Cisco Cisco Email Security Appliance C190 Guía Del Usuario
9-39
Cisco AsyncOS 8.5.6 for Email User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
SPF-Passed Rule
The following example shows an
spf-passed
rule used to quarantine emails that are not marked as
spf-passed:
Note
Unlike the
spf-status
rule, the
spf-passed
rule reduces the SPF/SIDF verification values to a simple
Boolean. The following verification results are treated as not passed in the
spf-passed
rule: None,
Neutral, Softfail, TempError, PermError, and Fail. To perform actions on messages based on more
granular results, use the
granular results, use the
spf-status
rule.
Workqueue-count Rule
The
workqueue-count
rule checks the workqueue-count against a specified value. All the comparison
operators are allowed, such as
>
,
==
,
<=,
and so forth.
The following filter checks the workqueue count, and skips spam check if the queue is greater than the
specified number.
specified number.
For more information on SPF/SIDF, see
.
SMTP Authenticated User Match Rule
If your Cisco appliance uses SMTP authentication to send messages, the
smtp-auth-id-matches
(
<target> [, <sieve-char>]
)
rule can check a message’s headers and Envelope Sender against the
sender’s SMTP authenticated user ID to identify outgoing messages with spoofed headers. This filter
allows the system to quarantine or block potentially spoofed messages.
allows the system to quarantine or block potentially spoofed messages.
insert-header("Subject", "[POTENTIAL PHISHING] $Subject"); }
.
quarantine-spf-unauthorized-mail:
if (not spf-passed) {
quarantine("Policy");
}
wqfull:
if (workqueue-count > 1000) {
skip-spamcheck();
}