Conditions based on "EnvelopSender" in Content Filters

Similar Messages

• Content filters based on Group Best Practice

  What is best practice for Content filters based on Group.
  What we wanna accomplish.
  We have few groups but i'll make an example on two.
  We have one group that have allowed "Media" and another group that have allowed "Exe".
  What is best practice if one user is in both group.
  How would you do Content filtering?
  I dont see in Content filtering condition
  if (Envelope Recipient does not mach group) then Block.
  Is the best way to create first?
  If (attachment.type="Media") then (insert header="sometext);
  and after in Content filter below
  if (Envelope Recipient) and (Header does not contain "sometext") then Block.

  Hi,
  I understand that I will have to use BPM. What is the best way?

• SQL Server Policy Based Management Condition 'conditionname' cannot be used for filtering.

  Using SQL Server 2008 R2, I am trying to create a condition to be used as a filter at the database level.  So for each database, I would like to test the presence of a Database Extended Property using the following code in the Expression/Field:
  ExecuteSql('String', 'SELECT value FROM sys.extended_properties WHERE class_desc = ''Database'' AND name=''somepropertyname''')
  I created the condition using the Database Facet.
  The condition can be evaluated in a policy, but I cannot use the condition as a filter for a policy against the "Database" filter.  If I create a new condition that can be used as a filter and try to edit that condition, I receive the following
  error:
  "Condition 'conditionname' cannot be used for filtering."
  I cannot find any documentation on the limitations of filters.  I am assuming that ANY use of ExecuteSql would not be allowed.  This filter is important because I am testing the @IsEncrypted of Every StoredProcedure, Every Database.  If the
  database extended property is present, I want to skip the test.
  CorkChop

  Hi,  you resolved this issue? If yes, how?
  []'s | Rodrigo Ribeiro Gomes | MCTS/MCITP Dev/DBA

• How do I create Outgoing Mail Policie,Outgoing content filters and individual content filters?

  IronPort C160.
  async OS 6.5.3
  Server 1 and server 2 are communicating through ironport.( and also scanning)
  Server 1 we have setup domain abc.lk and yy.abc.lk in same server, this reside on DMZ. same segment ironport is connected,
  Server 2: we have setup separate server int.abc.lk which is resided on internal lan.
  Server 1 and server 2 should have to communicate internally, but server2 should not communicate to outside the world (eg. [email protected])
  How do I create "Outgoing Mail Policies, Outgoing content filters and the individual content filters?
  Note: Now server 1 and server2 are communicating internal and also communicating external ([email protected]), I need server 2 not to communicate external ([email protected]) it should be block and also do not block server 2 communicating to server1
  I have attached diagram also.
  Thanks.
  sumathi.

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin:0cm;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:10.0pt;
  font-family:"Times New Roman";
  mso-ansi-language:#0400;
  mso-fareast-language:#0400;
  mso-bidi-language:#0400;}
  Hello Sumathi,
  (Thanks for adding a diagram, that helps understanding your situation)
  I think the simplest solution is to create a filter that allows server 2 (based on it's IP) to communicate with the internal domains, and drop the messages when they are targeted to any other domain
  so:
  filter source IP = servers
  condition: message to: is NOT abc.lk or yy.abc.lk
  action: drop message
  hope this helps!
  Steven

• Exchange 2013 SP1 EDGE role content filtering ?

  Hello,
  Have Exchange 2013 SP1 with CU5 with antispam enabled on mailbox role server. And i wonder if i deploy 2013  Edge role, will i get more granular content filter control, like there is in Office 365? For example: i want to treat empty messages as not
  spam.
  I have read that control of Edge server is done ONLY by powershell. So if edge role is deployed, still there is no content filter control in ECP (like in office365) ??

  Hi,
  The Content Filter agent assigns a spam confidence level (SCL) rating to each message. The SCL rating is a number between 0 and 9. A higher SCL rating indicates that a message is more likely to be spam.
  Based on my knowledge, I'm afraid we can't filter the empty messages and treat them as not spam.
  Here is an article about content filtering in Exchange 2013 for your reference.
  Content Filtering
  http://technet.microsoft.com/en-us/library/bb124739(v=exchg.150).aspx
  Best regards,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Belinda Ma
  TechNet Community Support

• Lack of iPhone content filtering

  Why does Apple not allow (or provide) any advanced content filtering software on the iPhone/iPad? Simply turning off internet browsers and preventing App downloads is not a solution. I believe many people would use content filtering software/features if provided. The explicit video/image internet issues today are of epidemic proportions and I know many would agree with me on this. The iPhone is an excellent device, but if Apple does not come up (or allow) a rock solid solution soon, I may have to use an inferior product (which does provide/allow these things) just so my family and I can be protected. Who would be the right person to talk to in order to have my voice heard?

  Settings > General > Restrictions.
  There is an Explicit Language option.
  Under Allowed Content, there is a Ratings option based on a selected country for Music & Podcasts, Movies, TV Shows, Books, and Apps. 

• How can I achieve IOS content filtering using a Cisco router

  Good day Everybody.
  I would like to set up content filtering using IOS on my Cisco router. I already know how to do URL filtering but I want to restrict access to sites based on categories.
  Is this possible without having to introduce an external device?

  Natively in IOS this is not possible. However you can configure CWS (Cisco Web Security). The router will forward web requests to a cloud based web security service.
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps10142/ps11720/data_sheet_c78-729637.html

• Web Content Filtering / Virus Scanning appliance

  Hello all,
  I'm in the market for a content / url / virus scanning device for our network. We are currently using MXLogic's Web Defense service and while it's very cheap it is not suiting our needs. What I'm looking for is an appliance that will do content filtering but also virus / malware / spyware scanning on web traffic. I'd also need to be able to setup policies / groups for different set's of users. For instance the folks who purchase the products we sell need to be able to see our vendors media (streaming video) content while our sales folks don't. I can't currently do this with MXLogic, it's all or nothing.
  Our firewall is an ASA5510 and I've looked at the Content Security SSM-10 module with the plus license and while the pricing is definitely attractive I have a few questions about it. Does it integrate with MS Active Directory? In other words and it filter based on groups and policies or is it more IP / ACL based? Also does it perform well?
  I've also looked at the IronPort product cisco sell's and have similar questions regarding that mainly what are folks experience with it, is it something you would recommend?

  Hi Allen,
  To answer your questions related to the CSC module:
  1. No, the CSC module does not integrate with Active Directory. This is something that Trend Micro has in the works, but as of now there is no ETA for this functionality.
  2. The CSC module will perform fairly well if used in the environment it was designed for. I would recommend taking a look at the CSC sizing guide to see if the CSC-SSM-10 would be something that is scalable enough for your network:
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_white_paper0900aecd805c3cd6.html
  I cannot speak to the performance/functionality of IronPort as I have not used it personally, but I have heard good things. Also, external appliances from Websense seem to be a popular choice when you need a product that is a bit more scalable or granular than what the CSC module can provide.
  Hope that helps.
  -Mike

• Message filters vs Content Filters

  Differences:
  1. Message filters occur earlier in the email pipeline than content filters. Message filters before the email goes into the workqueue. The content filters occur inside the workqueue.
  2. Message filters are currently only administered from the command line. Content filters can be administered from both the CLI and the GUI interface, however, the GUI interface is the recommended mehtod.
  3. Content filters have an inbound and an outbound set of content filters, depending upon the direction of the message. That is, whether it's a relayed email (outgoing content filters) or inbound mail(inbound content filters). Message filters on the other hand, are autmoatically applied to both inbound and outgoing traffic, unless you lock it down to a specific listener. If you only have one listener, you may need to differentiate your flow of traffic by sendergroups or something else.
  4. Message filters and content filters can pretty much have the same conditions and actions. However, message filters allow for if-else conditions, so they are more robust.
  5. You can use message and content filters in unison. For example, use a message filter to insert a custom header that you content filter can key off of. However, this does not work the other way around. You cannot insert a custom header in the content filter and have the message filter key off of that info. Due to the way the email pipeline is set up, message filters come first, then content filters.
  6. Easy of use: content filters are a bit more intuitive and user-friendly. message filters are more advanced, so it has a bigger learning curve.
  7. Content filters used with customized incoming or outgoing mail policies allow you to splinter messages. Splintering messages allow you to split messages up by recipients. Message filters don't allow splintering and are applied to the entire message.
  AsyncOS User Guide: Content Filters Overview
  https://support.ironport.com/docs/c_series/4.6/HTML_4.6_Compilation/AsyncOS_4.6_User_Guide/AsyncOS_4.6_User_Guide-12-3.html
  AsyncOS User Guide: Message Filters
  https://support.ironport.com/docs/c_series/4.6/HTML_4.6_Compilation/AsyncOS_4.6_Adv_User_Guide/AsyncOS_4.6_Adv_User_Guide-09-2.html
  AsyncOS User Guide: Email Pipeline
  https://support.ironport.com/docs/c_series/4.6/HTML_4.6_Compilation/AsyncOS_4.6_User_Guide/AsyncOS_4.6_User_Guide-09-2.html

  Actually, I just did a test on this and your point is half correct.
  It's not the content filter that does the splintering, it's either the incoming or outgoing mail policy that does the splintering.
  For example, if you only have one Default outgoing policy and an outgoing content filter that drops the mail if the destination is @yahoo.com.
  If you sent in a test email with two recipients: [email protected] and [email protected]
  Then the entire message would get dropped since there was only one Default outgoing policy.
  However, you can allow for splintering if you had additional custom policies.
  For example,
  1. gmail-recipients
  2. yahoo-recipients
  3. Default policy
  In that case, your test email would split into two separate emails and then you could have the content filters apply to each separately.
  You are correct that message filters apply to the entire message and does not allow for message splintering.
  However, content filtering, message splintering is only applicable if you have additional custom policy, either inbound or outgoing.
  So, in additional to the requirement of mutliple recipients, you also need multiple policies, otherwise, have multiple recipients and only one Default policy will affect the entire message also.
  Thanks for the attention to detail.
  You've missed one of the biggest differences...
  Message filters act on a _message_. Content filters act on a message/recipient pair.
  If a message is only going to a single person then there's not any difference, but if a message is addresses to multiple people then the message filter will take the same action for all recipients, whilst the content filter will split ("splinter") the one message into multiple messages, with one (or possibly more) recipients each, and then act on each individually.

• Time pattern to allow user breakthrough URLFilter over IOS content filtering

  hi
  i have a client did request me to create such thing for them over IOS content filtering + Trend Micro based subscrition (till this level i'm pretty not sure it is feasible or what)
  scenario would be:
  like group 1 of users are the martketing subnet, then setting the time from 0800 hour to 1700 hour are prohibited to access any of the block blackilist site (either from local and/or trend micro reputation / category blacklist URL)
  is there any way round i can enable the router to recognize the time then let user to gain access after 1700 hour?
  Can TCL do this? any other way round for this
  thank you
  Noel

  Hi Carlos,
  I am having the same problem.  I have seen a few diffenent configuration examples and they all show adding the "parameter type urlfpolicy trend parm-map-name" command but it doesn't exist, at least in 15.2(3)T1 and I see it listed in the the IOS documentation for 15.2.  Maybe they forgot it :-)
  I guess I will open a TAC case as I do not want to downgrade...
  I will keep you posted if I find the answer.
  Regards,
  Troy

• IOS Content Filtering - Is No More ?

  Cisco very quickly End of Lifed the IOS Content Filtering offering last year
  http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6643/eol_c51-698205.html
  For something with a minimum of a yearly lic involved, the EOL timing is shocking - you could have ordered product with a 1 year lic and come back now to find the offering is now dead (as in our case) so much for ROI !
  Cisco are pushing Scansafe as their current offering, which has probably led toa  falling out with Trend who provided the underlying service for
  IOS Content Filtering. Scansafe does not economically cover the low end application, for which IOS Content Filtering was ideal i.e SMB space with 8xx or low end ISR routers. The Cisco answer is basically "perhaps you want to go and investigate solutions form other suppliers"
  So we are left with a router platform which is fine and  content filtering which was fine but are now unable to re-licence the URL filtering service and will stop working in about 30 days and there is apparently nothing we can do about it
  Does anyone know if Trend still operate the URL filtering subscription service and whether theire is a way of geting a subscription renewal direct ?
  (i'm not holding my breath on that - I am guessing the IOS content filtering hooks for the service being certificate based + Cisco license process will make that hard for anyone but Cisco)
  Or of any alternative simple and cost effective solution we can configure the router to use
  (please tell me we're not back to SurfControl/Websense solutions again..)
  thanks
  Sez

  Approached the Cisco AM - frankly there was little or no interest in fixing such a low value problem. The spin was the Trend relationship ending was beyond Cisco control and Cisco hands tied - i.e. its not our fault (but strangely the problem is the customers)
  Yes we could get some TMP discount - against the original hardware purchase but the hardware for lowend installs is negligible, it is the services time/cost in getting solution (and any replacement) into deployment which is the costly part and TMP makes no allowance for that.
  Also scansafe solution is much more expensive, compared to IOS URL Filtering, so even taking off the minor TMP discount the answer form Cisco is basically - yep spend more money with us and we'll fix the problem we created for you. And why is there so little normal info on Cisoc.com for scansafe - i.e. covering SKU/ordering models etc... It always just ays 'ask your Cisco AM for details' - that may have worked when Scansafe was a separate company but a Cisco AM is unlikely to even answer the phone to talk about a $3K order
  If Cisco really wanted to protect customer investment, why couldn't it provide through Scansafe a replacement service for IOS URL Filtering service, at similar cost and pricing model to that provided by the Trend integration? i.e. same kit, same config but pointed at scansafe cloud rather than Trend cloud. Then there would be no issue and a clean migration path provided for Ciscos valued customers
  Probably answering my own question but scansafe appears to return to a cost related to the user count, whereas IOS URL Filtering service was a simple one off cost per router. This was ideal for low end application (the ISR800 series size of deployment) and comparable scansafe is way more expensive.
  I have found we are not alone in this, most customers are only finding out about this mess when existing IOS URL Filtering licence's expire and go for renewal only to find the 3 month EOL process has stealthily boatanchored their implementation.
  Sez

• IOS content filtering on trend micro subscription

  hi
  i just finish setup the IOS content filtering on C1841. basically it's combo of local filtering and Trend micro subscrition based. all the parameter-map, class-map, policy-map and zone firewall setting is up and ready to go.
  Some question to ask
  1. how do i examine trend micro content filtering on it REPUTATION and CATEGORIES is really working?
  as usual, after setup these command :
  paramater-map type trend-global MY-GLOBAL-PARAM
  server trps.trendmicro.com
  pamater-map type urlfpolicy trend MY-PARAM   
  allow-mode on
  block-pass message "bla-bla-bla"
  class-map type urlfilter trend match-any trend-block-categories
  match url catergory Adult-Mature-Content
  class-map type urlfilter trend match-any trend-block-reputation
  match url reputation ADWARE
  policy-map type inspect urlfilter MY-ACTION
    parameter type urlfpolicy trend MY-PARAM
    class type urlfilter trend trend-block-categories
    reset
    class type urlfilter trendtrend-block-reputation
    reset
  so for my zone firewall policy:
  policy-map type inspect out->in
  class type inspect trafic
  inspect
  service-policy urlfilter MY-ACTION
  then i do apply zone-pair to the outside and inside interface,everything set to go.
  so far what i can block is only using URL-blacklist to block the whole domain. anyway how can totally left to trend micro subscription license to do with it all?
  noel

  Hmm... no thoughts over the weekend. Anyone?

• Does "first match" win on Content Filters?

  If I define multiple content filters for a given outbound mail policy, would system stop looking at filters once a match is found on one of the content filters or should I force that by using a "final" action in my content filters?
  I know "first match wins" apply to some other scenarios, but couldn't see a clear explanation to above question in section 6 of Config guide where content filters are defined (and testing with system did not clear that for me either).
  Thanks.
  Sent from Cisco Technical Support iPhone App

  Hello John,
  An emaill being processed by the content filters or messages filters will continue down the list of  content/message filters until it hits the last filter or a 'final' action filter command.   If the email being processed needs to exit (by administrative choice), the filter it hits, should have a final action.  This only applies to certain conditions, where the administrator does not want the filter's last action to be overwritten by another filter down the pipeline.
  cheers,
  -Alvaro

• DKIM/DomainKeys Content Filters Best Practices?

  Hi All,
  I was wondering if anyone has some best practices on implementing content filters for domain keys/dkim results on incoming mail. I am having a tough time figuring out a good solution to this problem as we have various users who also subscribe to mailing lists, which obviously break domain keys if the server doesn't resign the message?
  Any suggestions would be helpful.
  Thanks!

  Hi,
  SDN is using Web Page Composer. You should also take a look into WPC for publishing EFP. WPC is based on KM, but has several advantages over XML Forms.
  Regarding the security aspect:
  There are several SDN articles / documentations about how to implement an EFP (like: Look & Feel, Framework Pages and Portal Navigation).
  You can restrict access for anonymous users - in fact, you'll have to explicitly allow access for anonymous users. If you don't like that your users can access something else than /etc/public/, just don't give the guest user read access. You can alsouse a reverse proxy to allow access to only the necessary KM folders and redirect the rest to the start page.
  br,
  Tobias

• Internet content filters

  Any way to provide content filtering for web access (aka: block porn, etc.)? The previously posted solution was "Unite" software which is no longer available.

  I would recommend Content Barrier (www.intego.com), although I think it does block sites based on a list, it is very good and will monitor the admin account as well. Plus a trial version is available which is always a plus.
  The only content filter that monitors based on actual site content is DansGuardian which is free, but I found a pain to set up. Still, it's worth trying if you can find a decent mac setup guide. A mac version is available here: http://mac.softpedia.com/get/Internet-Utilities/DansGuardian.shtml, and the DansGuardian homepage is here: http://dansguardian.org/