Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
9-40
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
For more information, see
S/MIME Gateway Verified Rule
The S/MIME Gateway Message Verified rule checks if a message is successfully verified, decrypted, or
decrypted and verified. The following message filter checks if the message is an S/MIME message and
quarantines it if the verification or decryption using S/MIME fails.
decrypted and verified. The following message filter checks if the message is an S/MIME message and
quarantines it if the verification or decryption using S/MIME fails.
quarantine_smime_messages:
if (smime-gateway-message and not smime-gateway-verified) {
quarantine("Policy");
}
For more information, see
Workqueue-count Rule
The
workqueue-count
rule checks the workqueue-count against a specified value. All the comparison
operators are allowed, such as
>
,
==
,
<=,
and so forth.
The following filter checks the workqueue count, and skips spam check if the queue is greater than the
specified number.
specified number.
For more information on SPF/SIDF, see
.
SMTP Authenticated User Match Rule
If your Cisco appliance uses SMTP authentication to send messages, the
smtp-auth-id-matches
(
<target> [, <sieve-char>]
)
rule can check a message’s headers and Envelope Sender against the
sender’s SMTP authenticated user ID to identify outgoing messages with spoofed headers. This filter
allows the system to quarantine or block potentially spoofed messages.
allows the system to quarantine or block potentially spoofed messages.
The
smtp-auth-id-matches
rule compares the SMTP authenticated ID against the following targets:
wqfull:
if (workqueue-count > 1000) {
skip-spamcheck();
}
Target
Description
*EnvelopeFrom
Compares the address of the Envelope Sender (also known
as MAIL FROM) in the SMTP conversation
as MAIL FROM) in the SMTP conversation
*FromAddress
Compares the addresses parsed out of the From header.
Since multiple addresses are permitted in the From:
header, only one has to match.
Since multiple addresses are permitted in the From:
header, only one has to match.
*Sender
Compares the address specified in the Sender header.