Advanced Content filtering enables scanning of email header data and content using advanced configurable search conditions and regular expressions (regex).
This article provides a step-by-step process on how to create Advanced Content Filtering rules.
To configure advanced content rules, go to Content Filtering > Advanced Content Filtering. This page allows you to view, create, enable, disable or delete rules.
Creating Advanced Content Filtering rules is a 3-step process that can be summarized as:
- Step 1: Configuring basic rule settings and conditions to block
- Step 2: Configuring the actions to take on detected emails
- Step 3: Specifying users to whom this rule applies
Step 1: Configuring basic rule settings and conditions to block
- Go to Content Filtering > Advanced Content Filtering and click Add Rule...
- In Rule Name area, provide a descriptive name for the new rule.
- In Condition area, provide the condition that the email has to meet to match this rule. From the drop-down select the email part (Headers, Subject, Body, Attachment Name or Attachment Content) and choose a condition (Start with, Ends with, Contains, Matches Exactly, Matches Regex). In the text box, key in the keyword or regular expression that the email should match. For example: To match emails having
swissin subject - Select Subject and Contains and key in
swissin the textbox.
- Select whether to scan inbound, outbound and/or internal emails.
|Scan Inbound SMTP Email||Select this option to scan incoming emails|
|Scan Outbound SMTP Email||Select this option to scan outgoing emails|
|Check Internal emails||
Select this option to scan internal emails.
Note: This option is only available when GFI MailEssentials is installed on the Microsoft® Exchange server
Step 2: Configuring the actions to take on detected emails
- From the Actions tab, configure what happens when this rule is triggered.
- To block an email that matches the rule conditions, select Block email and perform this action and select one of the following options:
|Quarantine email||Stores blocked emails in the Quarantine Store. You can subsequently review (approve/delete) all the quarantined emails. For more information refer to Managing Quarantined Emails.|
|Delete email||Deletes blocked emails.|
|Move to folder on disk||Moves the email to a folder on disk. Key in the full folder path where to store blocked emails.|
Note: Actions always affect the whole email containing the blocked content, even if there is other content (such as attachments) that do not trigger this rule.
- Select Send a sanitized copy of the original email to recipient(s) to choose whether to send a copy of the blocked email to the recipients but with the malicious content removed.
- To send email notifications whenever an email gets blocked, check any of the following options:
To notify the administrator whenever this engine blocks an email.
You can configure the Administrator email from the GFI MailEssentials Configuration by navigating to General Settings > Settings and select the General tab
|Notify local user||To notify local recipients about the blocked email.|
- To log the activity of this engine to a log file, check Log rule occurrence to this file and specify the path and file name to a custom location on the disk to store the log file. By default, log files are stored at:
Step 3: Specifying users to whom this rule applies
- By default, the rule is applied to all email users. GFI MailEssentials, however, allows you to apply this rule to a custom list of email users specified in the Users/Folders tab.
- Specify the users to apply this rule to.
|Only this list||Apply this rule to a custom list of email users, groups or public folders.|
|All except this list||Apply this rule to all email users except for the users, groups or public folders specified in the list.|
- To add email users, user groups and/or public folders to the list, click Add.
- In the User Lookups window, specify the name of the email user/user group or public folder that you wish to add to the list and click Check Names. Matching users, groups or public folders are listed underneath.
Note: You do not need to input the full name of the users, groups or public folder. It is enough to enter part of the name. GFI MailEssentials will list all the names that contain the specified characters. For example, if you input
sco, GFI MailEssentials will return names such as
Freeman Prescott, if they are available.
- Select the checkbox next to the name(s) that you want to add to the list and click OK.
Note: To remove entries from the list, select the user/user group/public folder you want to remove and click Remove.
- Repeat steps 3 to 5 to add all the required users to the list.
- Click Apply.