Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

Página de 1219
 
9-110
Cisco AsyncOS 9.1 for Email User Guide
 
Chapter 9      Using Message Filters to Enforce Email Policies
  Message Filter Examples
If you also want to drop messages with a blank envelope from, use this filter:
SRBS Filter
SenderBase Reputation filter:
Alter SRBS Filter
Alter the (SenderBase Reputation Score) SBRS threshold for certain domains: 
Filename Regex Filter
This filter specifies a range of size for the body of the message, and looks for an attachment that matches 
the regular expression (this matches files named “readme.zip”, “readme.exe”, “attach.exe”, and so 
forth.):
blank_mail_from_stop: 
if (recv-listener == "InboundMail" AND (mail-from == "^$|<\\s*>" OR header ("From") == 
"^$|<\\s*>")) 
  drop (); 
note_bad_reps: 
if (reputation < -2)  { 
  strip-header ('Subject'); 
  insert-header ('Subject', '***BadRep $Reputation *** $Subject');
}
mod_sbrs:
if ( (rcpt-count == 1) AND (rcpt-to == "@domain\\.com$") AND (reputation < -2) ) { 
    drop (); 
}
filename_filter: 
if ((body-size >= 9k) AND (body-size <= 20k)) { 
   if (body-contains ("(?i)(readme|attach|information)\\.(zip|exe)$")) { 
      drop ();