Filter Syntax
From CastleCopsWiki
|
MailWasher Pro Index
|
A MWP filter consists of several distinct sections and follows a simple format. This is a sample of what a simple filter looks like in the filters.txt file.
NOTE: The "== ==" has been added to the filter examples shown as needed to keep the display from scrolling and should be removed before using the filter in MWP.
NOTE: You should always give each filter a unique name and a matching status description so you can identify which filter tagged a message. Leaving either of them at the default will cause you much difficulty when trying to trace why a message was tagged and which filter tagged it.
WARNING: The filter editor box will only let you add 10 conditions to a filter. Manually editing the filter.txt file will let you add many more. You need to be careful not to attempt to edit a filter with many conditions using the filter editor as it will display all the conditions and force the OK and Cancel buttons off the bottom of the screen.
Contents |
[edit] Basic sample
[enabled],"name",status,9175550,OR,Legitimate,TakesPrecedence,EntireHeader,==
==contains,"target1",EntireHeader,contains,"target2",EntireHeader,contains,"target3"
Broken down into individual fields you get the following:
| Field | Explanation | |
|---|---|---|
| [enabled], | this filter is enabled, the other option is disabled | |
| "name", | the name of the filter for the filter editor | |
| status, | the status field displayed when this filter matches a message | |
| 9175550, | the color code (decimal) used to display the status message | |
| OR, | the logical condition to use to combine the filter rules, the other option is AND | |
| Legitimate, | the status to mark the message with if it matches this filter | |
| TakesPrecedence, | this filter takes precedence over the friends and blacklists | |
| EntireHeader,contains,"target1", | look for the text "target1" in the message header | |
| EntireHeader,contains,"target2" | or | look for the text "target2" in the message header |
| EntireHeader,contains,"target3" | or | look for the text "target3" in the message header |
This filter will search the entire header for any occurrence of target1 or target2 or target3 and mark the message as legitimate with the status field set to "status".
[edit] Syntax Details
The following parameters may be present in any filter definition and retained in the filter.txt file.
| Parameter | Value | Description | |
|---|---|---|---|
| State: | ! | [Enabled] [Disabled] | Disable turns off selected filters for testing purposes or if unhappy with them for some reason but are not deleted. |
| Filter name: | ! | New filter (Default) | A user assigned title to refer to this filter by, it should be changed to a unique name. |
| Status Description: | ! | Filtered (default) | This should be unique and fairly short, it will aid troubleshooting filter problems if it can be tied to the filter name above. |
| Color: | ! | Integer 0 - 16777215 | Colour code applied to the StatusDescription field |
| Rule logic: | ! | AND OR | AND means that the rules must all be met for the filter to match OR means that any of the rules must be met for the filter to match |
| Legitimate: | Legitimate | Mark this mail as legitimate as opposed to taking any of the actions marked with an asterisk below. | |
| No Display: | Hidden | The message will be hidden from view. This setting can be overridden using the "show hidden e-mails" option from the MWP menu. | |
| Blacklist: | *# | Blacklist | Add the sender (probably forged) to your blacklist. Note:This can prove dangerous as the spammers may forge a legitimate address. Adding large numbers of forged addresses to your blacklist provides little added spam detection and can slow mail processing to a crawl. If used, set the blacklist retention time to a week or less. |
| Delete: | *# | Delete | Delete the message from the server. |
| Bounce: | *# | Bounce | Send a copy of the message back to the sender using a forged return address Warning: This may violate your ISP's AUP or e-mail forgery laws in your jurisdiction. Warning: Spammers rarely use their own addresses when sending spam and often forge other email addresses. MWP makes no effort to verify this address and you may be reported to your ISP for sending spam. If you do bounce an e-mail to a forged address you are sending someone with no involvement with the message your spam, you deserve to be reported and your ISP will not be amused by this. On a bad day you might actually get your ISP listed on a blacklist and disrupt mail service for all their customers. |
| Prioritize: | TakesPrecedence | Run this filter before the other Spam Tools. | |
| Disable Reporting: | * | noreport | Remove reporting boxes from the mail grid. This parameter's presence has no bearing on |
| Automate: | * | Automatic | This parameter is only allowed if any parameters marked with a # are also present. If rule conditions are met as per the rule logic for this filter, MWP will immediately process the message as per the # parameters specified for the filter. Thus messages automatically deleted will never be seen in the message window. Warning: A filter should not be set to Automatic until there is a great deal of confidence that it is performing flawlessly. |
| Rules: | ! | There can be up to (?) rules. Each rule consists of a series of three fields: | |
| ! | Message Part: |
| |
| ! | Condition: |
| |
| ! | Search String: |
|
[edit] Condition Details
All of the rules: This checks (with a logical AND) to see that each of the rules in this filter are met and only takes action if they are.
Any of the rules: This checks (with a logical OR) to see if any of the rules in this filter are met and takes action if they are.
[edit] Rule Message Parts
| From: | This looks at the from line starting after the "From:" tag. |
|---|---|
| Subject: | This looks at the subject line starting after the "Subject:" tag. |
| To: | This looks at the to line starting after the "To:" tag. |
| CC: | This looks at the cc line starting after the "CC:" tag. |
| Body: | This looks at the body of the message. |
| Return Path: | This looks at the return path in the header after the "ReturnPath:" tag. |
| Entire Header: | This looks at the entire header of the message |
NOTE: These message parts are evaluated at in the raw message (source) format so copying something from the displayed message may or may not match the resulting filter. If you want to copy and paste make sure you switch to source view before you do.
[edit] Rule Conditions
These condition will be met when the search string either matches or does not match the character sequence within the specified message part.
| contains | The simple search string entered is contained in the message part being evaluated. It can be first, last or in the middle of the message part. |
|---|---|
| doesn'tContain | The simple search string entered not is contained in the message part being evaluated. |
| is | The simple search string entered is an exact match with the message part being evaluated. |
| containsRE | The regex search string entered matchs within the message part being evaluated. |
| doesn'tContainRE | The regex search string entered does not match within the message part being evaluated. |
Back to Filter Strategies
