I have setup some Outbound Content policies to quarantine emails and send a silent copy to our Admin distribution list, and custom content policies to allow these message to travel "to" and "from" specific emails.
All works great since the ''allow" policies take precedence over the "quarantine" policies but the problem is that I keep on getting email notification of a content violation even though the email is not quarantined. This is causing a bit of a problem as i am constantly logging into McAfee console to make sure that our users emails that are allowed are not being quarantined.
By default should I not be receiving these email notification since the "allow" policy is allowing the email go through although the content in the email relates to a content policy that would otherwise quarantine it?
I also have notifications setup to notify senders of their emails being quarantined but those notifications are working fine on their end, its just the content policy silent copies going to the Admin distribution list that is causing the problem.
When checking through Message Audit i can see the email violates one of the quarantine policies based on the numerical content in it but it also triggers one of the allow policies based on the email address in the email. The end action of it shows "accept" which it did allow the email and not quarantine it but the admin distribution list still received email notification of the violation.
Wondering if anyone else has this problem or know of any solutions. Is there a way to maybe setup the quarantine notification that the sender receives and have a copy sent to the admin distribution list?