Creating a Content Filter

You can create custom content filters using the Content Filtering pages. To edit a filter after you've created it, see Editing and Deleting Content Filters; to change the order in which your content filters act, see Reordering Content Filters. To use a list of allowed or blocked senders, see Creating a List of Allowed Senders and Creating a List of Blocked Senders. To configure the Junk Mail filter, see Editing Junk Mail Manager Actions.

About the Junk Mail Filter

The Junk Mail Filter is automatically created and pre-configured by the system. Junk Mail Manager uses this filter's settings to act on your junkmail. This filter appears at the top of your Content Filtering pages; you cannot edit or delete it.

To create a content filter:

Click Content Filtering from the links on the left.
Result: The Content Filtering page displays with your Junk Mail Filter and any other existing filters.
Click Add Filter.
Result: The page refreshes with fields that let you set conditions and actions for your new filter.
In the Filter Conditions area, specify the following:
- The first radio button sets an initial parameter for the conditions you must specify; choose one of the following from the drop-down list:
Or you can select the following radio button:
- Apply to all messages: Filter action is done on all messages regardless of conditions. This option is deselected (disabled) by default. If you select this option, the top radio button action trigger is automatically deselected. This option is useful as a final filter in a series of filters to direct all other incoming mail to be acted upon.
  Note:If you choose this radio button, proceed with Step 7.
If you chose the first radio button mentioned in Step 3, select an attribute from the Choose Type drop-down menu:

From: The sender field.
To/CC: The recipient's (does not include BCC recipients) address lines.
Subject: The subject line.
Body: The text of the message and text attachments including Plain text, HTML text, and Rich Text. This is the same as choosing bodydecoded (the decoded form of all MIME parts of the message) in the CLI. If you're looking for an 8-bit string, this option may be best. Note: This option may take longer than the Body (raw MIME data) option as all data must be converted to Unicode (with whitespace removed) before the search can be performed.
Important! Because whitespace is removed, this filter configured with a condition of "contains" and a value of "sex" would trigger on the phrase "seriouS EXpense".
Body (raw MIME data): The text as you would see it if you clicked Open in that message. This is the same as choosing body (the raw RFC822 text) in the CLI. If you're looking for a word (ASCII text) in a message, this option may be best.
Body (binary): The binary value of the string that you want to find. For example, to use this option to find the "Yen" character (hex A5), you would enter \xA5. Note: Use backslashes (\) to separate characters; backslashes (\) not followed by "x" are ignored; A-F part is case-insensitive. This is the same as choosing bodydecodedbinary (unrolls all the MIME parts and allows binary searches) in the CLI. If you're looking for a virus signature pattern (such as \x64\xA2\x66\x66\x02), this option may be best.
Return-path: The return-path address.
X-Junkmail: The header "X-Junkmail"; you can use this parameter to have all system-identified junkmail filtered.
X-Junkmail-Whitelist
X-Mirapoint-Virus: The header "X-Mirapoint-Virus"; you can use this parameter to filter messages in which the antivirus scanner found a virus and took action (VIRUSDELETED, VIRUSCLEANED, or VIRUSIGNORED).
Attachment MIME Type: The attachment media type. Choices include the top level MIME types: text, multipart, message, application, image, audio, video, and model; use the matches rather than the contains content condition (next bullet item) and search for something specific like "application/vbs" or "image/jpeg", and so on. For more information on MIME and filtering attachments, see About MIME and Filtering Attachments.
Attachment file name: The attachment name. You can use the asterisk wildcard (only with the matches and does not match options); for example, *Vbs.
UCE (Junkmail) score: An integer; for details see About the Antispam Scanning Rules and Threshold.
Message size (bytes): The message size can be kb, mb, or gb.

If you chose the first radio button mentioned in Step 3, you must choose a content condition for the filter object:

contains: The specified parameter must contain the text you enter. Wildcards are not honored; for example, the filter condition: "contains" "doc" would be met with any of these words: "doc", "document", "undocumented", "doctor", and so forth.
does not contain: The specified parameter must not contain the text you enter. Wildcards are not honored.
matches: The specified parameter must match the text you enter. Wildcards may be useful; for example, the condition "matches" "Dr. Spock" would only be met by "Dr. Spock," but the condition "matches" "Dr. Sp*" would be met by "Dr. Spock", "Dr. Spark", "Dr. Sproul", and so forth.
does not match: The specified parameter must not match the text you enter. Wildcards may be useful.
is less than: The object value must be less than the integer you enter. Wildcards may be useful.
is more than: The object value must be more than the integer you enter. Wildcards may be useful.

If you chose the first radio button mentioned in Step 3, you can enter a value for the filter object. Enter the text, integers, MIME type, or file name you want searched for and acted on in the appropriate box. You can use the following wildcard characters with the matches or does not match options only:

Asterisk (*): Matches any sequence of zero or more characters. Example: to find all attachments with filenames ending in ".vbs", use these filter conditions: Attachment file name: matches "*.vbs"
Question mark (?): Matches any single character. Example: To find all messages from "Maria" or "Marie", use these filter conditions: From: matches "Mari?"

In the Filter Actions area, specify a response by selecting one of the following:
- Deliver normally: Matching messages are passed on to your regular e-mail account.
- Discard (message is irrevocably lost): Matching messages are deleted.
- Move to my Junk Mail folder: Matching messages are moved to the My Junk Mail folder. (They display in your My Junk Mail message list.)
Once you have created your filter, click OK.
The system accepts the settings and a description of the filter appears on the Content Filtering page. Incoming messages and attachments are filtered and acted on as directed.

About MIME and Filtering Attachments

"MIME" stands for Multipurpose Internet Mail Extension; a standard for multipart, multimedia electronic mail messages and World-Wide Web hypertext documents that provides the ability to transfer data such as graphics, audio, and fax. All MIME parts of a message are considered attachments and filtered if the Attachment MIME Type parameter is specified. If the message is not MIME, it's entire body is considered a single text/plain "attachment".

You can discover the MIME Content-Types used in a message by viewing the full message; this can be by clicking Open when viewing a message. Each part of the message will have a Content-Type specified such as text/plain, text/html, multipart/related, multipart/alternative, image/gif, and so on.

About the Antispam Scanning Rules and Threshold

Antispam/Junkmail scanning uses several carefully compiled rule files based on common known factors of junkmail. The rules are not open to scrutiny or change at this time.

For each rule in the rule file that a scanned message matches, the message is awarded a score. The score is identified in the X-Junkmail-Status header. Careful study has determined that the default score of 50 is optimal. You can use the UCE (Junkmail score) filter object option to increase the default sensitivity of the anti-spam scanning utility (not recommended).