Manualsbrain.com
  1. Manuais
  2. Marcas
  3. Cisco
  4. Cisco Email Security Appliance C170
  5. Guia Do Utilizador

Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

Download
Página de 1140
 
9-39
Cisco AsyncOS 8.5.5 for Email Security User Guide
 
Chapter 9      Using Message Filters to Enforce Email Policies
  Message Filter Rules
The following example shows a 
signed
 rule used to insert headers into a signed message:
The following example shows a 
signed
 rule used to drop attachments from unsigned messages from a 
certain sender group:
Signed Certificate Rule
The 
signed-certificate
 rule selects those S/MIME messages where the X.509 certificate issuer or 
message signer matches the given regular expression. This rule only supports X.509 certificates.
The rule’s syntax is 
signed-certificate
 
(<field> [<operator> <regular expression>])
, where:
<field>
 is either the quoted string 
“issuer”
 or 
“signer”
,
<operator>
 is either 
==
 or 
!=
,
and 
<regular expression>
 is the value for matching the “issuer” or “signer.”
If the message is signed using multiple signatures, the rule returns true if any of the issuers or signers 
match the regular expression. The short form of this rule, 
signed-certificate(“issuer”)
 and 
signed-certificate(“signer”)
, returns true if the S/MIME message contains an issuer or signer. 
Signer
For message signers, the rule extracts the sequence of 
rfc822Name
 names from the X.509 certificate’s 
subjectAltName
 extension. If there is no 
subjectAltName
 field in the signing certificate, or this field 
does not have any 
rfc822Name
 names, the 
signed-certificate(“signer”)
 rule evaluates to false. In the 
rare cases of multiple 
rfc822Name
 names, the rule tries to match all of the names to the regular 
expression and evaluates as true on the first match.
Issuer
The issuer is a non-empty distinguished name in the X.509 certificate. AsyncOS extracts the issuer from 
the certificate and converts it to an LDAP-UTF8 Unicode string. For example:
C=US,S=CA,O=IronPort
C=US,CN=Bob Smith
Since X.509 certificates require the issuer field, 
signed-certificate(“issuer”)
 evaluates whether the 
S/MIME message contains an X.509 certificate. 
signedcheck: if signed { insert-header("X-Signed", "True"); }
Signed: if ((sendergroup == "NOTTRUSTED") AND NOT signed) {
 html-convert();
    if (attachment_size > 0)
    {
        drop_attachments("");
    }
}