Cisco Cisco Email Security Appliance C160 Mode D'Emploi
5-31
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 5 Email Authentication
Determining the Action to Take for SPF/SIDF Verified Mail
When you receive SPF/SIDF verified mail, you may want to take different actions depending on the
results of the SPF/SIDF verification. You can use the following message and content filter rules to
determine the status of SPF/SIDF verified mail and perform actions on the messages based on the
verification results:
results of the SPF/SIDF verification. You can use the following message and content filter rules to
determine the status of SPF/SIDF verified mail and perform actions on the messages based on the
verification results:
•
spf-status
. This filter rule determines actions based on the SPF/SIDF status. You can enter a
different action for each valid SPF/SIDF return value.
•
spf-passed
. This filter rule generalizes the SPF/SIDF results as a Boolean value.
Note
The
spf-passed
filter rule is only available in message filters.
You can use the
spf-status
rule when you want to address more granular results, and use the
spf-passed
rule when you want to create a simple Boolean.
Verification Results
If you use the
spf-status
filter rule, you can check against the SPF/SIDF verification results using the
following syntax:
If you want a single condition to check against multiple status verdicts, you can use the following syntax:
You can also check the verification results against the HELO, MAIL FROM, and PRA identities using
the following syntax:
the following syntax:
Note
You can only use the
spf-status
message filter rule to check results against HELO, MAIL FROM, and
PRA identities. You cannot use the
spf-status
content filter rule to check against identities.
You can receive any of the following verification results:
•
None - no verification can be performed due to the lack of information.
•
Pass - the client is authorized to send mail with the given identity.
•
Neutral - the domain owner does not assert whether the client is authorized to use the given identity.
•
SoftFail - the domain owner believes the host is not authorized to use the given identity but is not
willing to make a definitive statement.
willing to make a definitive statement.
•
Fail - the client is not authorized to send mail with the given identity.
•
TempError - a transient error occurred during verification.
if (spf-status == "Pass")
if (spf-status == "PermError, TempError")
if (spf-status("pra") == "Fail")