https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-emulation-Email-content/m-p/62361#M13297 <P>The question reminds me of ISP Email systems from over 15 years ago - SPAM fighting would involve typing many pages full of text strings&nbsp;<span class="lia-unicode-emoji" title=":beaming_face_with_smiling_eyes:">😁</span> !</P> <P>As CP MTA uses postfix, you could also do this in postfix using Postfix Configuration Parameter:</P> <P><STRONG>body_checks(default: empty)</STRONG></P> <P>Optional lookup tables for content inspection as specified in the <A href="http://www.postfix.org/header_checks.5.html" target="_blank">body_checks(5)</A>manual page.</P> <P>Note: with Postfix versions before 2.0, these rules inspect all content after the primary message headers.</P> <P>&nbsp;</P> Tue, 10 Sep 2019 09:04:37 GMT G_W_Albrecht 2019-09-10T09:04:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-emulation-Email-content/m-p/62349#M13295 <P>Is there any possibility for TE to search for&nbsp;<SPAN>characters/words/content of the email subject and body?<BR />If yes, how we can implement the requested configuration in TE R80.20.?</SPAN></P> Tue, 10 Sep 2019 06:00:52 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-emulation-Email-content/m-p/62349#M13295 Geomix7 2019-09-10T06:00:52Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-emulation-Email-content/m-p/62352#M13296 <P>Hi</P> <P>You can use DLP Blade or Content Awareness Blade</P> <P><A href="https://www.checkpoint.com/products/data-loss-prevention/" target="_blank">https://www.checkpoint.com/products/data-loss-prevention/</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>HTH</P> <P>Tal</P> Tue, 10 Sep 2019 06:59:06 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-emulation-Email-content/m-p/62352#M13296 Tal_Paz-Fridman 2019-09-10T06:59:06Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-emulation-Email-content/m-p/62361#M13297 <P>The question reminds me of ISP Email systems from over 15 years ago - SPAM fighting would involve typing many pages full of text strings&nbsp;<span class="lia-unicode-emoji" title=":beaming_face_with_smiling_eyes:">😁</span> !</P> <P>As CP MTA uses postfix, you could also do this in postfix using Postfix Configuration Parameter:</P> <P><STRONG>body_checks(default: empty)</STRONG></P> <P>Optional lookup tables for content inspection as specified in the <A href="http://www.postfix.org/header_checks.5.html" target="_blank">body_checks(5)</A>manual page.</P> <P>Note: with Postfix versions before 2.0, these rules inspect all content after the primary message headers.</P> <P>&nbsp;</P> Tue, 10 Sep 2019 09:04:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-emulation-Email-content/m-p/62361#M13297 G_W_Albrecht 2019-09-10T09:04:37Z