cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1423
Views
0
Helpful
11
Replies

How many message filters do you have ?

araudevain
Level 1
Level 1

I don't know if that question has been asked before?

How many message filters do you have set up on your Ironport?

Thanks
Arnaud

11 Replies 11

Arnaud,

We have 15 on our inbound X series and 38-40 on each of our outbounds.

steven_geerts
Level 1
Level 1

Hello,

We have (only) 7 inbound filters of which 2 are test filters for a limited set of users and 2 outbound filters.

Maybe it's good to know that we are using Ironport only as DMZ host and have other internal machines that do the majority of our policy stuff. The Ironports simply receive (and clean) mail to and from the internet in our case.

Steven

Donald Nash
Level 3
Level 3

There seems to be some confusion between message filters and content filters. Message filters are the ones you can only edit via the CLI, via the "filters" command. They have no notion of inbound or outbound, and apply to all messages. Content filters are the ones you can edit via the GUI, and they do have a notion of inbound and outbound.

We have 17 message filters, 8 incoming content filters, and 8 outgoing content filters. All of our inbound and all but one of our outbound content filters relate to our local anti-phishing defenses.

araudevain
Level 1
Level 1

Hi,

Thanks for the precision

Actually I was asking about the message filters but it's good to have feedbacks about both message filters and content filters (within policies).

I didn't mention how many we had

We've got 5 message filters (CLI) and 2 policies for incoming and outgoing mails.

shannon.hagan
Level 1
Level 1

Actually message filters can apply specifically to inbound or out bound if you have a listener configured for each - you can look at the recv-listener in the message filter.

21 messagefilters (5 incoming, 16 outgoing)
--> we use it to add language-dependent disclaimers


12 contenfilters (5 incoming, 7 outgoing)

Donald Nash
Level 3
Level 3

Actually message filters can apply specifically to inbound or out bound if you have a listener configured for each - you can look at the recv-listener in the message filter.

Yes, but you have to write that into the filter. And even then, the filter will evaluate all messages in order to find the ones that meet the conditions you specify.

Content filters, on the other hand, are natively inbound or outbound without any effort on the part of the person creating the filter, and only see and evaluate messages of the appropriate type.

araudevain
Level 1
Level 1

I think one of the advantages of Message filter is that if a message matches a filter, it saves A-S and A-V processing in the case the action is drop.

We use it for example to strip executable attachment for all messages that go through the Ironport whatever they are incoming or outgoing mail.

I think also that there is more choice of filters with message filter.

Anyway thanks for your feedbacks, it's good to have an overview of other admins

Arnaud

There seems to be some confusion between message filters and content filters. Message filters are the ones you can only edit via the CLI, via the "filters" command. They have no notion of inbound or outbound, and apply to all messages. 


Message filters also apply to mails before they are 'splintered' into individual mails (if multiple recipients are specified), whereas Content Filters are applied to the individual mails.

Donald Nash
Level 3
Level 3

Message filters also apply to mails before they are 'splintered' into individual mails (if multiple recipients are specified), whereas Content Filters are applied to the individual mails.

I was just hitting the highlights to draw a bright line between the two, since some of the responses appeared to be conflating them. I wasn't trying to enumerate all the differences.

Incidentally, message splintering only happens if there are recipients which fall into different policies. Not all messages with multiple recipients are splintered.

Hi "Community", (or are we still a "Nation"?) :-)

Since one of the "conflating responses" was mine, I like to complete my answer:

Besides the content filters mentioned in my first post, we have 3 message filters.

Two are quite simple X-header adding filters (to indicate a message is actually received from the internet and an other to give insight into the SRB scores), The last one is some more sophisticated, it detects messages that need to be forwarded to our internal policy systems, regardless of the used destination domain.

Steven.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: