Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2965
Views
0
Helpful
1
Replies

Help! Content filter with Dictionary checking

Go to solution
Kit1
Level 1
Level 1

‎12-20-2017 01:52 AM - edited ‎03-08-2019 07:30 PM

By default, my company will block all mail from gmail.com, yahoo.com & hotmail.com.

I have created 2 dictionaries for this issue: 1) Exceptional email address list which allowed to send mail to us. 2) VIP list who can receive email from these 3 domains.

 

I would like to use content filter to check if addresses are NOT found in either dictionaries, it will be quarantined.

 

But I don't know how to do it. Any suggestion?

 

Thanks

Kit

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎12-20-2017 04:55 AM

Hi Kit,

 

I do not think a single content filter would do it since content filters do not currently support NOT for dictionaries.

 

You would first need to create an incoming mail policy for all emails from sender domain gmail, hotmail, yahoo. Its best to keep these separate if these are going to be treated differently to other emails.

 

So Mail Policies -> Incoming Mail Policies -> Add Policy -> Add User -> Following senders (gmail.com, hotmail.com, yahoo.com) -> Any recipient

 

Note: Should be placed higher in order in order to avoid matching other mail policies.

 

Then create two incoming content filters for this incoming mail policy.

 

Content filter 1:
Condition 1: Envelope sender dictionary match
OR/AND depending on your requirement (OR if your points are 1 OR 2, AND if your points are 1 AND 2).
Condition 2: Envelope recipient dictionary match

 

Action 1: Add log entry: Skipping filter for exceptions
Action 2: Skip remaining content filters

 

Content filter 2:
No conditions

 

Action 1: Add log entry: Quarantine untrusted sender.
Action 2: Quarantine (Policy or another system quarantine)


Enable the two content filters for the newly created incoming mail policy.

 

Use System Administration -> Trace functionality to test the policy and filters, trace should work without committing changes so you can try all possible combinations before you save changes.

 

If you have a lab device, it would be recommended you add the filter and test it in the lab environment before adding it in production.


Regards,
Libin Varghese

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎12-20-2017 04:55 AM

Hi Kit,

 

I do not think a single content filter would do it since content filters do not currently support NOT for dictionaries.

 

You would first need to create an incoming mail policy for all emails from sender domain gmail, hotmail, yahoo. Its best to keep these separate if these are going to be treated differently to other emails.

 

So Mail Policies -> Incoming Mail Policies -> Add Policy -> Add User -> Following senders (gmail.com, hotmail.com, yahoo.com) -> Any recipient

 

Note: Should be placed higher in order in order to avoid matching other mail policies.

 

Then create two incoming content filters for this incoming mail policy.

 

Content filter 1:
Condition 1: Envelope sender dictionary match
OR/AND depending on your requirement (OR if your points are 1 OR 2, AND if your points are 1 AND 2).
Condition 2: Envelope recipient dictionary match

 

Action 1: Add log entry: Skipping filter for exceptions
Action 2: Skip remaining content filters

 

Content filter 2:
No conditions

 

Action 1: Add log entry: Quarantine untrusted sender.
Action 2: Quarantine (Policy or another system quarantine)


Enable the two content filters for the newly created incoming mail policy.

 

Use System Administration -> Trace functionality to test the policy and filters, trace should work without committing changes so you can try all possible combinations before you save changes.

 

If you have a lab device, it would be recommended you add the filter and test it in the lab environment before adding it in production.


Regards,
Libin Varghese

0 Helpful
Customers Also Viewed These Support Documents