Cisco Cisco Email Security Appliance X1070 User Guide
6-102
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 6 Using Message Filters to Enforce Email Policies
Single Injector Filter
Make the filter work on a single listener. For example, specify a specific listener for message filter
processing instead of being performed system wide.
processing instead of being performed system wide.
Drop Spoofed Domain Filter (Single Listener)
Drop email with a spoofed domain (pretending to be from an internal address; works with a single
listener). IP addresses below represent fictional domain for
listener). IP addresses below represent fictional domain for
mycompany.com
:
Drop Spoofed Domain Filter (Multiple Listeners)
As above, but works with multiple listeners:
Another Drop Spoofed Domain Filter
Summary: Anti domain spoof filter:
textfilter-new:
if (recv-inj == 'inbound' and body-contains("some spammy message")) {
alt-rcpt-to ("spam.quarantine@spam.example.com");
}
DomainSpoofed:
if (mail-from == "mycompany\\.com$") {
if ((remote-ip != "1.2.") AND (remote-ip != "3.4.")) {
drop();
}
}
domain_spoof:
if ((recv-listener == "Inbound") and (mail-from == "@mycompany\\.com")) {
archive('domain_spoof');
drop ();
}
reject_domain_spoof:
if (recv-listener == "MailListener") {