Cisco Cisco Email Security Appliance C650 Guía Del Usuario
9-36
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
Values for the SenderBase Reputation rule are -10 through 10, but the value
NONE
may also be returned.
To check specifically for the value
NONE
, use the
no-reputation
rule.
Dictionary Rules
The
dictionary-match(<
dictonary_name>) rule evaluates to
true
if the message body contains any of
the regular expressions or terms in the content dictionary named “dictonary_name.” If the dictionary
does not exist, the rule evaluates to
does not exist, the rule evaluates to
false
. For more information on defining dictionaries (including their
case sensitivity and word boundary settings), see the “Text Resources” chapter.
The following filter blind carbon copies the administrator when the Cisco scans a message that contains
any words within the dictionary named “secret_words.”
any words within the dictionary named “secret_words.”
The following example sends the message to the Policy quarantine if the message body contains any
words within the dictionary named “secret_words.” Unlike the
words within the dictionary named “secret_words.” Unlike the
only-body-contains
condition, the
body-dictionary-match
condition does not require that all the content parts individually match the
dictionary. The scores of each content part (taking into account multipart/alternative parts) are added
together.
together.
In the following filter, a subject that matches a term in the specified dictionary is quarantined:
none_rep:
if (no-reputation) {
strip-header ('Subject');
insert-header ('Subject', '*** Reputation = NONE *** $Subject');
}
copy_codenames:
if (dictionary-match ('secret_words')) {
bcc('administrator@example.com');
}
quarantine_data_loss_prevention:
if (body-dictionary-match ('secret_words'))
{
quarantine('Policy');
}
quarantine_policy_subject:
if (subject-dictionary-match ('gTest'))