About the Quarantine Server
The WatchGuard Quarantine Server provides a safe mechanism to quarantine any email messages that are suspected or known to be spam, or to contain viruses or sensitive data. The Quarantine Server is a repository for email messages that the SMTP proxy sends to quarantine based on analysis by spamBlocker, Gateway AntiVirus, or Data Loss Prevention. Granular control enables you to configure preferences for mail disposition, storage allocation, and other parameters.
You must set up the WatchGuard Quarantine Server if you configure the SMTP proxy to quarantine email that spamBlocker classifies as spam, or if you configure Gateway AntiVirus or DLP to quarantine email.
The Quarantine Server provides tools for both users and administrators. Users get regular email message notifications from the Quarantine Server when they have email sent to the Quarantine Server by Gateway AntiVirus or spamBlocker. Users can then click a link in the email message to go to a website where they can see and manage quarantined messages. For each quarantined message, the website shows the sender and the subject of the suspicious email messages. For spam email, users can release any email messages they choose to their email inboxes, and delete the other messages. Administrators can configure the Quarantine Server to automatically delete future messages from a specific domain or sender, or those that contain specified text in the subject line.
Users do not receive notification about email messages quarantined because of a DLP violation. Messages quarantined by the Data Loss Prevention service can only be seen and managed by the administrator.
The administrator can see statistics on Quarantine Server activity, such as the number of messages quarantined during a specific range of dates, and the number of suspected spam messages.
The SMTP proxy adds messages to different categories based on analysis by spamBlocker and Gateway AntiVirus. The Quarantine Server displays these classifications for quarantined messages:
- Suspected spam — The message could be spam, but not enough information is available to make a determination.
- Confirmed spam — The message is spam.
- Bulk — The message was sent as commercial bulk email.
- Virus — The message contains a virus.
- Possible virus — The message might contain a virus, but there is not enough information to decide.
- DLP violation — The message contains content that matches a configured DLP rule.
Bulk and Suspect categories are not supported by the current spamBlocker engine. For more information, see this Knowledge Base article.
For instructions to set up the Quarantine Server, see Set Up the Quarantine Server.
The Quarantine Server is installed as a component of the WatchGuard System Manager installation.