Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

Dictionaries can be used along with the various 

dictionary-match()

 message filter rules and with 

content filters. 

The message filter rule named 

dictionary-match(<

>)

 (and its counterparts) evaluates 

to true if the message body contains any of the regular expressions in the content dictionary named 
dictionary_name. If that dictionary does not exist, the rule evaluates to false.

Note that the 

dictionary-match()

 rule functions similarly to the

 body-contains()

 body scanning rule: 

it only scans the body and attachments of messages, and not the headers.

For scanning headers, you can use the appropriate 

*-dictionary-match()

-type rule (there are rules for 

specific headers, such as 

subject-dictionary-match()

 and a more generic rule, 

header-dictionary-match()

, in which you can specify any header including custom headers). See 

“Dictionary Rules” in the “Using Message Filters to Enforce Email Policies” chapter of the Cisco 
IronPort AsyncOS for Email Advanced Configuration Guide for more information about dictionary 
matching.

In the following example, a new message filter using the 

dictionary-match()

 rule is created to blind 

carbon copy the administrator when the Cisco IronPort appliance scans a message that contains any 
words within the dictionary named “secret_words” (created in the previous example). Note that because 
of the settings, only messages that contain the whole word “

codename

” matching the case exactly will 

evaluate to true for this filter. 

In this example, we send the message to the Policy quarantine:

dictionary-match(<dictionary

_name>)

Does the message contain a word that 
matches all the regular expressions listed in 
the named dictionary?

bcc_codenames:  

   if (dictionary-match ('secret_words')) 

       {

       bcc('administrator@example.com');

       }

quarantine_codenames:  

   if (dictionary-match ('secret_words')) 

       {