Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1538
Views
0
Helpful
3
Replies

how to append email that leaves the organization with a caution Message

amahmud01
Level 1
Level 1

‎05-26-2018 11:50 PM - edited ‎03-08-2019 07:37 PM

I want to append in an email a message same like below

 

 

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

 

is it possible this to configure the same  in iron port version 10.0.2-020

 

thanks for your support in advance.

Labels:
0 Helpful
3 Replies 3

Libin Varghese
Cisco Employee
Cisco Employee

‎05-30-2018 05:16 AM

You can certainly add text resources with the disclaimer content and add them as a header or footer to emails using content filters.

 

Below article has examples on how to accomplish this for specific domains, removing the condition in the filter should apply it to all emails.

 

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118489-technote-esa-00.html

 

Regards,

Libin Varghese

0 Helpful

marc.luescherFRE
Spotlight
Spotlight

‎05-31-2018 07:03 AM

I think what you want to do is to add a header with a warning.

 

You will need at least two things, optionally a third one :

 

a) a header message with your text, in html if you insist on the border or to make it look more nice

b) a message/content filter to skip insertion of the header for some ics and smime messages to not break them

c) a message/content filter to insert the header for all messages which are not :

    - your own domain (internal)

    - not whitelisted

 

I hope that helps.

 

For your reference I provide a sample combining (b and c) we use dedicated inbound and outbound interfaces.

 

CLITagExternalHeaderv4: if recv-listener == "InboundInterface" {
if NOT (header("X-IronPort-Filter") == "CLITagExternalHeader") {
if (NOT (attachment-filename == "smime.p7s")) OR (attachment-filename == "smime.p7m") {
if NOT (mail-from-dictionary-match("WhiteListExternalTagging", 1)) {
if NOT (mail-from-dictionary-match("WhiteListOwnGroupDomains", 1)) {
insert-header("X-IronPort-Filter", "CLITagExternalHeader");
log-entry("CLITagExternalHeader");
add-heading("External_Warning");
}
}
}
}
}

0 Helpful

Mathew Huynh
Cisco Employee
Cisco Employee

‎05-31-2018 07:41 AM

Hey amahmud01,

 

Just to throw this option in there as well.

You can add a disclaimer at the listener level to stamp all emails (with the heading(top) or bottom(footer)). This applies to 'all' email matching that listener.


Works well if you are running a 2 listener setup and wanted to apply it globally depending on circumstance.

 

(the downside is... you can't run a skip rule like you can with message/content filters).

 

Regards,

Matthew 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents