Solved: Message Filter condition

Pravar · ‎09-25-2013

Hi

Would like to have new filter based on a condition when the field - " header("From") "contains certain words. How can we achieve this?

Appreciate any assistance

Robert Sherwin · ‎09-25-2013

From the CLI on the appliance - you will be doing the following:

> filters

Choose the operation you want to perform:

- NEW - Create a new filter.

- DELETE - Remove a filter.

- IMPORT - Import a filter script from a file.

- EXPORT - Export filters to a file

- MOVE - Move a filter to a different position.

- SET - Set a filter attribute.

- LIST - List the filters.

- DETAIL - Get detailed information on the filters.

- LOGCONFIG - Configure log subscriptions used by filters.

- ROLLOVERNOW - Roll over a filter log file.

[]> new

Enter filter script. Enter '.' on its own line to end.

You can see a full run-down of header and message filter scanning options from the Advanced Guide, 6-11:

http://www.cisco.com/en/US/products/ps10154/products_user_guide_list.html

Header Rule

The header() rule checks the message headers for a specific header, which must be specified quoted in parentheses (“header name”). This rule may be compared to a regular expression, much like the subject rule, or may be used without any comparison, in which case it will be “true” if the header is found in the message, and “false” if it is not found. For example, the following example checks to see if the header X-Sample is found, and if its value contains the string “sample text”. If a match is made, the message is bounced.

You can specify non-ASCII characters to search for in the value of the header.

The following example demonstrates the header rule without a comparison. In this case, if the header X-DeleteMe is found, it is removed from the message.

TimeOutFilter:

if ((date > '07/28/2003 13:00:00') and (mail-from ==

'campaign1@yourdomain\\.com'))

{

bounce();

}

FooHeaderFilter:

if (header('X-Sample') == 'sample text')

{

bounce();

}

DeleteMeHeaderFilter:

if header('X-DeleteMe')

{

strip-header('X-DeleteMe');

}

If you are looking specifically for the "From" header, example would be:

drop_from:

if mail-from == "my.email@spam.com" {

drop();

}

Hope that helps!

-Robert

Cheers,
Robert Sherwin

View solution in original post

kananth · ‎09-25-2013

Hi,

You can do that using the Content filters. Following are the steps to be followed -

Go to Mail Policies->Incoming Content Filter
Add a content filter, give a name.
Click on "Add Condition" and select "Envolope Sender" in the left pane
Select the condition and the word of your interest and click "Ok"
Add an action by clicking on "Add Action" and do not forget to submit to save the filter
Next, go to Incoming Mail Policies and enable the newly created content filter

Hope this helps.

Regards

Karthik

Regards Karthik

Pravar · ‎09-25-2013

Looking at message filter using CLI NOT content filters using GUI

Robert Sherwin · ‎09-25-2013

From the CLI on the appliance - you will be doing the following:

> filters

Choose the operation you want to perform:

- NEW - Create a new filter.

- DELETE - Remove a filter.

- IMPORT - Import a filter script from a file.

- EXPORT - Export filters to a file

- MOVE - Move a filter to a different position.

- SET - Set a filter attribute.

- LIST - List the filters.

- DETAIL - Get detailed information on the filters.

- LOGCONFIG - Configure log subscriptions used by filters.

- ROLLOVERNOW - Roll over a filter log file.

[]> new

Enter filter script. Enter '.' on its own line to end.

You can see a full run-down of header and message filter scanning options from the Advanced Guide, 6-11:

http://www.cisco.com/en/US/products/ps10154/products_user_guide_list.html

Header Rule

The header() rule checks the message headers for a specific header, which must be specified quoted in parentheses (“header name”). This rule may be compared to a regular expression, much like the subject rule, or may be used without any comparison, in which case it will be “true” if the header is found in the message, and “false” if it is not found. For example, the following example checks to see if the header X-Sample is found, and if its value contains the string “sample text”. If a match is made, the message is bounced.

You can specify non-ASCII characters to search for in the value of the header.

The following example demonstrates the header rule without a comparison. In this case, if the header X-DeleteMe is found, it is removed from the message.

TimeOutFilter:

if ((date > '07/28/2003 13:00:00') and (mail-from ==

'campaign1@yourdomain\\.com'))

{

bounce();

}

FooHeaderFilter:

if (header('X-Sample') == 'sample text')

{

bounce();

}

DeleteMeHeaderFilter:

if header('X-DeleteMe')

{

strip-header('X-DeleteMe');

}

If you are looking specifically for the "From" header, example would be:

drop_from:

if mail-from == "my.email@spam.com" {

drop();

}

Hope that helps!

-Robert

Cheers,
Robert Sherwin

View solution in original post

ESA Product Support \| ESA Guided Setup \| SMA Product Support \| Encryption Product Support Email Submission and Tracking Portal \| Cisco Talos Reputation Center Support \| CRES \| Talos Cisco: Open a Support Case \| Support & Downloads \| Worldwide Contacts \| Bug Search \| Notification Service	ESA:	13.5.1-277
	SMA:	13.6.2-023
	Email Plug-in (Reporting):	1.1.0.133
	Email Plug-in (Encryption):	1.2.1.151