Cisco Cisco Email Security Appliance C160 Mode D'Emploi
21-30
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 21 Email Authentication
Determining the Action to Take for SPF/SIDF Verified Mail
spf-status Content Filter Rule in the GUI
You can also enable the
spf-status
rule from the content filters in the GUI. However, you cannot check
results against HELO, MAIL FROM, and PRA identities when using the
spf-status
content filter rule.
To add the
spf-status
content filter rule from the GUI, click Mail Policies > Incoming Content
Filters. Then add the SPF Verification filter rule from the Add Condition dialog box. Specify one or
more verification results for the condition.
more verification results for the condition.
After you add the SPF Verification condition, specify an action to perform based on the SPF status. For
example, if the SPF status is SoftFail, you might quarantine the message.
example, if the SPF status is SoftFail, you might quarantine the message.
quarantine("Policy");
}
}
} else {
if(spf-status("pra") == "SoftFail"){
if (spf-status("mailfrom") == "Fail"
or spf-status("mailfrom") == "SoftFail"){
# malicious mail, but tempting
quarantine("Policy");
}
}
}
stamp-mail-with-spf-verification-error:
if (spf-status("pra") == "PermError, TempError"
or spf-status("mailfrom") == "PermError, TempError"
or spf-status("helo") == "PermError, TempError"){
# permanent error - stamp message subject
strip-header("Subject");
insert-header("Subject", "[POTENTIAL PHISHING] $Subject"); }
.