User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680

9-11

AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide

Chapter 9 Using Message Filters to Enforce Email Policies

Message Filter Rules

Envelope Recipient

in Group

rcpt-to-group

Is the Envelope Recipient, (i.e. the Envelope To,

<RCPT TO>) in a given LDAP group? See

Envelope Recipient in Group Rule, page 9-25.

Note: The

rcpt-to-group rule is

message-based. If a message has multiple

recipients, only one recipient has to be found in

a group for the specified action to affect the

message to all recipients.

Remote IP

remote-ip

Was the message sent from a remote host that

matches a given IP address or IP block? See

Remote IP Rule, page 9-27.

Receiving

Interface

recv-int

Did the message arrive via the named receiving

interface? See Receiving IP Interface Rule,

page 9-28.

Receiving Listener

recv-listener

Did the message arrive via the named listener?

See Receiving Listener Rule, page 9-27.

Date

date

Is current time before or after a specific time and

date? See Date Rule, page 9-28.

Header

header(<string>)

Does the message contain a specific header?

Does the value of that header match a certain

pattern? See Header Rule, page 9-28.

Random

random(<integer>)

Is a random number in some range? See Random

Rule, page 9-29.

Recipient Count

rcpt-count

How many recipients is this email going to? See

Recipient Count Rule, page 9-30.

Address Count

addr-count()

What is the cumulative number of recipients?

This filter differs from the rcpt-count filter rule

in that it operates on the message body headers

instead of the envelope recipients. See Address

Count Rule, page 9-30.

SPF Status

spf-status

What was the SPF verification status? This filter

rule allows you to query for different SPF

verification results. You can enter a different

action for each valid SPF/SIDF return value. See

SPF-Status Rule, page 9-37.

SPF Passed

spf-passed

Did the SPF/SIDF verification pass? This filter

rule generalizes the SPF/SIDF results as a

Boolean value. See SPF-Passed Rule, page 9-39.

S/MIME Gateway

Message

smime-gateway

Is the message S/MIME signed, encrypted, or

signed and encrypted? See S/MIME Gateway

Message Rule, page 9-39

Table 9-2 Message Filter Rules

Rule Syntax Description