Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
9-36
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
SPF-Passed Rule
The following example shows an
spf-passed
rule used to quarantine emails that are not marked as
spf-passed:
Note
Unlike the
spf-status
rule, the
spf-passed
rule reduces the SPF/SIDF verification values to a simple
Boolean. The following verification results are treated as not passed in the
spf-passed
rule: None,
Neutral, Softfail, TempError, PermError, and Fail. To perform actions on messages based on more
granular results, use the
granular results, use the
spf-status
rule.
Workqueue-count Rule
The
workqueue-count
rule checks the workqueue-count against a specified value. All the comparison
operators are allowed, such as
>
,
==
,
<=,
and so forth.
The following filter checks the workqueue count, and skips spamcheck if the queue is greater than the
specified number.
specified number.
stamp-mail-with-spf-verification-error:
if (spf-status("pra") == "PermError, TempError"
or spf-status("mailfrom") == "PermError, TempError"
or spf-status("helo") == "PermError, TempError"){
# permanent error - stamp message subject
strip-header("Subject");
insert-header("Subject", "[POTENTIAL PHISHING] $Subject"); }
.
quarantine-spf-unauthorized-mail:
if (not spf-passed) {
quarantine("Policy");
}
wqfull:
if (workqueue-count > 1000) {
skip-spamcheck();
}