defined in the first policy route listed on the Manage Policy Routes page whose mail route matches the message's "From" and "To" addresses.
5. If the policy route has content rules applied, Secure Email Gateway uses the "What to Look For?" clauses in each content rule to look for message conditions – such as the presence of a virus, spam, or media type. If a message matches all the "What to Look For?" clauses in a content rule, that rule is said to be triggered.
6. Secure Email Gateway performs the disposal action of the highest priority triggered content rule. If no content rules trigger, the Gateway performs the policy route's default disposal action. The disposal action can be one of deliver, hold, drop (delete), non-deliver, or relay to a server.

7. Secure Email Gateway also performs any additional "What to Do?" actions specified in all triggered content rules, unless an action specifies otherwise. (With some actions you can specify that they should be performed only if the associated content rule's disposal action is performed, for example.) Additional actions might involve generating a notification message, annotating the message, and so on.
8. If a deliver disposal action is performed, Secure Email Gateway places the message on the 'Ready for Dispatch' queue, where it awaits transmission to the appropriate downstream mail relay (typically, for incoming messages, your mail server).

A held message may contain threats if your policy did not specify that Secure Email Gateway should remove them, or if the Gateway was unable to modify the message. Take care not to release held messages that may contain threats. When a message is released, Secure Email Gateway applies the disposal actions of triggered rules on the original policy (in force at the time the message was held). If you change your content security policy, held messages will not be processed according to the new policy, when released. You can apply the new policy to held messages by reprocessing the message.