Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
Chapter 6 Using Message Filters to Enforce Email Policies
6-308
Cisco IronPort AsyncOS 7.3 for Email Advanced Configuration Guide
OL-23081-01
terms. When a message filter that uses a content dictionary scores the matches for
filter rule, it uses these weights to determine the final score. For example, suppose
you create a content dictionary with the following contents and weights:
filter rule, it uses these weights to determine the final score. For example, suppose
you create a content dictionary with the following contents and weights:
Table 6-1
Sample Content Dictionary
Term/Smart Identifier
Weight
ABA Routing Number
3
Account
2
Bank
1
When you associate this content dictionary with a
dictionary-match
or
attachment-dictionary-match
message filter rule, AsyncOS would add the
weight for the term to the total “score” for each instance of the matching term
found in the message. For example, if the message contains three instances of the
term, “account” in the message body, AsyncOS would add a value of 6 to the total
score. If you set the threshold value for the message filter to 6, AsyncOS would
determine that the threshold score has been met. Or, if the message contained one
instance of each term, the total value would be 6, and this score would trigger the
filter action.
found in the message. For example, if the message contains three instances of the
term, “account” in the message body, AsyncOS would add a value of 6 to the total
score. If you set the threshold value for the message filter to 6, AsyncOS would
determine that the threshold score has been met. Or, if the message contained one
instance of each term, the total value would be 6, and this score would trigger the
filter action.
AND Test and OR Tests in Message Filters
When evaluating AND or OR tests within message filters, AsyncOS does not
evaluate unneeded tests. So, for example, if one side of an AND test is false, the
system will not evaluate the other side. It is important to note that the system does
not evaluate the tests from left to right. Instead, when AND and OR tests are
evaluated, the least expensive test is evaluated first. For example, in the following
filter, the
evaluate unneeded tests. So, for example, if one side of an AND test is false, the
system will not evaluate the other side. It is important to note that the system does
not evaluate the tests from left to right. Instead, when AND and OR tests are
evaluated, the least expensive test is evaluated first. For example, in the following
filter, the
remote-ip
test will always be processed first because it has a lower cost
than the
rcpt-to-group
test (generally LDAP tests are more expensive):
andTestFilter:
if (remote-ip == "192.168.100.100" AND rcpt-to-group == "GROUP")
{ ... }