Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
6-147
Cisco IronPort AsyncOS 7.5 for Email Advanced Configuration Guide
OL-25137-01
Chapter 6 Using Message Filters to Enforce Email Policies
Single Injector Filter
Make the filter work on a single listener. For example, specify a specific listener
for message filter processing instead of being performed system wide.
for message filter processing instead of being performed system wide.
Drop Spoofed Domain Filter (Single Listener)
Drop email with a spoofed domain (pretending to be from an internal address;
works with a single listener). IP addresses below represent fictional domain for
works with a single listener). IP addresses below represent fictional domain for
mycompany.com
:
Drop Spoofed Domain Filter (Multiple Listeners)
As above, but works with multiple listeners:
textfilter-new:
if (recv-inj == 'inbound' and body-contains("some spammy message")) {
alt-rcpt-to ("spam.quarantine@spam.example.com");
}
DomainSpoofed:
if (mail-from == "mycompany\\.com$") {
if ((remote-ip != "1.2.") AND (remote-ip != "3.4.")) {
drop();
}
}
domain_spoof:
if ((recv-listener == "Inbound") and (mail-from == "@mycompany\\.com")) {
archive('domain_spoof');