Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

The following example shows an 

spf-passed

 rule used to quarantine emails that are not marked as 

spf-passed:

Unlike the 

spf-status 

rule, the 

spf-passed

 rule reduces the SPF/SIDF verification values to a simple 

Boolean. The following verification results are treated as not passed in the 

spf-passed

 rule: None, 

Neutral, Softfail, TempError, PermError, and Fail. To perform actions on messages based on more 
granular results, use the 

spf-status

 rule. 

The 

workqueue-count

 rule checks the workqueue-count against a specified value. All the comparison 

operators are allowed, such as 

>

, 

==

, 

<=,

 and so forth. 

The following filter checks the workqueue count, and skips spamcheck if the queue is greater than the 
specified number.

stamp-mail-with-spf-verification-error:

     if (spf-status("pra") == "PermError, TempError"

             or spf-status("mailfrom") == "PermError, TempError"

             or spf-status("helo") == "PermError, TempError"){

         # permanent error - stamp message subject

         strip-header("Subject");

         insert-header("Subject", "[POTENTIAL PHISHING] $Subject"); }

.

quarantine-spf-unauthorized-mail:

    if (not spf-passed) {

        quarantine("Policy");

    }

 wqfull: 

if (workqueue-count > 1000) {

 skip-spamcheck();

}