cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8997
Views
15
Helpful
12
Replies

ESA - Tag body of emails EXTERNAL with exceptions

lsmarchig
Level 1
Level 1

Hi,

 

I've found a few posts on adding external to subject line. I am able to also do the same to the body of the email using an incoming content filter with an action of Add Disclaimer Text. But is there a way to exclude a list of outside domains that we wouldn't want to apply this action too. I know you cannot perform a not condition on a dictionary using Content filters. Could you apply a not condition on a dictionary using message filters? Or is there another way of using a content filter to exclude these domains? Would i need to create a new incoming policy rule to exclude them?

 

thanks

2 Accepted Solutions

Accepted Solutions

Correct

Inserting a custom header breaks the SMIME encryption and signatures. There
is also an issue with certain ICAL messages so you might need to exclude
them as well. Just working on that issue as we speak.


View solution in original post

Hi All,

 

I am quite new to CES environment. I have via GUI applied a disclaimer however now we need to whitelist indeed some domains. 

when i see the solution below; I cannot get it configured on CLI as below. I login to CLI go to policyconfig -> Filters - > add new but it only walks me through same steps as in GUI. I do not see anywhere i can paste such a command. 

Can you Guru's sched some more light please? 

 

Thank you

A.Kurtay

 

 

Re: ESA - Tag body of emails EXTERNAL with exceptions

An example of what we use in production, on the CLI level :

 

CLITagExternalHeaderv4: if recv-listener == "InboundInterface" {
                            if NOT (header("X-IronPort-Filter") == "CLITagExternalHeader") {
                                if (NOT (attachment-filename == "smime.p7s")) OR (attachment-filename == "smime.p7m") {
                                    if NOT (mail-from-dictionary-match("WhiteListExternalTagging", 1)) {
                                        if NOT (mail-from-dictionary-match("OurownGroupDomains", 1)) {
                                            insert-header("X-IronPort-Filter", "CLITagExternalHeader");
                                            log-entry("CLITagExternalHeader");
                                            add-heading("External_Warning");
                                        }
                                    }
                                }
                            }
                        }

View solution in original post

12 Replies 12

marc.luescherFRE
Spotlight
Spotlight

An example of what we use in production, on the CLI level :

 

CLITagExternalHeaderv4: if recv-listener == "InboundInterface" {
                            if NOT (header("X-IronPort-Filter") == "CLITagExternalHeader") {
                                if (NOT (attachment-filename == "smime.p7s")) OR (attachment-filename == "smime.p7m") {
                                    if NOT (mail-from-dictionary-match("WhiteListExternalTagging", 1)) {
                                        if NOT (mail-from-dictionary-match("OurownGroupDomains", 1)) {
                                            insert-header("X-IronPort-Filter", "CLITagExternalHeader");
                                            log-entry("CLITagExternalHeader");
                                            add-heading("External_Warning");
                                        }
                                    }
                                }
                            }
                        }


Hope that gives you some ideas..

Thank you Marc, that is very helpful.

 

May i inquire why you exclude the secure mime attachments? Has it caused an issue adding in a header to these?

 

thanks

Most likely because it's not recommend to modify any type of S/MIME signed and/or encrypted emails, as this can cause many different types of errors. It's typically recommended to bypass any sort of modifying filters for those.

 

Thanks!

-Dennis M.

Correct

Inserting a custom header breaks the SMIME encryption and signatures. There
is also an issue with certain ICAL messages so you might need to exclude
them as well. Just working on that issue as we speak.


Thank you

Hello, 

 

sorry for asking late .. 

As our internal security asked to add an Tag in the subject Line at beginning ..

example - [External Mail] OriginalText Subject Line 

and also in the body of the mail . But as you wrote there will be some problems with signed and encrypted mails. So what is here best Practice? Can they bypassed an how? 

So all unsingned / not encrypted   should have  [External Mail ] in Subject Line and also with a Text in Body .. ATTENTION and so on .. ,

and all signed /  encrypted  only to the subject line [External Mail] as this should not be a problem or`??

 

Thanks and Regards

 

 

 

 

I'm curious what the function of the CLITagExternalHeader header is. Would you expect any inbound messages from outside to contain this header?

 

We are adding an additional disclaimer on top of all messages which come from external and can not be DMARC validated as our own authorized senders.

This header is checked so we will not add the same disclaimer to a messages when it has multiple replies with external users.

Thanks. Do you see this custom header being retained in replies/forwards? I don't see my custom headers surviving a reply from an external sender.

Hi Marc,

Can you tell me how you identify the message replies and exclude the EXTERNAL header from a message already containing the header? We want to place the header, but don't want it repeated on an email thread.

Hi All,

 

I am quite new to CES environment. I have via GUI applied a disclaimer however now we need to whitelist indeed some domains. 

when i see the solution below; I cannot get it configured on CLI as below. I login to CLI go to policyconfig -> Filters - > add new but it only walks me through same steps as in GUI. I do not see anywhere i can paste such a command. 

Can you Guru's sched some more light please? 

 

Thank you

A.Kurtay

 

 

Re: ESA - Tag body of emails EXTERNAL with exceptions

An example of what we use in production, on the CLI level :

 

CLITagExternalHeaderv4: if recv-listener == "InboundInterface" {
                            if NOT (header("X-IronPort-Filter") == "CLITagExternalHeader") {
                                if (NOT (attachment-filename == "smime.p7s")) OR (attachment-filename == "smime.p7m") {
                                    if NOT (mail-from-dictionary-match("WhiteListExternalTagging", 1)) {
                                        if NOT (mail-from-dictionary-match("OurownGroupDomains", 1)) {
                                            insert-header("X-IronPort-Filter", "CLITagExternalHeader");
                                            log-entry("CLITagExternalHeader");
                                            add-heading("External_Warning");
                                        }
                                    }
                                }
                            }
                        }