IronPort - advanced configuration guide

More documents

Recommendations

Info

Using the spf-passed Filter Rule 5-34 Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide Chapter 5 Email Authentication The spf-passed rule shows the results of SPF verification as a Boolean value. The following example shows an spf-passed rule used to quarantine emails that are not marked as spf-passed: quarantine-spf-unauthorized-mail: if (not spf-passed) { } quarantine("Policy"); Note Unlike the spf-status rule, the spf-passed rule reduces the SPF/SIDF verification values to a simple Boolean. The following verification results are treated as not passed in the spf-passed rule: None, Neutral, Softfail, TempError, PermError, and Fail. To perform actions on messages based on more granular results, use the spf-status rule. Testing the SPF/SIDF Results Test the results of SPF/SIDF verification and use these results to determine how to treat SPF/SIDF failures because different organizations implement SPF/SIDF in different ways. Use a combination of content filters, message filters, and the Email Security Monitor - Content Filters report to test the results of the SPF/SIDF verification. Your degree of dependence on SPF/SIDF verification determines the level of granularity at which you test SPF/SIDF results. Basic Granularity Test of SPF/SIDF Results To get a basic measure of the SPF/SIDF verification results for incoming mail, you can use content filters and the Email Security Monitor - Content Filters page. This test provides a view of the number of messages received for each type of SPF/SIDF verification result. To perform a basic SPF/SIDF verification test: Step 1 Enable SPF/SIDF verification for a mail flow policy on an incoming listener, and use a content filter to configure an action to take. For information on enabling SPF/SIDF, see Enabling SPF and SIDF, page 5-24. Step 2 Create an spf-status content filter for each type of SPF/SIDF verification. Use a naming convention to indicate the type of verification. For example, use “SPF-Passed” for messages that pass SPF/SIDF verification, or “SPF-TempErr” for messages that weren’t passed due to a transient error during verification. For information about creating an spf-status content filter, see spf-status Content Filter Rule in the GUI, page 5-33. Step 3 After you have processed a number of SPF/SIDF verified messages, click Monitor > Content Filters to see how many messages triggered each of the SPF/SIDF verified content filters. OL-25137-01
Chapter 5 Email Authentication Greater Granularity Test of SPF/SIDF Results OL-25137-01 For more comprehensive information about SPF/SIDF verification results, only enable SPF/SIDF verification for specific groups of senders, and review the results for those specific senders. Then, create a mail policy for that particular group and enable SPF/SIDF verification on the mail policy. Create content filters and review the Content Filters report as explained in Basic Granularity Test of SPF/SIDF Results, page 5-34. If you find that the verification is effective, then you can use SPF/SIDF verification as a basis for deciding whether to drop or bounce emails for this specified group of senders. To perform a granular SPF/SIDF verification test: Step 1 Create a mail flow policy for SPF/SIDF verification. Enable SPF/SIDF verification for the mail flow policy on an incoming listener. For information about enabling SPF/SIDF, see Enabling SPF and SIDF, page 5-24. Step 2 Create a sender group for SPF/SIDF verification and use a naming convention to indicate SPF/SIDF verification. For information about creating sender groups, see the “Configuring the Gateway to Receive Mail” chapter in the Cisco IronPort AsyncOS for Email Configuration Guide. Step 3 Create an spf-status content filter for each type of SPF/SIDF verification. Use a naming convention to indicate the type of verification. For example, use “SPF-Passed” for messages that pass SPF/SIDF verification, or “SPF-TempErr” for messages that weren’t passed due to a transient error during verification. For information about creating an spf-status content filter, see spf-status Content Filter Rule in the GUI, page 5-33. Step 4 After you process a number of SPF/SIDF-verified messages, click Monitor > Content Filters to see how many messages triggered each of the SPF/SIDF-verified content filters. Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide 5-35
Page 1 and 2:
Cisco IronPort AsyncOS 7.6 for Emai
Page 3 and 4:
OL-25137-01 Preface xvii Before you
Page 5 and 6:
OL-25137-01 Deleting Entries from t
Page 7 and 8:
OL-25137-01 Configuring Global Sett
Page 9 and 10:
OL-25137-01 DomainKeys and DKIM Sig
Page 11 and 12:
OL-25137-01 Valid Rule 6-20 Subject
Page 13 and 14:
OL-25137-01 Viewing Non-ASCII Chara
Page 15 and 16:
OL-25137-01 Administering a Cluster
Page 17 and 18:
OL-25137-01 Preface The Cisco IronP
Page 19 and 20:
Typographic Conventions Typeface or
Page 21 and 22:
OL-25137-01 Customizing Listeners C
Page 23 and 24:
Chapter 1 Customizing Listeners OL-
Page 25 and 26:
Page 27 and 28:
Chapter 1 Customizing Listeners Con
Page 29 and 30:
Chapter 1 Customizing Listeners Loo
Page 31 and 32:
Chapter 1 Customizing Listeners Par
Page 33 and 34:
Chapter 1 Customizing Listeners Rou
Page 35 and 36:
Chapter 1 Customizing Listeners Adv
Page 37 and 38:
Chapter 1 Customizing Listeners Tim
Page 39 and 40:
Chapter 1 Customizing Listeners Inj
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Chapter 1 Customizing Listeners Ena
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
OL-25137-01 CHAPTER 2 Configuring R
Page 61 and 62:
Chapter 2 Configuring Routing and D
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Overview OL-25137-01 LDAP Queries C
Page 137 and 138:
Chapter 3 LDAP Queries Understandin
Page 139 and 140:
Chapter 3 LDAP Queries OL-25137-01
Page 141 and 142:
Chapter 3 LDAP Queries Configuring
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Chapter 3 LDAP Queries LDAP Query S
Page 149 and 150:
Page 151 and 152:
Chapter 3 LDAP Queries Testing LDAP
Page 153 and 154:
Chapter 3 LDAP Queries Sample Accep
Page 155 and 156:
Chapter 3 LDAP Queries Sample Masqu
Page 157 and 158:
Page 159 and 160:
Chapter 3 LDAP Queries Example: Usi
Page 161 and 162:
Page 163 and 164:
Chapter 3 LDAP Queries Directory Ha
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176: Chapter 3 LDAP Queries OL-25137-01
Page 177 and 178: Chapter 3 LDAP Queries Spam Quarant
Page 179 and 180: Chapter 3 LDAP Queries Sample Activ
Page 181 and 182: Chapter 3 LDAP Queries OL-25137-01
Page 183 and 184: OL-25137-01 CHAPTER 4 Validating Re
Page 185 and 186: Chapter 4 Validating Recipients Usi
Page 193 and 194: OL-25137-01 Email Authentication CH
Page 195 and 196: Chapter 5 Email Authentication Doma
Page 197 and 198: Chapter 5 Email Authentication Publ
Page 199 and 200: Chapter 5 Email Authentication OL-2
Page 211 and 212: Chapter 5 Email Authentication Expo
Page 213 and 214: Chapter 5 Email Authentication Conf
Page 215 and 216: Chapter 5 Email Authentication Test
Page 223 and 224: Chapter 5 Email Authentication Dete
Page 225: Chapter 5 Email Authentication OL-2
Page 229 and 230: Overview OL-25137-01 CHAPTER 6 Usin
Page 231 and 232: Chapter 6 Using Message Filters to
Page 277 and 278:
Chapter 6 Using Message Filters to
Page 279 and 280:
Page 281 and 282:
Page 283 and 284:
Page 285 and 286:
Page 287 and 288:
Page 289 and 290:
Page 291 and 292:
Page 293 and 294:
Page 295 and 296:
Page 297 and 298:
Page 299 and 300:
Page 301 and 302:
Page 303 and 304:
Page 305 and 306:
Page 307 and 308:
Page 309 and 310:
Page 311 and 312:
Page 313 and 314:
Page 315 and 316:
Page 317 and 318:
Page 319 and 320:
Page 321 and 322:
Page 323 and 324:
Page 325 and 326:
Page 327 and 328:
Page 329 and 330:
Page 331 and 332:
Page 333 and 334:
OL-25137-01 CHAPTER Advanced Networ
Page 335 and 336:
Chapter 7 Advanced Network Configur
Page 337 and 338:
Page 339 and 340:
Page 341 and 342:
Page 343 and 344:
Page 345 and 346:
Page 347 and 348:
Page 349 and 350:
Page 351 and 352:
Page 353 and 354:
OL-25137-01 Centralized Management
Page 355 and 356:
Chapter 8 Centralized Management Fi
Page 357 and 358:
Chapter 8 Centralized Management OL
Page 359 and 360:
Page 361 and 362:
Page 363 and 364:
Page 365 and 366:
Chapter 8 Centralized Management Le
Page 367 and 368:
Chapter 8 Centralized Management Ne
Page 369 and 370:
Page 371 and 372:
Chapter 8 Centralized Management Cl
Page 373 and 374:
Chapter 8 Centralized Management Di
Page 375 and 376:
Page 377 and 378:
Page 379 and 380:
Page 381 and 382:
Page 383 and 384:
OL-25137-01 AsyncOS Quick Reference
Page 385 and 386:
Appendix A AsyncOS Quick Reference
Page 387 and 388:
FTP Access OL-25137-01 Accessing th
Page 389 and 390:
Appendix B Accessing the Appliance
Page 391 and 392:
Appendix B Accessing the Appliance
Page 393 and 394:
Symbols /dev/null, in alias tables
Page 395 and 396:
overview 2-28 domain profile deleti
Page 397 and 398:
loose SMTP address parsing 1-9 malf
Page 399 and 400:
scanning images 6-67 scp command B-
show all

IronPort - advanced configuration guide

Create successful ePaper yourself

Delete template?

Save as template?