Cisco Cisco Email Security Appliance C380 ユーザーガイド
9-99
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Examples
Large “To:” Header Filter
Find messages with very large “To” headers.
Use the
archive()
line for verification of proper action, with drop() enabled or disabled for extra safety:
Blank “From:” Filter
Identify blank “From” headers,
This filter can alleviate various forms of blank “from” addresses:
If you also want to drop messages with a blank envelope from, use this filter:
{
archive("Drop_Attachments");
insert-header("X-Filter", "Dropped by: $FilterName MID: $MID");
drop-attachments-by-name("\\.(asp|bas|bat|cmd|cpl|exe|hta|ins|isp|js)$");
}
toTooBig:
if(header('To') == "^.{500,}") {
archive('tooTooBigdropped');
drop();
}
blank_mail_from_stop:
if (recv-listener == "InboundMail" AND header("From") == "^$|<\\s*>") {
drop ();
}
blank_mail_from_stop:
if (recv-listener == "InboundMail" AND (mail-from == "^$|<\\s*>" OR header ("From") ==
"^$|<\\s*>"))
{
drop ();
}