Custom user roles that have full access to mail policies are automatically assigned to mail policies. See the Distributing Administrative Tasks for more information on delegated administration.
You define whether the user is a sender or a recipient. See Examples of Policy Matching for more detail. The form shown in the following figure defaults to recipients for incoming mail policies and to senders for outgoing mail policies. Users for a given policy can be defined in the following ways:. If you have configured the email gateway to do so, you can use the configured queries to define users for a mail policy.
Click the Add button to add users into the Current Users list. Policies can contain mixtures of senders, recipients, and LDAP queries. Use the Remove button to remove a defined user from the list of current users. When you are finished adding users, click Submit. Note that all security services settings are set to use the default values when you first add a policy. Click the Add Policy button again to add another new policy.
In this policy, individual email addresses for members of the engineering team are defined:. When you are finished adding users for the engineering policy, click Submit.
The key at the bottom of the table shows how the color coding of cells for specific policies relates to the policy defined for the default row:. In this part of the example, you will edit the two policies just created in the previous section. For the sales group, you will change the anti-spam settings to be even more aggressive than the default policy.
The default policy of dropping positively identified spam messages will be kept. However, in this example, you will change the setting for marketing messages so that they will be sent to the Spam quarantine.
This aggressive policy has the effect of minimizing unwanted messages being sent to sales team inboxes. See Managing Spam and Graymail for more information on anti-spam settings. For the engineering team, customize the Outbreak Filters feature setting so that it will modify the URLs in suspicious messages, except for links to example. See Outbreak Filters for more information on configuring Outbreak Filters. To edit the anti-spam settings for the sales team policy:.
Click the link for the Anti-Spam security service the Anti-Spam column in the sales policy row. Because the policy was just added, the link is named: use default. Messages delivered to the Spam quarantine will have no additional subject tagging. Not that the shading shows that the policy is using different settings than the default policy.
At this point, any message that is suspected spam and whose recipient matches the LDAP query defined for the sales team policy will be delivered to the Spam Quarantine. To edit the Outbreak Filter settings for the engineering team policy:.
Click the link for the Outbreak Filters feature security service the Outbreak Filters column in the engineering policy row. Doing so will also enable the contents of the rest of the page to allow you to select different settings. Click Add Extension to add. Click Enable Message Modification. Enabling message modification allows the email gateway to scan for targeted threats, such as phishing and scams, and URLs to suspicious or malicious websites.
The appliance can rewrite links in messages to redirect the user through the Cisco Security proxy if they attempt to access the website. Select for Enable for Unsigned Messages. This allows the email gateway to rewrite URLs in signed messages. You must enable URL rewriting to be able to configure other Message Modification settings and the length of time that messages found to be non-viral threats stay in the quarantine before being released.
This example uses the default retention time of 4 hours. Enter example. The email gateway will not modify links to example. Select System Generated for the Threat Disclaimer. The following example uses the system generated threat disclaimer. Note that the shading shows that the policy is using different settings than the default policy. At this point, any message that contains an attachment whose file extension is dwg — and whose recipient matches the recipients defined for the engineering team policy — will bypass the Outbreak Filter scanning and continue processing.
Messages that contain links to the example. For example, typing joe example. Click the name of the policy to jump to the Edit Policy page to edit the users for that policy. Note that the default policy will always be shown when you search for any user, because, by definition, if a sender or recipient does not match any other configured policies, it will always match the default policy.
Using the steps shown in the two examples above, you can begin to create and configure policies on a managed exception basis. In this manner, message splintering will be minimized and you are less likely to impact system performance from the processing of each splinter message in the work queue.
The following table outlines several example policies. Enabled, no specific filename extensions or domains allowed to bypass. Enabled with specific filename extensions or domains allowed to bypass. In this part of the example, you will create three new content filters to be used in the Incoming Mail Policy table.
All of these content filters will be editable by delegated administrators belonging to the Policy Administration custom user role.
You will create the following:. This filter will strip MP3 attachments and notify the recipients that an MP3 file was stripped. This content filter will scan for messages sent to a specific envelope recipient address an ex-employee. If the message matches, a specific notification message will be sent to the sender of the message and then the message will be bounced.
After creating the content filters, you will then configure each of the policies including the default policy to enable the specific content filters in differing combinations. The first example content filter contains one condition and two actions. Click the Add Filter button. The first character of a content filter name must be a letter or an underscore.
Delegated administrators who belong to the Policy Administrator user role will be able to edit this content filter and use it in their mail policies. In the Description field, type the description. Type confidential in the Contains text: field and click OK. In the Subject field, type [message matched confidential filter]. Click OK. At this point, the content filter is not enabled for any incoming Mail Policy; in this example, you have only added a new content filter to the primary list.
Because it has not been applied to any policy, no email processing by the email gateway will be affected by this filter. The second example content filter contains no conditions and one action.
For example: strip all MP3 attachments. The third content filter example uses one condition and two actions. In the Description: field, type the description. For example: bounce messages intended for Doug. Click Add Condition. Select Envelope Recipient. For the envelope recipient, select Begins with , and type doug. The Content Filters page refreshes to show the condition added. Note that you could create an LDAP directory containing the email addresses of former employees.
As ex-employees are added to that directory, this content filter would be dynamically updated. Select the checkbox for Sender and, in the Subject field, type message bounced for ex-employee of example.
In the Use template section, select a notification template. The Add Content Filters page shows the action added. You can only specify one final action for a content filter. If you try to attempt to add more than one final action, the GUI displays an error. Adding this action may will cause senders of messages to this ex-employee to potentially receive two messages: one for the notification template, and one for the bounce notification template.
In the examples above, you created three content filters using the Incoming Content Filters pages. In this part of the example, you will apply the three new content filters to be used in the Incoming Mail Policy table. Click the links to enable and select content filters for individual policies. The page is refreshed to show the default policy and the two policies added in Creating a Mail Policy for a Group of Sender and Recipients.
Note that content filtering is disable by default for all policies. Click the link for the Content Filters security service the Content Filters column in the default policy row. The content filters defined in the primary list which were created in Overview of Content Filters using the Incoming Content Filters pages are displayed on this page. Check the Enable checkbox for each content filter. The table on the Incoming Mail Policies page shows the names of the filters that have been enabled for the default policy.
Click the link for the Content Filters security service the Content Filters column in the engineering team policy row. The table on the Incoming Mail Policies page shows the names of the filters that have been enabled for the engineering policy. At this point, incoming messages that match the user list for the engineering policy will not have MP3 attachments stripped; however, all other incoming messages will have MP3 attachments stripped.
When entering text for filter rules and actions, the following meta characters have special meaning in regular expression matching:. Use the Incoming or Outgoing Content Filters page to create a new content filter whose order is 1. Use the Incoming or Outgoing Mail Policies page to enable the new content filter for the default policy. You can mix and match multiple character sets within a single content filter. Most browsers can render multiple character sets simultaneously.
Skip to content Skip to search Skip to footer. Book Contents Book Contents. Find Matches in This Book. PDF - Complete Book Updated: December 6, Adding two new policies for different sets of users — the sales organization and the engineering organization — and then configuring different email security settings for each.
Creating three new content filters to be used in the Incoming Mail Overview policy table. Editing the policies again to enable the content filters for some groups, but not for others. For more detailed information about how anti-spam, anti-virus, Outbreak filters, and delegated administration work, refer to the chapters following this one: Managing Spam and Graymail Anti-Virus Outbreak Filters Distributing Administrative Tasks Accessing Mail Policies You can access incoming and outgoing mail policies by using the Mail Policies menu.
Figure 2. To edit the default policy, click any of the links for a security service in the bottom row of the incoming or outgoing mail policy table. Procedure Step 1 Click the link for the anti-spam security service. Note For default security service settings, the first setting on the page defines whether the service is enabled for the policy. Step 4 Click Submit. Figure 3. Anti-Spam Settings Page Creating a Mail Policy for a Group of Sender and Recipients In this part of the example, you will create two new policies: one for the sales organization whose members will be defined by an LDAP acceptance query , and another for the engineering organization.
Procedure Step 1 Click the Add Policy button to begin creating a new policy. Step 2 Define a unique name for and adjust the order of the policy if necessary. Step 3 Click the Editable by Roles link and select the custom user roles for the delegated administrators who will be responsible for managing the mail policy. Step 4 Define users for the policy. Users for a given policy can be defined in the following ways: Full email address: user example. For example, if you enter the recipient Joe for a user, a message sent to joe example.
Figure 4. Step 6 When you are finished adding users, click Submit. Figure 5. In this policy, individual email addresses for members of the engineering team are defined: Figure 6. Creating a Policy for the Engineering Team Step 8 When you are finished adding users for the engineering policy, click Submit. Step 9 Commit your changes. Figure 7. Newly Added Policy — Engineering Team Note At this point, both newly created policies have the same settings applied to them as those in the default policy.
Messages to users of either policy will match; however, the mail processing settings are not any different from the default policy. Default, Custom, and Disabled The key at the bottom of the table shows how the color coding of cells for specific policies relates to the policy defined for the default row: Yellow shading shows that the policy is using the same settings as the default policy.
No shading white shows that the policy is using different settings than the default policy. Grey shading shows that the security service has been disabled for the policy. Creating Mail Policies for Different Groups of Senders and Recipients In this part of the example, you will edit the two policies just created in the previous section. Outgoing Mail Policy should have Graymail remain in Disabled condition. Outbreak Filters combine triggers in the Anti-Spam engine, URL scanning and detection technologies and more to correctly tag items that fall outside the true spam category — for example, phishing emails and scam emails and handles them appropriately with user notifications or quarantine.
All of these filters are available on both the inbound and outbound email policies, and configuration and filtering are recommended on both — while the bulk of the protection is for inbound, filtering the outbound flow provides protection against relayed emails or internal malicious attacks. Skip to content Skip to search Skip to footer. Available Languages. Download Options. Updated: January 9, Overview The vast majority of threats, attacks, and nuisances faced by an organization through email come in the form of spam, malware, and blended attacks.
The recommended settings are shown in the image below: Click Submit and Commit your changes. The recommended settings are shown in the image below: Cisco recommends selecting Aggressive Scanning Profile for a customer who desires a strong emphasis on blocking spam.
The recommended settings are shown below:. Click Submit and Commit your changes For more information on setting up and centralized quarantines, please refer to the Best Practices document:. Once Intelligent Multi - Scan has been configured globally , you can now apply Intelligent Multi - Scan to mail policies:.
Once Graymail and Safe Unsubscribe has been configured globally , you can now apply these services to mail policies. Once Outbreak Filters has been configured globally , you can now apply this feature to mail policies.
Contributed by Alex Chan.
0コメント