Cisco Cisco Email Security Appliance X1070 User Guide
23-7
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 23 Text Resources
Using and Testing the Content Dictionaries Filter Rules
For scanning headers, you can use the appropriate
*-dictionary-match()
-type rule (there are rules for
specific headers, such as
subject-dictionary-match()
and a more generic rule,
header-dictionary-match()
, in which you can specify any header including custom headers). See
“Dictionary Rules” in the “Using Message Filters to Enforce Email Policies” chapter for more
information about dictionary matching.
information about dictionary matching.
In the following example, a new message filter using the
dictionary-match()
rule is created to blind
carbon copy the administrator when the appliance scans a message that contains any words within the
dictionary named “secret_words” (created in the previous example). Note that because of the settings,
only messages that contain the whole word “
dictionary named “secret_words” (created in the previous example). Note that because of the settings,
only messages that contain the whole word “
codename
” matching the case exactly will evaluate to true
for this filter.
In this example, we send the message to the Policy quarantine:
Related Topics
•
•
Table 23-1
Message Filter Rules for Content Dictionaries
Rule
Syntax Description
Dictionary Match
dictionary-match(<dictionary
_name
>)
Does the message contain a word that
matches all the regular expressions listed in
the named dictionary?
matches all the regular expressions listed in
the named dictionary?
bcc_codenames:
if (dictionary-match ('secret_words'))
{
bcc('administrator@example.com');
}
quarantine_codenames:
if (dictionary-match ('secret_words'))
{
quarantine('Policy');
}