|
The test
The test section is the test to perform on the specific Header. The tests in the rules scripting language generally fall into three categories:
• simple expressions
• regular expressions
• conditional expressions
Simple expressions
A simple expression is a string in quotes ("") that means does this string occur in the data of the RFC-2822 header. Strings are not case sensitive. A string can contain a simple wildcard characters, such as
• a question mark "?", which means match any single character
• an asterisk "*", which means match any group of characters
The quoted string can also have a NOT in front of it, which means reverse the sense of the test. Let's take a look at what would happen if the following RFC-2822 header was processed by the following rules:
Example
Date: Tue, 11 Feb 2003 16:27:41 -0500
• Date: "Feb 2003" spam
Condition is true and message would be marked as spam.
• Date: "Tue, 11 Feb 2003 16:27:41 -0500" spam
Condition is true and message would be marked as spam.
• Date:NOT "200?" spam
Condition is false (not true) and message would not be marked as spam.
• Date:"*Feb*" spam
Condition is true and message would be marked as spam.
Regular expressions and extended regular expressions (regexp and eregexp)
A regular expression is a common way of describing string pattern matching. Regular expressions are usually found in Unix environments and allow a more granular level of control over matching than simple expressions. They also allow the data matched to be stored in a variable for later use. Internet Services also supports extended regular expressions (eregexp), however, regular expressions are at least twice as fast for equivalent searches.
Example 1
From: regexp:".*@[0-9]+\\..*" spam
which means,
• check if the first part of the domain name is all numeric, and if so mark as spam.
Example 2
Subject: regexp:"[A-Z\\?\\!\\.\\,0-9]+" spam
which means,
• check if the subject is all uppercase with numbers and punctuation, and if so, mark as spam.
Example 3
Content-Type: regexp:".*name=\"\\(.+\\)\"" SET $attname="\\1"
which means,
• find the attachment name in the Content-Type header, and save it in a variable named $attname for use in another rule (such as for anti-virus purposes).
Extended expressions
In addition to the regexp: condition, the following may be used:
• eregexp: extended regular expression syntax available
• eregexpi: extended regular expression syntax with case-insensitive character matching
Extended regular expressions allow for more powerful matching than the current regular expression syntax allows, at the cost of slower runtime pattern matching. The eregexpi version should be used if you are writing a regular expression that includes a lot of these constructs: [Aa]. For example:
eregexp:"[Vv][Ii][Aa][Gg][Rr][Aa]"
can be rewritten as:
eregexpi:"viagra"
Conditional expressions
A conditional expression is used to test the state of a variable or invoke a built-in function. Conditional expressions always take the form IF (expression), where the expression is either a variable test or a call to a built in function. Let's take a look at a couple of examples of conditional expressions taken from the shipping rules.MailRules file:
Example
^: IF (@istrustedip($senderip)) DONE
which means,
• if the IP address in in the trusted IP list, skip rules processing
• before any headers are processed (^), if the sender's IP address ($senderip), which is the built-in variable, is in the trusted list take the action DONE (skip further processing).
Example
From: if (@isspamaddress($from)) SET $spamlevel += 101 AND $spamtests += "FROM_IN_SPAM_FILTERS;"
which means,
• check if From name is in the spam address list
• when processing the From header, if the From address is in the spam address list, set spam level to extreme (> 100) and add the reason to the $spamtests variable.
|
