ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Configuring rule actions

book

Article ID: 181329

calendar_today

Updated On:

Products

Mail Security for Microsoft Exchange

Issue/Introduction

 

Resolution

You can specify the action that you want Mail Security to take when a violation occurs.

Mail Security provides the following options for processing messages that trigger content filtering rule violations:

  • Delete entire message

  • Delete attachment/message body and replace with text

    You can customize the replacement text.

  • Quarantine entire message and replace with text

    You can customize the replacement text.

  • Quarantine attachment/message body and replace with text

    You can customize the replacement text.

  • Add tag to beginning of subject line

    You can customize the text that you want to prepend the subject line. This rule action is not available if you apply the rule to the internal messages (store).

  • Log only

    See About logging events

You can also configure Mail Security to add one or more X-headers to messages that violate the content filtering rule. Mail Security provides five default X-headers from which you can choose. Mail Security also lets you create your own X-headers. You can specify up to 25 X-headers for each violation.

See About applying X-headers to messages for archiving

To configure rule actions to delete the message

  1. In the console on the primary navigation bar, click Policies.

  2. In the sidebar under Content Enforcement, click Content Filtering Rules.

  3. Do one of the following:

    Create a rule

    In the sidebar under Tasks, click New rule.

    Modify an existing rule

    In the content area, double-click the rule that you want to edit.

  4. On the Actions tab, in the When a violation occurs box, use the drop-down menu to select Delete entire message.

    The default setting is: Quarantine entire message and replace with text.

  5. Do any of the following:

To configure rule actions to delete the attachment and message body and replace with text

  1. In the console on the primary navigation bar, click Policies.

  2. In the sidebar under Content Enforcement, click Content Filtering Rules.

  3. Do one of the following:

    Create a rule

    In the sidebar under Tasks, click New rule.

    Modify an existing rule

    In the content area, double-click the rule that you want to edit.

  4. On the Actions tab, in the When a violation occurs box, use the drop-down menu to select Delete attachment/message body and replace with text.

    The default setting is: Quarantine entire message and replace with text.

  5. In the Replacement text box, type your customized text.

    The default text is: Symantec Mail Security replaced %attachment% with this text message. The original attachment content type was not allowed and was %action%.

    See Alert and notification variables

  6. Check Add X-header(s) to add one or more X-headers to messages that trigger the violation, and then do any of the following:

    Add an existing X-header

    Do the following:

    • Click Add X-header.

    • In the X-header name column, use the drop-down menu to select the X-header that you want to use.

      You can modify the existing X-header by clicking on the text and typing the new content.

    • In the X-header value column, type the X-header value.

      You can type up to 127 characters. The following characters are not supported in X-header values:

      ~ |

    Create a new X-header

    Do the following:

    • Click Add X-header.

    • In the X-header name box, type the name of the X-header.

      You can type up to 127 characters. The name must begin with "x-" or X-". The following characters are not supported in X-header names:

      , . ; < > : ? / = ( )[ ] @ | ;~

    • In the X-header value box, type the X-header value.

      You can type up to 127 characters. The following characters are not supported in X-header values:

      ~ |

    Remove an existing X-header

    Do the following:

    • Select the X-header that you want to remove by clicking to the left of the X-header name column.

    • Click Delete X-header(s).

  7. Do any of the following:

To configure rule actions to quarantine entire message and replace with text

  1. In the console on the primary navigation bar, click Policies.

  2. In the sidebar under Content Enforcement, click Content Filtering Rules.

  3. Do one of the following:

    Create a rule

    In the sidebar under Tasks, click New rule.

    Modify an existing rule

    In the content area, double-click the rule that you want to edit.

  4. On the Actions tab, in the When a violation occurs box, ensure that Quarantine entire message and replace with text is selected.

    This option is selected by default.

  5. In the Replacement text box, type your customized text.

    The default text is: Symantec Mail Security replaced %attachment% with this text message. The original attachment content type was not allowed and was %action%.

  6. Check Add X-header(s) to add one or more X-headers to messages that trigger the violation, and then do any of the following:

    Add an existing X-header

    Do the following:

    • Click Add X-header.

    • In the X-header name column, use the drop-down menu to select the X-header that you want to use.

      You can modify the existing X-header by clicking on the text and typing the new content.

    • In the X-header value column, type the X-header value.

      You can type up to 127 characters. The following characters are not supported in X-header values:

      ~ |

    Create a new X-header

    Do the following:

    • Click Add X-header.

    • In the X-header name box, type the name of the X-header.

      You can type up to 127 characters. The name must begin with "x-" or X-". The following characters are not supported in X-header names:

      , . ; < > : ? / = ( )[ ] @ | ;~

    • In the X-header value box, type the X-header value.

      You can type up to 127 characters. The following characters are not supported in X-header values:

      ~ |

    Remove an existing X-header

    Do the following:

    • Select the X-header that you want to remove by clicking to the left of the X-header name column.

    • Click Delete X-header(s).

  7. Do any of the following:

To configure rule actions to quarantine the attachment and message and replace with text

  1. In the console on the primary navigation bar, click Policies.

  2. In the sidebar under Content Enforcement, click Content Filtering Rules.

  3. Do one of the following:

    Create a rule

    In the sidebar under Tasks, click New rule.

    Modify an existing rule

    In the content area, double-click the rule that you want to edit.

  4. On the Actions tab, in the When a violation occurs box, select Quarantine attachment/message body and replace with text.

    The default setting is: Quarantine entire message and replace with text.

  5. In the Replacement text box, type your customized text.

    The default text is: Symantec Mail Security replaced %attachment% with this text message. The original attachment content type was not allowed and was %action%.

  6. Check Add X-header(s) to add one or more X-headers to messages that trigger the violation, and then do any of the following:

    Add an existing X-header

    Do the following:

    • Click Add X-header.

    • In the X-header name column, use the drop-down menu to select the X-header that you want to use.

      You can modify the existing X-header by clicking on the text and typing the new content.

    • In the X-header value column, type the X-header value.

      You can type up to 127 characters. The following characters are not supported in X-header values:

      ~ |

    Create a new X-header

    Do the following:

    • Click Add X-header.

    • In the X-header name box, type the name of the X-header.

      You can type up to 127 characters. The name must begin with "x-" or X-". The following characters are not supported in X-header names:

      , . ; < > : ? / = ( )[ ] @ | ;~

    • In the X-header value box, type the X-header value.

      You can type up to 127 characters. The following characters are not supported in X-header values:

      ~ |

    Remove an existing X-header

    Do the following:

    • Select the X-header that you want to remove by clicking to the left of the X-header name column.

    • Click Delete X-header(s).

  7. Do any of the following:

To configure rule actions to prepend the subject line

  1. In the console on the primary navigation bar, click Policies.

  2. In the sidebar under Content Enforcement, click Content Filtering Rules.

  3. Do one of the following:

    Create a rule

    In the sidebar under Tasks, click New rule.

    Modify an existing rule

    In the content area, double-click the rule that you want to edit.

  4. On the Actions tab, in the When a violation occurs box, use the drop-down menu to select Add tag to beginning of subject line.

    The default setting is: Quarantine entire message and replace with text.

    This rule action is not available if you apply the rule to the internal messages (store).

  5. In the Subject line tag box, type the customized text that you want to prepend to the subject line.

    The default text is: Content Violation:

  6. Check Add X-header(s) to add one or more X-headers to messages that trigger the violation, and then do any of the following:

    Add an existing X-header

    Do the following:

    • Click Add X-header.

    • In the X-header name column, use the drop-down menu to select the X-header that you want to use.

      You can modify the existing X-header by clicking on the text and typing the new content.

    • In the X-header value column, type the X-header value.

      You can type up to 127 characters. The following characters are not supported in X-header values:

      ~ |

    Create a new X-header

    Do the following:

    • Click Add X-header.

    • In the X-header name box, type the name of the X-header.

      You can type up to 127 characters. The name must begin with "x-" or X-". The following characters are not supported in X-header names:

      , . ; < > : ? / = ( )[ ] @ | ;~

    • In the X-header value box, type the X-header value.

      You can type up to 127 characters. The following characters are not supported in X-header values:

      ~ |

    Remove an existing X-header

    Do the following:

    • Select the X-header that you want to remove by clicking to the left of the X-header name column.

    • Click Delete X-header(s).

  7. Do any of the following:

To configure rule actions to only log the event

  1. In the console on the primary navigation bar, click Policies.

  2. In the sidebar under Content Enforcement, click Content Filtering Rules.

  3. Do one of the following:

    Create a rule

    In the sidebar under Tasks, click New rule.

    Modify an existing rule

    In the content area, double-click the rule that you want to edit.

  4. On the Actions tab, in the When a violation occurs box, use the drop-down menu to select Log only.

    See About logging events

    The default setting is: Quarantine entire message and replace with text.

  5. Check Add X-header(s) to add one or more X-headers to messages that trigger the violation, and then do any of the following:

    Add an existing X-header

    Do the following:

    • Click Add X-header.

    • In the X-header name column, use the drop-down menu to select the X-header that you want to use.

      You can modify the existing X-header by clicking on the text and typing the new content.

    • In the X-header value column, type the X-header value.

      You can type up to 127 characters. The following characters are not supported in X-header values:

      ~ |

    Create a new X-header

    Do the following:

    • Click Add X-header.

    • In the X-header name box, type the name of the X-header.

      You can type up to 127 characters. The name must begin with "x-" or X-". The following characters are not supported in X-header names:

      , . ; < > : ? / = ( )[ ] @ | ;~

    • In the X-header value box, type the X-header value.

      You can type up to 127 characters. The following characters are not supported in X-header values:

      ~ |

    Remove an existing X-header

    Do the following:

    • Select the X-header that you want to remove by clicking to the left of the X-header name column.

    • Click Delete X-header(s).

  6. Do any of the following:

Powered by Wolken Software