Cisco Cisco Email Security Appliance C670 Guía Del Usuario
9-41
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
The following filter checks all messages created during an authenticated SMTP session to verify that the
addresses in the From header and the Envelope Sender match the SMTP authenticated user ID. If the
addresses and the ID match, the filter verifies the domain. If they do not match, the appliance quarantines
the message.
addresses in the From header and the Envelope Sender match the SMTP authenticated user ID. If the
addresses and the ID match, the filter verifies the domain. If they do not match, the appliance quarantines
the message.
someuser
someuser@another.com
Yes
SomeUser
someuser@example.com
Yes
someuser
someuser+folder@example.com
No
someuser
+
someuser+folder@example.com
Yes
someuser@example.com
someuser@forged.com
No
someuser@example.com
someuser@example.com
Yes
SomeUser@example.com
someuser@example.com
Yes
SMTP Auth ID
Sieve Char
Comparison Address
Matches?
Msg_Authentication:
if (smtp-auth-id-matches("*Any"))
{
# Always include the original authentication credentials in a
# special header.
insert-header("X-Auth-ID","$SMTPAuthID");
if (smtp-auth-id-matches("*FromAddress", "+") and
smtp-auth-id-matches("*EnvelopeFrom", "+"))
{
# Username matches. Verify the domain
if header('from') != "(?i)@(?:example\\.com|alternate\\.com)" or
mail-from != "(?i)@(?:example\\.com|alternate\\.com)"
{
# User has specified a domain which cannot be authenticated
quarantine("forged");
}
} else {
# User claims to be an completely different user