Page 53 - Mercury Manual.book
P. 53
Content Control 48
How it works
Content Control
Mercury's general-purpose filtering gives you enormous control over the mail passing
through your system – but it is general-purpose in nature, and is not designed to perform ex-
tensive analysis of messages: instead, for that, Mercury provides a separate but parallel facil-
ity called Content Control. Using content control, you can apply your own comprehensive
tests to mail passing through your system based on the contents of that mail rather than its
physical characteristics. Examples of what you might use this for include —
• Spam detection This is the most common use for content control. Unlike tests that rely
on the origin of the message, or the headers it contains, Content Control allows you to
detect spam based on the type of thing it is trying to sell: since most spam is trying to sell
you something, a test that detects the product being pitched has a very high chance of
eliminating or at least severely reducing whole classes of unwanted mail.
• Auditing Using content control may allow you to detect certain types of message that
need to be analyzed for security reasons. As an example, a military contractor might use
content control to get an early warning that sensitive information is being disseminated
inappropriately.
For handling viral messag- • Controlling objectionable material After spam detection, unwanted pornographic mate-
es, consider using Mercu- rial is probably the the greatest nuisance mail most people get on a daily basis. Using
ry’s attachment filtering
capabilities, or setting up content control, messages containing objectionable material can be filtered out before
an anti-virus policy. delivery, and because content control works on a weighted basis, the occasional exple-
tive we all occasionally use in our mail won't result in legitimate messages being mis-
identified as pornography.
How it works
Using the Content control option on the Configuration menu, you can create sets of tests that
Mercury applies to every message it processes: each set consists of three separate and option-
al tests -
• A blacklist check You can create a blacklist of addresses and sites from which all mail is
regarded as unacceptable. Blacklisted messages get a weight of 9999.
• A whitelist check This is like the blacklist, except that all addresses and sites that appear
in the list are never treated as unacceptable. Whitelisted messages get a weight of -9999.
• A rule set check For messages that are not caught by the blacklist or whitelist, you can
create arbitrarily complex sets of rules to test the content of the message. These rules are
like Mercury's general-purpose filtering rules, but are more specific to the particular task
of content evaluation, allowing unlimited numbers of "and" operations to link conditions
together. Also, unlike general purpose rules, content testing rules are given a "weight":
when all the rules have been processed, the weights of all the rules that were triggered
are added together, and the final result is compared against a predetermined value you
assign. If the combined weight of the message is greater than or equal to your preset
value, the message is regarded as unacceptable. Content rule sets are stored as text files
that can be easily modified using any text editor, or edited from within Mercury’s Con-
tent Control definition editor (the internal editor can handle definition files of any size).
They have a simple syntax that most system administrators should be able to learn in a
very short time.
