Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
9-39
Cisco AsyncOS 9.1 for Email User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
SPF-Passed Rule
The following example shows an
spf-passed
rule used to quarantine emails that are not marked as
spf-passed:
Note
Unlike the
spf-status
rule, the
spf-passed
rule reduces the SPF/SIDF verification values to a simple
Boolean. The following verification results are treated as not passed in the
spf-passed
rule: None,
Neutral, Softfail, TempError, PermError, and Fail. To perform actions on messages based on more
granular results, use the
granular results, use the
spf-status
rule.
S/MIME Gateway Message Rule
The S/MIME Gateway Message rule checks if a message is S/MIME signed, encrypted, or signed and
encrypted. The following message filter checks if the message is an S/MIME message and quarantines
it if the verification or decryption using S/MIME fails.
encrypted. The following message filter checks if the message is an S/MIME message and quarantines
it if the verification or decryption using S/MIME fails.
quarantine_smime_messages:
if (smime-gateway-message and not smime-gateway-verified) {
quarantine("Policy");
}
}
}
}
stamp-mail-with-spf-verification-error:
if (spf-status("pra") == "PermError, TempError"
or spf-status("mailfrom") == "PermError, TempError"
or spf-status("helo") == "PermError, TempError"){
# permanent error - stamp message subject
strip-header("Subject");
insert-header("Subject", "[POTENTIAL PHISHING] $Subject"); }
.
quarantine-spf-unauthorized-mail:
if (not spf-passed) {
quarantine("Policy");
}