Google

Ray's Mail Filter - Configuration

Version 1.04/1.14
On this page:-

Configuration Files
Other pages:-

Home Page
Installation
Operation
Utilities


Configuration Files

The configuration files, header-list.conf and string-list.conf control which message headers the filter examines and what strings it looks for in those headers. The filter will look for all of the specified strings in all of the specified headers.

The configuration files can be changed while the filter is running. The mail-filter reset command is then used to signal the program to re-read the files.

For both files:

  • Entries are treated as basic regular expressions, but are not case-sensitive.
  • Lines beginning with # are comments, ignored by the program.
  • Blank lines and leading and trailing white space are ignored.

(Different rules apply to the third configuration file, mail-filter.conf. See the relevant part of the Installation instructions for details.)


header-list.conf

This file contains the names of the message headers and MIME "attachment" headers that are to be examined to see if they contain suspect text strings. There must be only one header name on each line, and the ':' that usually appears after the header name must not be included here. For example:

Subject
Content-Type
Content-Disposition

This list will cause the filter to examine the Subject and Content-Type headers of the main message and the Content-Type and Content-Disposition headers at the start of each MIME attachment. These entries are treated as regular expressions so, for example:

Content-.*

could be included make the filter examine the Content-Type, Content-Disposition, Content-Location, Content-Transfer-Encoding, etc... Checking all of these headers is probably a waste of time, so in general it is probably best simply to list the ones which need to be checked.


string-list.conf

This file contains a list of suspect text strings that are to be searched for in the specified headers. Only the 'body' text of the header is searched (after the header name and ':'). Regular expressions are more useful here. For example:

ILOVEYOU
\.vbs
name=\".*\.com\"
Fwd: *Joke
Win *a *holiday
^ *California *$

ILOVEYOU Matches any header text which contains the word "ILOVEYOU" anywhere within it.
\.vbs Matches any header text which contains the charcter string ".vbs" anywhere within it. (The full stop has a special meaning in a regular expression - matching any character. If it is meant to be taken literally, as here, it has to be "escaped" using the '\' character.)
name=\".*\.com\" Matches any header text which contains a phrase of the following form:
name="anything.com"
This is the recommended way to check for attachments with a specific filename extension. A pattern of this sort will match the Content-Type and Content-Disposition headers associated with attached files, but will not match "innocent" occurrences of the extension, in Subject headers and boundary strings for instance (".com" in particular is very common in both of those places).

(Note that one of the full stops and the quotes are "escaped" to cancel their special meanings in a regular expression. The combination .* matches any number of any characters.)

Fwd: *Joke In this example '*' means any number (or none) of the preceding character, which in this case is a space. This pattern therefore matches any header text which contains the word "Fwd:", followed by any number of spaces (or none), followed by the word "Joke". The phrase can occur anywhere within the header text.
Win *a *holiday Similar to the previous example, matches any header text which contains the phrase "Win a holiday", in which the words are separated by any number of spaces (or none). The phrase can occur anywhere within the header text.
^ *California *$ In this example '^' means the beginning of the text, '$' means the end of the text and '*' again means any number of the previous character. This pattern matches a header which contains the word "California", preceded and/or followed by zero or more spaces, but nothing else. It will therefore not match headers such as "Governor of California" or "California Institute of Technology"


Ray's Mail Filter Home Page
Installing the Filter
Running the Filter
Utilities


butlerra@sbu.ac.uk
08 March 2001