Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
6-37
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 6 Using Message Filters to Enforce Email Policies
Note
Unlike the
spf-status
rule, the
spf-passed
rule reduces the SPF/SIDF verification values to a simple
Boolean. The following verification results are treated as not passed in the
spf-passed
rule: None,
Neutral, Softfail, TempError, PermError, and Fail. To perform actions on messages based on more
granular results, use the
granular results, use the
spf-status
rule.
Workqueue-count Rule
The
workqueue-count
rule checks the workqueue-count against a specified value. All the comparison
operators are allowed, such as
>
,
==
,
<=,
and so forth.
The following filter checks the workqueue count, and skips spamcheck if the queue is greater than the
specified number.
specified number.
For more information on SPF/SIDF, see
SMTP Authenticated User Match Rule
If your Cisco IronPort appliance uses SMTP authentication to send messages, the
smtp-auth-id-matches
(
<target> [, <sieve-char>]
)
rule can check a message’s headers and Envelope
Sender against the sender’s SMTP authenticated user ID to identify outgoing messages with spoofed
headers. This filter allows the system to quarantine or block potentially spoofed messages.
headers. This filter allows the system to quarantine or block potentially spoofed messages.
The
smtp-auth-id-matches
rule compares the SMTP authenticated ID against the following targets:
The filter performs matches loosely. It is not case-sensitive. If the optional sieve-char parameter is
supplied, the last portion of an address that follows the specified character will be ignored for the
purposes of comparison. For example, if the
supplied, the last portion of an address that follows the specified character will be ignored for the
purposes of comparison. For example, if the
+
character is included as a parameter, the filter ignores the
portion of the address
joe+folder@example.com
that follows the
+
character. If the address was
wqfull:
if (workqueue-count > 1000) {
skip-spamcheck();
}
Target
Description
*EnvelopeFrom
Compares the address of the Envelope Sender (also known
as MAIL FROM) in the SMTP conversation
as MAIL FROM) in the SMTP conversation
*FromAddress
Compares the addresses parsed out of the From header.
Since multiple addresses are permitted in the From:
header, only one has to match.
Since multiple addresses are permitted in the From:
header, only one has to match.
*Sender
Compares the address specified in the Sender header.
*Any
Matches messages that were created during an
authenticated SMTP session regardless of identity.
authenticated SMTP session regardless of identity.
*None
Matches messages that were not created during an
authenticated SMTP session. This is useful when
authentication is optional (preferred).
authenticated SMTP session. This is useful when
authentication is optional (preferred).