Cisco Cisco Email Security Appliance C160 Mode D'Emploi
Chapter 6 Using Message Filters to Enforce Email Policies
6-354
Cisco IronPort AsyncOS 7.3 for Email Advanced Configuration Guide
OL-23081-01
Signed Certificate Rule
The
signed-certificate
rule selects those S/MIME messages where the X.509
certificate issuer or message signer matches the given regular expression. This
rule only supports X.509 certificates.
rule only supports X.509 certificates.
The rule’s syntax is
signed-certificate
(<field> [<operator> <regular
expression>])
, where:
•
<field>
is either the quoted string
“issuer”
or
“signer”
,
•
<operator>
is either
==
or
!=
,
•
and
<regular expression>
is the value for matching the “issuer” or “signer.”
If the message is signed using multiple signatures, the rule returns true if any of
the issuers or signers match the regular expression. The short form of this rule,
the issuers or signers match the regular expression. The short form of this rule,
signed-certificate(“issuer”)
and
signed-certificate(“signer”)
, returns
true if the S/MIME message contains an issuer or signer.
Signer
For message signers, the rule extracts the sequence of
rfc822Name
names from the
X.509 certificate’s
subjectAltName
extension. If there is no
subjectAltName
field in the signing certificate, or this field does not have any
rfc822Name
names,
the
signed-certificate(“signer”)
rule evaluates to false. In the rare cases of
multiple
rfc822Name
names, the rule tries to match all of the names to the regular
expression and evaluates as true on the first match.
Issuer
The issuer is a non-empty distinguished name in the X.509 certificate. AsyncOS
extracts the issuer from the certificate and converts it to an LDAP-UTF8 Unicode
string. For example:
extracts the issuer from the certificate and converts it to an LDAP-UTF8 Unicode
string. For example:
•
C=US,S=CA,O=IronPort
•
C=US,CN=Bob Smith
}
}