This article explains how to create a content filtering rule to filter mails by specific header(s).
- Access the DDEI WebUI.
Go to Policies > Policy Management > Content Filtering Rules then click + Add.
The Add Content Filtering Rule page shows up. Provide a rule name.
In this example, let's use Delete mails based on From address as the Rule name.
Under the Scanning Criteria/Content section, click + Add.
In the Message section field, choose Header. Leave "Match case" and "Match whole word only" unselected then input the keywords in <Header Name>:<keyword> format. Press the Enter key after each keyword as shown in the following:
- The left side of “:” will be used to do full match of a header name.
- the right side of “:” will be matched against the header content line.
- The “:” itself will NOT be used for matching.
- The filter in the above sample can be used as a solution to filter out spoofed internal messages, by setting the policy Recipients to internal recipients (*@internal.domain)
From the Action field dropdown list, select the appropriate action then click Save to save the rule.
Open an existing policy or create a new policy if the rule is supposed to apply only to certain users.
In this example, click on the Policy Name of an existing policy which is Default Policy.
The Edit Policy page appears.
Go to the Content Filtering tab and click None to view the dropdown list. Select the Content Filtering rule you just created.
In this example, the name of the created rule is Delete mails based on From address.
Click Save to save the changes.