Re: HAT WHITELIST No Content Filter

cammy.busto · ‎10-05-2017

Hi everyone,

Is anyone here tried that WHITELISTED IP sender under HAT has no Content Filter insoection? I was thinking on how to do this. All the incoming Mail (WHITELIST and UNKNOWNLIST) falls to DEFAULT policy. The UNKNOWLIST need to be scanned by Content Filter, but except for WHITELIST.

can you help me on how to conceptualize this?

Thanks

Mohit Soni · ‎10-05-2017

Hello,

To take the action based on sender group you can create a message filter since there is no condition is available based on sender group in the content filter. You can add multiple conditions and actions in the message filter itself. Message filters allow you to create special rules describing how to handle messages as they are received. A message filter is comprised of message filter rules and message filter actions.

If you want to learn more about the message filters then please read chapter 9 from the user guide.

https://www.cisco.com/c/en/us/support/security/email-security-appliance/products-user-guide-list.html

You can also implement message filter to insert unique header based on the sender group and then use the added header in the multiple content filter as a condition.

Please note, multiple conditions may be defined for each content filter. When multiple conditions are defined, you can choose whether the conditions are tied together as a logical OR (“Any of the following conditions...”) or a logical AND (“All of the following conditions”).

Example message filter to insert header based on the sender group:

senderGroupFilter: if (sendergroup == "WHITELIST")
{

insert-header("SG_WHITELIST", "Trusted");

}

.

senderGroupFilter: if (sendergroup == "UNKNOWNLIST")
{

insert-header("SG_UNKNOWNLIST", "Accepted");

}

.

Then a content filter using condition "Other Header"

Example:

Thanks,

Mohit Soni