Cisco Cisco Email Security Appliance C160 Mode D'Emploi

The following example shows an 

spf-passed

 rule used to quarantine emails that are not marked as 

spf-passed:

Unlike the 

spf-status 

rule, the 

spf-passed

 rule reduces the SPF/SIDF verification values to a simple 

Boolean. The following verification results are treated as not passed in the 

spf-passed

 rule: None, 

Neutral, Softfail, TempError, PermError, and Fail. To perform actions on messages based on more 
granular results, use the 

spf-status

 rule. 

The S/MIME Gateway Message rule checks if a message is S/MIME signed, encrypted, or signed and 
encrypted. The following message filter checks if the message is an S/MIME message and quarantines 
it if the verification or decryption using S/MIME fails.

quarantine_smime_messages:

if (smime-gateway-message and not smime-gateway-verified) {

quarantine("Policy"); 

}

         }

       }

     }

stamp-mail-with-spf-verification-error:

     if (spf-status("pra") == "PermError, TempError"

             or spf-status("mailfrom") == "PermError, TempError"

             or spf-status("helo") == "PermError, TempError"){

         # permanent error - stamp message subject

         strip-header("Subject");

         insert-header("Subject", "[POTENTIAL PHISHING] $Subject"); }

.

quarantine-spf-unauthorized-mail:

    if (not spf-passed) {

        quarantine("Policy");

    }