Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Email Security Quick-links: ESA Product Support | SMA Product Support | Email Submission and Tracking Portal | Cisco SecurityHub
Current General Deployment (GD) Releases:
ESA: 11.0.0-264 WSA: 10.5.1-296 SMA: 11.0.0-115 Email Plug-in (Reporting): 1.0.1-048 Email Plug-in (Encryption): 1.0.0-036

New Member

blocking attachment

HI

 

I have two organizational  unit in which some users resides in it and I want them to allow 20 mb for one organizational  unit and 10 mb for another organizational  unit  of mail to be downloaded.Can this be achieved in IRONPORT email security .

 

Thanks

Mathew

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Matthew,Assuming for inbound

Matthew,

Assuming for inbound mail , I think you can solve this problem by

1. Set default "accepted" mail flow policy message size limit at 20 M

2. create a incoming mail policy with a LDAP Group Query specifying a LDAP "Recipient" group for OU

3. Create a content filter, condition " Message Size", Message Size is less than or equal to ____youdothemath _____Bytes. Action of drop/quarantine/notify?

4. Apply content filter to your incoming mail policy in step 2.

 

 

3 REPLIES
Cisco Employee

Mail Policies -> Mail Flow

Mail Policies -> Mail Flow Policies -> Policy is where the message size would be set and allowed through the appliance.  You could create new (or alter exisiting) mail flow policy/policies to meet your size expectations.  After that - adding a Sender Group (Mail Policies -> HAT Overview) and placing the sender(s) into those groups allow those users to be matched to the mail flow policy you need.

Senders can be added to Sender Group with the following limitations:

The following formats are allowed:
IPv6 addresses such as 2001:420:80:1::5
IPv6 subnets such as 2001:db8::/32
IPv4 addresses such as 10.1.1.0
IPv4 subnets such as 10.1.1.0/24 or 10.2.3.1
IPv4 and IPv6 address ranges such as 10.1.1.10-20, 10.1.1-5 or 2001::2-2001::10.
Hostnames such as example.com.
Partial hostnames such as .example.com.

Please see the 8.0.1 User Guide, Defining Which Hosts Are Allowed to Connect Using the Host Access Table (HAT), for further detailed information and assistance.

 

http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa8-0/user_guide/ESA_8-0-1_User_Guide.pdf

I hope this helps!

-Robert

 

(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

Cisco Employee

Matthew,Assuming for inbound

Matthew,

Assuming for inbound mail , I think you can solve this problem by

1. Set default "accepted" mail flow policy message size limit at 20 M

2. create a incoming mail policy with a LDAP Group Query specifying a LDAP "Recipient" group for OU

3. Create a content filter, condition " Message Size", Message Size is less than or equal to ____youdothemath _____Bytes. Action of drop/quarantine/notify?

4. Apply content filter to your incoming mail policy in step 2.

 

 

New Member

Hi I enabled group query in

Hi

 

I enabled group query in LDAP profile and created a new incoming policy in which we selected the specific group and addedd the conditon of the attachment and permitted it

 

Its working Thanks for the idea.

72
Views
0
Helpful
3
Replies