Apply a content filter to a group of sender addresses
I want to setup a content filter that does a certain action but I want the condition to be if the message came from an email address in a list of source addresses. I seem to only be able to apply one. I really dont want to have to create 200 condition statments just to match someone in a list or addresses. Cant use an LDAP becuase these are incoming addresses so they dont appear in my LDAP
Any idea?
I'm not in a position to experiment, but am wondering if an LDAP query could pick up other types of address from a directory. If your backoffice mail server is Exchange, could a query pick up an address from a Contact object?
Similar Messages
-
New content filter = no more ARD !?!?!?!
I manage two sub-netoworks which use the same router and content filter but with a different IP addresses. I used to be able to connect to any machine on either network from the other one, but now I can't. I also have a new content filter, which I think is causing the problem. The machines are listed as sleeping when I know they are not.
Any idea how I can get this to work?
ThanksMake sure that the filter and router passes TCP/UDP ports 3283 and 5900. Most likely it's blocking at least 3283.
Regards. -
App store icon gone missing/Web Content Filter - Apple Configurator
I am using Apple Configurator to manage the iPads at my school. I changed the settings on my school's profile, within Apple Configurator, so that the App store was not available. The App store icon disappeared and all was good. I decided to change the settings back, to allow the App store, saved the settings and refreshed a group of iPads. The App store icon is still missing and it doesn't appear that my new settings have been applied. I quit Configurator and tried again, but no success. I am running Configurator 1.5 and the ipads are running iOS 7.1.
Also, I have unchecked the "Allow use of You Tube" button because I want You Tube disabled, but Configurator still allows the use of You Tube through Safari. Is there any way to disable the use of You Tube without using the ridiculous "Web Content Filter", that when activated, limits adult content (good), which seems to include a lot of valuable educational sites (bad)? To me the only other option available seems to be to tick "Specific Websites Only" and spend the next year typing in all the possible sites that might have educational merit, ergo, my use of the word 'ridiculous'. Is there something I am missing?Locate it in the Apps folder and drag it to the dock.
-
Can I set up a Content Filter that is Time/Date stamp dependent?
My company would like to add an additional disclaimer text during Holidays where the company is closed. It will say something like: "In observance of the 'XYZ' holiday, our offices will be closing at 3:00 PM on Friday, December........ and will reopen at 8:30 AM Monday.......".
I was wondering if there is a way to set up conditions in an Outgoing content filter to only include that text if the email is sent between certain dates.
This would allow me to set up the filters prior to the holidays and not have to manage them manually.
I tried to do it via Exchange Transport rule, but I can't find a time/date dependent condition for the rules in Exchange.
Thanks,
RachelHi Rachel,
there is no way to archive this directly in content filters, an indirect way would be to use a message filter that adds an additional header (i.e. X-mas: true) during a specific period. For that, message filters provide the 'date' rule, i.e
HolidayHeader:
if ((date > '12/20/2012 13:00:00') and
(date < '12/28/2012 12:00:00'))
insert-header('X-mas', 'TRUE');
You'd then create an outbound content filter matching on this header and inserting the specific footer if the header exists. Or, of course, you could have that action in the message filter already, however in that case you need additional conditions to make sure the rule applies on outbound messages only.
Hope that helps,
Andreas -
How do I apply the blur filter to all my layers at the same time?
Hi I'm working on a background for a web page and I want to try how different filters are going to affect all the layers. Is it possible to apply a filter to all the layers without flattening the file first? Thanks very much,
CathyThanks very much , that's really helpful,Cathy
Date: Thu, 23 Dec 2010 11:18:21 -0700
From: [email protected]
To: [email protected]
Subject: How do I apply the blur filter to all my layers at the same time?
Hello!
There is no need to flatten the file, but you can create a layer that merges all the content of the image, and apply the filter on that layer.
Target the topmost layer, by holding the Option and . (period) keys, then create a merged copy by holding down Command Shift Option E.
> -
Content filters based on Group Best Practice
What is best practice for Content filters based on Group.
What we wanna accomplish.
We have few groups but i'll make an example on two.
We have one group that have allowed "Media" and another group that have allowed "Exe".
What is best practice if one user is in both group.
How would you do Content filtering?
I dont see in Content filtering condition
if (Envelope Recipient does not mach group) then Block.
Is the best way to create first?
If (attachment.type="Media") then (insert header="sometext);
and after in Content filter below
if (Envelope Recipient) and (Header does not contain "sometext") then Block.Hi,
I understand that I will have to use BPM. What is the best way? -
Could not apply background image to the panel group layout in spaces application
I tried to apply background image to the panel group layout with css class and also with inline style such as below
background-image:url('/content/conn/intra-dot-content/path/mywebcenter/lever/backgroundmain.jpg');background-position:center; background-repeat:repeat-y;
The background image does not show up. but it work with panel border layout. Is there any work around for the issueYou can try styleclass, which is always better choice than inlinestyle
page:
<af:panelGroupLayout id="pgl30"
styleClass="testPGbackground">
<af:outputText value="outputText5" id="ot8"/>
</af:panelGroupLayout>
css:
.testPGbackground {
background-image:url('/images/unselectedTabStart.png');
It works for me.
I tried with inline style also and it worked.
bac
<af:panelGroupLayout id="pgl30"
inlineStyle="background-image: url(/incview/images/unselectedTabStart.png);">
<af:outputText value="outputText5" id="ot8"/>
</af:panelGroupLayout>
NOTE: You need to mention image url with context-name here, which could be a way of hard coding context name and in future it could be very difficult to change contextname. As recommended styleclass is better solution.
Thanks
Sanjeev -
Outgoing mail Policy only able to use one of either Content Filter - Outbreak Filter - DLP
No matter what config I use I am able to apply sender domains, anti spam and anti virus however I can only apply a single process of content filter which then will not move to the next process of DLP. Can this be achieved so I can have within the same outgoing mail policy the process of content filter and dlp policies applied.
Hello Bighead81,
could you explain what you mean by "single process of content filter" please? I'd suppose adding more than one content filter to a policy, which should be no problem. Also activation of Content Filter, Outbreak Filters and DLP (for outbound mailflow) for any policies.
Regards,
Andreas -
Is there any way to effectively use a Pix 506e as a content filter? I see some example configurations involving an ASA 5500, but I was wondering if the pix alone will allow content filtering. We are a small business that is looking to restrict just a few websites to our DHCP users. (i.e. eBay, yahoo mail, Amazon). We already have the pix. Thanks!
Suppose if you want to filter streaming media content with PIX 506E, you have two options. The first one is to block ports on the PIX and the second is to use Proxy Server to filter URLs. Since our main concern is doing it on the PIX, You may enter these commands on the PIX for well-known ports that you could block on the firewall:
access-list nostream deny udp any any eq 2979
access-list nostream deny udp any any eq 1790
access-list nostream deny udp any any eq 1755
access-list nostream deny udp any any eq 1736
access-list nostream deny udp any any eq 554
access-list nostream deny udp any any eq 537
access-list nostream deny tcp any any eq 2979
access-list nostream deny tcp any any eq 1790
access-list nostream deny tcp any any eq 1755
access-list nostream deny tcp any any eq 1736
access-list nostream deny tcp any any eq 554
access-list nostream deny tcp any any eq 537
access-list nostream permit tcp any any eq 80
access-list nostream permit ip any any
access-group nostream in interface inside
However, some streaming applications use random ports using auto-configure options that are difficult to block with the PIX. To resolve this issue, you have the second option, using a proxy server to filter the URLs. You may use Websense and any other software to filter web traffic. -
Really Slow web surfing through ZBF with IOS Content filter
Edited: attached partial output of "sh policy-map type inspect zone-pair urlfilter"
Hey, all
We have a 1921 router with IOS Content filter subscribsion and it is also configured as ZBF running latest IOS v15.1. End-user keep complaining about slow web surfing. I connected to network and tested myself and found intermittent surfing experience.
For example, access to www.ibm.com or www.cnn.com hangs 7 times of 10 attempts and maybe only loads reasonablly quick in 1-2 time of the 3. This also affects the speed of download from websites.
I have the case openned with Cisco TAC and CCIE checked my configure but nothing caught his eyes...
I decide to post the issue here in case we both missed something:
Current configuration : 18977 bytes
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname abc_1921
boot-start-marker
boot system flash:/c1900-universalk9-mz.SPA.151-4.M4.bin
boot-end-marker
aaa new-model
aaa authentication login default local
aaa authentication login NONE_LOGIN none
aaa authorization exec default local
aaa session-id common
clock timezone AST -4 0
clock summer-time ADT recurring 3 Sun Mar 2:00 2 Sun Nov 2:00
no ipv6 cef
ip source-route
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
ip cef
ip dhcp excluded-address 192.168.1.1 192.168.1.9
ip dhcp excluded-address 192.168.1.111 192.168.1.254
ip dhcp pool DHCPPOOL
import all
network 192.168.1.0 255.255.255.0
domain-name abc.local
dns-server 192.168.10.200 192.168.10.202
netbios-name-server 4.2.2.4
default-router 192.168.1.150
option 202 ip 192.168.1.218
lease 8
ip domain name abc.locol
ip name-server 8.8.8.8
ip name-server 4.2.2.2
ip port-map user-port-1 port tcp 5080
ip port-map user-port-2 port tcp 3389
ip inspect log drop-pkt
multilink bundle-name authenticated
parameter-map type inspect global
log dropped-packets enable
parameter-map type urlfpolicy trend cprepdenyregex0
allow-mode on
block-page message "The website you have accessed is blocked as per corporate policy"
parameter-map type urlf-glob cpaddbnwlocparapermit2
pattern www.alc.ca
pattern www.espn.com
pattern www.bestcarriers.com
pattern www.gulfpacificseafood.com
pattern www.lafermeblackriver.ca
pattern 69.156.240.29
pattern www.tyson.com
pattern www.citybrewery.com
pattern www.canadianbusinessdirectory.ca
pattern www.homedepot.ca
pattern ai.fmcsa.dot.gov
pattern www.mtq.gouv.qc.ca
pattern licenseinfo.oregon.gov
pattern www.summitfoods.com
pattern www.marine-atlantic.ca
pattern www.larway.com
pattern www.rtlmotor.ca
pattern *.abc.com
pattern *.kijiji.ca
pattern *.linkedin.com
pattern *.skype.com
pattern toronto.bluejays.mlb.com
pattern *.gstatic.com
parameter-map type urlf-glob cpaddbnwlocparadeny3
pattern www.facebook.com
pattern www.radiofreecolorado.net
pattern facebook.com
pattern worldofwarcraft.com
pattern identityunknown.net
pattern static.break.com
pattern lyris01.media.com
pattern www.saltofreight.com
pattern reality-check.com
pattern reality-check.ca
parameter-map type ooo global
tcp reassembly timeout 5
tcp reassembly queue length 128
tcp reassembly memory limit 8192
parameter-map type trend-global global-param-map
cache-size maximum-memory 5000
crypto pki token default removal timeout 0
crypto pki trustpoint Equifax_Secure_CA
revocation-check none
crypto pki trustpoint NetworkSolutions_CA
revocation-check none
crypto pki trustpoint trps1_server
revocation-check none
crypto pki trustpoint TP-self-signed-3538579429
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3538579429
revocation-check none
rsakeypair TP-self-signed-3538579429
!! CERTIFICATE OMITED !!
redundancy
ip ssh version 2
class-map type inspect match-any INCOMING_VPN_TRAFFIC_MAP
match access-group name REMOTE_SITE_SUBNET
class-map type inspect match-all PPTP_GRE_INSPECT_MAP
match access-group name ALLOW_GRE
class-map type inspect match-all INSPECT_SKINNY_MAP
match protocol skinny
class-map type inspect match-all INVALID_SOURCE_MAP
match access-group name INVALID_SOURCE
class-map type inspect match-all ALLOW_PING_MAP
match protocol icmp
class-map type urlfilter match-any cpaddbnwlocclasspermit2
match server-domain urlf-glob cpaddbnwlocparapermit2
class-map type urlfilter match-any cpaddbnwlocclassdeny3
match server-domain urlf-glob cpaddbnwlocparadeny3
class-map type urlfilter trend match-any cpcatdenyclass2
class-map type inspect match-all cpinspectclass1
match protocol http
class-map type inspect match-any CUSTOMIZED_PROTOCOL_216
match protocol citriximaclient
match protocol ica
match protocol http
match protocol https
class-map type inspect match-any INSPECT_SIP_MAP
match protocol sip
class-map type urlfilter trend match-any cptrendclasscatdeny1
match url category Abortion
match url category Activist-Groups
match url category Adult-Mature-Content
match url category Chat-Instant-Messaging
match url category Cult-Occult
match url category Cultural-Institutions
match url category Gambling
match url category Games
match url category Illegal-Drugs
match url category Illegal-Questionable
match url category Internet-Radio-and-TV
match url category Joke-Programs
match url category Military
match url category Nudity
match url category Pay-to-surf
match url category Peer-to-Peer
match url category Personals-Dating
match url category Pornography
match url category Proxy-Avoidance
match url category Sex-education
match url category Social-Networking
match url category Spam
match url category Tasteless
match url category Violence-hate-racism
class-map type inspect match-any INSPECT_PROTOCOLS_MAP
match protocol pptp
match protocol dns
match protocol ftp
match protocol https
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
match protocol icmp
class-map type urlfilter trend match-any cptrendclassrepdeny1
match url reputation ADWARE
match url reputation DIALER
match url reputation DISEASE-VECTOR
match url reputation HACKING
match url reputation PASSWORD-CRACKING-APPLICATIONS
match url reputation PHISHING
match url reputation POTENTIALLY-MALICIOUS-SOFTWARE
match url reputation SPYWARE
match url reputation VIRUS-ACCOMPLICE
class-map type inspect match-all CUSTOMIZED_NAT_MAP_1
match access-group name CUSTOMIZED_NAT_1
match protocol user-port-1
class-map type inspect match-all CUSTOMIZED_NAT_MAP_2
match access-group name CUSTOMIZED_NAT_2
match protocol user-port-2
class-map type inspect match-any INSPECT_H323_MAP
match protocol h323
match protocol h323-nxg
match protocol h323-annexe
class-map type inspect match-all INSPECT_H225_MAP
match protocol h225ras
class-map type inspect match-all CUSTOMIZED_216_MAP
match class-map CUSTOMIZED_PROTOCOL_216
match access-group name CUSTOMIZED_NAT_216
policy-map type inspect OUT-IN-INSPECT-POLICY
class type inspect INCOMING_VPN_TRAFFIC_MAP
inspect
class type inspect PPTP_GRE_INSPECT_MAP
pass
class type inspect CUSTOMIZED_NAT_MAP_1
inspect
class type inspect CUSTOMIZED_NAT_MAP_2
inspect
class type inspect CUSTOMIZED_216_MAP
inspect
class class-default
drop
policy-map type inspect urlfilter cppolicymap-1
description Default abc Policy Filter
parameter type urlfpolicy trend cprepdenyregex0
class type urlfilter cpaddbnwlocclasspermit2
allow
class type urlfilter cpaddbnwlocclassdeny3
reset
log
class type urlfilter trend cptrendclasscatdeny1
reset
log
class type urlfilter trend cptrendclassrepdeny1
reset
log
policy-map type inspect IN-OUT-INSPECT-POLICY
class type inspect cpinspectclass1
inspect
service-policy urlfilter cppolicymap-1
class type inspect INSPECT_PROTOCOLS_MAP
inspect
class type inspect INVALID_SOURCE_MAP
inspect
class type inspect INSPECT_SIP_MAP
inspect
class type inspect ALLOW_PING_MAP
inspect
class type inspect INSPECT_SKINNY_MAP
inspect
class type inspect INSPECT_H225_MAP
inspect
class type inspect INSPECT_H323_MAP
inspect
class class-default
drop
zone security inside
description INTERNAL_NETWORK
zone security outside
description PUBLIC_NETWORK
zone-pair security INSIDE_2_OUTSIDE source inside destination outside
service-policy type inspect IN-OUT-INSPECT-POLICY
zone-pair security OUTSIDE_2_INSIDE source outside destination inside
service-policy type inspect OUT-IN-INSPECT-POLICY
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key password address 11.22.3.1
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set TunnelToCold esp-3des
crypto map TunnelsToRemoteSites 10 ipsec-isakmp
set peer 11.22.3.1
set transform-set TunnelToCold
match address TUNNEL_TRAFFIC2Cold
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description OUTSIDE_INTERFACE
ip address 1.1.1.186 255.255.255.248
ip nat outside
ip virtual-reassembly in
zone-member security outside
duplex full
speed 1000
crypto map TunnelsToRemoteSites
crypto ipsec df-bit clear
interface GigabitEthernet0/1
description INSIDE_INTERFACE
ip address 192.168.1.150 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security inside
duplex full
speed 1000
ip forward-protocol nd
ip http server
ip http access-class 10
ip http authentication local
ip http secure-server
ip nat inside source static tcp 192.168.1.217 5080 interface GigabitEthernet0/0 5080
ip nat inside source route-map NAT_MAP interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.1.216 80 1.1.1.187 80 extendable
ip nat inside source static tcp 192.168.1.216 443 1.1.1.187 443 extendable
ip nat inside source static tcp 192.168.1.216 1494 1.1.1.187 1494 extendable
ip nat inside source static tcp 192.168.1.216 2598 1.1.1.187 2598 extendable
ip nat inside source static tcp 192.168.1.213 3389 1.1.1.187 3390 extendable
ip nat inside source static tcp 192.168.1.216 5080 1.1.1.187 5080 extendable
ip route 0.0.0.0 0.0.0.0 1.1.1.185
ip access-list standard LINE_ACCESS_CONTROL
permit 192.168.1.0 0.0.0.255
ip access-list extended ALLOW_ESP_AH
permit esp any any
permit ahp any any
ip access-list extended ALLOW_GRE
permit gre any any
ip access-list extended CUSTOMIZED_NAT_1
permit ip any host 192.168.1.217
permit ip any host 192.168.1.216
ip access-list extended CUSTOMIZED_NAT_2
permit ip any host 192.168.1.216
permit ip any host 192.168.1.212
permit ip any host 192.168.1.213
ip access-list extended CUSTOMIZED_NAT_216
permit ip any host 192.168.1.216
ip access-list extended INVALID_SOURCE
permit ip host 255.255.255.255 any
permit ip 127.0.0.0 0.255.255.255 any
ip access-list extended NAT_RULES
deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.6.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.7.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.8.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.9.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended REMOTE_SITE_SUBNET
permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.5.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.6.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.8.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2ABM
permit ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2Bridgewater
permit ip 192.168.1.0 0.0.0.255 192.168.8.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2ColdbrookDispatch
permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2ColdbrookETL
permit ip 192.168.1.0 0.0.0.255 192.168.7.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2ColdbrookTrailershop
permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2Moncton
permit ip 192.168.1.0 0.0.0.255 192.168.6.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2MountPearl
permit ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2Ontoria
permit ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
ip access-list extended WEB_TRAFFIC
permit tcp 192.168.1.0 0.0.0.255 any eq www
access-list 10 permit 192.168.1.0 0.0.0.255
route-map NAT_MAP permit 10
match ip address NAT_RULES
snmp-server community 1publicl RO
control-plane
line con 0
logging synchronous
login authentication NONE_LOGIN
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class LINE_ACCESS_CONTROL in
exec-timeout 30 0
logging synchronous
transport input all
scheduler allocate 20000 1000
ntp server 0.ca.pool.ntp.org prefer
ntp server 1.ca.pool.ntp.org
endHi,
I know this is for a different platform but have a look at this link:
https://supportforums.cisco.com/thread/2089462
Read through it to get some idea of the similarity, but in particular note the last entry almost a year after the original post.
I too am having trouble with http inspection, if I do layers 3 & 4 inspection there is no issue whatsoever, but as soon as I enable layer 7 inspection then I have intermittent browsing issues.
The easy solution here is to leave it at layers 3 & 4, which doesn't give you the flixibility to do cool things like blocking websites, IM, regex expression matching etc... but in my opinion I just don't think these routers can handle it.
It appears to be a hit and miss affair, and going on the last post from the above link, you might be better off in having the unit replaced under warranty.
The alternative is wasting a lot of time and effort and impacting your users to get something up and running that in the end is so flaky that you have no confidence in the solution and you are then in a situation where ALL future issues users are facing MIGHT be because of this layer 7 inspection bug/hardware issue etc?
I would recommend you use the router as a frontline firewall with inbound/outbound acl's (no inspection), and then invest a few $ in getting an ASA dedicated firewall (but that's just me ) -
Restricting email recipient domain with content filter
Gents,
I am looking to restrict email receipient domain to two with the help of content filter instead of using RAT table.
Please help me out.I understand that you want mail to be rejected for all but 2 Recipient users/domains. You also want to declare the users/domains via a Filter instead of in the RAT. This is not recommended, here is why:
- If you set the RAT to 'All Other Recipients' to 'Accept', other hosts may believe the ESA is an 'Open Relay' and may refuse mail from its IP.
- Bouncing mail after acceptance can cause 'backscatter' emails. This is where a mail server redistributes spam via bounces and it will cause some hosts to reject your mail.
- If done incorrectly, can cause valid mail to bounce.
- If done incorrectly, can make your ESA an Open Relay that can be abused by others.
If you still wish to proceed knowing that the above risks, here are the high-level steps:
1) Set 'All Other Recipients' to 'Accept' in RAT
2) Create a new Incoming Mail Policy
- Add the valid users and/or domains to this new Policy
3) Create new Incoming Content Filter:
- Rule: leave empty
- Action: Bounce
4) Disable all scanning on Default Incoming Mail Policy
5) Apply the new Filter to the Default Incoming Mail Policy
6) Verify that the new Incoming Mail Policy has appropriate scanning enabled
This method works by accepting all mail sent to the ESA, even if it is for a domain you do not control or for an invalid recipient for a domain you do control. When the messages reach the Incoming Mail Policies, valid recipients will match on the new Policy while every other address matches the Default Incoming Mail Policy. Using the Policies in this way is required so that the message is 'splintered' before processing through most scanning features. Now only users/domain that do not match your new Policy will be Bounced by the Content Filter.
Again, I wish to stress that I do _not_ recommend this approach: it is far safer to simply list the valid users or domains directly in the RAT.
- Jackie -
2821, IOS content filter-BUG? HTTP CORE process eating router alive
HTTP CORE process in IOS router is causing network outage. Its 2821, zone based firewall with IOS content filter. IOS content filter was working fine for last month, all of the sudden today it is working faulty. Network is waving on and off with CPU being hogged. Tried reboot and problem returns. Any advice out there?
IOS versions below
CPU utilization for five seconds: 99%/0%; one minute: 99%; five minutes: 99%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
141 2228956 11329 196747 99.20% 99.29% 99.02% 0 HTTP CORE
4 3428 294 11659 0.39% 0.09% 0.10% 0 Check heaps
210 8 14040 0 0.07% 0.00% 0.00% 0 Atheros LED Ctro
c2800nm-advsecurityk9-mz.124-22.T.bin
#sh ip trm sub status
Package Name: Security & Productivity
Status: No subscription information available.
Status Update Time: N/A
Expiration-Date: N/A
Last Req Status: Waiting for response
Last Req Sent Time: 22:02:38 CST Sat Jan 24 2009
sh ip trm ?
config TRM config
subscription Trend Subscription information
#sh ip trm config
Server: trps.trendmicro.com ( Default *)
HTTPS Port: 443
HTTP Port: 80
Status: Active
11111 11111 11111
999999900000999999999999999999990000099999999990000099999999
999999900000999999999999999999990000099999999990000099999999
100 ************************************************************
90 ************************************************************
80 ************************************************************
70 ************************************************************
60 ************************************************************
50 ************************************************************
40 ************************************************************
30 ************************************************************
20 ************************************************************
10 ************************************************************
0....5....1....1....2....2....3....3....4....4....5....5....6
0 5 0 5 0 5 0 5 0 5 0
CPU% per second (last 60 seconds)
11111111111 11 11111111111111 11 11
0000000000090090000000000000099009900 5
0000000000090090000000000000099009900355215223
100 ####################################*
90 #####################################
80 #####################################
70 #####################################
60 #####################################
50 ##################################### *
40 ##################################### *
30 ##################################### *
20 ##################################### *
10 ##################################### ** * #
0....5....1....1....2....2....3....3....4....4....5....5....6
0 5 0 5 0 5 0 5 0 5 0
CPU% per minute (last 60 minutes)
* = maximum CPU% # = average CPU%Try moving to 12.4(20)T2 like me
Some issues have been corrected like object-groups for acls.
I noticed all has not been solved, but it is quite better.
On 12.4(22)T, I had memory fragmentation and overflow when I was issuing a lot of acl and object groups commands -
Content Filter - attachment stripping logic not working like I think it should
Hello,
I am working on a content filter for stripping file attachments - my logic is this:
Condition: If File Type does NOT EQUAL file type Documents: attachment-filetype != "Document"
Action: Strip File Attachment by File Info: drop-attachments-by-size(0 bytes)
My thought is that files that are not word docs, "test.ZIP" for example, would match the condition of not being a document. The match specifies that the action should then be performed on it - strip the attachment if it is over 0 bytes, which would be a match to any file.
Right now, it strip anythings, documents included...its like the condition does not exist. I considered using Message Filters at first, but I need to provide a replacement message with each attachment I strip. Thanks in advance for your help!Hey Daniel
Your understanding is correct to a point.
The condition you set is correct, it will look for emails where attachments are NOT document files according to their mime structure.
Once this condition is met (IE: test.zip)
it will fall to the action
Your action however is set to drop all attachments greater than 0 bytes.
So for a setup like this I would suggest.
First content filter:
Attachment filetype is equal to "document"
Action for this content filter : skip remaining content filters
Second content filter:
(Either no condition or Attachment filetype is NOT "document")
Action -> Strip if size greater than 0
The reason why all attachment filetypes are being stripped and even document is the condition simply states what needs to be seen to trigger this action
But this action is not set to exempt document files but to strip them all -
I am trying to apply a lens filter in CS6 to a mp4 movie from the phantom 2+. I do the normal steps of lens filter and choose dji, phantom2+, and I click ok and the picture improves and there is less curve etc. What I don't know is why it seems to revert back to the old movie when I come back later on. I know I saved it but I must be doing something wrong. Here are my steps:
Open an Mp4 movie
Choose filter, lens correction
Choose dii
choose Phantom FC200
click ok and the image improves.
I then save as a name.psd and close the file.
I reopen the file and it looks good. When I play the movie it just jumps back to the old curved horizon.
What am I doing wrong? If you can help me I would be very grateful.
MarcAND yea i afraid to sync my iphone and lose everything ;( i had everything perfect sync ing perfect ical,contacts,mail,apps and now sence new library I dont wana lose everything.....my hole life runs on my fone i need help bad
-
"Apply Active Content Update" message ONLY in Firefox
Here's my new website:
www.ClampTools.com
When I view it in IE it looks great. When I view it in
Firefox (like for the Press link) I get this error:
This page requires AC_RunActiveContent.js. In Flash run
"Apply Active Content Update" in the Commands menu to copy
AC_RunActiveContent.js to the HTML output folder.
I already did all of this and yes the js file is there, in
the same directory. Any ideas why this isn't working?
Thanks!FIREFOX FIX FOR VS.NET 2005 USERS:
This issue happens when using Visual Studio 2005 as the
editor.
I copied the <HEAD> portion of a page that worked and
pasted it in the bad page. When saving the file in the VS editor it
gives me this message:
Some Unicode characters in this file could not be saved in
the current
codepage. Do you want to resave this file as Unicode in order
to maintain
your data? Yes, No, Save With Other Encoding or Cancel
I selected NO and everything is fine.
Maybe you are looking for
-
Remote malfunction when attempting to configure Apple TV
Apple TV finds wireless network easily. When attempting to enter wireless network password remote only allows cursor to move up and down on the screen keyboard, not across. No suggestion that battery a problem. Can anyone advise please?
-
Hi, I recently purchased few licenses for Project pro from office 365 (online version). When I log in to office 365 and go to my apps I can not see Project Pro app there? Where it might be? Also when I create a project with desktop app, where is the
-
In Mail, How can I continue editing an email saved as a draft?
In Mail, seems that once I save an email I've been working on to the Drafts folder, when I reopen it, I cannot continue editing it. In Mail, How can I continue editing an email saved as a draft to the drafts folder? Steve
-
Hi everybody! I have 2 situations: - Payer without Invoicing dates: when i create the Billing Document, the real billing date is the same as the Requested Delivey Date (in the sales order). - Payer with Invoicing Dates (365 days a year): when i creat
-
Hi, i'm trying to create an ODBC connection on a workstation to our Oracle server. I've got the following installed / uninstalled / reinstalled on the workstation (server is running 10.2.0.4): - Oracle Client 10g release 1 - Oracle Client 10g release