Currently we have a content filter that checks message content against a regex dictionary. The filter is triggered by a Policy with a defined list of Sender domains. The user community is now asking for the same filter to be applied to specific sending IP addresses. The Incoming Policy does not appear to allow me to enter IP's. Is there an easy/efficient way to do this?
mail policies match on email addresses only, not on IP addresses, this is per design, so like Juraj stated you would need a filter condition to do the tasks. Another solution is also to create a sendergroud in the HAT that includes all the IPs you want to match on, and then use the 'sendergroup' condition in message filters to match on this group. Here is an example from the Advanced User Guide:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...