|
The lists of white and black rules are one of
important mechanisms in filtering mail messages. Rules allow you
to exactly identify a message as belonging to a certain class judging
by the analysis of information in its headers or its body.
Each rule consists of one or several conditions. A separate condition contains a mask for finding a substring in a certain part of the message and logical operators. Masks are regular expressions - strings formatted in a special way that make it possible to effectively search text for sequences of characters with practically unlimited flexibility. The full syntax of regular expressions is rather large and difficult to learn, but you do not have to understand all details in most cases. To specify masks in typical cases, it is enough to have a general idea about the basic constructions of regular expression language. The full description of regular expression syntax is available in the corresponding literature or, for instance, here http://www.regular-expressions.info. It is possible to mark conditions as "Strong" and "Not". By default, a rule is applied only if all its conditions are met, but if a "Strong" condition is met, the rule is applied independently of other conditions. "Not" means a logical negation, i.e. the condition is met if no string matching the mask is found. Let us take several examples of creating rules
for filtering messages. The text contains the descriptions of rule
conditions in the form that is used in the list of conditions of
a certain rule. For example, a construction like "Header{Subject}
=~ some text" means that the condition for filtering the subject
header by the mask "some text" has been created for the
rule. Header{Subject} =~ v.{0,2}i.{0,2}a.{0,2}g.{0,2}r.{0,2}a
Words that have the letters of the word viagra in the same order with some number of any other characters between them (from 0 to 2) will match this mask. That is, such words as v11i22agra, viaaggra, etc. will match this mask. The character '.' is used in the mask in place of any other character and the construction "{0,2}" right after the dot means that a combination of any characters from 0 to 2 can take this place. 2) It is necessary to filter out as spam all headers that contain an exclamation mark and a question mark at the same time. Create a black rule with the following condition: Header{Subject} =~ \?.*!|!.*\?
The character '?' is a special character so you should insert '\' before it in the mask to make the plug-in treat it as a regular character. The character '*' after the dot means that there may be 0 or more previous characters in the text. The mask consists of two conditions separated with the character '|'. The first part of the mask searches for strings where the question mark comes first and the exclamation mark comes second. On the opposite, the second part of the mask searches strings where the exclamation mark comes first. Both cases match the mask since the character '|' means the logical operation OR. 3) It is necessary to filter out as spam the variants of the word viagra where one of the characters "1lj" may take the place of the character "i". Header{Subject} =~ v[1lj]agra
Characters that may take the place of 'i' are enumerated in square brackets. It means that all these variants match: v1agra, vlagra, vjagra. 4) All messages with a certain string in their text should not be filtered out. To do it, create the following white rule: Body =~ key_string The filter will search for the "key_string" string in the body of each message and consider such messages as non-spam. 5) Deleting messages where the sender's address is empty (a black rule): not Header{From} =~ \S+
6) Deleting messages sent to a certain mailbox, but having no email address of this mailbox in their To and CC fields (a black rule with three conditions): Header{Received} =~ mailbox@domain\.com
not Header{To} =~ mailbox@domain\.com
not Header{CC} =~ mailbox@domain\.com
Where mailbox@domain.com is your e-mail address. The first condition checks if the message is sent to the specified address. The other two conditions check whether this address is specified in the To and CC fields. The rule is applied when all conditions are met, i.e. the message is sent to a certain address and contains this address neither in the To field nor in the CC field. If you have several mailboxes, you can create a separate rule like this for each of them. 7) Blocking messages in certain encoding (a black rule): Header{Content-Type} =~ iso-2022-jp
This rule will block messages in the Japanese encoding. To block other encodings, you should specify the necessary name in the condition. 8) Blocking messages with several addresses in the To field that begin with the same characters (a black rule): Header{To} =~ \b<?([\w\-.]{2})[^@, ]*@.*(?:\b<?\1[^@,]*@.*){3}
This rule will block messages with 4 or more addresses in the To field whose first two characters are the same. Number {2} in the condition defines the number of characters that should be compared at the beginning of the addresses. Number {3} at the end of the expression defines the minimum number of addresses with the same characters at the beginning that is needed for the rule to be applied minus one. It means that, for example, in order to search for the minimum of five addresses, you should replace {3} at the end of the expression with {4}. 9) If you want some rule to be applied only to a certain mailbox, you should add one more condition to it: Header{Received} =~ mailbox@domain\.com
Where mailbox@domain.com is the e-mail address of the mailbox the rule is to be applied to. You can use  RegExpCheck tool for testing the patterns before applying them in rules.You can download a set of black rules for filtering out spam from here: http://antispamsniper.com/misc/black_rules.zip
You should import the rules from the file in the dialog box where you edit black rules. Note that black rules are used to filter out messages as spam and, as a result, the filter will delete the corresponding messages from the server if they do not match one of the white rules or other white conditions. Before you use the filter, you should test that none of existing normal messages match these black rules. In case it happens, you can disable unnecessary rules by clearing the checkbox in the corresponding list. |
PRODUCTSONLINE SERVICESDNSBL Lookup - check your IP address URIBL Lookup - check the domain name RECENT NEWSApril 14, 2019 AntispamSniper for TheBat 3.3.3.9. July 12, 2018 AntispamSniper for TheBat 3.3.3.8. April 10, 2018 AntispamSniper for TheBat 3.3.3.7. LINKSTransparent TCP/UDP proxy The Bat! &
Voyager Home: |
