Cisco Cisco Email Security Appliance C650 Guía Del Usuario
9-42
Cisco AsyncOS 9.1 for Email User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
Signed Rule
The
signed
rule checks messages for a signature. The rule returns a boolean value to indicate if the
message is signed or not. This rule evaluates whether the signature is encoded according to ASN.1 DER
encoding rules and that it conforms to the CMS SignedData Type structure (RFC 3852, Section 5.1.). It
does not aim to validate whether the signature matches the content, nor does it check the validity of the
certificate.
encoding rules and that it conforms to the CMS SignedData Type structure (RFC 3852, Section 5.1.). It
does not aim to validate whether the signature matches the content, nor does it check the validity of the
certificate.
The following example shows a
signed
rule used to insert headers into a signed message:
The following example shows a
signed
rule used to drop attachments from unsigned messages from a
certain sender group:
if (smtp-auth-id-matches("*FromAddress", "+") and
smtp-auth-id-matches("*EnvelopeFrom", "+"))
{
# Username matches. Verify the domain
if header('from') != "(?i)@(?:example\\.com|alternate\\.com)" or
mail-from != "(?i)@(?:example\\.com|alternate\\.com)"
{
# User has specified a domain which cannot be authenticated
quarantine("forged");
}
} else {
# User claims to be an completely different user
quarantine("forged");
}
}
signedcheck: if signed { insert-header("X-Signed", "True"); }
Signed: if ((sendergroup == "NOTTRUSTED") AND NOT signed) {
html-convert();
if (attachment_size > 0)
{
drop_attachments("");