Cisco Cisco Email Security Appliance C650 Guía Del Usuario
Chapter 5 Using Message Filters to Enforce Email Policies
5-330
Cisco IronPort AsyncOS 7.1 for Email Advanced Configuration Guide
OL-22164-02
The following filter checks the workqueue count, and skips spamcheck if the
queue is greater than the specified number.
queue is greater than the specified number.
wqfull:
if (workqueue-count > 1000) {
skip-spamcheck();
}
For more information on SPF/SIDF, see
SMTP Authenticated User Match Rule
If your IronPort appliance uses SMTP authentication to send messages, the
smtp-auth-id-matches
(
<target> [, <sieve-char>]
)
rule can check a message’s
headers and Envelope Sender against the sender’s SMTP authenticated user ID to
identify outgoing messages with spoofed headers. This filter allows the system to
quarantine or block potentially spoofed messages.
identify outgoing messages with spoofed headers. This filter allows the system to
quarantine or block potentially spoofed messages.
The
smtp-auth-id-matches
rule compares the SMTP authenticated ID against
the following targets:
Target
Description
*EnvelopeFrom
Compares the address of the
Envelope Sender (also known as
MAIL FROM) in the SMTP
conversation
Envelope Sender (also known as
MAIL FROM) in the SMTP
conversation
*FromAddress
Compares the addresses parsed
out of the From header. Since
multiple addresses are permitted
in the From: header, only one has
to match.
out of the From header. Since
multiple addresses are permitted
in the From: header, only one has
to match.
*Sender
Compares the address specified
in the Sender header.
in the Sender header.