Cisco Cisco Email Security Appliance C160 Mode D'Emploi

The 

attachment

-

dictionary-match(<dictonary_name>)

 rule works like the 

dictionary-match

 rule 

above, except that it looks for matches in the attachment. 

The following filter sends the message to the Policy quarantine if the message attachment contains any 
words found within the dictionary named “secret_words.”

The 

header

-

dictionary-match(<dictonary_name>, <header>)

 rule works like the dictionary-match 

rule above, except that it looks for matches in the header specified in <header>. The header name is case 
insensitive, so, for example, “subject” and “Subject” both work.

The following filter sends the message to the Policy quarantine if the message’s “cc” header contains 
any words found within the dictionary named “ex_employees.”

You can use wild cards within the dictionary terms. You do not have to escape the period in email 
addresses. 

When you receive SPF/SIDF verified mail, you may want to take different actions depending on the 
results of the SPF/SIDF verification. The spf-status rule checks against different SPF verification results. 
For more information, see 

You can check against the SPF/SIDF verification results using the following syntax:

If you want a single condition to check against multiple status verdicts, you can use the following syntax:

quarantine_codenames_attachment:  

   if (attachment-dictionary-match ('secret_words')) 

       {

       quarantine('Policy');

       }

quarantine_codenames_attachment:  

   if (header-dictionary-match ('ex_employees', 'cc')) 

       {

       quarantine('Policy');

       }

if (spf-status == "Pass")

if (spf-status == "PermError, TempError")