Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
Chapter 5 Using Message Filters to Enforce Email Policies
5-418
Cisco IronPort AsyncOS 7.1 for Email Advanced Configuration Guide
OL-22164-02
Archive and Drop Messages Filter
Log and drop only the messages that have matching filetypes:
drop_attachments:
if (mail-from != "user@example.com") AND (attachment-filename ==
'(?i)\\.(asp|bas|bat|cmd|cpl|exe|hta|ins|isp|js)$')
{
archive("Drop_Attachments");
insert-header("X-Filter", "Dropped by: $FilterName MID: $MID");
drop-attachments-by-name("\\.(asp|bas|bat|cmd|cpl|exe|hta|ins|isp|js)$");
}
Large “To:” Header Filter
Find messages with very large “To” headers.
Use the
archive()
line for verification of proper action, with drop() enabled or
disabled for extra safety:
toTooBig:
if(header('To') == "^.{500,}") {
archive('tooTooBigdropped');
drop();
}
drop ();
}