Cisco Cisco Email Security Appliance X1070 Betriebsanweisung

Seite von 1211
 
9-108
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
 
Chapter 9      Using Message Filters to Enforce Email Policies
  Message Filter Examples
Alter SRBS Filter
Alter the (SenderBase Reputation Score) SBRS threshold for certain domains: 
Filename Regex Filter
This filter specifies a range of size for the body of the message, and looks for an attachment that matches 
the regular expression (this matches files named “readme.zip”, “readme.exe”, “attach.exe”, and so 
forth.):
Show SenderBase Reputation Score in Header Filter
Remember to log the headers (see the “Logging” chapter) so they appear in the mail log:
Insert Policy into Header Filter
Show which mail flow policy accepted the connection:
mod_sbrs:
if ( (rcpt-count == 1) AND (rcpt-to == "@domain\\.com$") AND (reputation < -2) ) { 
    drop (); 
}
filename_filter: 
if ((body-size >= 9k) AND (body-size <= 20k)) { 
   if (body-contains ("(?i)(readme|attach|information)\\.(zip|exe)$")) { 
      drop (); 
   } 
Check_SBRS:
if (true) {
  insert-header('X-SBRS', '$Reputation'); 
}
Policy_Tracker:  
if (true) {