Cisco Cisco Email Security Appliance C160 Mode D'Emploi
9-113
Cisco AsyncOS 9.0 for Email User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Examples
Drop Spoofed Domain Filter (Single Listener)
Drop email with a spoofed domain (pretending to be from an internal address; works with a single
listener). IP addresses below represent fictional domain for
listener). IP addresses below represent fictional domain for
mycompany.com
:
Drop Spoofed Domain Filter (Multiple Listeners)
As above, but works with multiple listeners:
Another Drop Spoofed Domain Filter
Summary: Anti domain spoof filter:
DomainSpoofed:
if (mail-from == "mycompany\\.com$") {
if ((remote-ip != "1.2.") AND (remote-ip != "3.4.")) {
drop();
}
}
domain_spoof:
if ((recv-listener == "Inbound") and (mail-from == "@mycompany\\.com")) {
archive('domain_spoof');
drop ();
}
reject_domain_spoof:
if (recv-listener == "MailListener") {
insert-header("X-Group", "$Group");
if ((mail-from == "@test\\.mycompany\\.com") AND (header("X-Group") != "RELAYLIST")) {
notify("me@here.com");
drop();
strip-header("X-Group");
}