Cisco Cisco Email Security Appliance X1070 Guia Do Utilizador
9-35
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
The following filter drops a message that results in a “
127.0.0.2
” response from the server. If the
response is anything else, the rule returns “false” and the filter is ignored.
SenderBase Reputation Rule
The
reputation
rule checks the SenderBase Reputation Score against another value. All the comparison
operators are allowed, such as
>
,
==
,
<=,
and so forth. If the message does not have a SenderBase
Reputation Score at all (because one was never checked for it, or because the system failed to get a
response from the SenderBase Reputation Service query server), any comparison against a reputation
fails (the number will not be greater than, less than, equal to, or not equal to any value). You can check
for a SBRS score of “none” using the
response from the SenderBase Reputation Service query server), any comparison against a reputation
fails (the number will not be greater than, less than, equal to, or not equal to any value). You can check
for a SBRS score of “none” using the
no-reputation
rule described below. The following example
adjusts the “Subject:” line of a message to be prefixed by “
*** BadRep ***
” if the reputation score
returned from the SenderBase Reputation Service is below a threshold of -7.5..
For more information, see the “Sender Reputation Filtering” chapter. See also
Values for the SenderBase Reputation rule are -10 through 10, but the value
NONE
may also be returned.
To check specifically for the value
NONE
, use the
no-reputation
rule.
blacklist:
if (dnslist('dnsbl.example.domain') == '127.0.0.2') {
drop();
}
note_bad_reps:
if (reputation < -7.5) {
strip-header ('Subject');
insert-header ('Subject', '*** BadRep $Reputation *** $Subject');
}
none_rep:
if (no-reputation) {
strip-header ('Subject');
insert-header ('Subject', '*** Reputation = NONE *** $Subject');
}