To quarantine emails that contain specific keywords:

1. Open the IMSS web console.
2. Go to Policy > Policy List.
3. Click Add > Other.

   

   Click image to enlarge.

4. On the This rule will apply to drop-down, select for what type of message/s you want to apply the policy to. You have the following options:
   • incoming messages
   • outgoing messages
   • both incoming and outgoing messages
   • POP3
   • all messages

   

   Click image to enlarge.

5. Select the configuration you want to apply for your policy. Click Recipients (To), Senders (From), or Sender to Recipient (Exeptions) according to what you need. And then click Next.

   

   Click image to enlarge.

6. Under the Content section, tick the Header keyword expressions option and click it to configure this setting.

   

   Click image to enlarge.

7. Under Specified headers match, select the options for your policy. For example, if you want to create an outgoing message policy, you can select To to filter a destination address. Then click Add.

   

   Click image to enlarge.

8. On the List name field, assign a name for the keyword that you want to filter. Click Add.

   

   Click image to enlarge.

9. On the text box on the Add Keyword Epression page, type a regular expression that will match any email address format that contains the keyword you want to filter in its username. Then click Save.
    

   Just like in wildcards, the "." is delimited by "\".

    

   For example, you want to detect emails that contain the keyword "bounce" in the username portion of the addresses, the regular expression would be:
        .*bounce.*@.*\..*

    

   You need to have working knowledge on regular expressions if you want to create more advanced keyword filters.

    

   

   Click image to enlarge.

10. Select the policy that you created and click the >> button to enable the policy. Then click Save.

    

    Click image to enlarge.

11. You will be redirected to the Select Scanning Conditions page. Click Next.

    

    Click image to enlarge.

12. Under the Intercept section of the Select Actions page, choose the option that you want and whether you want to Quarantine to or Delete entire message. Then click Next.

    

    Click image to enlarge.

13. Provide a Rule Name and Order Number for your policy. The Order Number indicates the priority of the rule, with 1 being the highest priority.

    

    Click image to enlarge.

    Tick Enable if you want to apply the rule that you created.

14. Click Finish. The new policy has been created.

If further assistance is needed, contact Trend Micro Technical Support.