Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
949
Views
5
Helpful
1
Replies

Message filter isn't working.

Vinay babu
Level 1
Level 1

‎09-24-2021 05:41 AM

Does the below syntax is correct? My requirement is that sending domain is example.com and DMARC authentication passes and the email sent one of the 4 IPs. Can I use | between the IPs, instead of using OR condition ? Any ideas. Thanks in advance.

 

Message_filter: if ((header("from") == "@example\\.com") AND (header("Authentication-Results") == "dmarc\\=pass")

{

(remote-ip == '16.13.28.6') OR ((remote-ip == '94.6.5.19') OR ((remote-ip == '98.129.16.1') OR (remote-ip == '11.78.1.3')))
{
log-entry("$filtername");
}

Labels:
1 Reply 1

Libin Varghese
Cisco Employee
Cisco Employee

‎12-08-2021 09:46 PM

Message filter syntax can be difficult to work with, in the above example there appears to missing brackets and missing if.

Adding a message filter to an ESA also highlights syntax errors along with line numbers.

 

Working through those it would look something like this

 

Message_filter: if ((header("from") == "@example\\.com") AND (header("Authentication-Results") == "dmarc\\=pass"))
{
if (remote-ip == '16.13.28.6') OR (remote-ip == '94.6.5.19') OR (remote-ip == '98.129.16.1') OR (remote-ip == '11.78.1.3')
{
log-entry("$filtername");
}
}

 

You could also always create content filters to validate message filter syntax.

 

Regards,

Libin

 

Preview file
10 KB
0 Helpful
Customers Also Viewed These Support Documents