Cisco Cisco Email Security Appliance C190 Guía Del Usuario
9-42
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
The following filter checks all messages created during an authenticated SMTP session to verify that the
addresses in the From header and the Envelope Sender match the SMTP authenticated user ID. If the
addresses and the ID match, the filter verifies the domain. If they do not match, the appliance quarantines
the message.
addresses in the From header and the Envelope Sender match the SMTP authenticated user ID. If the
addresses and the ID match, the filter verifies the domain. If they do not match, the appliance quarantines
the message.
Signed Rule
The
signed
rule checks messages for a signature. The rule returns a boolean value to indicate if the
message is signed or not. This rule evaluates whether the signature is encoded according to ASN.1 DER
encoding rules and that it conforms to the CMS SignedData Type structure (RFC 3852, Section 5.1.). It
does not aim to validate whether the signature matches the content, nor does it check the validity of the
certificate.
encoding rules and that it conforms to the CMS SignedData Type structure (RFC 3852, Section 5.1.). It
does not aim to validate whether the signature matches the content, nor does it check the validity of the
certificate.
Msg_Authentication:
if (smtp-auth-id-matches("*Any"))
{
# Always include the original authentication credentials in a
# special header.
insert-header("X-Auth-ID","$SMTPAuthID");
if (smtp-auth-id-matches("*FromAddress", "+") and
smtp-auth-id-matches("*EnvelopeFrom", "+"))
{
# Username matches. Verify the domain
if header('from') != "(?i)@(?:example\\.com|alternate\\.com)" or
mail-from != "(?i)@(?:example\\.com|alternate\\.com)"
{
# User has specified a domain which cannot be authenticated
quarantine("forged");
}
} else {
# User claims to be an completely different user
quarantine("forged");
}
}