Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
794
Views
0
Helpful
1
Replies
Highlighted
sanjumathen
Enthusiast
Enthusiast
‎02-03-2014 03:51 AM
‎02-03-2014 03:51 AM

Incoming policy to match encrypted email

hi,

The action in the default policy is to quarantine Encrypted Messages.

There is a requirement to deliver encrypted messagesfrom a specific Sender (aaa@example.com) to a Recipient (bbb@test.com)

Created an incoming policy which matches this sender, and Antivirus policy is set to deliver encrypted messages.

how can we restrict this policy to be applicable only for messages from aaa@example.com to bbb@test.com

And have any encrypted message from aaa@example.com to any other recipients to be quarantined

regards

Labels:
0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
David Miller
Beginner
Beginner
‎02-03-2014 05:12 AM
‎02-03-2014 05:12 AM

You could set up a policy that applies to sender aaa@example.com where the AV policy for encrypted message is to deliver, and set the X-IronPort-AV header in the AV policy.  Then and create a content filter that applies to that policy that looks for the AV header and if the recipient is not bbb@test.com then quarantine the message.  I can't remember the value of the X-IronPort-AV header if the message is encrypted but it should be in the logs of in the header of the received message.  Or you could add a subject prefix in the AV settings that is applied when the message is encrypted (default is [WARNING: MESSAGE ENCRYPTED] and look for that subject prefix in the content filter.  Or you could add a custom header in the advanced section of the AV settings and look for that (and remove it if you want to clean things up).

View solution in original post

0 Helpful
Reply
1 REPLY 1
Highlighted
David Miller
Beginner
Beginner
‎02-03-2014 05:12 AM
‎02-03-2014 05:12 AM

You could set up a policy that applies to sender aaa@example.com where the AV policy for encrypted message is to deliver, and set the X-IronPort-AV header in the AV policy.  Then and create a content filter that applies to that policy that looks for the AV header and if the recipient is not bbb@test.com then quarantine the message.  I can't remember the value of the X-IronPort-AV header if the message is encrypted but it should be in the logs of in the header of the received message.  Or you could add a subject prefix in the AV settings that is applied when the message is encrypted (default is [WARNING: MESSAGE ENCRYPTED] and look for that subject prefix in the content filter.  Or you could add a custom header in the advanced section of the AV settings and look for that (and remove it if you want to clean things up).

View solution in original post

0 Helpful
Reply
Latest Contents
Dynamic manipulation of RCPT-TO in Cisco Ironport
Created by itservice-es on 02-24-2021 11:12 PM
0
0
0
0
Hello,ich have a problem with manipulating the Receipt of an email. I receive Mails for userA@domainA.com and want to "forward" it to userA@domainB.com. domainB is not in our service. I use the Add/Edit Header Function: edit-header-text("To... view more
ISE Performance & Scale
Created by howon on 02-24-2021 08:26 PM
11
214
11
214
    ISE Node Terminology PAN MNT PSN PXG Policy Administration Node Monitoring & Troubleshooting Node Policy Services Node Platform Exchange Grid Node The single plane of glass for ISE administration and configuration operatio... view more
Detecting and Responding to the SolarWinds Infrastructure At...
Created by aligarci on 02-23-2021 08:19 AM
0
5
0
5
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr... view more
Arista CloudVision WiFi Dictionary and NAD Profile for ISE I...
Created by hslai on 02-21-2021 01:59 PM
0
10
0
10
Attached are the dictionary and NAD profile as described in Arista CloudVision WiFi Integration with Cisco ISE .
Cisco Secure Endpoint Free Trial Guide
Created by E.L. Howard on 02-15-2021 07:36 PM
0
0
0
0
  About this Document Cisco Secure Endpoint (formerly AMP for Endpoints) is a comprehensive Endpoint Security solution designed to function both as a stand-alone tool, and as a part of the architecture of natively integrated Cisco and 3rd par... view more
Content for Community-Ad