Cisco Cisco Email Security Appliance C160 Betriebsanweisung
22-42
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 22 Email Authentication
Forged Email Detection
Figure 22-3
Content Dictionary for Forged Email Detection
For instructions to configure a content dictionary, see
.
2.
Create an incoming content or message filter to detect forged messages and the actions that the
appliance must take on such messages. Use the following:
appliance must take on such messages. Use the following:
–
Condition/Rule: Forged Email Detection (See
–
Action: Forged Email Detection or any other actions based on your requirement. (See
and
)
3.
Add the newly created content filter to an incoming mail policy. See
.
Monitoring Forged Email Detection Results
To view data about forged messages detected, see the Forged Email Matches report page (Monitor >
Forged Email Matches). This report page includes the following reports:
Forged Email Matches). This report page includes the following reports:
•
Top Forged Email Matches. Displays the top ten users in the content dictionary that matched the
forged From: header in the incoming messages.
forged From: header in the incoming messages.
•
Forged Email Matches: Details. Displays a list of all the users in the content dictionary that
matched the forged From: header in the incoming messages and for a given user, the number of
messages matched. Click on the number to view a list of messages in Message Tracking.
matched the forged From: header in the incoming messages and for a given user, the number of
messages matched. Click on the number to view a list of messages in Message Tracking.
Displaying Forged Email Detection Details in Message Tracking
To display details of forged messages detected by the appliance in Message Tracking, make sure that:
•
Message Tracking is enabled. See
.
•
Content or message filters for detecting forged messages are operational.