Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Email Security Quick-links: ESA Product Support | SMA Product Support | Email Submission and Tracking Portal | Cisco SecurityHub
Current General Deployment (GD) Releases:
ESA: 11.0.0-264 WSA: 10.5.1-296 SMA: 11.0.0-115 Email Plug-in (Reporting): 1.0.1-048 Email Plug-in (Encryption): 1.0.0-036

New Member

Multiple conditions for Incoming Mail Policies

Currently we have a content filter that checks message content against a regex dictionary.  The filter is triggered by a Policy with a defined list of Sender domains.  The user community is now asking for the same filter to be applied to specific sending IP addresses.  The Incoming Policy does not appear to allow me to enter IP's.  Is there an easy/efficient way to do this?

New Member

Multiple conditions for Incoming Mail Policies

Have you tried with message filter.

From Advanced Guide just for demo that there is option remote-ip then you can check wanted IPs.


   if (remote-ip != '')




I need to check (I cannot to this at this time beacuse my test IP is at customer) can you do remote-ip matched against dictionary so you can populate dictionary with IP addresses.

Multiple conditions for Incoming Mail Policies

Hello Greg,

mail policies match on email addresses only, not on IP addresses, this is per design, so like Juraj stated you would need a filter condition to do the tasks.  Another solution is also to create a sendergroud in the HAT that includes all the IPs you want to match on, and then use the 'sendergroup' condition in message filters to match on this group. Here is an example from the Advanced User Guide:

if (sendergroup == "Internal")




The advantage of this solution is that you can edit the list of IPs on the GUI, without changing the filter itself, so that would be more maintenance friendly.

Hope that helps,