Note: It is recommended that you check with Sophos support before attempting to create
any new anti-spam rules. If you are receiving false positives or false negatives,
Sophos asks that you forward these messages to SophosLabs for our analysts to
investigate. See "PureMessage Feedback" in the Contacting Sophos section for
more information.
On the sidebar of the Policy tab, click
Anti-Spam Rules.
The Anti-Spam Options page is displayed.
At the bottom of the page, click New.
A set of seven editable text boxes is displayed at the bottom of the page
where you can set the information for the new anti-spam rule.
Fill in the information for the rule in each of the following text boxes:
Rule State: Select Auto,
Enabled, or Disabled.
Note: The Auto value sets the
state of the rule according to whether there is a value in the
rule's Weight or Probability
Adjust % text box. If both scores are zero, the rule
has no effect.
Rule Name: The unique identifier for the rule. Using the default
policy, rules matched by a message appear in a spam report header called
the Rule Hit Rates report.
Desc: A meaningful description for the rule.
Part: The component of the message that is tested against the
rule. The name of any message header can be specified; common headers
include Subject, To and From. Specific message parts include:
Envelope_To: The recipient addresses, as interpreted from
the SMTP "RCPT TO" command; the actual delivery address, as
opposed to the message's To header.
Envelope_From: The sender's address, as interpreted from
the SMTP "MAIL FROM" command.
BODY: Consecutive chunks of the message's body content
(that is, paragraphs) as well as the message's Subject header;
HTML parts are stripped of markup tags. Useful for matching
words concealed by HTML tags.
RAWBODY: Consecutive chunks of the message's body content
(that is, paragraphs) as well as the message's Subject header;
markup tags in HTML parts are left intact. Useful for matching
HTML markup characteristics.
URI: URI strings found in the body of the message.
EOB: The entire message body as well as the message's
Subject header; HTML parts are stripped of markup tags. EOB is
resource-intensive, as the entire message must be loaded at
once. Use "BODY" if possible.
RAWEOB: The entire message body as well as the message's
Subject header; markup tags in HTML parts are left intact.
RAWEOB is resource-intensive because the entire message must be
loaded at once. Use "RAWBODY" if possible.
EOH: All of the message's headers, concatenated into a
single string.
Full: The entire message, including headers.
Test: The regular expression applied to the section of the
message specified in the Part text box. The
expressions must be enclosed in forward slashes ("/"). For example, to
test for the occurrence of the word "opportunity", enter "/opportunity/"
as the test. See the Regular Expression Primer in the Appendices for
more information on regular expressions.
Weight: The value (or "weight") added to the message's total spam
score when the message matches this rule. Values can be either positive
or negative; prefix negative numbers with a minus symbol. For more
information about how scores are calculated, see "Test Scores" in
the Policy section of the Administrator's Reference.
Probability Adjust %: The absolute probability for the rule in
the form of a percentage. When the total spam score is calculated for
the message, rules with weights are first converted to a percentage, and
then rules with absolute probabilities are added. If both a rule weight
and a probability adjustment percentage are specified, the rule weight
is first converted to a percentage, and then the value in the
Probability Adjust % text box is added to
determine the total weight for that rule.
Once you have set the information for the new rule, at the bottom of the page,
click Save.