How many message filters do you have ?

Unanswered Question
Nov 17th, 2009

I don't know if that question has been asked before?

How many message filters do you have set up on your Ironport?

Thanks
Arnaud

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
steven_geerts Thu, 11/26/2009 - 22:59

Hello,

We have (only) 7 inbound filters of which 2 are test filters for a limited set of users and 2 outbound filters.

Maybe it's good to know that we are using Ironport only as DMZ host and have other internal machines that do the majority of our policy stuff. The Ironports simply receive (and clean) mail to and from the internet in our case.

Steven

Donald Nash Tue, 12/08/2009 - 21:55

There seems to be some confusion between message filters and content filters. Message filters are the ones you can only edit via the CLI, via the "filters" command. They have no notion of inbound or outbound, and apply to all messages. Content filters are the ones you can edit via the GUI, and they do have a notion of inbound and outbound.

We have 17 message filters, 8 incoming content filters, and 8 outgoing content filters. All of our inbound and all but one of our outbound content filters relate to our local anti-phishing defenses.

araudevain Wed, 12/09/2009 - 09:04

Hi,

Thanks for the precision

Actually I was asking about the message filters but it's good to have feedbacks about both message filters and content filters (within policies).

I didn't mention how many we had

We've got 5 message filters (CLI) and 2 policies for incoming and outgoing mails.

shannon.hagan Thu, 12/10/2009 - 00:45

Actually message filters can apply specifically to inbound or out bound if you have a listener configured for each - you can look at the recv-listener in the message filter.

sven_warnke_ironport Thu, 12/10/2009 - 09:14

21 messagefilters (5 incoming, 16 outgoing)
--> we use it to add language-dependent disclaimers


12 contenfilters (5 incoming, 7 outgoing)

Donald Nash Thu, 12/10/2009 - 16:06

Actually message filters can apply specifically to inbound or out bound if you have a listener configured for each - you can look at the recv-listener in the message filter.

Yes, but you have to write that into the filter. And even then, the filter will evaluate all messages in order to find the ones that meet the conditions you specify.

Content filters, on the other hand, are natively inbound or outbound without any effort on the part of the person creating the filter, and only see and evaluate messages of the appropriate type.
araudevain Fri, 12/11/2009 - 14:07

I think one of the advantages of Message filter is that if a message matches a filter, it saves A-S and A-V processing in the case the action is drop.

We use it for example to strip executable attachment for all messages that go through the Ironport whatever they are incoming or outgoing mail.

I think also that there is more choice of filters with message filter.

Anyway thanks for your feedbacks, it's good to have an overview of other admins

Arnaud

thatbloke_ironport Mon, 12/14/2009 - 08:27

There seems to be some confusion between message filters and content filters. Message filters are the ones you can only edit via the CLI, via the "filters" command. They have no notion of inbound or outbound, and apply to all messages. 


Message filters also apply to mails before they are 'splintered' into individual mails (if multiple recipients are specified), whereas Content Filters are applied to the individual mails.
Donald Nash Mon, 12/14/2009 - 17:16

Message filters also apply to mails before they are 'splintered' into individual mails (if multiple recipients are specified), whereas Content Filters are applied to the individual mails.

I was just hitting the highlights to draw a bright line between the two, since some of the responses appeared to be conflating them. I wasn't trying to enumerate all the differences.

Incidentally, message splintering only happens if there are recipients which fall into different policies. Not all messages with multiple recipients are splintered.
steven_geerts Wed, 12/30/2009 - 12:44

Hi "Community", (or are we still a "Nation"?) :-)

Since one of the "conflating responses" was mine, I like to complete my answer:

Besides the content filters mentioned in my first post, we have 3 message filters.

Two are quite simple X-header adding filters (to indicate a message is actually received from the internet and an other to give insight into the SRB scores), The last one is some more sophisticated, it detects messages that need to be forwarded to our internal policy systems, regardless of the used destination domain.

Steven.

Actions

This Discussion