安全 : Cisco IronPort Email 安全设备

如何测试一个消息或保证它的内容过滤器工作如设计?

2015 年 8 月 28 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 4 月 23 日) | 反馈

目录

贡献用Tomki阵营和恩里科沃纳, Cisco TAC工程师。

问题

如何测试一个消息或保证它的内容过滤器工作如设计?

过滤器可以测试保证他们是工作正常通过调试过滤器。调试过滤器是要求系统检疫范围的两步过程。

创建在GUI呼叫的‘FilterDebug的’一新的系统检疫。检疫配置在‘Monitor->Quarantines下。 如果有某检疫空间联机,请点击‘添加检疫的按钮配置FilterDebug检疫。 如果没有足够的空间联机,您将必须编辑使用做某可用空间联机的若干其他检疫和降低空间。

创建有规则的过滤器(匹配标准)您期望使用和设置操作“检疫(‘FilterDebug’)”。

要调试您匹配的规则,请启用在适当的邮件策略的过滤器(其中您在制作打算它运作)并且生成流量。

匹配您的规则的消息将进入FilterDebug检疫,您能检查他们和满足自己您的规则精密地匹配什么您想要。 发表从检疫的那些消息,并且他们通常将传送。 如果要有一阵子观看此,设置检疫保留阶段到某事请可接受短缺并且定期检查检疫发现什么样的消息匹配您的标准。

要调试您的过滤器操作,请创建只有一测验收件人的一项新的邮件策略。禁用您的在其他邮件策略的规则,并且启用它在这中新建的邮件策略。 编辑您的规则采取您希望的行动。 您能删除检疫规则。

生成流量并且检查消息,传送(或没有,根据您的过滤器)到测验收件人验证此什么您想要。现在您能启用在邮件策略的完成规则您的生产部署的和禁用它从测验收件人策略。

一个相似的步骤可以使用调试消息过滤器。 通过建立您在制作要使用的标准开始:

RedirectEarningsReports:
if  (recv-listener == "InboundMail")
and (subject == "(?i)quarterly earnings") {
  quarantine ("FilterDebug");
}

这在CLI执行:

smtp.example.com>filters
Choose the operation you want to perform:
- NEW - Create a new filter.
- DELETE - Remove a filter.
- IMPORT - Import a filter script from a file.
- EXPORT - Export filters to a file
- MOVE - Move a filter to a different position.
- SET - Set a filter attribute.
- LIST - List the filters.
- DETAIL - Get detailed information on the filters.
- LOGCONFIG - Configure log subscriptions used by filters.
- ROLLOVERNOW - Roll over a filter log file.
[]> new
Enter filter script.  Enter '.' on its own line to end.
RedirectEarningsReports:
if  (recv-listener == "InboundMail")
and (subject == "(?i)quarterly earnings") {
  quarantine ("FilterDebug");
}
.
1 filters added.
Choose the operation you want to perform:
- NEW - Create a new filter.
- DELETE - Remove a filter.
- IMPORT - Import a filter script from a file.
- EXPORT - Export filters to a file
- MOVE - Move a filter to a different position.
- SET - Set a filter attribute.
- LIST - List the filters.
- DETAIL - Get detailed information on the filters.
- LOGCONFIG - Configure log subscriptions used by filters.
- ROLLOVERNOW - Roll over a filter log file.
[]>
smtp.example.com >commit
Please enter some comments describing your changes:
[]> add RedirectEarningsReports filter test actions (incomplete)
Changes committed: Wed Nov 24 12:00:10 2004 MST

检查被检疫的消息使用GUI并且发表消息。 这样观看消息流的Continue,直到您是满足的。 其次,请添加您的测验收件人到规则,并且更改操作对什么您在制作要运行:

RedirectEarningsReports:
if  (recv-listener == "InboundMail")
and (subject == "(?i)quarterly earnings")
and (rcpt-to == "(?i)alan@exchange\\.scu\\.com$")  {
  alt-rcpt-to ("sam@exchange.scu.com");
}

在CLI中,您需要删除和再创过滤器:

smtp.example.com> filters
Choose the operation you want to perform:
- NEW - Create a new filter.
- DELETE - Remove a filter.
- IMPORT - Import a filter script from a file.
- EXPORT - Export filters to a file
- MOVE - Move a filter to a different position.
- SET - Set a filter attribute.
- LIST - List the filters.
- DETAIL - Get detailed information on the filters.
- LOGCONFIG - Configure log subscriptions used by filters.
- ROLLOVERNOW - Roll over a filter log file.
[]> list
Num Active Valid Name
  1   N      Y   betatest
  2   N      Y   StripInboundExes
  3   Y      Y   RedirectEarningsReports
Choose the operation you want to perform:
- NEW - Create a new filter.
- DELETE - Remove a filter.
- IMPORT - Import a filter script from a file.
- EXPORT - Export filters to a file
- MOVE - Move a filter to a different position.
- SET - Set a filter attribute.
- LIST - List the filters.
- DETAIL - Get detailed information on the filters.
- LOGCONFIG - Configure log subscriptions used by filters.
- ROLLOVERNOW - Roll over a filter log file.
[]> delete
Enter the filter name, number, or range:
[]> 3
1 filters deleted.
Choose the operation you want to perform:
- NEW - Create a new filter.
- DELETE - Remove a filter.
- IMPORT - Import a filter script from a file.
- EXPORT - Export filters to a file
- MOVE - Move a filter to a different position.
- SET - Set a filter attribute.
- LIST - List the filters.
- DETAIL - Get detailed information on the filters.
- LOGCONFIG - Configure log subscriptions used by filters.
- ROLLOVERNOW - Roll over a filter log file.
[]> new
Enter filter script.  Enter '.' on its own line to end.
RedirectEarningsReports:
if  (recv-listener == "InboundMail")
and (subject == "(?i)quarterly earnings")
and (rcpt-to == "(?i)alan@exchange\\.scu\\.com$")  {
  alt-rcpt-to ("sam@exchange.scu.com");
}
.
1 filters added.
Choose the operation you want to perform:
- NEW - Create a new filter.
- DELETE - Remove a filter.
- IMPORT - Import a filter script from a file.
- EXPORT - Export filters to a file
- MOVE - Move a filter to a different position.
- SET - Set a filter attribute.
- LIST - List the filters.
- DETAIL - Get detailed information on the filters.
- LOGCONFIG - Configure log subscriptions used by filters.
- ROLLOVERNOW - Roll over a filter log file.
[]>
smtp.example.com> commit
Please enter some comments describing your changes:
[]> set RedirectEarningsReports to test recipient
Changes committed: Wed Nov 24 12:10:07 2004 MST

验证操作执行什么您想要。 (根据您的过滤器,您可以也验证某些在mail_logs的操作。) 通过删除测验收件人持续,汇集终滤器:

RedirectEarningsReports:
if  (recv-listener == "InboundMail")
and (subject == "(?i)quarterly earnings") {
  alt-rcpt-to ("sam@exchange.scu.com");
}

过滤器和检疫的一个潜在混乱的方面是消息正文处理与信息标题。 在ESA中,消息主题和报头涉及分开。如果在应用操作以后检查在检疫的消息,您将看不到所有报头处理完成对消息(但是它将完成在交付。) 这,平行,是因为报头处理分开完成作为消息进度通过渠道。 消息与其在交付前的(潜在已修改)报头在检疫团聚,但是看不到。 您将看到对消息的正文的所有变化,例如附件标记剥离或的页脚,在检疫上。


相关的思科支持社区讨论

思科支持社区是您提问、解答问题、分享建议以及与工作伙伴协作的论坛。


Document ID: 117902