Configuring rule actions

You can specify the action that you want Mail Security to take when a violation occurs.

Mail Security provides the following options for processing messages that trigger content filtering rule violations:

■ Delete entire message

■ Delete attachment/message body and replace with text You can customize the replacement text.

You can customize the replacement text.

■ Add tag to beginning of subject line

You can customize the text that you want to prepend the subject line. This rule action is not available if you apply the rule to the internal messages (store).

■ Log only

See“About logging events”on page 203.

You can also configure Mail Security to add one or more X-headers to messages that violate the content filtering rule. Mail Security provides five default X-headers from which you can choose. Mail Security also lets you create your own X-headers. You can specify up to 25 X-headers for each violation.

See“Apply X-headers to messages for archiving”on page 24. To configure rule actions to delete the message

1

In the console on the primary navigation bar, click Policies.

2

In the sidebar under Content Enforcement, click Content Filtering Rules.

3

Do one of the following:

In the sidebar under Tasks, click New rule. Create a rule

In the content area, double-click the rule that you want to edit.

Modify an existing rule

4

On the Actions tab, in the When a violation occurs box, use the drop-down menu to select Delete entire message.

The default setting is: Quarantine attachment/message body and replace with text.

5

Do any of the following:

■ Configure the remaining components of the content filtering rule. See“Configuring the conditions of a content filtering rule”on page 129. See“Specifying the users and groups to which the rule applies”on page 138. See“Specifying who to notify if a content filtering rule is violated”

on page 140.

■ Click OK and then click Deploy Changes.

To configure rule actions to delete the attachment and message body and replace with text

1

In the console on the primary navigation bar, click Policies.

2

In the sidebar under Content Enforcement, click Content Filtering Rules.

3

Do one of the following:

In the sidebar under Tasks, click New rule. Create a rule

In the content area, double-click the rule that you want to edit.

Modify an existing rule

4

On the Actions tab, in the When a violation occurs box, use the drop-down menu to select Delete attachment/message body and replace with text. The default setting is: Quarantine attachment/message body and replace with text.

5

In the Replacement text box, type your customized text.

The default text is: Symantec Mail Security replaced %attachment% with this text message. The original attachment content type was not allowed and was %action%.

See“About alert and notification variables”on page 235.

6

Check Add X-header(s) to add one or more X-headers to messages that trigger the violation, and then do any of the following:

Do the following:

■ Click Add X-header.

■ In the X-header name column, use the drop-down menu to select the X-header that you want to use. You can modify the existing X-header by clicking on the text and typing the new content.

■ In the X-header value column, type the X-header value.

You can type up to 127 characters. The following characters are not supported in X-header values:

~ | Add an existing X-header

Do the following:

■ Click Add X-header.

■ In the X-header box, type the name of the X-header.

You can type up to 127 characters. The name must begin with "x-" or X-". The following characters are not supported in X-header names:

, . ; < > : ? / = ( )[ ] @ | ;~

■ In the X-header box, type the X-header value.

You can type up to 127 characters. The following characters are not supported in X-header values:

~ | Create a new X-header

Do the following:

■ Select the X-header that you want to remove by clicking to the left of the X-header name column.

■ Click Delete X-header(s). Remove an existing X-header

7

Do any of the following:

■ Configure the remaining components of the content filtering rule. See“Configuring the conditions of a content filtering rule”on page 129. See“Specifying the users and groups to which the rule applies”on page 138. See“Specifying who to notify if a content filtering rule is violated”

on page 140.

■ Click OK and then click Deploy Changes.

See“Deploying settings and changes to a server or group”on page 75. To configure rule actions to quarantine the attachment and message and replace with text

1

In the console on the primary navigation bar, click Policies.

2

In the sidebar under Content Enforcement, click Content Filtering Rules.

3

Do one of the following:

In the sidebar under Tasks, click New rule. Create a rule

In the content area, double-click the rule that you want to edit.

4

On the Actions tab, in the When a violation occurs box, select Quarantine

attachment/message body and replace with text.

This setting is enabled by default.

5

In the Replacement text box, type your customized text.

The default text is: Symantec Mail Security replaced %attachment% with this text message. The original attachment content type was not allowed and was %action%.

6

Check Add X-header(s) to add one or more X-headers to messages that trigger the violation, and then do any of the following:

Do the following:

■ Click Add X-header.

■ In the X-header name column, use the drop-down menu to select the X-header that you want to use. You can modify the existing X-header by clicking on the text and typing the new content.

■ In the X-header value column, type the X-header value.

You can type up to 127 characters. The following characters are not supported in X-header values:

~ | Add an existing X-header

Do the following:

■ Click Add X-header.

■ In the X-header box, type the name of the X-header.

You can type up to 127 characters. The name must begin with "x-" or X-". The following characters are not supported in X-header names:

, . ; < > : ? / = ( )[ ] @ | ;~

■ In the X-header box, type the X-header value.

You can type up to 127 characters. The following characters are not supported in X-header values:

~ | Create a new X-header

Do the following:

■ Select the X-header that you want to remove by clicking to the left of the X-header name column.

■ Click Delete X-header(s). Remove an existing X-header

7

Do any of the following:

■ Configure the remaining components of the content filtering rule. See“Configuring the conditions of a content filtering rule”on page 129. See“Specifying the users and groups to which the rule applies”on page 138. See“Specifying who to notify if a content filtering rule is violated”

on page 140.

■ Click OK and then click Deploy Changes.

See“Deploying settings and changes to a server or group”on page 75. To configure rule actions to prepend the subject line

1

In the console on the primary navigation bar, click Policies.

2

In the sidebar under Content Enforcement, click Content Filtering Rules.

3

Do one of the following:

In the sidebar under Tasks, click New rule. Create a rule

In the content area, double-click the rule that you want to edit.

Modify an existing rule

4

On the Actions tab, in the When a violation occurs box, use the drop-down menu to select Add tag to beginning of subject line.

The default setting is: Quarantine attachment/message body and replace with text.

This rule action is not available if you apply the rule to the internal messages (store).

5

In the Subject line tag box, type the customized text that you want to prepend to the subject line.

The default text is: Content Violation:

6

Check Add X-header(s) to add one or more X-headers to messages that trigger the violation, and then do any of the following:

Do the following:

■ Click Add X-header.

■ In the X-header name column, use the drop-down menu to select the X-header that you want to use. You can modify the existing X-header by clicking on the text and typing the new content.

■ In the X-header value column, type the X-header value.

You can type up to 127 characters. The following characters are not supported in X-header values:

~ | Add an existing X-header

Do the following:

■ Click Add X-header.

■ In the X-header box, type the name of the X-header.

You can type up to 127 characters. The name must begin with "x-" or X-". The following characters are not supported in X-header names:

, . ; < > : ? / = ( )[ ] @ | ;~

■ In the X-header box, type the X-header value.

You can type up to 127 characters. The following characters are not supported in X-header values:

~ | Create a new X-header

Do the following:

■ Select the X-header that you want to remove by clicking to the left of the X-header name column.

■ Click Delete X-header(s). Remove an existing X-header

7

Do any of the following:

■ Configure the remaining components of the content filtering rule. See“Configuring the conditions of a content filtering rule”on page 129. See“Specifying the users and groups to which the rule applies”on page 138.

See“Specifying who to notify if a content filtering rule is violated”

on page 140.

■ Click OK and then click Deploy Changes.

See“Deploying settings and changes to a server or group”on page 75. To configure rule actions to only log the event

1

In the console on the primary navigation bar, click Policies.

2

In the sidebar under Content Enforcement, click Content Filtering Rules.

3

Do one of the following:

In the sidebar under Tasks, click New rule. Create a rule

In the content area, double-click the rule that you want to edit.

Modify an existing rule

4

On the Actions tab, in the When a violation occurs box, use the drop-down menu to select Log only.

See“About logging events”on page 203.

The default setting is: Quarantine attachment/message body and replace with text.

5

Check Add X-header(s) to add one or more X-headers to messages that trigger the violation, and then do any of the following:

Do the following:

■ Click Add X-header.

■ In the X-header name column, use the drop-down menu to select the X-header that you want to use. You can modify the existing X-header by clicking on the text and typing the new content.

■ In the X-header value column, type the X-header value.

You can type up to 127 characters. The following characters are not supported in X-header values:

~ | Add an existing X-header

Do the following:

■ Click Add X-header.

■ In the X-header box, type the name of the X-header.

You can type up to 127 characters. The name must begin with "x-" or X-". The following characters are not supported in X-header names:

, . ; < > : ? / = ( )[ ] @ | ;~

■ In the X-header box, type the X-header value.

You can type up to 127 characters. The following characters are not supported in X-header values:

~ | Create a new X-header

Do the following:

■ Select the X-header that you want to remove by clicking to the left of the X-header name column.

■ Click Delete X-header(s). Remove an existing X-header

6

Do any of the following:

■ Configure the remaining components of the content filtering rule. See“Configuring the conditions of a content filtering rule”on page 129. See“Specifying the users and groups to which the rule applies”on page 138. See“Specifying who to notify if a content filtering rule is violated”

on page 140.

■ Click OK and then click Deploy Changes.

See“Deploying settings and changes to a server or group”on page 75.

In document Symantec Mail Security for Microsoft Exchange Server 2007/Server 2010 (Page 141-149)