Cisco Cisco Email Security Appliance C160 Mode D'Emploi

The following example shows an 

spf-passed

 rule used to quarantine emails that are not marked as 

spf-passed:

Unlike the 

spf-status 

rule, the 

spf-passed

 rule reduces the SPF/SIDF verification values to a simple 

Boolean. The following verification results are treated as not passed in the 

spf-passed

 rule: None, 

Neutral, Softfail, TempError, PermError, and Fail. To perform actions on messages based on more 
granular results, use the 

spf-status

 rule. 

The 

workqueue-count

 rule checks the workqueue-count against a specified value. All the comparison 

operators are allowed, such as 

>

, 

==

, 

<=,

 and so forth. 

The following filter checks the workqueue count, and skips spam check if the queue is greater than the 
specified number.

For more information on SPF/SIDF, see 

.

If your Cisco appliance uses SMTP authentication to send messages, the 

smtp-auth-id-matches

 

(

<target> [, <sieve-char>]

)

rule can check a message’s headers and Envelope Sender against the 

sender’s SMTP authenticated user ID to identify outgoing messages with spoofed headers. This filter 
allows the system to quarantine or block potentially spoofed messages.

         insert-header("Subject", "[POTENTIAL PHISHING] $Subject"); }

.

quarantine-spf-unauthorized-mail:

    if (not spf-passed) {

        quarantine("Policy");

    }

 wqfull: 

if (workqueue-count > 1000) {

 skip-spamcheck();

}