Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
9-43
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
The following example shows a
signed
rule used to insert headers into a signed message:
The following example shows a
signed
rule used to drop attachments from unsigned messages from a
certain sender group:
Signed Certificate Rule
The
signed-certificate
rule selects those S/MIME messages where the X.509 certificate issuer or
message signer matches the given regular expression. This rule only supports X.509 certificates.
The rule’s syntax is
signed-certificate
(<field> [<operator> <regular expression>])
, where:
•
<field>
is either the quoted string
“issuer”
or
“signer”
,
•
<operator>
is either
==
or
!=
,
•
and
<regular expression>
is the value for matching the “issuer” or “signer.”
If the message is signed using multiple signatures, the rule returns true if any of the issuers or signers
match the regular expression. The short form of this rule,
match the regular expression. The short form of this rule,
signed-certificate(“issuer”)
and
signed-certificate(“signer”)
, returns true if the S/MIME message contains an issuer or signer.
Related Topics
•
•
•
•
•
Signer
For message signers, the rule extracts the sequence of
rfc822Name
names from the X.509 certificate’s
subjectAltName
extension. If there is no
subjectAltName
field in the signing certificate, or this field
does not have any
rfc822Name
names, the
signed-certificate(“signer”)
rule evaluates to false. In the
rare cases of multiple
rfc822Name
names, the rule tries to match all of the names to the regular
expression and evaluates as true on the first match.
signedcheck: if signed { insert-header("X-Signed", "True"); }
Signed: if ((sendergroup == "NOTTRUSTED") AND NOT signed) {
html-convert();
if (attachment_size > 0)
{
drop_attachments("");
}
}