Cisco Cisco Email Security Appliance C170 Betriebsanweisung
9-34
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
DNS List Rule
The
dnslist()
rule queries a public DNS List server that uses the DNSBL method (sometimes called
“ip4r lookups”) of querying. The IP address of the incoming connection is reversed (so an IP of 1.2.3.4
becomes 4.3.2.1) and then added as a prefix to the server name in the parenthesis (a period to separate
the two is added if the server name does not start with one). A DNS query is made, and the system is
returned with either a DNS failure response (indicating the connection's IP address was not found in the
server's list) or an IP address (indicating that the address was found). The IP address returned is usually
of the form
becomes 4.3.2.1) and then added as a prefix to the server name in the parenthesis (a period to separate
the two is added if the server name does not start with one). A DNS query is made, and the system is
returned with either a DNS failure response (indicating the connection's IP address was not found in the
server's list) or an IP address (indicating that the address was found). The IP address returned is usually
of the form
127.0.0.
x where
x
can be almost any number from 0 to 255 (IP address ranges are not
allowed). Some servers actually return different numbers based on the reason for the listing, while others
return the same result for all matches.
return the same result for all matches.
Like the
header()
rule,
dnslist()
can be used in either a unary or binary comparison. By itself, it
simply evaluates to
true
if a response is received and
false
if no response is received (for example, if
the DNS server is unreachable).
the following filter immediately delivers a message if the sender has been bonded with the Cisco Bonded
Sender information services program:
Sender information services program:
Optionally, you can compare the result to a string using the equality (
==
) or inequality (
!=
) expressions.
The following filter drops a message that results in a “
127.0.0.2
” response from the server. If the
response is anything else, the rule returns “false” and the filter is ignored.
SenderBase Reputation Rule
The
reputation
rule checks the SenderBase Reputation Score against another value. All the comparison
operators are allowed, such as
>
,
==
,
<=,
and so forth. If the message does not have a SenderBase
Reputation Score at all (because one was never checked for it, or because the system failed to get a
response from the SenderBase Reputation Service query server), any comparison against a reputation
fails (the number will not be greater than, less than, equal to, or not equal to any value). You can check
response from the SenderBase Reputation Service query server), any comparison against a reputation
fails (the number will not be greater than, less than, equal to, or not equal to any value). You can check
quarantine("Policy");
}
whitelist_bondedsender:
if (dnslist('query.bondedsender.org')) {
skip-filters();
}
blacklist:
if (dnslist('dnsbl.example.domain') == '127.0.0.2') {
drop();
}