Руководство Пользователя для Cisco Cisco Email Security Appliance C170
6-97
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 6 Using Message Filters to Enforce Email Policies
Message Filter Examples
This section contains some real world examples of filters with a brief discussion of each.
Open-Relay Prevention Filter
This filter bounces messages with addresses using
%
, extra
@
, and
!
characters in email addresses:
•
user%otherdomain@validdomain
•
user@otherdomain@validdomain:
•
domain!user@validdomain
Cisco IronPort appliances are not susceptible to these third party relay hacks that are often used to
exploit traditional Sendmail/Qmail systems. As many of these symbols (for example
exploit traditional Sendmail/Qmail systems. As many of these symbols (for example
%
) can be part of a
perfectly legal email address, Cisco IronPort appliances will accept these as valid addresses, verify them
against the configured recipient lists, and pass them on to the next internal server. Cisco IronPort
appliances do not relay these messages to the world.
against the configured recipient lists, and pass them on to the next internal server. Cisco IronPort
appliances do not relay these messages to the world.
These filters are put in place to protect users who may have open-source MTAs that are misconfigured
to allow relay of these types of messages.
to allow relay of these types of messages.
Note
You can also configure a listener to handle these types of addresses. See
for more information.
Policy Enforcement Filters
Notify Based on Subject Filter
This filter sends notification based on whether the subject contains specific words:
sourceRouted:
if (rcpt-to == "(%|@|!)(.*)@") {
bounce();
}
search_for_sensitive_content:
if (Subject == "(?i)plaintiff|lawsuit|judge" ) {
notify ("admin@company.com");
}