标题: What can I do about spam mail arriving in my mailbox? _Form IpSwitch [打印本页] 作者: badwrs2000 时间: 2004-3-8 00:00 标题: What can I do about spam mail arriving in my mailbox? _Form IpSwitch What can I do about spam mail arriving in my mailbox?<br>
<br>
Answer/Solution: Starting with version 8.0. Anti-SPAM is part of IMail. Please see:<br>
IMail Server 8.01 User's Guide - Using Delivery Rules to Filter Spam<br>
<br>
You can use Rules on several parts of a message to filter spam mail. <br>
<br>
The syntax below shows the different portions of a message that can be filtered:<br>
<br>
B~filtered content in body:spambox<br>
S~filtered content in subject:spambox<br>
H~filtered content in header:spambox<br>
F~filtered content in From address:spambox<br>
T~filtered content in To address:spambox<br>
N~filtered content in Sender:spambox<br>
<br>
The expressions for each element of a delivery rule follow:<br>
<br>
Message Area<br>
From: F<br>
Subject: S<br>
Sender: N<br>
To: T<br>
entire header (everything preceding the body) H<br>
entire body of message B<br>
<br>
Condition Expression<br>
contains ~<br>
does not contain !~<br>
equals =<br>
does not equal !=<br>
<br>
Text Pattern Expression<br>
Any character .<br>
Any of the values separated by vertical bars within the parentheses; the <br>
vertical bar represents "or" (this|that|other)<br>
Any word character (a-z, A-Z, 0-9) \w<br>
Any non-word character \W<br>
Any digit (0-9) \d<br>
Any non-digit \D<br>
Any white space (spaces and/or tabs and/or carriage returns) \s<br>
Any non-white space \S<br>
Any punctuation character (any character other than \w or \s) \p<br>
Any non-punctuation character \P<br>
<br>
Quantifier Expression<br>
Zero or more *<br>
One or more +<br>
Exactly 100 {100}<br>
At least n1, but not more than n2 (where n1 and n2 are numbers) {n1,n2}<br>
<br>
Note: As shown above, the following characters have special meaning in a rule: {}()|*+,.:\ If you want to use one of these characters in a search string, precede it with a backslash. For example, to search for a plus sign, enter \+ in the search string.<br>
<br>
Note that only the first 32,000 bytes of a message is checked. Please see the bottom of this page:<br>
<br>
IMail Server 8.01 User's Guide - Setting Up Delivery Rules<br>
<br>
For example, if you wanted to monitor any mail with the subject "Kill Dusty", then you could have a rule like this:<br>
<br>
S~kill dusty:spambox<br>
<br>
This would catch messages with the subject:<br>
<br>
"I want to kill Dusty" <br>
but it would not catch:<br>
<br>
"I am going to kill that thar Dusty".<br>
<br>
In this example, the ":spambox" sends the message to a subfolder in the user's mailbox called "spambox".<br>
<br>
I DON'T WANT THIS MAIL TO GO TO A SUBMAILBOX - I WANT TO DUMP THIS MAIL TO A CENTRAL MAILBOX: if you don't want the user to have access to spambox, but you want to monitor this mail yourself, you must put a forward file in EACH users folder. This file can be created in Notepad and must match the name of the submailbox you define in your rule, i.e. "spambox.fwd".<br>
<br>
The only thing that should be in the "spambox.fwd" file is the account you want the filtered message to go to. In one user's example, they forward them to an "abuse" account. Their "spambox.fwd" contains the following:<br>
<br>
abuse@your-domain.com<br>
<br>
(If you use Notepad to create the .fwd file remember that Notepad also adds<br>
.txt to the filename of any new file created.) <br>
You can now use this "abuse" user account to monitor this type of mail. The batch file in the URL below can be used to copy the .fwd file to all user directories. Make sure if you run this batch file that you DO NOT copy this .fwd file into the "abuse" mailbox directory:<br>
<br>
IMail - Batch file to copy rules.ima to all user directories<br>
<br>
Now you can log into the "abuse" mailbox and see who is spamming.<br>
<br>
I WANT TO DUMP THIS MAIL TO A CENTRAL MAILBOX THAT HAS INFO MANAGER ENABLED SO I CAN TELL THE SENDER THAT THE MAIL HAS BEEN REJECTED:<br>
<br>
IMail - Auto Response to Senders whose message was filtered by a rule<br>
<br>
I WANT TO FILTER CERTAIN EMAIL ATTACHMENTS:<br>
<br>
As .vbs and script viruses are turning up, a customer suggests these rules:<br>
<br>
B~name=".*\.exe":spambox<br>
B~name=".*\.scr":spambox<br>
B~name=".*\.vbs":spambox<br>
B~name=".*\.shs":spambox<br>
<br>
You will also want to filter attachments with the .com extension.<br>
<br>
Note that .* means any number of any character. Therefore, a rule, B~name=.*\.com<br>
would filter any message that contains 'name=' if it has email addresses or website URLs in the message body. For the .com extension, we suggest this: <br>
<br>
B~name=.{1,50}\.com:spambox<br>
<br>
(That is, filter messages if name= is followed by .com within the next fifty characters.)<br>
<br>
B~begin 6".*\.exe":spambox<br>
B~begin 6".*\.scr":spambox<br>
B~begin 6".*\.vbs":spambox<br>
B~begin 6".*\.shs":spambox<br>
B~begin 6.{1,50}\.com:spambox<br>
<br>
Note that these rules will filter all incoming messages containing attached files with .vbs .shs .scr .exe and .com extensions. Filtered messages will be directed to a sub-mailbox, (spambox.mbx) in the user's folder for the user to whom the message was addressed. You can point a rule to NUL (instead of a sub-mailbox such as spambox) if you want filtered messages to be deleted.<br>
<br>
Starting with version 7.10 Rules can filter to an address directly. If you have a user account named abuse, your rule could filter to abuse@your-domain.com. <br>
<br>
The first rule filters MIME attachments, characterized by the string:<br>
name="filename.ext"<br>
while the second rule filters Uuencoded attachments, characterized by the string: Begin 6<br>
<br>
Here is an example for newer SPAM where words have spaces in between the letters. For instance the word test would show up as t<--12-->e<--12-->s<--12-->t. The rule to filter this would be: B~t.{8}e.{8}s.{8}t:junk<br>
<br>
It is necessary to stop and restart the SMTP service after modifications to rules.ima to activate the new filter settings. If you are running version 8, you should also stop and restart the Queue Manager service.<br>