Cisco Cisco Email Security Appliance C650 Guía Del Usuario
9-38
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
SPF-Status Rule
When you receive SPF/SIDF verified mail, you may want to take different actions depending on the
results of the SPF/SIDF verification. The spf-status rule checks against different SPF verification results.
For more information, see
results of the SPF/SIDF verification. The spf-status rule checks against different SPF verification results.
For more information, see
Note
If you have configured an SPF verification message filter rule without an SPF identity and if a message
contains different SPF identities with different verdicts, the rule is triggered if one of the verdicts in the
message matches the rule.
contains different SPF identities with different verdicts, the rule is triggered if one of the verdicts in the
message matches the rule.
You can check against the SPF/SIDF verification results using the following syntax:
If you want a single condition to check against multiple status verdicts, you can use the following syntax:
You can also check the verification results against the HELO, MAIL FROM, and PRA identities using
the following syntax:
the following syntax:
The following example shows the
spf-status
filter in use:
if (spf-status == "Pass")
if (spf-status == "PermError, TempError")
if (spf-status("pra") == "Fail")
skip-spam-check-for-verified-senders:
if (sendergroup == "TRUSTED" and spf-status == "Pass"){
skip-spamcheck();
}
quarantine-spf-failed-mail:
if (spf-status("pra") == "Fail") {
if (spf-status("mailfrom") == "Fail"){
# completely malicious mail
quarantine("Policy");
} else {
if(spf-status("mailfrom") == "SoftFail") {
# malicious mail, but tempting