Cisco Cisco Email Security Appliance X1070 Mode D'Emploi
5-34
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 5 Email Authentication
Using the spf-passed Filter Rule
The
spf-passed
rule shows the results of SPF verification as a Boolean value. The following example
shows an
spf-passed
rule used to quarantine emails that are not marked as spf-passed:
Note
Unlike the
spf-status
rule, the
spf-passed
rule reduces the SPF/SIDF verification values to a simple
Boolean. The following verification results are treated as not passed in the
spf-passed
rule: None,
Neutral, Softfail, TempError, PermError, and Fail. To perform actions on messages based on more
granular results, use the
granular results, use the
spf-status
rule.
Testing the SPF/SIDF Results
Test the results of SPF/SIDF verification and use these results to determine how to treat SPF/SIDF
failures because different organizations implement SPF/SIDF in different ways. Use a combination of
content filters, message filters, and the Email Security Monitor - Content Filters report to test the results
of the SPF/SIDF verification.
failures because different organizations implement SPF/SIDF in different ways. Use a combination of
content filters, message filters, and the Email Security Monitor - Content Filters report to test the results
of the SPF/SIDF verification.
Your degree of dependence on SPF/SIDF verification determines the level of granularity at which you
test SPF/SIDF results.
test SPF/SIDF results.
Basic Granularity Test of SPF/SIDF Results
To get a basic measure of the SPF/SIDF verification results for incoming mail, you can use content filters
and the Email Security Monitor - Content Filters page. This test provides a view of the number of
messages received for each type of SPF/SIDF verification result.
and the Email Security Monitor - Content Filters page. This test provides a view of the number of
messages received for each type of SPF/SIDF verification result.
To perform a basic SPF/SIDF verification test:
Step 1
Enable SPF/SIDF verification for a mail flow policy on an incoming listener, and use a content filter to
configure an action to take. For information on enabling SPF/SIDF, see
configure an action to take. For information on enabling SPF/SIDF, see
.
Step 2
Create an
spf-status
content filter for each type of SPF/SIDF verification. Use a naming convention to
indicate the type of verification. For example, use “SPF-Passed” for messages that pass SPF/SIDF
verification, or “SPF-TempErr” for messages that weren’t passed due to a transient error during
verification. For information about creating an
verification, or “SPF-TempErr” for messages that weren’t passed due to a transient error during
verification. For information about creating an
spf-status
content filter, see
.
Step 3
After you have processed a number of SPF/SIDF verified messages, click Monitor > Content Filters to
see how many messages triggered each of the SPF/SIDF verified content filters.
see how many messages triggered each of the SPF/SIDF verified content filters.
quarantine-spf-unauthorized-mail:
if (not spf-passed) {
quarantine("Policy");
}