Cisco Cisco Email Security Appliance C160 Mode D'Emploi
6-39
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 6 Using Message Filters to Enforce Email Policies
Signed Rule
The
signed
rule checks messages for a signature. The rule returns a boolean value to indicate if the
message is signed or not. This rule evaluates whether the signature is encoded according to ASN.1 DER
encoding rules and that it conforms to the CMS SignedData Type structure (RFC 3852, Section 5.1.). It
does not aim to validate whether the signature matches the content, nor does it check the validity of the
certificate.
encoding rules and that it conforms to the CMS SignedData Type structure (RFC 3852, Section 5.1.). It
does not aim to validate whether the signature matches the content, nor does it check the validity of the
certificate.
The following example shows a
signed
rule used to insert headers into a signed message:
The following example shows a
signed
rule used to drop attachments from unsigned messages from a
certain sender group:
Signed Certificate Rule
The
signed-certificate
rule selects those S/MIME messages where the X.509 certificate issuer or
message signer matches the given regular expression. This rule only supports X.509 certificates.
The rule’s syntax is
signed-certificate
(<field> [<operator> <regular expression>])
, where:
•
<field>
is either the quoted string
“issuer”
or
“signer”
,
•
<operator>
is either
==
or
!=
,
# User has specified a domain which cannot be authenticated
quarantine("forged");
}
} else {
# User claims to be an completely different user
quarantine("forged");
}
}
signedcheck: if signed { insert-header("X-Signed", "True"); }
Signed: if ((sendergroup == "NOTTRUSTED") AND NOT signed) {
html-convert();
if (attachment_size > 0)
{
drop_attachments("");
}
}