Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1249
Views
0
Helpful
1
Replies

A white list by subject filter

ScottLoveland8675309
Level 1
Level 1

‎04-09-2020 12:48 PM

I want to create a white list by subject filter.

Our organization sends out messages to members in bulk on certain days. Replies come in with the same title (Re: <the same subject as 10,000 people received). We found that many are dropped as SPAM as our CES detects that there are a lot of messages with the same subject coming in to one account (customer service) at one time.

The challenge is that I want to avoid the Anti-Spam filter by message subject header and I don't seem to be able to do that.

I can create a new filter to white list the messages by subject. I can add that to a new policy but the filter won't be observed until after the Anti-Spam filter has been applied. If I open up the Anti-Spam filter to any sender for any recipient, then I've effectively turned off Anti-SPAM for the company.

1. Does CES filter messages by features in order? Is it always Anti-Spam > Anti-Virus > Advanced Malware Protection > Graymail > Content Filters > Outbreak Filters? Is there a way to change this for some messages (based on subject)?
2. Does anyone have an alternative solution?

Labels:
0 Helpful
1 Reply 1

ppreenja
Cisco Employee
Cisco Employee

‎04-09-2020 10:20 PM - edited ‎04-09-2020 10:22 PM

Hi ,

Please find below answers to your query:

1. Does CES filter messages by features in order? Is it always Anti-Spam > Anti-Virus > Advanced Malware Protection > Graymail > Content Filters > Outbreak Filters? Is there a way to change this for some messages (based on subject)?
- There is no way we can alter the engines' processing email as it is a part of the email pipeline.

2. Does anyone have an alternative solution?
- Alternatively, you can create a message filter as below to skip antispam check for incoming emails:

==============================
SKIP_ANTI_SPAM_SUBJECT: if (subject =="<This is the Subject>") AND (sendergroup != "RELAYLIST")
{
skip-spamcheck();
}
.
========================
Also, if you want to skip graymail engine check as well then you can have the below message filter:

SKIP_ANTI_SPAM_GRAY_SUBJECT: if (subject =="<This is the Subject>") AND (sendergroup != "RELAYLIST")
{
skip-marketingcheck();
skip-socialcheck();
skip-spamcheck();
skip-bulkcheck();
}
.
=================
Note: The message filter can be created via CLI only and make sure you have CLI access to the CES appliance.

Please find below article to have more information on message filters and applying the same:
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118145-technote-esa-00.html
https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_chapter_01000.html

I hope the above helps and answers your query.

Cheers,
Pratham

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents