ESA Product Support | ESA Guided Setup | SMA Product Support | Encryption Product Support Email Submission and Tracking Portal | Cisco Talos Reputation Center Support | CRES | Talos
Cisco: Open a Support Case | Support & Downloads | Worldwide Contacts | Bug Search | Notification Service |
ESA: | 13.5.1-277 |
SMA: | 13.6.2-023 | |
Email Plug-in (Reporting): | 1.1.0.133 | |
Email Plug-in (Encryption): | 1.2.1.151 |
Hi
Would like to have new filter based on a condition when the field - " header("From") "contains certain words. How can we achieve this?
Appreciate any assistance
Solved! Go to Solution.
From the CLI on the appliance - you will be doing the following:
> filters
Choose the operation you want to perform:
- NEW - Create a new filter.
- DELETE - Remove a filter.
- IMPORT - Import a filter script from a file.
- EXPORT - Export filters to a file
- MOVE - Move a filter to a different position.
- SET - Set a filter attribute.
- LIST - List the filters.
- DETAIL - Get detailed information on the filters.
- LOGCONFIG - Configure log subscriptions used by filters.
- ROLLOVERNOW - Roll over a filter log file.
[]> new
Enter filter script. Enter '.' on its own line to end.
You can see a full run-down of header and message filter scanning options from the Advanced Guide, 6-11:
http://www.cisco.com/en/US/products/ps10154/products_user_guide_list.html
Header Rule
The header() rule checks the message headers for a specific header, which must be specified quoted in parentheses (“header name”). This rule may be compared to a regular expression, much like the subject rule, or may be used without any comparison, in which case it will be “true” if the header is found in the message, and “false” if it is not found. For example, the following example checks to see if the header X-Sample is found, and if its value contains the string “sample text”. If a match is made, the message is bounced.
You can specify non-ASCII characters to search for in the value of the header.
The following example demonstrates the header rule without a comparison. In this case, if the header X-DeleteMe is found, it is removed from the message.
TimeOutFilter:
if ((date > '07/28/2003 13:00:00') and (mail-from ==
'campaign1@yourdomain\\.com'))
{
bounce();
}
FooHeaderFilter:
if (header('X-Sample') == 'sample text')
{
bounce();
}
DeleteMeHeaderFilter:
if header('X-DeleteMe')
{
strip-header('X-DeleteMe');
}
If you are looking specifically for the "From" header, example would be:
drop_from:
if mail-from == "my.email@spam.com" {
drop();
}
Hope that helps!
-Robert
Hi,
You can do that using the Content filters. Following are the steps to be followed -
Hope this helps.
Regards
Karthik
Looking at message filter using CLI NOT content filters using GUI
From the CLI on the appliance - you will be doing the following:
> filters
Choose the operation you want to perform:
- NEW - Create a new filter.
- DELETE - Remove a filter.
- IMPORT - Import a filter script from a file.
- EXPORT - Export filters to a file
- MOVE - Move a filter to a different position.
- SET - Set a filter attribute.
- LIST - List the filters.
- DETAIL - Get detailed information on the filters.
- LOGCONFIG - Configure log subscriptions used by filters.
- ROLLOVERNOW - Roll over a filter log file.
[]> new
Enter filter script. Enter '.' on its own line to end.
You can see a full run-down of header and message filter scanning options from the Advanced Guide, 6-11:
http://www.cisco.com/en/US/products/ps10154/products_user_guide_list.html
Header Rule
The header() rule checks the message headers for a specific header, which must be specified quoted in parentheses (“header name”). This rule may be compared to a regular expression, much like the subject rule, or may be used without any comparison, in which case it will be “true” if the header is found in the message, and “false” if it is not found. For example, the following example checks to see if the header X-Sample is found, and if its value contains the string “sample text”. If a match is made, the message is bounced.
You can specify non-ASCII characters to search for in the value of the header.
The following example demonstrates the header rule without a comparison. In this case, if the header X-DeleteMe is found, it is removed from the message.
TimeOutFilter:
if ((date > '07/28/2003 13:00:00') and (mail-from ==
'campaign1@yourdomain\\.com'))
{
bounce();
}
FooHeaderFilter:
if (header('X-Sample') == 'sample text')
{
bounce();
}
DeleteMeHeaderFilter:
if header('X-DeleteMe')
{
strip-header('X-DeleteMe');
}
If you are looking specifically for the "From" header, example would be:
drop_from:
if mail-from == "my.email@spam.com" {
drop();
}
Hope that helps!
-Robert