Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Email Security Quick-links: ESA Product Support | SMA Product Support | Email Submission and Tracking Portal | Cisco SecurityHub
Current General Deployment (GD) Releases:
ESA: 11.0.0-264 WSA: 10.5.1-296 SMA: 11.0.0-115 Email Plug-in (Reporting): 1.0.1-048 Email Plug-in (Encryption): 1.0.0-036

New Member

Forwarding copy of SPAM-tagged subjects to my mailbox?

Our ISP was starting to tag some of our mails with the addition [SPAM] in the subject.

How can I forward a copy of every incoming mail with such a text in the subject to a internal spam-mailbox for further checks?
Can I use some kind of regular expression for the search of "SPAM" in the subject?

If our C100 doesn't detect such a mail as spam, how can I remove the added tag from the ISP?
(Some of our employees are a little bit confused about this and ask for the appropriate handling of such mails).

1 REPLY
New Member

Re: Forwarding copy of SPAM-tagged subjects to my mailbox?

Yes, you can generally put in an incoming content filter that will search for something like this:


if ( subject == "^[SPAM]" )

then
alt-mailhost('alternate_location');

or

bcc-scan('spamcheck@company.com')


The Advanced User guide found on the Support Portal will explain these actions in further detail.


However, we need to verify what Sendergroup/Mail Flow Policy the ISP is matching on. This makes a difference because we need to know if this connection is occurring on the inbound(Accepted, Throttled mail flow policy) or on the outbound (Relayed).

Is the ISP on a Relaylist? (Mail Policies > HAT Overview)


Once we have more information, we can provide a more specific answer.


Our ISP was starting to tag some of our mails with the addition [SPAM] in the subject.

How can I forward a copy of every incoming mail with such a text in the subject to a internal spam-mailbox for further checks?
Can I use some kind of regular expression for the search of "SPAM" in the subject?

If our C100 doesn't detect such a mail as spam, how can I remove the added tag from the ISP?
(Some of our employees are a little bit confused about this and ask for the appropriate handling of such mails).

118
Views
0
Helpful
1
Replies