Solved: Can't Commit New Filter on ESA Cluster

Navar · ‎12-03-2018

Followed the "Detect Spoofed Email Message" article.

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/200166-Quarantine-Spoofed-Email-Messages-on-the.html

But when we get to Create a Message Filter using the CLI, we can't commit. When we go back to the mail CLI prompted we get "nothing to commit". Is there something special that needs to be done when ESA is clustered?

dmccabej · ‎12-04-2018

Hello,

Would you be able to share your session output when you try to add the filter?

Thanks

-Dennis M.

View solution in original post

dmccabej · ‎12-04-2018

Hello,

Would you be able to share your session output when you try to add the filter?

Thanks

-Dennis M.

Navar · ‎12-04-2018

TAK replied to me within 10 minutes and pointed out that we just needed to hit enter a second time and then type commit.

The KB article needs to be updated. I added in red what needs to be added.

From KB.

mark_spoofed_messages:
if(
     (mail-from-dictionary-match("VALID_INTERNAL_DOMAINS", 1)) 
 OR  (header-dictionary-match("VALID_INTERNAL_DOMAINS","From", 1))) 
 AND ((sendergroup != "RELAYLIST") 
 AND (sendergroup != "MY_TRUSTED_SPOOF_HOSTS")
  ) 
{
insert-header("X-Spoof", "");
} (Hit Enter)
. (Hit Enter)
Hit Enter
Commit (Hit Enter)

dmccabej · ‎12-04-2018

Ah, the ol' missed commit. :) Thanks for the update and I'm glad you got it figured out. I'll make sure the article is updated ASAP to provide clarity on the steps.

Thanks!

-Dennis M.