Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
9-35
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
Like the
header()
rule,
dnslist()
can be used in either a unary or binary comparison. By itself, it
simply evaluates to
true
if a response is received and
false
if no response is received (for example, if
the DNS server is unreachable).
the following filter immediately delivers a message if the sender has been bonded with the Cisco Bonded
Sender information services program:
Sender information services program:
Optionally, you can compare the result to a string using the equality (
==
) or inequality (
!=
) expressions.
The following filter drops a message that results in a “
127.0.0.2
” response from the server. If the
response is anything else, the rule returns “false” and the filter is ignored.
SenderBase Reputation Rule
The
reputation
rule checks the SenderBase Reputation Score against another value. All the comparison
operators are allowed, such as
>
,
==
,
<=,
and so forth. If the message does not have a SenderBase
Reputation Score at all (because one was never checked for it, or because the system failed to get a
response from the SenderBase Reputation Service query server), any comparison against a reputation
fails (the number will not be greater than, less than, equal to, or not equal to any value). You can check
for a SBRS score of “none” using the
response from the SenderBase Reputation Service query server), any comparison against a reputation
fails (the number will not be greater than, less than, equal to, or not equal to any value). You can check
for a SBRS score of “none” using the
no-reputation
rule described below. The following example
adjusts the “Subject:” line of a message to be prefixed by “
*** BadRep ***
” if the reputation score
returned from the SenderBase Reputation Service is below a threshold of -7.5..
For more information, see the “Sender Reputation Filtering” chapter. See also
whitelist_bondedsender:
if (dnslist('query.bondedsender.org')) {
skip-filters();
}
blacklist:
if (dnslist('dnsbl.example.domain') == '127.0.0.2') {
drop();
}
note_bad_reps:
if (reputation < -7.5) {
strip-header ('Subject');
insert-header ('Subject', '*** BadRep $Reputation *** $Subject');
}