Open with table of contents

How the Gateway Processes Messages

Clearswift Gateway is typically located inside your organization's DMZ. It receives incoming mail for your organization, and outgoing mail from your mail servers, and processes each message according to your content security policy.

If the policy outcome for an incoming message is 'deliver', Clearswift Gateway typically sends the message to your internal mail server. If the policy outcome for an outgoing message is 'deliver', Clearswift Gateway typically routes the message using DNS, or sends it on to your external mail server.

The following steps describe the processing of incoming mail.

  1. Clearswift Gateway is contacted by an upstream mail server.
  2. Clearswift Gateway uses its SpamLogic Settings to identify spam at the Gateway perimeter. If SpamLogic identifies the connecting server or message as spam-related, Clearswift Gateway can reject the message without any further processing.
  3. Assuming a message is allowed through the SpamLogic perimeter defenses, Clearswift Gateway places it on the 'Waiting for Analysis' queue, where it awaits processing by the Clearswift Gateway Policy Engine.
  4. Clearswift Gateway invokes the policy defined in the first policy route listed on the Manage Policy Routes page whose mail route matches the message's "From" and "To" addresses.
  5. If the policy route has content rules applied, Clearswift Gateway uses the "What to Look For?" clauses in each content rule to look for message conditions – such as the presence of a virus, spam, or media type. If a message matches all the "What to Look For?" clauses in a content rule, that rule is said to be triggered.
  6. Clearswift Gateway performs the disposal action of the highest priority triggered content rule. If no content rules trigger, Clearswift Gateway performs the policy route's default disposal action. The disposal action can be one of deliver, hold, drop (delete), non-deliver, or relay to a server.
  1. Clearswift Gateway also performs any additional "What to Do?" actions specified in all triggered content rules, unless an action specifies otherwise. (With some actions you can specify that they should be performed only if the associated content rule's disposal action is performed, for example.) Additional actions might involve generating a notification message, annotating the message, and so on.
  2. If a deliver disposal action is performed, , Clearswift Gateway places the message on the 'Ready for Dispatch' queue, where it awaits transmission to the appropriate downstream mail relay (typically, for incoming messages, your mail server).

This example assumes that the message is incoming, and that it has already been allowed through the Clearswift Gateway SpamLogic perimeter defenses.

 
  • A held message may contain threats if your policy did not specify that Clearswift Gateway should remove them, or if Clearswift Gateway was unable to modify the message. Take care not to release held messages that may contain threats.
  • When a message is released, Clearswift Gateway applies the disposal actions of triggered rules on the original policy (in force at the time the message was held). If you change your content security policy, held messages will not be processed according to the new policy, when released. You can apply the new policy to held messages by reprocessing the message.

© 1995–2018 Clearswift Ltd.