Creating a Content Filter
You can create custom content filters using the Content Filtering pages.
To edit a filter after you've created it, see Editing
and Deleting Content Filters; to change the order in which your content filters
act, see Reordering Content Filters. To use
a list of allowed or blocked senders, see Creating a List of Allowed Senders and Creating a List of Blocked Senders. To configure the Junk Mail filter, see Editing Junk Mail Manager Actions.
About the Junk Mail Filter
The Junk Mail Filter is automatically created and pre-configured by
the system. Junk Mail Manager uses this filter's settings to act on your junkmail. This filter appears at the top of your Content Filtering pages; you
cannot edit or delete it.
To create a content filter:
- Click Content Filtering from the links on the left.
Result: The Content Filtering page displays with your Junk Mail Filter and any other existing filters.
- Click Add Filter.
Result: The page refreshes with fields that let you set conditions and actions for your new filter.
- In the Filter Conditions
area, specify the following:
- The first radio button sets an initial parameter for the conditions
you must specify; choose one of the following from the drop-down list:
- If all of these conditions are met: Filter action is done
only if all of the specified conditions are true.
- If any of these conditions are met: Filter action is done
if at least one of the specified conditions is true.
Or you can select the following radio button:
- Apply to all messages: Filter action is done on all messages regardless
of conditions. This option is deselected (disabled) by default. If you select
this option, the top radio button action trigger is automatically deselected.
This option is useful as a final filter in a series of filters to direct
all other incoming mail to be acted upon.
Note:If you choose this radio button, proceed with Step 7.
- If you chose the first radio button mentioned in Step 3, select an attribute from the Choose
Type drop-down menu:
- From: The sender field.
- To/CC: The recipient's (does not include BCC recipients) address
lines.
- Subject: The subject line.
- Body: The text of the message and text attachments including
Plain text, HTML text, and Rich Text. This is the same as choosing bodydecoded
(the decoded form of all MIME parts of the message) in the CLI. If you're
looking for an 8-bit string, this option may be best. Note: This
option may take longer than the Body (raw MIME data) option as
all data must be converted to Unicode (with whitespace removed) before
the search can be performed.
Important! Because whitespace is removed, this filter configured with a condition of "contains" and a value of "sex" would trigger on the phrase "seriouS EXpense".
- Body (raw MIME data): The text as you would see
it if you clicked Open in that message. This is the
same as choosing body (the raw RFC822 text) in the CLI. If you're
looking for a word (ASCII text) in a message, this option may be best.
- Body (binary): The binary value of the string that you want to
find. For example, to use this option to find the "Yen" character (hex
A5), you would enter \xA5. Note: Use backslashes (\) to
separate characters; backslashes (\) not followed by "x" are ignored;
A-F part is case-insensitive. This is the same as choosing bodydecodedbinary
(unrolls all the MIME parts and allows binary searches) in the CLI. If
you're looking for a virus signature pattern (such as \x64\xA2\x66\x66\x02),
this option may be best.
- Return-path: The return-path address.
- X-Junkmail: The header "X-Junkmail"; you can use this
parameter to have all system-identified junkmail filtered.
- X-Junkmail-Whitelist
: The header "X-Junkmail-Whitelist"; you can use this parameter to filter all messages in which the system identified the sender as being on your Allowed Senders list.
- X-Mirapoint-Virus: The header "X-Mirapoint-Virus";
you can use this parameter to filter messages in which the antivirus scanner found a virus and took action (VIRUSDELETED, VIRUSCLEANED, or VIRUSIGNORED).
- Attachment MIME Type: The attachment media type. Choices include
the top level MIME types: text, multipart, message, application, image,
audio, video, and model; use the matches rather than the contains
content condition (next bullet item) and search for something specific
like "application/vbs" or "image/jpeg",
and so on. For more information on MIME and filtering attachments, see
About MIME and Filtering Attachments.
- Attachment file name: The attachment name. You can use the asterisk
wildcard (only with the matches and does not match options);
for example, *Vbs.
- UCE (Junkmail) score: An integer; for details see About
the Antispam Scanning Rules and Threshold.
- Message size (bytes): The message size can be kb, mb, or gb.
- If you chose the first radio button mentioned in Step 3, you must choose a content condition for the filter object:
- contains: The specified parameter must contain the text you enter.
Wildcards are not honored; for example, the filter condition: "contains"
"doc" would be met with any of these words: "doc",
"document", "undocumented", "doctor", and
so forth.
- does not contain: The specified parameter must not contain the
text you enter. Wildcards are not honored.
- matches: The specified parameter must match the text you enter.
Wildcards may be useful; for example, the condition "matches"
"Dr. Spock" would only be met by "Dr. Spock,"
but the condition "matches" "Dr. Sp*"
would be met by "Dr. Spock", "Dr. Spark", "Dr.
Sproul", and so forth.
- does not match: The specified parameter must not match the text
you enter. Wildcards may be useful.
- is less than: The object value must be less than the integer
you enter. Wildcards may be useful.
- is more than: The object value must be more than the integer
you enter. Wildcards may be useful.
- If you chose the first radio button mentioned in Step 3, you can enter a value for the filter object. Enter
the text, integers, MIME type, or file name you want searched for and acted
on in the appropriate box. You can use the following wildcard characters with
the matches or does not match options only:
- Asterisk (*): Matches any sequence of zero or more characters.
Example: to find all attachments with filenames ending in ".vbs", use
these filter conditions: Attachment file name: matches "*.vbs"
- Question mark (?): Matches any single character. Example: To
find all messages from "Maria" or "Marie", use these
filter conditions: From: matches "Mari?"
- In the Filter Actions area, specify a response by selecting one of the following:
- Deliver normally: Matching messages are passed on to your regular e-mail account.
- Discard (message is irrevocably lost): Matching messages
are deleted.
- Move to my Junk Mail folder: Matching messages are moved to the My Junk Mail folder. (They display in your My Junk Mail message list.)
- Once you have created your filter, click OK.
The system accepts the settings and a description of the filter appears
on the Content Filtering page. Incoming messages and attachments
are filtered and acted on as directed.
About MIME and Filtering Attachments
"MIME" stands for Multipurpose Internet Mail Extension; a standard for multipart, multimedia electronic mail messages and World-Wide Web hypertext documents that provides the ability to transfer data such as graphics, audio, and fax. All MIME parts of a message are considered attachments and filtered if the Attachment
MIME Type parameter is specified. If the message is not MIME, it's entire body is considered a single text/plain "attachment".
You can discover the MIME Content-Types used in a message by viewing the full message; this can be by clicking Open when viewing a message. Each part of the message will have a Content-Type specified such as text/plain, text/html, multipart/related, multipart/alternative, image/gif, and so on.
About the Antispam Scanning Rules and Threshold
Antispam/Junkmail
scanning uses several carefully compiled rule files based on common known
factors of junkmail. The rules are not open to scrutiny or change at this
time.
For each rule in the rule file that a scanned message matches, the message
is awarded a score. The score is identified in the X-Junkmail-Status
header. Careful study has determined that the default score
of 50 is optimal. You can use the UCE (Junkmail score) filter object
option to increase the default sensitivity of the anti-spam scanning utility
(not recommended).