]>
Commit | Line | Data |
---|---|---|
4a08dffe | 1 | [[chapter_mailfilter]] |
af0f1800 SI |
2 | Rule-Based Mail Filter |
3 | ====================== | |
62e86eb6 DM |
4 | |
5 | {pmg} ships with a highly configurable mail filter. It’s an easy but | |
6 | powerful way to define filter rules by user, domains, time frame, | |
7 | content type and resulting action. | |
8 | ||
a695a527 | 9 | [thumbnail="pmg-gui-mail-filter-rules.png", big=1] |
62e86eb6 | 10 | |
c9d28a2b DM |
11 | Every rule has 5 categories ('FROM', 'TO', 'WHEN', 'WHAT' and |
12 | 'ACTION'), and each category may contain several objects to match | |
13 | certain criteria: | |
62e86eb6 | 14 | |
a16d5544 | 15 | 'Who' - objects:: |
62e86eb6 | 16 | |
6994b407 | 17 | Who is the sender or recipient of the email? Those objects can be used |
62e86eb6 DM |
18 | for the 'TO' and/or 'FROM' category. |
19 | + | |
20 | ==== | |
6994b407 | 21 | Example: EMail-object - Who is the sender or recipient of the email? |
62e86eb6 DM |
22 | ==== |
23 | ||
a16d5544 | 24 | 'What' - objects:: |
62e86eb6 | 25 | |
6994b407 | 26 | What is in the email? |
62e86eb6 DM |
27 | + |
28 | ==== | |
6994b407 | 29 | Example: Does the email contain spam? |
62e86eb6 DM |
30 | ==== |
31 | ||
a16d5544 | 32 | 'When' - objects:: |
62e86eb6 | 33 | |
6994b407 | 34 | When is the email received by {pmg}? |
62e86eb6 DM |
35 | + |
36 | ==== | |
37 | Example: Office Hours - Mail is received between 8:00 and 16:00. | |
38 | ==== | |
39 | ||
a16d5544 | 40 | 'Action' - objects:: |
62e86eb6 DM |
41 | |
42 | Defines the final actions. | |
43 | + | |
44 | ==== | |
6994b407 | 45 | Example: Mark email with “SPAM:” in the subject. |
62e86eb6 | 46 | ==== |
c9d28a2b DM |
47 | |
48 | Rules are ordered by priority, so rules with higher priority are | |
49 | executed first. It is also possible to set a processing direction: | |
50 | ||
6994b407 | 51 | 'In':: Rule applies for all incoming emails |
c9d28a2b | 52 | |
6994b407 | 53 | 'Out':: Rule applies for all outgoing emails |
c9d28a2b DM |
54 | |
55 | 'In & Out':: Rule applies for both directions | |
56 | ||
57 | And you can also disable a rule completely, which is mostly useful for | |
58 | testing and debugging. The 'Factory Defaults' button alows you to | |
59 | reset the filter rules. | |
60 | ||
61 | ||
4a08dffe | 62 | [[pmg_mailfilter_action]] |
a16d5544 DM |
63 | 'Action' - objects |
64 | ------------------ | |
c9d28a2b | 65 | |
a695a527 | 66 | [thumbnail="pmg-gui-mail-filter-actions.png", big=1] |
c9d28a2b | 67 | |
6994b407 | 68 | Please note that some actions stop further rule processing. We call |
c9d28a2b DM |
69 | such actions 'final'. |
70 | ||
71 | Accept | |
72 | ~~~~~~ | |
73 | ||
74 | Accept mail for Delivery. This is a 'final' action. | |
75 | ||
76 | ||
77 | Block | |
78 | ~~~~~ | |
79 | ||
80 | Block mail. This is a 'final' action. | |
81 | ||
82 | ||
83 | Quarantine | |
84 | ~~~~~~~~~~ | |
85 | ||
86 | Move to quarantine (virus mails are moved to the “virus quarantine”, | |
87 | other mails are moved to “spam quarantine”). This is also a 'final' action. | |
88 | ||
89 | ||
90 | Notification | |
91 | ~~~~~~~~~~~~ | |
92 | ||
93 | Send notifications. Please note that object configuration can use | |
94 | xref:rule_system_macros[macros], so it is easy to include additional | |
95 | information. For example, the default 'Notify Admin' object sends the | |
96 | following information: | |
97 | ||
98 | .Sample notification action body: | |
99 | ---- | |
100 | Proxmox Notification: | |
101 | Sender: __SENDER__ | |
102 | Receiver: __RECEIVERS__ | |
103 | Targets: __TARGETS__ | |
104 | Subject: __SUBJECT__ | |
105 | Matching Rule: __RULE__ | |
106 | ||
107 | __RULE_INFO__ | |
108 | ||
109 | __VIRUS_INFO__ | |
110 | __SPAM_INFO__ | |
111 | ---- | |
112 | ||
113 | Notification can also include a copy of the original mail. | |
114 | ||
115 | ||
116 | Blind Carbon Copy (BCC) | |
117 | ~~~~~~~~~~~~~~~~~~~~~~~ | |
118 | ||
119 | The BCC object simply sends a copy to another target. It is possible to | |
120 | send the original unmodified mail, or the processed result. Please | |
121 | note that this can be quite different, i.e. when a previous rule | |
122 | removed attachments. | |
123 | ||
124 | ||
125 | Header Attributes | |
126 | ~~~~~~~~~~~~~~~~~ | |
127 | ||
6994b407 | 128 | This object is able to add or modify mail header attributes. As with notifications above, you can use xref:rule_system_macros[macros], making this a very powerful object. For example, the 'Modify Spam Level' actions adds detailed information about detected Spam characteristics to the `X-SPAM-LEVEL` header. |
c9d28a2b | 129 | |
733e5b36 | 130 | .'Modify Spam Level' Header Attribute |
c9d28a2b DM |
131 | ---- |
132 | Field: X-SPAM-LEVEL | |
133 | Value: __SPAM_INFO__ | |
134 | ---- | |
135 | ||
136 | Another prominent example is the 'Modify Spam Subject' action. This | |
137 | simply adds the 'SPAM:' prefix to the original mail subject: | |
138 | ||
733e5b36 | 139 | .'Modify Spam Subject' Header Attribute |
c9d28a2b DM |
140 | ---- |
141 | Field: subject | |
142 | Value: SPAM: __SUBJECT__ | |
143 | ---- | |
144 | ||
145 | ||
146 | Remove attachments | |
147 | ~~~~~~~~~~~~~~~~~~ | |
148 | ||
149 | Remove attachments can either remove all attachments, or only those | |
a16d5544 | 150 | matched by the rules 'What' - object. You can also specify the |
c9d28a2b DM |
151 | replacement text if you want. |
152 | ||
f7d90c0a DC |
153 | You can optionally move those mails into the attachment quarantine, where |
154 | the original mail with all attachments will be stored. The mail with the | |
155 | attachments removed will continue in the rule system. | |
156 | ||
157 | NOTE: The Attachment Quarantine Lifetime is the same as for the Spam Quarantine. | |
158 | ||
c9d28a2b DM |
159 | |
160 | Disclaimer | |
161 | ~~~~~~~~~~ | |
162 | ||
163 | Add a Disclaimer. | |
66b48b3a | 164 | |
7b56a71c TL |
165 | The disclaimer can contain HTML markup. It will be added to the first |
166 | `text/html` and `text/plain` part of an email. A disclaimer only gets added if | |
167 | its text can be encoded in the mail's character encoding. | |
9b18c05f | 168 | |
66b48b3a | 169 | |
4a08dffe | 170 | [[pmg_mailfilter_who]] |
a16d5544 DM |
171 | 'Who' - objects |
172 | --------------- | |
66b48b3a | 173 | |
a695a527 | 174 | [thumbnail="pmg-gui-mail-filter-who-objects.png", big=1] |
66b48b3a DM |
175 | |
176 | This type of objects can be used for the 'TO' and/or 'FROM' category, | |
6994b407 | 177 | and match the sender or recipient of the email. A single object can |
66b48b3a DM |
178 | combine multiple items, and the following item types are available: |
179 | ||
180 | EMail:: | |
181 | ||
182 | Allows you to match a single mail address. | |
183 | ||
184 | Domain:: | |
185 | ||
186 | Only match the domain part of the mail address. | |
187 | ||
188 | Regular Expression:: | |
189 | ||
190 | This one uses a regular expression to match the whole mail address. | |
191 | ||
192 | IP Address or Network:: | |
193 | ||
194 | This can be used to match the senders IP address. | |
195 | ||
196 | LDAP User or Group:: | |
197 | ||
6994b407 | 198 | Test if the mail address belongs to a specific LDAP user or group. |
66b48b3a | 199 | |
a16d5544 | 200 | We have two important 'Who' - objects called 'Blacklist' and |
6994b407 | 201 | 'Whitelist'. These are used in the default ruleset to globally block |
3228913a DM |
202 | or allow specific senders. |
203 | ||
40ed107a | 204 | |
4a08dffe | 205 | [[pmg_mailfilter_what]] |
a16d5544 DM |
206 | 'What' - objects |
207 | ---------------- | |
40ed107a | 208 | |
a695a527 | 209 | [thumbnail="pmg-gui-mail-filter-what-objects.png", big=1] |
40ed107a | 210 | |
a16d5544 DM |
211 | 'What' - objects are used to classify the mail content. A single |
212 | object can combine multiple items, and the following item types are | |
40ed107a DM |
213 | available: |
214 | ||
215 | Spam Filter:: | |
216 | ||
c68d1d8a | 217 | Matches if detected spam level is equal or greater than the configured value. |
40ed107a DM |
218 | |
219 | Virus Filter:: | |
220 | ||
221 | Matches on infected mails. | |
222 | ||
fc900299 DM |
223 | Match Field:: |
224 | ||
225 | Match specified mail header fields (eg. `Subject:`, `From:`, ...) | |
226 | ||
40ed107a DM |
227 | Content Type Filter:: |
228 | ||
229 | Can be used to match specific content types. | |
230 | ||
231 | Match Filename:: | |
232 | ||
233 | Uses regular expressions to match attachment filenames. | |
234 | ||
235 | Archive Filter:: | |
236 | ||
237 | Can be used to match specific content types inside archives. | |
883ec2c4 | 238 | This also matches the content-types of all regular (non-archived) attachments. |
40ed107a | 239 | |
d5c0557a DC |
240 | Match Archive Filename:: |
241 | ||
242 | Uses regular expressions to match attachment filenames inside archives. | |
243 | This also matches the filenames for all regular (non-archived) attachments. | |
244 | ||
40ed107a | 245 | |
4a08dffe | 246 | [[pmg_mailfilter_when]] |
a16d5544 DM |
247 | 'When' - objects |
248 | ---------------- | |
3228913a | 249 | |
a695a527 | 250 | [thumbnail="pmg-gui-mail-filter-when-objects.png", big=1] |
3228913a | 251 | |
a16d5544 | 252 | 'When' - objects are use to activate rules at specific daytimes. You |
6994b407 | 253 | can compose them of one or more time frame items. |
3228913a DM |
254 | |
255 | The default ruleset defines 'Office Hours', but this is not used by | |
256 | the default rules. | |
99fd4bd4 DM |
257 | |
258 | ||
4a08dffe | 259 | [[pmg_mailfilter_regex]] |
99fd4bd4 DM |
260 | Using regular expressions |
261 | ------------------------- | |
262 | ||
263 | A regular expression is a string of characters which tells us which | |
264 | string you are looking for. The following is a short introduction in | |
265 | the syntax of regular expressions used by some objects. If you are | |
266 | familiar with Perl, you already know the syntax. | |
267 | ||
268 | Simple regular expressions | |
269 | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
270 | ||
271 | In its simplest form, a regular expression is just a word or phrase to | |
272 | search for. `Mail` would match the string "Mail". The search is case | |
273 | sensitive so "MAIL", "Mail", "mail" would not be matched. | |
274 | ||
275 | Metacharacters | |
276 | ~~~~~~~~~~~~~~ | |
277 | ||
278 | Some characters have a special meaning. These characters are called | |
279 | metacharacters. The Period (`.`) is a commonly used metacharacter. It | |
280 | matches exactly one character, regardless of what the character is. | |
6994b407 OB |
281 | `e.mail` would match either "e-mail" or "e2mail" but not |
282 | "e-some-mail" or "email". | |
99fd4bd4 DM |
283 | |
284 | The question mark (`?`) indicates that the character immediately | |
6994b407 | 285 | preceding it shows up either zero or one time. `e?mail` would match |
99fd4bd4 DM |
286 | either "email" or "mail" but not "e-mail". |
287 | ||
288 | Another metacharacter is the star (`*`). This indicates that the | |
6994b407 | 289 | character immediately preceding it may be repeated any number of times, |
99fd4bd4 DM |
290 | including zero. `e*mail` would match either "email" or "mail" or |
291 | "eeemail". | |
292 | ||
293 | The plus (`+`) metacharacter does the same as the star (*) excluding | |
294 | zero. So `e+mail` does not match "mail". | |
295 | ||
296 | Metacharacters may be combined. A common combination includes the | |
297 | period and star metacharacters (`.*`), with the star immediately following | |
298 | the period. This is used to match an arbitrary string of any length, | |
299 | including the null string. For example: `.*company.*` matches | |
300 | "company@domain.com" or "company@domain.co.uk" or | |
301 | "department.company@domain.com". | |
0601bef2 | 302 | |
6994b407 | 303 | The book xref:Friedl97[] provides a more comprehensive introduction. |