Cisco Cisco Email Security Appliance C650 Guía Del Usuario
9-41
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
The
$CertificateSigners
variable expands to:
Examples
The following example inserts a new header if the certificate issuer is from the US:
The following example notifies an administrator if the signer is not from example.com:
The following example adds a header if the message has an X.509 certificate:
The following example adds a header if the message’s certificate does not have a signer:
Header Repeats Rule
The Header Repeats rule evaluates to
true
if at a given point in time, a specified number of messages:
•
With same subject are detected in the last one hour.
•
From same envelope sender are detected in the last one hour.
You can use this rule to detect high volume emails. For example, political campaigns through certain
websites may send out emails to organizations in high volumes. Anti-spam engines treat such emails as
clean, and do not stop the delivery of these emails.
websites may send out emails to organizations in high volumes. Anti-spam engines treat such emails as
clean, and do not stop the delivery of these emails.
The syntax of this rule is
header-repeats (<target>, <threshold> [, <direction>])
, where:
"alice@example.com, al@private.example.com, bob@example.com, bob@private.example.com"
Issuer: if signed-certificate("issuer") == "(?i)C=US" {
insert-header("X-Test", "US issuer");
}
NotOurSigners: if signed-certificate("signer") AND
signed-certificate("signer") != "example\\.com$" {
notify("admin@example.com");
}
AnyX509: if signed-certificate ("issuer") {
insert-header("X-Test", "X.509 present");
}
NoSigner: if not signed-certificate ("signer") {
insert-header("X-Test", "Old X.509?");
}