Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
6-100
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 6 Using Message Filters to Enforce Email Policies
Alter SRBS Filter
Alter the (SenderBase Reputation Score) SBRS threshold for certain domains:
Filename Regex Filter
This filter specifies a range of size for the body of the message, and looks for an attachment that matches
the regular expression (this matches files named “readme.zip”, “readme.exe”, “attach.exe”, and so
forth.):
the regular expression (this matches files named “readme.zip”, “readme.exe”, “attach.exe”, and so
forth.):
Show SenderBase Reputation Score in Header Filter
Remember to log the headers (see “Logging” in the Cisco IronPort AsyncOS for Email Daily
Management Guide) so they appear in the mail log:
Management Guide) so they appear in the mail log:
Insert Policy into Header Filter
Show which mail flow policy accepted the connection:
mod_sbrs:
if ( (rcpt-count == 1) AND (rcpt-to == "@domain\\.com$") AND (reputation < -2) ) {
drop ();
}
filename_filter:
if ((body-size >= 9k) AND (body-size <= 20k)) {
if (body-contains ("(?i)(readme|attach|information)\\.(zip|exe)$")) {
drop ();
}
}
Check_SBRS:
if (true) {
insert-header('X-SBRS', '$Reputation');
}
Policy_Tracker:
if (true) {