User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680

201

202

203

204

205

206

207

208

209

210

9-43

AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide

Chapter 9 Using Message Filters to Enforce Email Policies

Message Filter Rules

• Issuer, page 9-43

• Escaping in Regular Expressions, page 9-43

• $CertificateSigners Action Variable, page 9-44

• Examples, page 9-45

Signer

For message signers, the rule extracts the sequence of rfc822Name names from the X.509 certificate’s

subjectAltName extension. If there is no subjectAltName field in the signing certificate, or this field

does not have any

rfc822Name names, the signed-certificate(“signer”) rule evaluates to false. In the

rare cases of multiple

rfc822Name names, the rule tries to match all of the names to the regular

expression and evaluates as true on the first match.

Issuer

The issuer is a non-empty distinguished name in the X.509 certificate. AsyncOS extracts the issuer from

the certificate and converts it to an LDAP-UTF8 Unicode string. For example:

• C=US,S=CA,O=IronPort

• C=US,CN=Bob Smith

Since X.509 certificates require the issuer field,

signed-certificate(“issuer”) evaluates whether the

S/MIME message contains an X.509 certificate.

Escaping in Regular Expressions

LDAP-UTF8 defines a mechanism for escaping that you can use in your regular expressions. For a

detailed discussion on escaping characters in LDAP-UTF8, consult Lightweight Directory Access

Protocol (LDAP): String Representation of Distinguished Names, accessible from

http://www.ietf.org/rfc/rfc4514.txt.

The escaping rules for the

signed-certificate rule’s regular expressions differ from the escaping rules

defined in LDAP-UTF8 by limiting escaping to only the characters that require escaping. LDAP-UTF8

allows optional escaping for characters that can be represented without escaping. For example, the

following two strings are considered correct for “Example, Inc.” using the LDAP-UTF8 escaping rules:

• Example\, Inc.

• Example\,\ Inc\.

However, the signed-certificate rule only matches Example\, Inc. The regular expression does not

allow escaping the space and period for matching because these characters do not require escaping, even

though it is permitted in LDAP-UTF8. When creating a regular expression for the

signed-certificate

rule, do not escape a character if it can be represented without escaping.

$CertificateSigners Action Variable

The action variable $CertificateSigners is a comma separated list of signers obtained from the

subjectAltName element of the signing certificate. Multiple email addresses of a single signer will be

included in the list with duplicates removed.