Cisco Cisco Email Security Appliance C650 Guía Del Usuario
9-110
Cisco AsyncOS 9.0 for Email User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Examples
If you also want to drop messages with a blank envelope from, use this filter:
SRBS Filter
SenderBase Reputation filter:
Alter SRBS Filter
Alter the (SenderBase Reputation Score) SBRS threshold for certain domains:
Filename Regex Filter
This filter specifies a range of size for the body of the message, and looks for an attachment that matches
the regular expression (this matches files named “readme.zip”, “readme.exe”, “attach.exe”, and so
forth.):
the regular expression (this matches files named “readme.zip”, “readme.exe”, “attach.exe”, and so
forth.):
blank_mail_from_stop:
if (recv-listener == "InboundMail" AND (mail-from == "^$|<\\s*>" OR header ("From") ==
"^$|<\\s*>"))
{
drop ();
}
note_bad_reps:
if (reputation < -2) {
strip-header ('Subject');
insert-header ('Subject', '***BadRep $Reputation *** $Subject');
}
mod_sbrs:
if ( (rcpt-count == 1) AND (rcpt-to == "@domain\\.com$") AND (reputation < -2) ) {
drop ();
}
filename_filter:
if ((body-size >= 9k) AND (body-size <= 20k)) {
if (body-contains ("(?i)(readme|attach|information)\\.(zip|exe)$")) {
drop ();