Cisco Cisco Email Security Appliance C160 Mode D'Emploi

Like the 

header()

 rule, 

dnslist()

 can be used in either a unary or binary comparison. By itself, it 

simply evaluates to

 true

 if a response is received and 

false

 if no response is received (for example, if 

the DNS server is unreachable). 

the following filter immediately delivers a message if the sender has been bonded with the Cisco Bonded 
Sender information services program:

Optionally, you can compare the result to a string using the equality (

==

) or inequality (

!=

) expressions. 

The following filter drops a message that results in a “

127.0.0.2

” response from the server. If the 

response is anything else, the rule returns “false” and the filter is ignored.

The 

reputation

 rule checks the SenderBase Reputation Score against another value. All the comparison 

operators are allowed, such as 

>

, 

==

, 

<=,

 and so forth. If the message does not have a SenderBase 

Reputation Score at all (because one was never checked for it, or because the system failed to get a 
response from the SenderBase Reputation Service query server), any comparison against a reputation 
fails (the number will not be greater than, less than, equal to, or not equal to any value). You can check 
for a SBRS score of “none” using the 

no-reputation

 rule described below. The following example 

adjusts the “Subject:” line of a message to be prefixed by “

*** BadRep ***

” if the reputation score 

returned from the SenderBase Reputation Service is below a threshold of -7.5..

 For more information, see the “Sender Reputation Filtering” chapter. See also 

whitelist_bondedsender:

   if (dnslist('query.bondedsender.org')) {

 skip-filters();

   }

blacklist:

   if (dnslist('dnsbl.example.domain') == '127.0.0.2') {

        drop();

   }

note_bad_reps:

   if (reputation < -7.5) {

        strip-header ('Subject');

        insert-header ('Subject', '*** BadRep $Reputation *** $Subject');

   }