Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

The action is what the Email Security appliance does with a message that matches the content filter’s 
condition. Many different types of actions are available, including modifying the message, quarantining 
it, or dropping it. A “final action” performed on a message, delivering or dropping it, forces the Email 
Security appliance to perform the action immediately and forgo all further processing, such as Outbreak 
Filter or DLP scanning.

At least one action must be defined for each content filter. 

Actions are performed in order on messages, so consider the order of actions when defining multiple 
actions for a content filter. 

When you configure a quarantine action for messages that match Attachment Content conditions, 
Message Body or Attachment conditions, Message body conditions, or the Attachment content 
conditions, you can view the matched content in the quarantined message. When you display the 
message body, the matched content is highlighted in yellow. You can also use the 

$MatchedContent

 

action variable to include the matched content in the message subject. For more information, see the Text 
Resources chapter.

Only one final action may be defined per filter, and the final action must be last action listed. Bounce, 
deliver, and drop are final actions. When entering actions for content filters, the GUI and CLI will force 
final actions to be placed last. 

See also 

. 

Was the message sent from a remote host that matches a given IP address 
or IP block? The Remote IP rule tests to see if the IP address of the host 
that sent that message matches a certain pattern. This can be an Internet 
Protocol version 4 (IPv4) or version 6 (IPv6) address. The IP address 
pattern is specified using the allowed hosts notation described in 

, except for the SBO, SBRS, dnslist notations and 

the special keyword ALL.

What is the sender’s SenderBase Reputation Score? The Reputation Score 
rule checks the SenderBase Reputation Score against another value. 

Did DKIM authentication pass, partially verify, return temporarily 
unverifiable, permanently fail, or were no DKIM results returned?

What was the SPF verification status? This filter rule allows you to query 
for different SPF verification results. For more information about SPF 
verification, see the “Email Authentication” chapter.

Is the message S/MIME signed, encrypted, or signed and encrypted? For 
more information, see 

Is the S/MIME message successfully verified, decrypted, or decrypted and 
verified? For more information, see