Cisco Cisco Email Security Appliance C650 Guía Del Usuario
9-65
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Actions
When flagged for quarantine, the message continues through the rest of the email pipeline. When the
message reaches the end of the pipeline, if the message has been flagged for one or more quarantines
then it enters those queues. Otherwise, it is delivered. Note that if the message does not reach the end of
the pipeline, it is not placed in a quarantine.
message reaches the end of the pipeline, if the message has been flagged for one or more quarantines
then it enters those queues. Otherwise, it is delivered. Note that if the message does not reach the end of
the pipeline, it is not placed in a quarantine.
Accordingly, if a message filter contains a
quarantine()
action followed by a
bounce()
or
drop()
action, the message will not enter the quarantine, since the final action prevents the message from
reaching the end of the pipeline. The same is true if a message filter includes a quarantine action, but the
message is later dropped by anti-spam or anti-virus scanning, or a content filter. The
reaching the end of the pipeline. The same is true if a message filter includes a quarantine action, but the
message is later dropped by anti-spam or anti-virus scanning, or a content filter. The
skip-filters()
action causes the message to skip any remaining message filters, but content filters may still apply. For
example, if a message filter flags a message for quarantine and also includes the
example, if a message filter flags a message for quarantine and also includes the
skip-filters()
action,
the message skips all remaining message filters and will be quarantined, unless another action in the
email pipeline causes the message to be dropped.
email pipeline causes the message to be dropped.
In the following example, the message is sent to the Policy quarantine if the message contains any words
within the dictionary named “secret_word.”
within the dictionary named “secret_word.”
In the following example, suppose a company has an official policy to drop all .mp3 file attachments. If
an inbound message has a .mp3 attachment, the attachment is stripped and the remaining message
(original body and remaining attachments) is sent to the original recipient. Another copy of the original
message with all attachments will be quarantined (sent to the Policy quarantine). If it is necessary to
receive the blocked attachment(s), the original recipient would then request that the message be released
from the quarantine.
an inbound message has a .mp3 attachment, the attachment is stripped and the remaining message
(original body and remaining attachments) is sent to the original recipient. Another copy of the original
message with all attachments will be quarantined (sent to the Policy quarantine). If it is necessary to
receive the blocked attachment(s), the original recipient would then request that the message be released
from the quarantine.
Alter Recipient Action
The
alt-rcpt-to
action changes all recipients of the message to the specified recipient upon delivery.
quarantine_codenames:
if (dictionary-match ('secret_words'))
{
quarantine('Policy');
}
strip_all_mp3s:
if (attachment-filename == '(?i)\\.mp3$') {
duplicate-quarantine('Policy');
drop-attachments-by-name('(?i)\\.mp3$');
}