Ray's Mail Filter - ConfigurationVersion 1.04/1.14
On this page:-
The configuration files can be changed while the filter is running. The mail-filter reset command is then used to signal the program to re-read the files.
For both files:
(Different rules apply to the third configuration file, mail-filter.conf. See the relevant part of the Installation instructions for details.)
This file contains the names of the message headers and MIME "attachment" headers that are to be examined to see if they contain suspect text strings. There must be only one header name on each line, and the ':' that usually appears after the header name must not be included here. For example:
This list will cause the filter to examine the Subject and Content-Type headers of the main message and the Content-Type and Content-Disposition headers at the start of each MIME attachment. These entries are treated as regular expressions so, for example:
could be included make the filter examine the Content-Type, Content-Disposition, Content-Location, Content-Transfer-Encoding, etc... Checking all of these headers is probably a waste of time, so in general it is probably best simply to list the ones which need to be checked.
This file contains a list of suspect text strings that are to be searched for in the specified headers. Only the 'body' text of the header is searched (after the header name and ':'). Regular expressions are more useful here. For example:
Win *a *holiday
^ *California *$
|ILOVEYOU||Matches any header text which contains the word "ILOVEYOU" anywhere within it.|
|\.vbs||Matches any header text which contains the charcter string ".vbs" anywhere within it. (The full stop has a special meaning in a regular expression - matching any character. If it is meant to be taken literally, as here, it has to be "escaped" using the '\' character.)|
Matches any header text which contains a phrase of the following form:
name="anything.com"This is the recommended way to check for attachments with a specific filename extension. A pattern of this sort will match the Content-Type and Content-Disposition headers associated with attached files, but will not match "innocent" occurrences of the extension, in Subject headers and boundary strings for instance (".com" in particular is very common in both of those places).
(Note that one of the full stops and the quotes are "escaped" to cancel their special meanings in a regular expression. The combination .* matches any number of any characters.)
|Fwd: *Joke||In this example '*' means any number (or none) of the preceding character, which in this case is a space. This pattern therefore matches any header text which contains the word "Fwd:", followed by any number of spaces (or none), followed by the word "Joke". The phrase can occur anywhere within the header text.|
|Win *a *holiday||Similar to the previous example, matches any header text which contains the phrase "Win a holiday", in which the words are separated by any number of spaces (or none). The phrase can occur anywhere within the header text.|
|^ *California *$||In this example '^' means the beginning of the text, '$' means the end of the text and '*' again means any number of the previous character. This pattern matches a header which contains the word "California", preceded and/or followed by zero or more spaces, but nothing else. It will therefore not match headers such as "Governor of California" or "California Institute of Technology"|
Ray's Mail Filter Home Page
Installing the Filter
Running the Filter