Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Viewing message filters "raw"

I'm new to Ironport and AsyncOS. Is it possible to view and perhaps edit a message filter in its entirety, that shows very clearly how the filter is constructed?

That is, I want to see something that looks like the actual code that the filter is using, not the "logical representation" of it that is all I've found in the CLI so far. I want to see the sequence of ANDs, ORs, ==, regexes and so on.

Our two appliances are clustered, so if there are some commands that I need to issue to ensure I see the cluster configuration, please specify those as well.

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Viewing message filters "raw"

Keep in mind - that message filters are CLI only.

Please see the Advanced Guide, there is an in-detail section for message filters provided.

http://www.cisco.com/en/US/products/ps10154/products_user_guide_list.html

Content filters from the web GUI can show you the context you may be looking for.

Mail Policies -> Incoming Content Filters

Mail Policies -> Outgoing Content Filters

Content filters overview can be located in the Email Configuration Guide.

From the content filter, adding a new filter - you will be able to choose and select the conditions and actions.  As you create them, based on the criteria you select, it will give you a good feel for "contains", "equals", "does not contain", "does not equal".

As for the cluster configuration.  For message filters, you can view how these are set from running 'Filters', and then:

- CLUSTERSET - Set how filters are configured in a cluster.

- CLUSTERSHOW - Display how filters are configured in a cluster.

'CLUSTERSHOW' will give you the best view as to if the filters apply to machine only, or cluster:

Ex.:

filters Settings

================

Configured at mode:

Cluster: Yes

Group Main_Group: No

Machine esa_a: No

Machine esa_b: No

Here you can see that the filters will be presented to both appliances, esa_a and esa_b.  So - any/all filters can be written/deleted from one appliance, and automatically carry over to the second.

Content filters will be shared across the cluster as well - unless you choose to override and write these at the machine level.  You should be seeing where you are when visiting the content filters through the web GUI - as it will present the current centralized managed settings.

Other aids for you - if you haven't visited already, our External KB:

https://ironport.custhelp.com/app/answers/detail/a_id/24

Hope this aids in your question(s)!

Regards,

Robert

Content Security Technical Services - RTP, NC

Cisco Customer Interaction: 1-800-553-2447 / Outside US

2 REPLIES
Cisco Employee

Viewing message filters "raw"

Keep in mind - that message filters are CLI only.

Please see the Advanced Guide, there is an in-detail section for message filters provided.

http://www.cisco.com/en/US/products/ps10154/products_user_guide_list.html

Content filters from the web GUI can show you the context you may be looking for.

Mail Policies -> Incoming Content Filters

Mail Policies -> Outgoing Content Filters

Content filters overview can be located in the Email Configuration Guide.

From the content filter, adding a new filter - you will be able to choose and select the conditions and actions.  As you create them, based on the criteria you select, it will give you a good feel for "contains", "equals", "does not contain", "does not equal".

As for the cluster configuration.  For message filters, you can view how these are set from running 'Filters', and then:

- CLUSTERSET - Set how filters are configured in a cluster.

- CLUSTERSHOW - Display how filters are configured in a cluster.

'CLUSTERSHOW' will give you the best view as to if the filters apply to machine only, or cluster:

Ex.:

filters Settings

================

Configured at mode:

Cluster: Yes

Group Main_Group: No

Machine esa_a: No

Machine esa_b: No

Here you can see that the filters will be presented to both appliances, esa_a and esa_b.  So - any/all filters can be written/deleted from one appliance, and automatically carry over to the second.

Content filters will be shared across the cluster as well - unless you choose to override and write these at the machine level.  You should be seeing where you are when visiting the content filters through the web GUI - as it will present the current centralized managed settings.

Other aids for you - if you haven't visited already, our External KB:

https://ironport.custhelp.com/app/answers/detail/a_id/24

Hope this aids in your question(s)!

Regards,

Robert

Content Security Technical Services - RTP, NC

Cisco Customer Interaction: 1-800-553-2447 / Outside US

New Member

Re: Viewing message filters "raw"

Thanks Robert, that's really helpful with the links and showing where it hangs together with the cluster config.

I also had another piece of the puzzle filled in by Support, showing that in the CLI, you can create a filter using quite sophisicated syntax there, which is what I couldn't quite figure out.

Choose the operation you want to perform:

- NEW - Create a new filter.

- IMPORT - Import a filter script from a file.

- CLUSTERSET - Set how filters are configured in a cluster.

- CLUSTERSHOW - Display how filters are configured in a cluster.

[]> new

Enter filter script.  Enter '.' on its own line to end.

Redirect_examplehost:

if (remote-ip == "host.example.com") and (rcpt-to == "user@host.local){

bcc ("auditmailbox@host.local", "[Example]: $Subject");

drop();                                                                                                         

}

Then obviously from there, creating the content filter to bring in the message filter is straightforward

1187
Views
0
Helpful
2
Replies
CreatePlease login to create content