Detecting spam using regular expressions?

Unanswered Question
Sep 3rd, 2008
User Badges:

Ou users have been geting a lot of russian porn spam last 3 weeks. We decided to make dictionary (regexp) rule to move all the positive detected mails to quarantine. Is it possible to move such messages to M-ceries quarantine, instead "policy" quarantine in C-ceries? And how to make it?

Dual C350, AsyncOS version - 5.5.1

Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Douglas Hardison Wed, 09/03/2008 - 21:11
User Badges:
  • Cisco Employee,

Any filter with an action of 'quarantine' will end up in one of the Policy quarantines.

If your C-Series are configured to send spam quarantined messages to the M-Series, you can configure your filter action to add a header that indicates the message is to be quarantined.

So, for your Russian spam filter:
For the Action, Add header with Header name 'X-Ironport-Quarantine'. The header value can be anything, for instance 'True'

This header directs the IronPort to quarantine the message.


This Discussion