Cisco Cisco Email Security Appliance X1070 Guida Utente
Chapter 5 Using Message Filters to Enforce Email Policies
5-360
Cisco IronPort AsyncOS 7.1 for Email Advanced Configuration Guide
OL-22164-02
When flagged for quarantine, the message continues through the rest of the email
pipeline. When the message reaches the end of the pipeline, if the message has
been flagged for one or more quarantines then it enters those queues. Otherwise,
it is delivered. Note that if the message does not reach the end of the pipeline, it
is not placed in a quarantine.
pipeline. When the message reaches the end of the pipeline, if the message has
been flagged for one or more quarantines then it enters those queues. Otherwise,
it is delivered. Note that if the message does not reach the end of the pipeline, it
is not placed in a quarantine.
Accordingly, if a message filter contains a
quarantine()
action followed by a
bounce()
or
drop()
action, the message will not enter the quarantine, since the
final action prevents the message from reaching the end of the pipeline. The same
is true if a message filter includes a quarantine action, but the message is later
dropped by anti-spam or anti-virus scanning, or a content filter. The
is true if a message filter includes a quarantine action, but the message is later
dropped by anti-spam or anti-virus scanning, or a content filter. The
skip_filters()
final action causes the message to skip any remaining message
filters, but content filters may still apply. For example, if a message filter flags a
message for quarantine and also includes the
message for quarantine and also includes the
skip_filters()
final action, the
message skips all remaining message filters and will be quarantined, unless
another action in the email pipeline causes the message to be dropped.
another action in the email pipeline causes the message to be dropped.
In the following example, the message is sent to the Policy quarantine if the
message contains any words within the dictionary named “secret_word.”
message contains any words within the dictionary named “secret_word.”
quarantine_codenames:
if (dictionary-match ('secret_words'))
{
quarantine('Policy');
}
In the following example, suppose a company has an official policy to drop all
.mp3 file attachments. If an inbound message has a .mp3 attachment, the
attachment is stripped and the remaining message (original body and remaining
attachments) is sent to the original recipient. Another copy of the original
message with all attachments will be quarantined (sent to the Policy quarantine).
If it is necessary to receive the blocked attachment(s), the original recipient would
then request that the message be released from the quarantine.
.mp3 file attachments. If an inbound message has a .mp3 attachment, the
attachment is stripped and the remaining message (original body and remaining
attachments) is sent to the original recipient. Another copy of the original
message with all attachments will be quarantined (sent to the Policy quarantine).
If it is necessary to receive the blocked attachment(s), the original recipient would
then request that the message be released from the quarantine.
strip_all_mp3s:
if (attachment-filename == '(?i)\\.mp3$') {