A UBE filter is a single text line containing 3 to 5 parts, in this order:
[:label] messageField matchCriterion action [argument]
Here is an example filter that includes all five parts:
:DontSend Subject "Bad mail" REJECT "Do not send mail"
The following subsections use this example to describe, in order, the parts that make up a filter.
Label
The label is an identifying name for the filter. This part is optional and is used only if this filter is the destination of another filter's JUMP action. (For a description of the JUMP action, see Table 8.1.)
The label is always preceded by a colon (:).
Example: :DontSend
Message Field
The message field is the portion of the message header or envelope that the filter analyzes. Each arriving message has header fields that hold information about that message. The filter can use any of the fields in deciding how to handle the mail. There is no complete list of possible header fields since the format is open (see Internet Draft RFC 822 for a list of the defined standard fields), but common fields include To, From, Sender, Reply-To, Content-type, and so on. For descriptions of some of the most common fields, see Table 8.3.
Example: Subject
After the message field name you can place a colon (:) followed by special tags that affect how the message field is processed. Currently, two special tags are supported: case and envonly.
case Tag
The case tag causes the matching criterion (which follows the message field in the filter) to be treated as case sensitive. By default, filters are not case sensitive. Here's an example of two filters, identical except for the case tag:
Subject:case "Bad mail" REJECT "Do not send mail" Subject "Bad mail" REJECT "Do not send mail"
The first filter would intercept only those messages whose subject is Bad mail; the second filter would intercept messages whose subject is either Bad mail or bad mail (or even bAd mAiL).
envonly Tag
The envonly tag instructs the filter to consider only envelope information, rather than all message-header information, for the message field. Because header information is more easily altered by a mail sender than is envelope information, you can use this tag to help resist spoofing attacks based on header information.
For example, Auth-Sender is an envelope field, added by a server sending a message by authenticated SMTP, that identifies the sender of the message.You might design a filter that examines that field to ensure that only authenticated mail gets through. A tricky user could, however, add a phony Auth-Sender field to the header information in a message, possibly defeating your filter. If you restrict the message field to envonly, only those fields that are created by the server, and thus are harder to tamper with, will be considered.
Note: Using the envonly tag makes sense only if your UBE plug-in has been configured to include header fields by default; for an explanation, see Envelope Fields and Header Fields.
Match Criteria
The match criterion is the string (or regular expression) that the filter looks for in the contents of the message field to see whether a match is achieved. The combination of message field and match criterion is called the filter's predicate; the state of the predicate (matched or unmatched) determines whether or not the filter is to be applied.
Predicate example: Subject "Bad mail"
In this example, if the Subject field of the message being analyzed is Bad mail, the filter is applied; otherwise, the filter is not applied. Note that, in the absence of a case tag, the match criterion is not case sensitive.
The match criterion is a regular expression, so you can use it to match a wide variety of strings. For example, to match any Subject field containing the phrase "Get Rich Quick", you can specify ".*Get Rich Quick.*" as the match criterion. For more information, see Regular Expressions for Match Criterion.
Action
The action field defines the action that the UBE plug-in performs if a match occurs. As soon as a match occurs with any filter predicate, the action associated with that filter is taken. Filter processing stops when a terminal action (one that stops processing) is taken, or when the end of the filter file is reached. For descriptions of the actions, see Table 8.1.
Example: REJECT
This action causes the message to be returned to the sender.
You can also apply the negation modifier to reverse the conditions under which an action occurs; see Negation Modifier.
Argument
The argument field contains any additional information that may be needed to perform the specified action. Some actions do not take an argument, whereas others do. For descriptions of the arguments used by each of the actions, see Table 8.1.
Example: "Do not send mail"
In this case, "Do not send mail" is the argument to the REJECT action; it is a message that accompanies the returned mail.
Available Actions for UBE Filters
Table 8.1 lists the actions that you can specify in a UBE filter. Each action is classified either as terminal (filter processing stops as soon as it is taken) or non-terminal (processing continues after it is taken).
Table 8.1 UBE filter actions
Action
| Argument
| Description
|
COPY
|
Comma-separated list of addresses
|
Adds these recipients to the original set of recipients, then continues processing the next filter. (Non-terminal action.)
|
|
Example: Channel-To "user1@domain1\.com" COPY "postmaster, user2"
In this case, any mail sent to user1@domain1.com is also sent to postmaster and to user2.
|
DROP
|
One address
|
Replaces original set of recipients with this one and sends the message on. (Terminal action.)
|
|
Example: User-From ".*@bulk\.com" DROP "postmaster"
In this case, any mail from any account at bulk.com is sent to postmaster but no one else.
|
EXIT
|
(none)
|
Immediately stops filter processing and sends the message on. Subsequent filters in the configuration file are not applied to this message. (Terminal action.)
|
|
Example: User-From "CEO@.*" EXIT
In this case, any mail from a user named CEO is sent through.
|
HOLDCOPY
|
Comma-separated list of addresses, followed by a vertical bar (|) and a message string
|
Holds the message. (Terminal action.)
|
|
Example: Subject "Free stuff!" HOLDCOPY "postmaster | please handle" In this case, any mail containing the subject "Free stuff!" is held, with a copy sent to postmaster.
|
HOLDONLY
|
Comma-separated list of addresses, followed by vertical bar (|) and a message string
|
Holds the message. (Terminal action.)
|
|
Example: Subject "Free stuff!" HOLDCOPY "postmaster | please handle"
In this case, any mail containing the subject "Free stuff!" is held, with a notification sent to postmaster.
|
JUMP
|
Label (filter name)
|
Shifts filter processing to the named filter, skipping any intervening filters. The named filter must exist in the configuration file. (Non-terminal action.)
|
|
Example: Subject "Easy $$$" JUMP "MoneyReject" subject".*$$$.*" HOLDCOPY "postmaster | evaluate for $$$" :MoneyReject Subject "Easy $$$" REJECT "No commercials, please"
In this case, mail with the specific subject "Easy $$$" is rejected, whereas other mail with triple dollar signs in the subject is held for the postmaster to evaluate.
|
REJECT
|
Reject reason (message string)
|
Returns the mail to the sender and includes the reject reason in the message. (Terminal action.)
|
|
Example: User-from "Pitchman@cheapstuff\.com" REJECT "Do not advertise to our users"
In this case, any mail from Pitchman@cheapstuff.com is automatically returned along with the message "Do not advertise to our users".
|
RUN
|
Command line to execute
|
Executes the specified program, passing the message header and body to the program. The program must be located in the directory INSTANCEDIR/smtp-bin/plugins where INSTANCEDIR is the instance directory (name = msg-instancename). You can use the special field name $& in the subsequent filter to match the return value of the program. (Non-terminal action.)
|
|
Example: Subject "May contain a virus" RUN "VirusScan.exe" $& "1" REJECT "Message rejected due to presence of virus!"
In this case, any mail with the subject "May contain a virus" is sent to the program VirusScan.exe for analysis. If the return value from the program is 1, the message is returned along with the message "Message rejected due to presence of virus!".
|
Regular Expressions for Match Criterion
The UBE filter supports extended regular expressions compliant with POSIX 1003.2. There are many sources of information on regular expressions; this document is not intended as a reference.
Table 8.2 lists some of the common regular-expression special characters and constructions that you can use in creating match criteria for UBE filters.
Table 8.2 Regular-expression special characters
Characters
| Usage
|
.
|
(Dot). Matches any single character.
|
[]
|
(Brackets). Matches any single character from the set of characters specified within the brackets. The brackets may enclose the entire set of permissible characters ([2468]), or they may specify an ASCII range, using end points and a hyphen ([a-z]).
For example, r[eo]d matches red and rod, but not rid or reed. x[0-9] matches x0, x1, x2, and so on, but not x11.
|
[^]
|
(Caret in brackets). Matches any single character that is not one of those specified within the brackets following the caret. (The caret must be the first character in the brackets.)
For example, r[^eo]d matches rid but not red or rod. x[^0-9] matches xa, xb, xc, and so on, but not x2.
|
*
|
(Asterisk). Matches zero or more of the immediately preceding character or expression. For example, ba*c matches bc, bac, baac, and so on. The expression .* matches any string.
|
+
|
(Plus) Matches one or more of the immediately preceding character or expression. For example, ba+c matches bac, baac, and so on. r[eo]+d matches red, rod, reed and rood, but not reod or roed.
|
\
|
(Backslash) The Escape character. It removes the pattern-matching significance of the character it precedes, so that special characters (like those in this table) can be matched as regular ASCII characters. For example, . matches any character, but \. matches only the dot character. (To match the backslash character itself, you must precede it with another backslash: \\.)
|
\~
|
(Escaped tilde) Matches any character but the subsequent character. For example, b\~ad matches bbd, bcd, b3d, but not bad.
|
\{\}
|
(Escaped braces) Matches any number of occurrences of the exact sequence of characters between the escaped braces. For example, \{ju\}+fruit matches jufruit, jujufruit, jujujufruit, and so on. It does not match jfruit, ufruit, or ujfruit. You can use the expression \{ \} to match any number of spaces between words.
|
\{x\!x\}
|
(Escaped bang in escaped braces) Matches any one of the characters x separated by the alternation symbol (\!). For example, \{j\!u\}+fruit matches jfruit, jjfruit, ufruit, ujfruit, uufruit, uuufruit, and so on.
|
^
|
(Caret) Matches the beginning of a line.
|
$
|
(Dollar sign) Matches the end of a line.
|
()
|
(Parentheses) Delimits arguments. You can explicitly limit the extent of a regular expression by enclosing it in parentheses. For example, uuufruit is a single regular expression, but you can force it to be considered two separate expressions by applying parentheses, as in (uuu)(fruit). For an example of the use of parentheses, see the example filter following Table 8.4.
|
Many other rules define, for example, what a character is and how characters in regular expressions may be juxtaposed for various purposes. For more information, please consult any POSIX 1003.2-compliant regular-expression documentation.
Envelope Fields and Header Fields
Every message has two types of fields that you can include in the message-field part of your filters. Header fields are created by a mail client when it sends a message. Envelope fields are created by mail servers that send or resend the message during its transit from sender to receiver. By default, the UBE plug-in examines envelope fields only. This restriction exists for performance reasons, because the header can contain any number of fields.
The envelope fields most useful for filter purposes include those listed in Table 8.3.
If you want to include header fields as well as envelope fields in your filter predicates, you can use the Netscape Console interface. You can also accomplish this manually, by adding the following line to your filter options file (UBEfilter.opt):
parseheader: 1
This instruction tells the UBE plug-in to look at both envelope and header fields when comparing a message to a filter.
If you have set the default to include header fields, you can then, on a filter-by-filter basis, force the plug-in to look only at the envelope fields by using the envonly flag in the message field of your filter; for a description of this flag, see envonly Tag.
Note: If you are designing your filters to operate on header fields as well as envelope fields, you can use your mail client to help decide which header fields to analyze. With the Netscape Messenger mail client in Netscape Communicator, you can view the complete set of header fields in a received message by choosing All from the Headers menu (accessed from the View menu).
Special Message-Field Names
You can use special field names to combine filters and narrow your criteria. Table 8.4 describes these names, using the following filter as an example:
Subject "This is ." REJECT "This is bad mail"
(This example includes a dot wildcard, which matches any single character, in the match criterion.)
Table 8.4 Special message-field names for UBE filters
Special name
| Explanation
|
$0
|
Represents the complete message field content that was last matched. Assume that the message just compared against the above example filter had the subject "This is a test". Then the current value of $0 would be "This is a test".
|
$1
|
Represents the exact matching portion of the message field content that was last compared. In the above example, again assuming that the message subject was "This is a test", the value of $1 after the comparison would be "This is a". An example of the use of $1 follows this table.
|
$2..$9
|
Represent the values, in order, of any parenthetical matches you may have specified in your match criterion. If, in the above example, your match criterion had been "(This) (is) (a) (test)", and again assuming that the message subject was "This is a test", the comparison would yield the results $2=this, $3=is, $4=a, and $5=test.
|
$&
|
Represents the numerical result code of the last action. You can use this special field name in conjunction with the RUN action (see Table 8.1).
|
$#
|
Represents the number of recipients in the current message. A comparison of this value and a number is considered true if this value is equal to or greater than the given number. You can use this field name to, for example, block all messages with more than a maximum permitted number of recipients.
|
$ANY
|
Represents any field. Using this special name causes the plug-in to compare your match criterion with all fields. For example, you can use it to search all header fields for a specific phrase, as in this predicate:
$ANY "get free stuff"
You can also use it to match all messages, with a predicate such as
$ANY ".*"
which will match any field containing any string.
|
The following example uses both a special field name and parenthesized expression parsing:
:handleFrom User-From (.*)@airius.com !JUMP handleregular $1 "postmaster" JUMP handleAIRIUSpost "" "" JUMP handleregular
Negation Modifier
You can modify an action by applying the negation operator to it. Normally, the action specified in a filter is taken if the match criterion is matched. If, however, the negation operator is applied to the action, the action is not taken if the criterion is matched; conversely, the action is taken if the criterion is not matched.
For example, the following filter accepts all messages originating from within Airius Corporation:
Sender ".*airius\.com" EXIT
A complementary filter might reject all messages that are not local:
Sender ".*airius\.com" !REJECT "local mail only"
If you are using the Netscape Console interface to create filters, you click a button to apply the negation modifier; if you are creating filters manually, you apply the modifier as a prefix to the action, as shown in the example.
|