Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
6-443
Cisco IronPort AsyncOS 7.3 for Email Advanced Configuration Guide
OL-23081-01
Chapter 6 Using Message Filters to Enforce Email Policies
Single Injector Filter
Make the filter work on a single listener. For example, specify a specific listener
for message filter processing instead of being performed system wide.
for message filter processing instead of being performed system wide.
textfilter-new:
if (recv-inj == 'inbound' and body-contains("some spammy message")) {
alt-rcpt-to ("spam.quarantine@spam.example.com");
}
Drop Spoofed Domain Filter (Single Listener)
Drop email with a spoofed domain (pretending to be from an internal address;
works with a single listener). IP addresses below represent fictional domain for
works with a single listener). IP addresses below represent fictional domain for
mycompany.com
:
DomainSpoofed:
if (mail-from == "mycompany\\.com$") {
if ((remote-ip != "1.2.") AND (remote-ip != "3.4.")) {
drop();
}
}
Drop Spoofed Domain Filter (Multiple Listeners)
As above, but works with multiple listeners:
domain_spoof:
if ((recv-listener == "Inbound") and (mail-from == "@mycompany\\.com")) {
archive('domain_spoof');