Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1997
Views
0
Helpful
4
Replies

ironport email security custom setting for email and to view .enc or .raw file.

Go to solution
CiscoHelpNeeded
Level 1
Level 1

‎09-25-2017 07:11 AM - edited ‎03-08-2019 07:24 PM

Hi

Using Iron Port email security plugin - Reporting only. version 7.6

I need to do some customization for install.

due to other factors... i need to be able to customize the spam button to send to multilple email addresses.  i see where to set it but unable to get the correct syntax - any thoughts?

 

also, i need a process on how to view the spam mail sent.  basically extract the .enc or .raw file.  is there a process? any thoughts?

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Robert Sherwin
Cisco Employee
Cisco Employee
In response to CiscoHelpNeeded

‎09-28-2017 11:00 AM

The .raw file is just that - it's the mail message in a text base format.  You should be able to just 'cat' the file and see the Received, X-, and other headers that constitue the message itself.

 

Cheers,
Robert Sherwin

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Robert Sherwin
Cisco Employee
Cisco Employee

‎09-27-2017 12:06 PM

We do have a new Cisco Email Reporting Plug-in (v1.0.1): Cisco Email Reporting Plug-in 1.0.1 Administrator Guide

 

When you are installing the Plug-in, you do have the option to perform a custom install: Using Custom Configuration Files

 

When you do this, you can modify the config_1.xml that is called during install.

 

In this file, you'll see the following:

 

    <reportTypes>&lt;reportType name="spam"&gt;
          &lt;address&gt;outlook_spam@access.ironport.com&lt;/address&gt;
          &lt;copyAddressInPlainFormat&gt;&lt;/copyAddressInPlainFormat&gt;
          &lt;headerValue&gt;spam&lt;/headerValue&gt;
          &lt;showInJunkFolder&gt;true&lt;/showInJunkFolder&gt;
          &lt;largeRibbonButton&gt;true&lt;/largeRibbonButton&gt;
        &lt;/reportType&gt;
        &lt;reportType name="ham"&gt;
          &lt;address&gt;outlook_ham@access.ironport.com&lt;/address&gt;
          &lt;copyAddressInPlainFormat&gt;&lt;/copyAddressInPlainFormat&gt;
          &lt;headerValue&gt;ham&lt;/headerValue&gt;
          &lt;showInJunkFolder&gt;true&lt;/showInJunkFolder&gt;
          &lt;largeRibbonButton&gt;true&lt;/largeRibbonButton&gt;
        &lt;/reportType&gt;
        &lt;reportType name="virus"&gt;
          &lt;address&gt;outlook_virus@access.ironport.com&lt;/address&gt;
          &lt;copyAddressInPlainFormat&gt;&lt;/copyAddressInPlainFormat&gt;
          &lt;headerValue&gt;virus&lt;/headerValue&gt;
          &lt;showInJunkFolder&gt;true&lt;/showInJunkFolder&gt;
          &lt;largeRibbonButton&gt;false&lt;/largeRibbonButton&gt;
        &lt;/reportType&gt;
        &lt;reportType name="phish"&gt;
          &lt;address&gt;outlook_phish@access.ironport.com&lt;/address&gt;
          &lt;copyAddressInPlainFormat&gt;&lt;/copyAddressInPlainFormat&gt;
          &lt;headerValue&gt;phish&lt;/headerValue&gt;
          &lt;showInJunkFolder&gt;true&lt;/showInJunkFolder&gt;
          &lt;largeRibbonButton&gt;false&lt;/largeRibbonButton&gt;
        &lt;/reportType&gt;
        &lt;reportType name="marketing"&gt;
          &lt;address&gt;outlook_mktg@access.ironport.com&lt;/address&gt;
          &lt;copyAddressInPlainFormat&gt;&lt;/copyAddressInPlainFormat&gt;
          &lt;headerValue&gt;marketing&lt;/headerValue&gt;
          &lt;showInJunkFolder&gt;true&lt;/showInJunkFolder&gt;
          &lt;largeRibbonButton&gt;false&lt;/largeRibbonButton&gt;
        &lt;/reportType&gt;</reportTypes>

 

You'll see the lines here that you can change WHERE you are reporting those messages to.  The only exception is that only one address can be used...

 

If you were to setup the button to send to like an internal email address "my_spam@example.com" --- and you had a content filter looking for that recipient, you could bcc that over to a mail account in addition to reporting.  Would take some tweaking on a content filter...

 

As for the .enc - that is controlled from the reporting --- that is controlled as well from the config_1.xml:

 

      <format>encrypted</format>

 

In order to see inside the mail, it would need to be plain submission:

 

Configuring the Encryption of Spam Reports

 

Cheers,
Robert Sherwin
0 Helpful

Go to solution
CiscoHelpNeeded
Level 1
Level 1
In response to Robert Sherwin

‎09-27-2017 12:52 PM

thank you for the follow up.

i may try to put in a mail distribution list to allow for multiple recipients.

 

for the format option, i have plain set.  I receive it as a .raw file.  is there a method to see inside that?

0 Helpful

Go to solution
Robert Sherwin
Cisco Employee
Cisco Employee
In response to CiscoHelpNeeded

‎09-28-2017 11:00 AM

The .raw file is just that - it's the mail message in a text base format.  You should be able to just 'cat' the file and see the Received, X-, and other headers that constitue the message itself.

 

Cheers,
Robert Sherwin
0 Helpful

Go to solution
CiscoHelpNeeded
Level 1
Level 1
In response to Robert Sherwin

‎10-03-2017 04:41 AM

Thank you for the follow up.  Sorry for the delay.

I can cat the file and see the output.

I was hoping to get a different display, one more user friendly. 

If there is an attachment, how can I extract that to do analysis on?

0 Helpful
Customers Also Viewed These Support Documents