Cisco Cisco Email Security Appliance C670 Betriebsanweisung
9-39
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
SPF-Passed Rule
The following example shows an
spf-passed
rule used to quarantine emails that are not marked as
spf-passed:
Note
Unlike the
spf-status
rule, the
spf-passed
rule reduces the SPF/SIDF verification values to a simple
Boolean. The following verification results are treated as not passed in the
spf-passed
rule: None,
Neutral, Softfail, TempError, PermError, and Fail. To perform actions on messages based on more
granular results, use the
granular results, use the
spf-status
rule.
S/MIME Gateway Message Rule
The S/MIME Gateway Message rule checks if a message is S/MIME signed, encrypted, or signed and
encrypted. The following message filter checks if the message is an S/MIME message and quarantines
it if the verification or decryption using S/MIME fails.
encrypted. The following message filter checks if the message is an S/MIME message and quarantines
it if the verification or decryption using S/MIME fails.
quarantine_smime_messages:
if (smime-gateway-message and not smime-gateway-verified) {
quarantine("Policy");
}
For more information, see
S/MIME Gateway Verified Rule
The S/MIME Gateway Message Verified rule checks if a message is successfully verified, decrypted, or
decrypted and verified. The following message filter checks if the message is an S/MIME message and
quarantines it if the verification or decryption using S/MIME fails.
decrypted and verified. The following message filter checks if the message is an S/MIME message and
quarantines it if the verification or decryption using S/MIME fails.
quarantine_smime_messages:
if (smime-gateway-message and not smime-gateway-verified) {
quarantine("Policy");
}
For more information, see
Workqueue-count Rule
The
workqueue-count
rule checks the workqueue-count against a specified value. All the comparison
operators are allowed, such as
>
,
==
,
<=,
and so forth.
insert-header("Subject", "[POTENTIAL PHISHING] $Subject"); }
.
quarantine-spf-unauthorized-mail:
if (not spf-passed) {
quarantine("Policy");
}