Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Detecting spam using regular expressions?

Ou users have been geting a lot of russian porn spam last 3 weeks. We decided to make dictionary (regexp) rule to move all the positive detected mails to quarantine. Is it possible to move such messages to M-ceries quarantine, instead "policy" quarantine in C-ceries? And how to make it?

Dual C350, AsyncOS version - 5.5.1

Thank you.

1 REPLY
Cisco Employee

Re: Detecting spam using regular expressions?

Any filter with an action of 'quarantine' will end up in one of the Policy quarantines.

If your C-Series are configured to send spam quarantined messages to the M-Series, you can configure your filter action to add a header that indicates the message is to be quarantined.

So, for your Russian spam filter:
For the Action, Add header with Header name 'X-Ironport-Quarantine'. The header value can be anything, for instance 'True'

This header directs the IronPort to quarantine the message.

159
Views
0
Helpful
1
Replies
CreatePlease to create content