Cisco Cisco Email Security Appliance C160 Guía Del Usuario
6-38
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 6 Using Message Filters to Enforce Email Policies
joe+smith+folder@example.com
, only the
+folder
portion is ignored. If the SMTP authenticated user
ID string is a simple username and not a fully-qualified e-mail address, only the username portion of the
target will be examined to determine a match. The domain must be verified in a separate rule.
target will be examined to determine a match. The domain must be verified in a separate rule.
Also, you can use the $SMTPAuthID variable to insert the STMP authenticated user ID into headers.
The following table shows examples of comparisons between the SMTP authenticated ID and email
addresses and whether they would match using the
addresses and whether they would match using the
smtp-auth-id-matches
filter rule:
The following filter checks all messages created during an authenticated SMTP session to verify that the
addresses in the From header and the Envelope Sender match the SMTP authenticated user ID. If the
addresses and the ID match, the filter verifies the domain. If they do not match, the appliance quarantines
the message.
addresses in the From header and the Envelope Sender match the SMTP authenticated user ID. If the
addresses and the ID match, the filter verifies the domain. If they do not match, the appliance quarantines
the message.
SMTP Auth ID
Sieve Char
Comparison Address
Matches?
someuser
otheruser@example.com
No
someuser
someuser@example.com
Yes
someuser
someuser@another.com
Yes
SomeUser
someuser@example.com
Yes
someuser
someuser+folder@example.com
No
someuser
+
someuser+folder@example.com
Yes
someuser@example.com
someuser@forged.com
No
someuser@example.com
someuser@example.com
Yes
SomeUser@example.com
someuser@example.com
Yes
Msg_Authentication:
if (smtp-auth-id-matches("*Any"))
{
# Always include the original authentication credentials in a
# special header.
insert-header("X-Auth-ID","$SMTPAuthID");
if (smtp-auth-id-matches("*FromAddress", "+") and
smtp-auth-id-matches("*EnvelopeFrom", "+"))
{
# Username matches. Verify the domain
if header('from') != "(?i)@(?:example\\.com|alternate\\.com)" or
mail-from != "(?i)@(?:example\\.com|alternate\\.com)"
{