Using the Content Filtering Service

This page explains how to use the Content Filtering service and how it can be configured securely. For more detailed information on what each option of the Content Filtering settings is for, then please view the Content Filtering page.

The Content Filtering Service

One of the most annoying things about receiving mail is that you can often receive offensive or malicious mail intended to fool you into fraudulent proceedings or harm your computer. Content Filtering can seriously help in controlling your mail. By setting up one or more condition-action style Content Filter Rules, you can pass each mail through a sophisticated array of conditional checks, performing a wide range of actions in response where appropriate.

Content Filter Rules

You can add one or more rules to the Content Filtering settings. Rules are performed sequentially and some rules may affect subsequent rules. Therefore, you can also change the order of the rules to achieve the desired effect. Each rule has a name which is used to uniquely identify the rule in the settings and also as an indication of the nature of the rule.

Conditions and Actions

Every rule is made up of one or more conditions and one or more actions. Conditions are triggers which are evaluated for a particular mail being filtered. Conditions are performed sequentially and use logical and/or/not operators together with brackets to achieve a logical equation which overall will evaluate true or false in different circumstances based on various things. If the conditions for the rule evaluate true for a given mail, the list of actions is performed. Actions are performed sequentially and some actions may affect subsequent actions. Therefore, you can change the order of the actions to achieve the desired effect.

Example Uses of Content Filter Rules

Deciding which what kind of rules to create is a reasonably straight forward process. Simply think of something you would like to achieve when filtering your mail and try to put that into a condition-action style sentence:

  • If SMTP sender matches 'malicioususer@adomain.com' -> delete email.
  • If mail attachment ends with 'exe', 'com' or 'scr' -> strip attachment.
  • If SPAM flag set -> Edit subject header line to '<spam> ####SUBJECT####'.

Note that in the last example a field tag is used to add the original subject back into the edited subject of the mail after filtering. Field tags can be used throughout Content Filtering. For more information, please view the Using Field Tags page.

Security Considerations

Some filtering conditions and actions must be used very carefully as they have the potential to cause serious problems.

Application Execution

Both conditions and actions can execute applications. It is very important that applications do not run for long periods of time with many instances running simultaneously as this can use up a lot of CPU time and cause your server to slow down considerably. Condition application executions are only supposed to run for very short periods of time (usually to perform some kind of processing on the current mail being filtered) and then close, returning a value that can be used to evaluate the condition. If the application does not return after a considerable length of time, it will be terminated and the condition will evaluate false. The long wait for the application to close can cause congestion in the Content Filtering queue holding up all other mail passing into the system, eventually resulting in mails being discarded.

File Creation

Some actions can cause new files to be created. It is very important that this is moderated and set up with care as this could potentially lead to very large amounts of hard drive space being used over a long period time resulting in hard drive space possibly even be used up completely, stopping your mail server from continuing to function properly.

New Mail Creation

Some actions can cause new mails to be created. It is very important that actions are not set up in such a way that extremely large quantities of new mails are created unnecessarily and not noticed or removed from the system.