Essentials Filters: Expanded overview
Posted by on 01 July 2014 10:25 AM
Essentials Filters: Expanded overview

Admin Guide Statement:

You can approve or block specific senders and recipients, based on the email address, domain, subdomain, attachment type, email size, words in the email or header, source country or destination country. The Anti-Spam service detects spam by applying hundreds of rules to each message that passes through. It blocks obvious spam outright, and diverts what is possibly spam to the Quarantine. If you discover that some quarantined messages are actually good mail that just look like spam, add the senders of those messages to an appropriate approved-senders list. If a number of quarantined senders are from the same domain, such as the same company, add the domain to an appropriate approved senders list. Messages from those senders are then delivered to users in your organisation, regardless of the spam-like content. To avoid the risk of increasing spam traffic, approve only specific senders whose messages might look like spam, rather than approving all of your known senders. Also, avoid approving too many domains, as that can increase the risk of spoofing.

There are 3 sections to the Email Filters, where the 3rd is an optional section:

Step 1: Select Conditions.

  • Sender Address – string input, list of keywords separated by comma (,) or semi-colon (;)
  • Recipient Address – string input, list of keywords separated by comma (,) or semi-colon (;)
  • Email Size (KB) – A specified size of an email including the attachment to an exact whole number.
  • Client IP Country – Country list; input a country (? – we need the library file, or source here)
  • Email Subject – string input, list of keywords separated by comma (,) or semi-colon (;)
  • Email Headers – string input, list of keywords separated by comma (,) or semi-colon (;)
  • Email Message Content – string input, list of keywords separated by comma (,) or semi-colon (;)
  • Raw Email (Up To 10000 Lines) – string input, list of keywords separated by comma (,) or semi-colon (;)
  • Attachment Type – choose from pre-defined types (need library of file names; we should be able to add to this list)
  • Attachment Name – create a rule based upon a file name/type that is not part of the pre-defined type.

Step 2: Select Destination

  • Allow (skipping spam filter) – does not scan message
  • Allow (but filter for spam) – scan message
  • Quarantine – put in the quarantine

Step 3: Select Optional Actions

  • hide log – does not show-up in logs (specific to end-users)
  • enforce completely secure SMTP delivery – unsure?
  • enforce only TLS on SMTP delivery – makes the transaction TLS, and will only deliver in this protocol

Rule Narrative

Upon selecting a condition, the rule narrative will populate based upon the condition.

RULE

  • Sender Address – Choose the condition you want to match the sender address to, then enter the string of characters.
    • IS
    • IS NOT
    • IS ANY OF
    • IS NONE OF
    • CONTAIN(S) ALL OF
    • CONTAIN(S) ANY OF
    • CONTAIN(S) NONE OF
  • Recipient Address – Choose the condition you want to match the recipient address to match against, then enter the string of character.
    • IS
    • IS NOT
    • IS ANY OF
    • IS NONE OF
  • Email Size (KB) – The size of the message is either greater or less than a specified whole number.
    • IS GREATER THAN
    • IS LESSER THAN
  • Client IP Country – The conditions will compare against the listed country inputted.
    • IS ANY OF
    • IS NONE OF
  • Email Subject – Choose the condition you want the subject to match against, then enter the string.
    • IS
    • IS NOT
    • IS ANY OF
    • IS NONE OF
    • CONTAIN(S) ALL OF
    • CONTAIN(S) ANY OF
    • CONTAIN(S) NONE OF
  • Email Headers – Choose the condition you want the header to compare with, then enter the string.
    • CONTAIN(S) ALL OF
    • CONTAIN(S) ANY OF
    • CONTAIN(S) NONE OF
  • Email Message Content – Choose the condition you want the message body to compare with, then enter the string.
    • CONTAIN(S) ALL OF
    • CONTAIN(S) ANY OF
    • CONTAIN(S) NONE OF
  • Raw Email (Up To 10000 Lines) – Choose the condition you want the message body to compare with, then enter the string.
    • CONTAIN(S) ALL OF
    • CONTAIN(S) ANY OF
    • CONTAIN(S) NONE OF
  • Attachment Type – Choose what attachment condition you want
    • IS ANY OF
    • IS NONE OF
    • Attachment types
      • Windows executable components, installers and other vulnerabilities
        • MS executable – *.exe
        • MS binary libraries – *.dll
        • MS executable scrpits – *.bat
        • Visual Basic files – *.vb
        • Other vulnerable MS files – *.ms_vul
        • MS/Installshield Cabinet files - *.cab
      • Other executable components and installers
        • Other executables - *.unix_exe
        • UNIX-like libraries - *.unix_dll
        • Java binaries - *.java
        • OS X DMG files - *.dmg
        • OS X install scripts - *.mpkg
        • Debian/RedHat packages - *.debrpm
      • Office documents and archives
        • MS Office, pre-2007 - *.ms_of
        • XML, Zip, and newer Office documents - *.zipxml
        • MS Access - *.ms_ac
        • Other *Office files - *.doc_other
        • Rich Text Format files - *.rtf
        • Tape archives - *.ar_tape
        • Compressed files - *.ar_file
        • Other compressed archives - *.ar_other
        • PDF files - *.pdf
        • PostScript - *.ps
        • TeX DVI files - *.dvi
        • LaTeX documents - *.lat
      • Audio/Visual
        • Macromedia Flash data - *.flash
        • Images - *.images
        • Vector graphics - *.vgfx
        • Windows Metafiles - *.wmf
        • Cursors and icons - *.ani
        • Multimedia/video containers - *.mmedia
        • MPEG audio/video - *.mpeg
        • RealNetworks audio/video - *.real
        • Windows Media audio - *.wma
        • FLAC audio - *.flac
        • AIFF audio - *.aiff
        • WAVE audio - *.wav
        • MIDI audio - *.midi
        • Any ‘audio/’ MIME type - *m_au
        • Any ‘image/’ MIME type - *.m_im
        • Any ‘video/’ MIME type - *.m_vi
      • Other
        • PGP encrypted data - *.pgp
        • Undecipherable attachments - *.undeciph
      • Attachment Name – Choose the condition then enter the string of what you want to proceed with
        • IS
        • IS NOT
        • IS ANY OF
        • IS NONE OF

Rule choices defined:

  • IS - Single case condition, and filter will only act if this condition is met.
  • IS NOT - Single case condition, and filter will only act if this condition is met.
  • IS ANY OF - Multiple case condition; filter will act when any condition listed is met
  • IS NONE OF - Multiple case coniditon; filter will act if one of the conditions listed is met.
  • CONTAIN(S) ALL OF - All conditions must be met for this filter to work.
  • CONTAIN(S) ANY OF - One of the conditions must be met for this filter to work.
  • CONTAIN(S) NONE OF - This filter will work if any of the conditions are met.
  • IS GREATER THAN - Whole number value is exceeded.
  • IS LESSER THAN - Whole number value must not be exceeded.

DO THE FOLLOWING

This section is based upon Step 2 and 3. This will change based upon the destination, which only one can be chosen. The optional actions can be none to all for Step 3.


ERROR: This domain name does not match domain registered in the license key file (cms.orlinpilot.com), allowed domains: support.excelmicro.com,localhost, please change the product path to match the domain under Admin CP > Settings > General Settings
This product will not work properly unless untill that value is changed.

For more information please contact Kayako support at https://my.kayako.com