advertisement
179
7 Reference of the set of rules statements
7.1
Control structures - if/else statements
The if/else statements are control structures and serve within the rulesets to the control flow. They are a fundamental part of the rules. If a condition is met, an action is executed, otherwise an alternative action is executed. The action to be performed, can only be one command. If multiple commands are to be executed as an action, such individual commands can be summarized in a statement block. A statement block is written within curly braces.
Using if determines which conditions are to be satisfied to perform an action. With else, an alternative action is initiated, if the required if condition is not satisfied. An if/else statement do not have to be terminated by a semicolon. if/else statements can be nested.
Structure o f the co mmand if (condition) { statement block 1;
} or if (condition) { statement block 1;
} else { statement block 2;
}
The if statement determines reason on the return value of the condition for the further course in the program sequence. The condition consists of a single instruction, which has at least one return value.
Statement block 1 is executed only, when the result is po s itiv e. Otherwise, if present, only the statement block 2 is executed.
Example: if (authenticated()) {
} else { createaccount('@CREATEGPGKEYS@'); log(1, 'user account generated');
}
Explanatio n:
The example evaluates the return value of the command authenticated(). If the internal internal
© 2014 SEPPmail AG
180 sender of the email is successfully authenticated, the return value is true, and then proceeding in the program sequence continues without further action. If the authentication was not successful, a user account is created for the sender.
7.2
General commands
Parameters, which are shown in square brackets, e.g. [OLDRECIPIENT] are optional and do not need to be specified. If not specified, a predefined default value or default behavior is applied.
The following variables are available inside the templates:
Variable Des criptio n
$header_from
$from
$header_to
$to
$header_cc
$mailid
$subject
From header
From
To header
To
CC
Message ID
Subject
7.2.1
add_rcpt()
The command add_rcpt() makes it possible to add an additional recipient email address.
Structure o f the co mmand add_rcpt('email address');
The command must be terminated by a semicolon.
This command is used to add an additional recipient email address. The email address is added to the envelope.
The return value is always po s itiv e. This command has one parameter.
»Email address« parameter
This parameter defines an email address that is added as an additional recipient in the envelope.
Example:
© 2014 SEPPmail AG
181 add_rcpt('[email protected]');
Explanatio n:
In this example, an additional recipient is added. At the recipient, the email appears in the inbox as, if it was sent via BCC. The original recipient will not be changed.
7.2.2
authenticated()
The command authenticated() checks the identification status of the sender of the email. The identification status of the sender comprises the identity and authentication.
Structure o f the co mmand authenticated(['header']);
The command must be terminated by a semicolon. The return value of this command is po s itiv e, if the sender has been successfully authenticated, otherwise negativ e. This command has one parameter.
No te:
Authenticated means, that either the user has been authenticated via SMTP, or that the email comes from an email server that has a relay authority. The relay authority is added in the menu »Mail Sy s tem« -> section »Relay ing«.
As a user, the locals Named User will be designated on the appliance.
»header« parameter
If header is specified as a value, the user will be re-authenticated. In addition, the email address of the header's FROM field is used.
Example 1: if (authenticated()) {
} else { createaccount('@CREATEGPGKEYS@'); log(1, 'user account generated');
}
Explanatio n:
This example evaluates the return value of the authenticated(). If the internal sender of the email is successfully authenticated, the return value is true, and operation proceeds without further action in the program sequence. If the authentication was not successful, a user account is created for the sender.
© 2014 SEPPmail AG
182
Example 2: if (authenticated(['header'])) {
} else { createaccount('@CREATEGPGKEYS@'); log(1, 'user account generated');
}
Explanatio n:
This example evaluates the return value of the command authenticated(). If the internal sender of the email is successfully authenticated, the return value is true, and operation proceeds without further action in the program sequence. If the authentication was not successful, a user account is created for the sender.
7.2.3
compare()
The command compare() compares values in header fields.
Structure o f the co mmand compare('Header field', 'Operator', 'Value');
The command must be terminated by a semicolon.
This command compares the contents of the header field parameter with help of the operator parameter with the value parameter.
The return value of this command is po s itiv e, if the parameter value occurs at least once, otherwise negativ e. This command has three parameters.
»Header field« parameter
Specifies the header field, whose content is to be compared against the contents of the parameter's value. All headers in an email can be used as header fields.
Examples o f the »Header field« parameter: return-path from to subject envelope-to etc..
»Operato r« parameter equal : compares for equality
© 2014 SEPPmail AG
183 match : checks analogy of a regular expression substit : is the same as match, but removes the relevant part of value from header field ute
No te:
Coded fields are decoded before comparison. The special characters tabulator, carriage return, line feed and line end are removed before comparison with the equal operator.
»Value« parameter
Specifies the value to compare against. This value can also be a regular expression.
Example 1: compare('x-smenc', 'equal', 'yes');
Explanatio n:
This example checks, if the header field x-smenc includes exactly the value 'yes'. This does not mean, that only the value of 'yes' exists, but that the value 'yes' is included.
Example 2: if (compare('to', 'match', '\@customer\.com')) { tagsubject('[nosign]');
} else {}
Explanatio n:
This example checks for an outgoing email in the header field to with the operator match for the presence of the domain '@customer.com' within the recipient's email address. If the recipient's email address contains the string '@customer.com', then the return value from compare() is true, the tag
'[nosign]' is added in the subject. Depending on the basic configuration of the ruleset, this means, that this email is not signed.
Example 3: compare('subject', 'substitute', '(\s)*\[secure\]');
Explanatio n:
This example checks the subject, header field subject, of an email for the presence of the regular expression '(\s)*\[secure\]'. This expression is evaluated in the string '[secure]'. If this string is found within the subject, it is removed.
© 2014 SEPPmail AG
184
7.2.4
compareattr()
The compareattr() command makes it possible to examine attributes / system variables.
Structure o f the co mmand compareattr('Attribute', 'Operator', 'Value');
The command must be terminated by a semicolon.
This command compares, with the help from the operator, the content of the header field with the value.
The return value is po s itiv e, provided that at least one occurrence exists, otherwise negativ e. The command has three parameters.
»Attribute« parameter
Attribute can address the variable connect_from or variables that have been written with ldap_read() or setuserattr().
»Operato r« parameter
The operator has two different operators to choose from: equal match
: compare identity.
: checked for analogy of a regular expression.
»Value« parameter
Value to be compared against.
Example: if (compareattr('connect_from','equal','172.16.161.1')) {
log(1,'Message comes from 172.16.161.1'); } else {
log(1,'Message does NOT come from 172.16.161.1');
}
Explanatio n:
In this example, it is examined, whether the email to be processed is coming from server specified in an email server. It is evaluated against the system variable connect_from.
© 2014 SEPPmail AG
185
7.2.5
comparebody()
The command comparebody() makes it possible to search through an email for a specified value.
Structure o f the co mmand comparebody('Value');
The command must be terminated by a semicolon.
This command searches the message body of an email for the specified value.
The return value of this command is po s itiv e, if the parameter value occurs at least once, otherwise negativ e. This command has one parameter.
»Value« parameter
The Value parameter defines the search term, that will be sought for in the email. Value has the format of a regular expression.
Example: if (comparebody('(\d{1,3}\.){3}\d{1,3}')) {
log(1, 'Mail contains an IP address');
} else {
log(1, 'Mail does not contain an IP address');
}
Explanatio n:
In this example, the message body of an email is examined for an IP address. If at least one IP address is found, the log entry 'Mail contains an IP address' is written in the system logger. If no IP address is found, the log entry 'Mail does not contain an IP address' is written in the system logger.
7.2.6
disclaimer()
The command disclaimer() adds a text attachment to an existing email.
Structure o f the co mmand disclaimer(['Template'], ['Position'], ['force']);
The command must be terminated by a semicolon.
This command adds a text attachment from the template of an existing email. If an empty string is specified as a template, an attempt is made using the options of the "Managed Do mains " to choose the correct disclaimer. For this purpose, the respective email domains associated disclaimers are evaluated.
© 2014 SEPPmail AG
186
If force is set to true, then each outgoing email is added to a text attachment. This is regardless of whether or not it is in a reply email. If force is not specified, then the »Als o add dis claimer to
replies (in-reply -to header s et) « parameter and »Add dis claimer to all o utgo ing emails « in the »Mail P ro ces s ing« menu -> »Rules et Generato r« section -> pane -> »General Settings « are evaluated. Instead of true, also yes or 1 can be used.
The return value is always po s itiv e. This command has three parameters.
»Template« parameter
Defines the name of the template which is to be used as a text attachment. Templates can be managed in the »Mail P ro ces s ing« menu -> »Edit Dis claimer« section.
»P o s itio n« parameter top bottom
: above the email body
: under the email body
Default : bottom
»fo rce« parameter
This parameter will force adding a text attachment to an outgoing email.
Option to »fo rce« parameter
Possible values: true or yes or 1
Example: disclaimer('', 'bottom', 'yes');
Explanatio n:
In this example, the default text attachment is selected using the options within the »Managed
Do mains « and appended to the end of every email. It does not matter whether or not it is a reply email.
7.2.7
from_managed_domain()
The command from_managed_domain() makes it possible to check, if an email was sent from a sender of a »Managed Do main«.
Structure o f the co mmand from_managed_domain();
The command must be terminated by a semicolon.
© 2014 SEPPmail AG
187
The return value is po s itiv e, if the email was sent from a sender of a »Managed Do main«, otherwise negativ e.
The command has no parameters.
Example: if (from_managed_domain()) {
log('1', 'Email is from managed domain');
} else {
log('1', "Email isn't from managed domain");
}
Explanatio n:
In this example, it is checked whether an email was sent from an email address registered under
»Managed Domains«.
7.2.8
incoming()
The command incoming incoming() makes it possible to determine the delivery destination of an email.
Structure o f the co mmand incoming();
The command must be terminated by a semicolon.
This command verifies, if an email is delivered locally. If all the recipients of the email are not
exclusively local or exclusively non-local, two groups are formed.
No te:
The delivery of an email exclusive locally means, that this email can be forwarded to a recipient who has been defined under »Managed Do mains «. Email to these recipients are viewed as exclusively local recipients and treated by the statement block 1 .
The delivery of an email not exclusively locally means, that the email will be forwarded to an external recipient. This email will be treated as an outgoing email and handled by the statement block 2.
The return value is po s itiv e for the group of local recipients. For the group of non-local recipients, the return value is negativ e. This command has no parameters.
Example: if (incoming()) {
.
Ruleset statements for all emails that can be locally delivered
.
© 2014 SEPPmail AG
188
Statement block 1 - Return value: positive
.
} else {
.
Ruleset statements for all emails, that cannot be locally delivered
.
Statement block 2 - Return value: negative
}
Explanatio n:
In this example, the statement block 1 is executed for an incoming email. For an outgoing email the statement block 2 is executed.
7.2.9
log()
The command log() makes it possible to record a message in the syslog.
Structure o f the co mmand log ('step', 'entry');
The command must be terminated by a semicolon.
This command sends the value of the entry parameter in the system logger. An identifier (message
ID) is attached to the entry in parentheses. The value of the step parameter can take a value from 0 to 7, and determines the importance of the entry.
The recorded log messages can be viewed in the »Lo gs « menu.
The return value is always po s itiv e. This command has two parameters.
»Step« parameter n
0
1
2
3
Significance
Debug
Info
Notice
Warning n
4
5
6
7
Significance
Error
Critical
Alert
Emerg
»Entry « parameter
Enter the text that is to be recorded as a log entry in syslog.
Example:
© 2014 SEPPmail AG
189 log ('1', 'Hello World');
Header of the email:
Date: Fri, 05 Aug 2013 11:40:00 +0200
From: [email protected]
Subject: Some Topic
Content-Type: text/plain;
Message-Id: <E0D4DE42-DCB5-11D7>
Recording in the log:
Aug 05 11:40:04 test gateway: <E0D4DE42-DCB5-11D7> Hello World
Explanatio n:
The string 'Hello World' is recorded with the info priority in the syslog.
7.2.10 logheader()
The command logheader() makes it possible to send the contents of a header to the system logger.
Structure o f the co mmand logheader('HEADER');
The command must be terminated by a semicolon.
This command is used for debugging the processing of email through the RuleEngine. It is sent to the content of the HEADER in the system logger.
The return value is always po s itiv e. This command has no parameters.
Example: logheader('Message-ID');
Explanatio n:
In this example, the contents of the 'Message-ID' header is sent in the system logger.
© 2014 SEPPmail AG
190
7.2.11 normalize_header()
The command normalize_header() makes it possible to replace all special characters in a header by normal ASCII characters.
Structure o f the co mmand normalize_header('HEADER');
The command must be terminated by a semicolon.
This command replaces all special characters in HEADER by normal ASCII characters. Special characters can be, for example, German umlauts like ä, ö, ü or?.
The return value of this command is always po s itiv e. This command has one parameter.
»header« parameter
Specifies the name of the HEADER.
Examples o f the »HEADER« parameter: return-path from to subject envelope-to etc..
Example 1: normalize_header('subject');
Explanatio n:
In this example, the header field of the subject string 'Herr Müller' becomes in the normalized form as 'Herr Mueller'.
Example 2: normalize_header('to');
Explanatio n:
In this example, the header field in the to string '<Bernd Hänsel> [email protected]' becomes in normalized form '<Bernd Haensel> [email protected]'.
© 2014 SEPPmail AG
191
7.2.12 notify()
The command notify() makes it possible to send an email notification regarding an email processed by SEPPmail.
Structure o f the co mmand notify('recipient address', 'Template', ['From: "System Admin"
<[email protected]>;X-MyHeader: Test']);
The command must be terminated by a semicolon.
This command generates an email notification and sends it to the recipient address.
The recipient address can, beside an email address also, be the sender variable for sender email address or the admin variable for the email address of the local administrator.
The appearance of the email is defined by the template.
The third parameter allows you to insert additional own header. Several headers can be separated with » ; «.
The return value is always po s itiv e. This command has three parameters.
»Recipient addres s « parameter
This parameter may include the following values: [email protected]
: email address, e.g. [email protected]
Variables sender admin
: represents the sender address of the processed original email
: represents the email address of the local SEPPmail administrator
No te:
The placeholder admin refers to the local administrator of the appliance. You define this in the »Mail Sy s tem« menu -> »SMTP s ettings « section ->
»P o s tmas ter addres s « parameter.
»Template« parameter
Defines the appearance and content of the email notification. Templates can be managed in the »Mail
P ro ces s ing« menu -> »Edit Dis claimer« section.
»Own Header« parameter
This parameter allows you to define and attach your own header. Several headers can be separated by a semicolon » ; «.
Example o f o wn header:
© 2014 SEPPmail AG
192
From : "System Admin" <[email protected]>
X-MyHeader : MyOwnHeaderValue
Summarized notation of the parameter with multiple additional headers:
'From: "System Admin" <[email protected]>;X-MyHeader: MyOwnHeaderValue'
The subject of an email, defined by the Subject header, cannot be changed. This value is always
Notification and is fixed.
Example 1: notify('sender', 'bounce_noenc', 'From: "System Admin"
<[email protected]>;X-MyHeader: Test');
Explanatio n:
When processing an email, an additional email notification is generated. This is sent to the sender of the processed email. The email address of the sender is available above the variable sender. As message content, the content of the template bounce_noenc is used. There the From header and X-
MyHeader are inserted in addition with the respective values.
Example 2: notify('[email protected]', 'monit_rev', 'From: "System Admin"
<[email protected]>;X-MyHeader: Revision');
Explanatio n:
When processing an email, an additional email notification is generated. This is sent to the email address [email protected]. As message content, the content of the template monit_rev is used. There the From header and X-MyHeader are inserted in addition to the respective values.
7.2.13 replace_rcpt()
The command replace_rcpt() makes it possible to change the recipient of an email.
Structure o f the co mmand replace_rcpt(['OLDRECIPIENT'], 'NEWRECIPIENT');
The command must be terminated by a semicolon.
The recipient of the processed email may be changed depending on the parameters used. Each parameter corresponds to a regular expression, that must provide an email address as a result of an email address or a part of an email address. If the value for the parameter OLDRECIPIENT of the value
© 2014 SEPPmail AG
193
' it is assumed, that this is the original recipient in the email, and ' [email protected]
' is defined for the value of the parameter, and then the email is sent to the new recipient ' [email protected]
'.
Also parts of the two parameters can be described as a regular expression. It can, for example, search for the domain portion within the parameter and this will be replaced by a new value.
Multiple recipients can be separated with » ; « semicolons.
The return value is always po s itiv e. This command has two parameters.
»OLDRECIP IENT« parameter
Regular expression, that describes the original email address or any part thereof.
»NEWRECIP IENT« parameter
Regular expression, that describes the new email address or any part thereof.
Example: replace_rcpt('\@mydomain\.com', '\@customer\.ch');
Explanatio n:
In this example, the parameter OLDRECIPIENT of the domain portion of the original email address of the recipient of the '@mydomain.com' in the value of the parameter NEWRECIPIENT, '@customer.ch', is changed. The part of the email address before the '@' remains thus unchanged. If OLDRECIPIENT is specified, only this recipient or the part of the recipient is adjusted.
If more than one email recipient addresses are present, all the recipient addresses of '@mydomain.
com' to '@mydomain.ch' would be changed.
7.2.14 replace_sender()
The command replace_sender() allows you to change the sender in the envelope of an email.
Structure o f the co mmand replace_sender('new sender', ['subst']);
The command must be terminated by a semicolon.
This command replaces the original sender of an email in the envelope by new_sender. The value for From is not changed. The subst parameter corresponds to a regular expression. If subst is specified, that to subst corresponding part of the original sender is replaced by the value of new_sender .
The return value is always po s itiv e. This command has two parameters.
© 2014 SEPPmail AG
194
»new s ender« parameter
This parameter is the value by which the original sender email address is replaced in the envelope. If subst is specified, the new_sender character string, that is used for the part of the email address, is applied to the subst.
»s ubs t« parameter
Regular expression, that is applied to the original sender email address.
Example 1: replace_sender('[email protected]');
Explanatio n:
In this example, the email address in the envelope of the email, is replaced by ' [email protected]'.
Example 2: replace_sender('@customer.com', '\@customer\.org');
Explanatio n:
In this example, the part of the email address in the envelope of the email will be replaced though the regular expression '\@customer\.org' applied through '@customer.com'.
7.2.15 rmatch()
The command rmatch() makes it possible to check, if a regular expression applies to all recipients.
Structure o f the co mmand rmatch('REGEXP');
The command must be terminated by a semicolon.
The return value of this command is po s itiv e, if the email was successfully tested to contain REGEXP
, otherwise negativ e. This command has one parameter.
»REGEXP « parameter
Defines the regular expression to be tested for.
Example 1:
© 2014 SEPPmail AG
195 if (rmatch('\@customer\.org')) {
notify ('sender', 'info_send_email');
} else {}
Explanatio n:
In this example, it is checked whether the email address of all recipients of an email, has the domain component '@customer.org'. If this is the case, then an email notification is sent to the sender.
Example 2: if (rmatch('\@customer\.org')) {
notify ('sender', 'info_send_email', 'From: "System Admin"
<[email protected]>');
} else {}
Explanatio n:
In this example, it is checked whether the email address of all recipients of an email, have the domain component '@customer.org'. If this is the case, then an email notification is sent to the sender. In addition, a new value is set to the From header.
7.2.16 rmatchsplit()
The command rmatchsplit() makes it possible to split an email with a regular informal term.
Structure o f the co mmand rmatchsplit('REGEXP');
The command must be terminated by a semicolon.
The regular expression is applied to the entire email. This includes all the headers and the entire body of the email. An email will be divided into several groups, if it was successfully tested for the regular expression. A group that matches the regular informal term and another group, that does not match the regular expression. By the regular expression can also a plurality of groups be generated. The command rmatchsplit() is classically used within the if/else control structure.
The return value of this command is po s itiv e, if the email was successfully tested to contain REGEXP
, otherwise negativ e. This command has one parameter.
»REGEXP « parameter
This parameter defines the regular expression, for which the email is checked.
Example: if (rmatchsplit('sales@customer\.com|Invoice')) {
© 2014 SEPPmail AG
196
log(1, 'regex test successful');
} else {
log(1, 'regex test not successful');
}
Explanatio n:
In this example, the email is checked for the presence of the text components sales@customer.
com or Invoice. If one of these textual elements is found within the entire email, then the statement log(1, 'regex test successful') is executed, otherwise the statement log(1, 'regex test not successful') is executed.
7.2.17 rmheader()
The command rmheader() makes it possible to delete a header line in an email.
Structure o f the co mmand rmheader('HEADER');
The command must be terminated by a semicolon.
No te:
If multiple headers with the name HEADER exist, all headers are deleted.
Deletes the header line specified with HEADER in the email.
The return value is always po s itiv e. The command has one parameter.
»Header« parameter
Specifies the header field, that is to be deleted.
Examples o f the »Header field« parameter: return-path from to subject envelope-to etc..
Example: rmheader('X-Greylist');
© 2014 SEPPmail AG
197
Explanatio n:
In this example, all X-Greylist headers are removed.
7.2.18 setheader()
The command setheader() makes it possible to add or to change a header line in an email.
Structure o f the co mmand setheader('HEADER', 'TEXT');
The command must be terminated by a semicolon.
This command adds an email a HEADER with a VALUE. If this header already exists, it will be changed to the specified VALUE.
No te:
If multiple headers with the name HEADER exist, the first respective header found is adapted.
The return value is always po s itiv e. This command has two parameters.
»Header« parameter
Indicates the header field, which is to be added or changed.
Examples o f the parameter »Header field«: return-path from to subject envelope-to etc..
Example 1: setheader('x-smenc','yes');
Explanatio n:
In this example, an additional x-smenc header with the value 'yes' is added to an email.
Example 2:
© 2014 SEPPmail AG
198 setheader('from','[email protected]');
Explanatio n:
In this example, the from header field in an email is changed to the value '[email protected]'.
7.2.19 logsubject()
The command logsubject() makes it possible to monitor the contents of the subject line of an email.
Structure o f the co mmand logsubject();
The command must be terminated by a semicolon.
This command sends the contents of the subject line as log info to the system logger.
The return value is always po s itiv e. This command has no parameters.
7.2.20 tagsubject()
The command tagsubject() makes it possible to attach to the subject of an email a text component.
Structure o f the co mmand tagsubject('TEXT');
The command must be terminated by a semicolon.
The specified TEXT is to be added in the subject line of an email.
The return value is always po s itiv e. This command has one parameter.
»TEXT« parameter
The parameter specifies the text (character string), which is appended to the subject line.
Example: tagsubject('[priv]');
Explanatio n:
© 2014 SEPPmail AG
In this example, the string '[priv]' will be appended to the contents of the subject line of an email.
199
© 2014 SEPPmail AG
200
7.3
User management commands
7.3.1
createaccount()
The command createaccount() makes it possible to create new user accounts.
Structure o f the co mmand createaccount(['KEYS'],['USERID'],['NAME']);
The command must be terminated by a semicolon.
A local user account SEPPmail is designated as user account. This account can be found in the
»Us ers « menu. This command is classically used within an LDAP connection for user management.
The return value of this command is always po s itiv e. This command has three parameters.
»K EYS« parameter
This parameter specifies which keying material is to be generated automatically, when creating the user account. Formatted according to a bit mask in octal notation.
The following values are available:
Bit 0
Bit 1
Bit 2
: generate OpenPGP key pair
: generate S/MIME certificate with own CA
: generate S/MIME certificate via CA Connector
Bit 0: OpenPGP
Bit 1: S/MIME with own CA
Bit 2: S/MIME via CA connector
Value for KEYS
Mask Mask Mask Mask Mask x x x x x
1 3 x
5 x
4 2
»USERID« parameter
This parameter specifies the user's UID.
»NAME« parameter
This parameter specifies the user's name.
No te:
Variables, that were set by ldap_read(), can be used for USERID and NAME.
Special characters in USERID and NAME will be automatically replaced.
© 2014 SEPPmail AG
201
7.3.2
member_of()
The command member_of() makes it possible to examine whether sender is associated to a particular group.
Structure o f the co mmand member_of('group');
The command must be terminated by a semicolon.
A locale SEPPmail group is referred as a group. These groups are managed in the »Gro ups « menu.
The return value is po s itiv e, if the sender is associated with the specified group, otherwise negativ e
. This command has one parameter.
»Gro up« parameter
Defines the name of the group to which the email address of the sender is to be tested for membership.
Example: if (member_of('support')) {
setheader('x-smenc','yes');
} else {}
Explanatio n:
In this example, it is tested whether the sender is member of the 'support' group. If yes, the return value is true, and the command setheader() is executed. If not, return value will be fals e.
7.3.3
setuserattr()
The command setuserattr() makes it possible to store additional information for the current user.
Structure o f the co mmand setuserattr('ATTR', 'VALUE');
The command must be terminated by a semicolon.
It will set an additional variable for the current user. The user must be authenticated.
The return value is always po s itiv e. The command has two parameters.
© 2014 SEPPmail AG
202
No te:
Variables, that have been set through ldap_read() for VALUE, can be used.
It can be used for all the attributes of inetOrgPerson.
The attributes can be displayed in the GUI.
»ATTR« and »VALUE« parameters
The following system attributes are available:
ATTR VALUE accountOptions Bit 0: User must not encrypt
Bit 2: User must not sign
Bit 0: User must not encrypt
Bit 1: not assigned
Bit 2: User must not sign
Value for VALUE
Mark Mask Mask x x
-
1
x
4
x
5
Sn userPassword
Uid
Name of the user
User's password for GUI access
User ID
© 2014 SEPPmail AG
203
7.4
Certificate management commands
7.4.1
attachpgpkey()
The command attachpgpkey() makes it possible to attach the OpenPGP public key of the sender to an email.
Structure o f the co mmand attachpgpkey();
The command must be terminated by a semicolon.
This command attaches the OpenPGP public key of the sender of an email as an attachment.
The return value is always po s itiv e. The command has no parameters.
7.4.2
has_smime_key()
The command has_smime_key() makes it possible to check whether the user has a valid S/MIME private key component.
Structure o f the co mmand has_smime_key();
The command must be terminated by a semicolon.
The return value is po s itiv e, if the user has a valid S/MIME private key component, otherwise
negativ e. The command has no parameters.
No te:
The return value is negative, when the user's S/MIME certificate has just expired.
The return value is negative, when the status of the user is set to »may no t
encry pt«.
7.4.3
smime_create_key()
The command smime_create_key() makes it possible to generate an S/MIME certificate for a user.
Structure o f the co mmand smime_create_key(['SUBJECT']);
© 2014 SEPPmail AG
204
The command must be terminated by a semicolon.
This command generates an S/MIME certificate for a user by the local CA. Optionally, the SUBJECT for the certificate can be specified.
The return value is always po s itiv e. The command has one parameter.
»SUBJECT« parameter
Defines the subject for the generated S/MIME certificate.
Within the SUBJECT, the variable $sender is available. This variable is available for the sender of the email.
Example: smime_create_key('/C=CH/OU=Department/O=Company/emailAddress=$sender');
Explanatio n:
In this example, an S/MIME certificate is generated by the local CA. The optional SUBJECT is also given.
7.4.4
smime_revoke_keys()
The command smime_revoke_keys() makes it possible to revoke all unexpired S/MIME certificates of a user.
Structure o f the co mmand smime_revoke_keys();
The command must be terminated by a semicolon.
The return value is po s itiv e, if all certificates could be revoked or have expired. The return value is
negativ e, if at least one certificate could not be revoked, e.g. because it is an imported certificate.
This command has no parameters.
7.4.5
swisssign_create_key()
The command swisssign_create_key() makes it possible to obtain an S/MIME certificate for a user from the SwissSign certification body.
Structure o f the co mmand swisssign_create_key();
© 2014 SEPPmail AG
The command must be terminated by a semicolon.
This command has no parameters.
205
© 2014 SEPPmail AG
206
7.5
Message handling commands
7.5.1
archive()
The command archive() makes it possible to reprocess an email.
Structure o f the co mmand archive('EMAIL ADDRESS');
The command must be terminated by a semicolon.
The email will be sent within the processing additionally to the EMAIL ADDRESS, or the email will add the EMAIL ADDRESS as an additional recipient.
The return value is always po s itiv e. The command has one parameter.
»EMAIL ADDRESS« parameter
Email address of the additional recipient
Example: archive('[email protected]');
Explanatio n:
In this example, the currently processed email is also sent to the recipient '[email protected]'.
7.5.2
bounce()
The command bounce() makes it possible to refuse the processing of an email.
Structure o f the co mmand bounce('Template', 'Header as an attachment');
The command must be terminated by a semicolon.
This command generates a »Bounce« email and deletes the original email. The appearance of the
»Bounce« email is defined by the template. The sender of this email is »admin«. The email will attach the Header of the original email as a file attachment, when Header attachment has the
Boolean value true. Instead of true, also yes or 1 can be used.
The command has no return value. This command has two parameters.
© 2014 SEPPmail AG
207
No te:
All subsequent commands will be ignored.
This command cannot be the condition of an if/else statement (see chapter
179 ).
»Template« parameter
Defines the template to use. Templates can be managed in the »Mail P ro ces s ing« menu -> »Edit
Dis claimer« section.
»Header as attachment« parameter
Option to the »Header as attachment« parameter
Possible values : true, alternatively yes or 1
Example: bounce('bounce', 'yes');
Explanatio n:
Delivery of the email should be denied and an email to be sent to the sender. The content of the email is defined in the bounce template. The email should be attached to the Header of the undelivered email as an attachment. The statement looks like this:
7.5.3
deliver()
The command deliver() makes it possible to immediately deliver an email.
Structure o f the co mmand deliver(['Mailserver[:Port]'|'loop'|'queueless'|'']);
The command must be terminated by a semicolon.
This command delivers the email from the specified email server / port. If no parameter is specified, the email is delivered to the local mail transport agent (MTA).
No te:
All subsequent commands are ignored.
This command cannot be the condition of an if/else statement (see chapter
179 ).
The return value is always po s itiv e. The parameter has one parameter.
P arameter
© 2014 SEPPmail AG
208
Options for the parameter loop queueless no option
: The email is returned to the mail server from which it was assumed.
: This setting causes, that mails are not stored to individual recipients during the processing. Instead, the incoming connection is acknowledged only, if the outgoing connection has been acknowledged. If the assumption for some recipients are not acknowledged, when sending to multiple recipients, these mails stay briefly on the appliance, until it acknowledged by the receiving mail server.
The command is called without parameters.
Example 1: deliver('relay.customer.com:587');
Explanatio n:
In this example, the email is sent to the specified email server with the destination port TCP/587.
Example 2: deliver();
Explanatio n:
In this example, the email is delivered directly via its own local mail transport agent (MTA).
7.5.4
drop()
The command drop() allows an email to be rejected.
Structure o f the co mmand drop(['CODE'], ['ERROR']);
The command must be terminated by a semicolon.
This command will cause an email to not be processed, and to optionally return an error code.
The command has no return value. The command has two parameters.
No te:
Neither a »Bounce« email to the sender nor a message to the recipient is generated.
All subsequent commands are ignored.
This command cannot be the condition of an if/else statement (see section
179 ).
© 2014 SEPPmail AG
209
Alternative error codes can also be set using CODE and ERROR.
If no parameters are specified, the default error code is returned to the corresponding message text.
Default: CODE = '555', ERROR = 'mail not accepted'
»CODE« parameter
Specifies the error code in the form of a numerical value to, for example, 420
»ERROR« parameter
Returns the error code in the form of a character string, e.g. system temporarily unavailable.
Example: drop('420', 'system temporarily unavailable');
Explanatio n:
The email will be rejected with temporary error »420 system temporarily unavailable«.
7.5.5
reprocess()
The command reprocess() makes it possible to reprocess an email.
Structure o f the co mmand reprocess();
The command must be terminated by a semicolon.
All to an email attached emails are reprocessed and sent back to the sender. This may be necessary, if still encrypted email messages are in a user's inbox. These can be sent to re-decryption to the appliance and might be processed or decrypted.
The command has no return value. This command has no parameters.
No te:
The original Message-ID is removed from the newly decrypted emails.
There will be no »Bounce« email created at the sender.
All subsequent commands will be ignored.
This command cannot be the condition of an if/else statement (see chapter
179 ).
Example:
© 2014 SEPPmail AG
210 if (compare('to', 'match', '(?i)reprocess\@decrypt\.reprocess')) {
log(1, 'reprocess recipient found - Re-injecting attached messages');
reprocess();
drop('220', 'message reprocessed');
} else {}
Explanatio n:
In this example, an internal user sends an encrypted email as an attachment in a non-encrypted email to the system-specific email address [email protected]. The encrypted email, in the attachment is reprocessed, or the email is attempted to be deciphered. It creates a log entry. After running reprocess(), the original email is deleted with drop().
© 2014 SEPPmail AG
211
7.6
Encryption and decryption commands
7.6.1
decrypt_pgp()
The command decrypt_pgp() makes it possible to decrypt PGP-encrypted and signed emails.
Structure o f the co mmand decrypt_pgp();
The command must be terminated by a semicolon.
This command attempts to decrypt all PGP encrypted and signed texts and attachments of an email and to check their signatures.
The return value is po s itiv e, if at least one text or an attachment was decrypted or its signature was successfully verified. Otherwise, the return value is negativ e. This command has no parameters.
7.6.2
decrypt_domain_pgp()
The command decrypt_domain_pgp() makes it possible to decrypt domain encrypted and signed
PGP emails.
Structure o f the co mmand decrypt_domain_pgp();
The command must be terminated by a semicolon.
This command attempts to decrypt all PGP encrypted and signed texts and attachments of an email and to check their signatures, that have been encrypted by the sender via domain encryption.
The return value is po s itiv e, if at least one text or an attachment was decrypted or its signature was successfully verified. Otherwise, the return value is negativ e. This command has no parameters.
7.6.3
domain_pgp_keys_avail()
The command domain_pgp_keys_avail() makes it possible to verify the availability of PGP public domain keys.
Structure o f the co mmand domain_pgp_keys_avail('Usage');
The command must be terminated by a semicolon.
© 2014 SEPPmail AG
212
This command verifies whether email domain PGP public keys in the local certificate store are available to all recipients.
The return value is po s itiv e, if the email domain PGP public keys are available for all recipients present and, if the usage parameter value was specified strict, otherwise the return value is
negativ e. If the value auto is specified for the usage parameter, the receivers are divided into two groups. The group of recipients, for whom the domain PGP public keys are available, receives a
po s itiv e return value. The group of recipients for which no domain PGP public keys are present, receives a negativ e return value.
The command has one parameter.
7.6.4
decrypt_smime()
The command decrypt_smime() makes it possible to decrypt S/MIME encrypted emails.
Structure o f the co mmand decrypt_smime();
The command must be terminated by a semicolon.
This command attempts to decrypt an S/MIME encrypted email.
The return value is po s itiv e, if the email has been decrypted, otherwise negativ e. This command has no parameters.
7.6.5
decrypt_domain_smime()
The command decrypt_domain_smime() makes it possible to decrypt domain encrypted S/MIME emails.
Structure o f the co mmand decrypt_domain_smime();
The command must be terminated by a semicolon.
This command attempts to decrypt a domain encrypted S/MIME email.
The return value is po s itiv e, if the email has been decrypted, otherwise negativ e. This command has no parameters.
7.6.6
domain_smime_keys_avail()
The command domain_smime_keys_avail() makes it possible to check the availability of S/
MIME domain public keys.
Structure o f the co mmand
© 2014 SEPPmail AG
213 domain_smime_keys_avail('Usage');
The command must be terminated by a semicolon.
This command checks if domain S/MIME public keys in the local certificate store are available to all recipients of an email.
The return value is po s itiv e, if the email domain S/MIME public keys are available for all recipients and if the value of the usage parameter was specified strict, otherwise the return value is
negativ e. If the value auto is specified for the Usage parameter, the receivers are divided into two groups. The group of recipients, for whom the domain S/MIME public keys are available, receives a
po s itiv e return value. The group of recipients for whom no domain S/MIME public keys are present, receives a negativ e return value.
The command has one parameter.
7.6.7
delete_smime_sig()
The command delete_smime_sig() makes it possible to delete the S/MIME signature of an email.
Structure o f the co mmand delete_smime_sig();
The command must be terminated by a semicolon.
This command deletes a signature from the signed email.
The return value is po s itiv e, if the email was signed by the S/MIME method. Otherwise, the return value is negativ e. This command has no parameters.
No te:
The validity of the S/MIME signature is not checked.
7.6.8
encrypt_pgp()
The command encrypt_pgp() makes it possible to encrypt and to sign emails by PGP.
Structure o f the co mmand encrypt_pgp('Signature' [, 'Address']);
The command must be terminated by a semicolon.
© 2014 SEPPmail AG
214
This command encrypts all text and attachments of the email. In addition, they are signed, if the signature has the Boolean value true. Instead of true, also yes or 1 can be used. If the address is specified, the PGP public key of this recipient is used to encrypt all emails for all recipients exclusively.
If PGP public keys are not available for all recipients, two groups are formed.
The return value is po s itiv e for the group of recipients, that could be encrypted. For the group of recipients, that could not be encrypted, the return value is negativ e. This command has two parameters.
»Signature« parameter
Option of the »Signature« parameter
Possible values: true or yes or 1
»Addres s « parameter
Email address of the recipient, whose PGP public key is to be used for encryption.
Example: encrypt_pgp('yes', '[email protected]');
Explanatio n:
In this example, it is attempted to encrypt all texts and attachments of an email and to sign as signature to value 'yes'. The PGP public key of the specified recipient address will be used to encrypt. In our case '[email protected]'.
7.6.9
encrypt_domain_pgp()
The command encrypt_domain_pgp() makes it possible to encrypt emails via PGP domain encryption.
Structure o f the co mmand encrypt_domain_pgp();
The command must be terminated by a semicolon.
This command encrypts all texts and attachments of the email via PGP domain encryption. If domain
PGP public keys are not available for all recipients, two groups are formed.
The return value is po s itiv e for the group of recipients that could be encrypted. For the group of recipients that could not be encrypted, the return value is negativ e. This command has no parameters.
© 2014 SEPPmail AG
215
Example: encrypt_domain_pgp();
Explanatio n:
In this example, all texts and systems of an email are attempted to be encrypted via PGP domain encryption.
7.6.10 encrypt_smime()
The command encrypt_smime() makes it possible to encrypt emails via S/MIME.
Structure o f the co mmand encrypt_smime();
The command must be terminated by a semicolon.
This command encrypts an email according to the S/MIME standard. If S/MIME certificates are not available for all recipients, two groups are formed.
The return value is po s itiv e for the group of recipients that could be encrypted. For the group of recipients that could not be encrypted, it is negativ e. This command has no parameters.
7.6.11 encrypt_domain_smime()
The command encrypt_domain_smime()makes it possible to encrypt emails via S/MIME domain encryption.
Structure o f the co mmand encrypt_domain_smime();
The command must be terminated by a semicolon.
This command encrypts all text and attachments in email via S/MIME domain encryption. If domain S/
MIME public keys are not available for all recipients, two groups are formed.
The return value is po s itiv e for the group of recipients that could be encrypted. For the group of recipients that could not be encrypted, the return value is negativ e. This command has no parameters.
Example: encrypt_domain_smime();
© 2014 SEPPmail AG
216
Explanatio n:
In this example all texts and systems of an email are attempted to be encrypted via S/MIME domain encryption.
7.6.12 encrypt_webmail()
The command encrypt_webmail() makes it possible to encrypt an email using the GINA technology.
Structure o f the co mmand encrypt_webmail(['TEMPLATE']);
The command must be terminated by a semicolon.
This command encrypts a message via GINA technology for the delivery address. The encrypted message can then be further processed in the RuleEngine.
Reco mmendatio n:
The GINA sends the message directly with deliver().
The recipient address is taken from the currently processed message.
If TEMPLATE is specified, a special template is used for the GINA message. If not, the template is selected based on the sender address. The template is in this case the applied to GINA profile or applied to the GINA domain called.
The return value is always po s itiv e. The command has one parameter.
»TEMP LATE« parameter
Defines the applied GINA profile or the applied GINA domain.
7.6.13 pgp_encrypted()
The command pgp_encrypted() makes it possible to check an email for PGP encryption.
Structure o f the co mmand pgp_encrypted();
The command must be terminated by a semicolon.
This command checks whether the given email is encrypted with the PGP method.
© 2014 SEPPmail AG
217
The return value is po s itiv e, if the email is PGP encrypted, otherwise negativ e. The command has no parameters.
7.6.14 pgp_keys_avail()
The command pgp_keys_avail() makes it possible to check the availability of PGP public keys.
Structure o f the co mmand pgp_keys_avail('Usage');
The command must be terminated by a semicolon.
This command checks, whether a PGP public key in the local certificate store is available to all recipients of an email.
The return value is po s itiv e, if the email PGP public keys are available for all recipients and the usage parameter for the application was specified strict, otherwise the return value is negativ e. If the auto value specified for the usage parameter, the receivers are divided into two groups. The group of recipients, to whom PGP public keys are available, receives a po s itiv e return value. The group of receivers, to whom no PGP public keys are available, receives a negativ e return value.
The command has one parameter.
7.6.15 pgp_secret_keys_avail()
The command pgp_secret_keys_avail() makes it possible to check the availability of PGP private keys.
Structure o f the co mmand pgp_secret_keys_avail();
The command must be terminated by a semicolon.
This command checks, whether a PGP private key is available to all recipients of an email.
The return value is po s itiv e, if a PGP private keys is available for the sender, otherwise negativ e.
This command has no parameters.
7.6.16 smime_keys_avail()
The command smime_keys_avail() makes it possible to check the availability of S/MIME public keys.
Structure o f the co mmand
© 2014 SEPPmail AG
218 smime_keys_avail('Usage');
The command must be terminated by a semicolon.
This command checks, whether S/MIME public keys are available to all recipients of an email in the local certificate store.
The return value is po s itiv e, if S/MIME public keys are available to all recipients of the email, and for the usage parameter value was specified strict, otherwise the return value is negativ e. If the value auto is specified for the Usage parameter, the receivers are divided into two groups. The group of recipients, to whom the S/MIME public keys are available for, gets a po s itiv e return value.
The group of recipients for which no S/MIME public keys are available receives a negativ e return value.
The command has one parameter.
7.6.17 sign_smime()
The command sign_smime() makes it possible to provide an email with the S/MIME signature of the sender.
Structure o f the co mmand sign_smime();
The command must be terminated by a semicolon.
The return value is po s itiv e, if the message is successfully signed, otherwise negativ e. This command has no parameters.
Example: if (sign_smime()) {
log(1, 'sign smime successful');
} else { }
Explanatio n:
In this example, an email will be provided with the S/MIME signature of the sender. It is further checked, whether this operation was successfully performed. If so, the return value is true and a log info is sent to the system logger.
7.6.18 smime_signed()
The command smime_signed() makes it possible to check an email for the presence of an S/MIME signature.
Structure o f the co mmand
© 2014 SEPPmail AG
219 smime_signed();
The command must be terminated by a semicolon.
This command checks, if the present email is signed with the S/MIME method.
The return value is po s itiv e, if the email S/MIME is signed, otherwise negativ e. This command has no parameters.
7.6.19 smime_encrypted()
The command smime_encrypted() makes it possible to check an email for S/MIME encryption.
Structure o f the co mmand smime_encrypted();
The command must be terminated by a semicolon.
This command checks, whether the present email is encrypted using the S/MIME method.
The return value is po s itiv e, if the email is S/MIME encrypted, otherwise negativ e. This command has no parameters.
7.6.20 validate_smime_sig()
The command validate_smime_sig() makes it possible to examine the S/MIME signature of an email for validity.
Structure o f the co mmand validate_smime_sig('Store vertificate');
The command must be terminated by a semicolon.
This command checks the S/MIME signature of an email for validity. In addition to the signature verification, the certificate can be imported into the certificate store of the appliance, when the store certificate parameter value true is set. Instead of true, also yes or 1 can be used.
The return value is po s itiv e, if all of the following are true:
The email was signed with the S/MIME method.
The email is complete and unchanged.
The email was signed with an S/MIME certificate, that has been issued by a classified trusted
Certificate Authority (CA).
The S/MIME certificate, that is used to attach the signature, is neither listed on one by the
© 2014 SEPPmail AG
220 appliance known "revocation list" (CRL), nor has its expiration date is passed.
If any of the above is not true, the return value is negativ e. This command has one parameter.
»Sav e certificate« parameter
Option of »Sav e certificate« parameter
Possible values: true or yes or 1
Example: if (validate_smime_sig('true')) {
log(1, 'smime signed valid');
} else {
log(1, 'smime signed, but signature invalid');
}
Explanatio n:
In this example, the S/MIME signature of an email will be checked for validity. If the return value from validate_smime_sig() is po s itiv e, then the log entry 'smime signed valid' is written. Otherwise, the log entry 'smime signed, but signature invalid' is written.
7.6.21 webmail_keys_avail()
The command webmail_keys_avail() command allows to check, if a GINA user account is available.
Structure o f the co mmand webmail_keys_avail('Usage');
The command must be terminated by a semicolon.
This command checks, whether a GINA user account is available to all recipients of an email. If the
Usage of the command is strict, the return value is po s itiv e only, if GINA user accounts are available for all recipients. If the Usage is auto, the command divides the recipients into two groups and gives each group the appropriate return value.
This command has one parameter.
7.6.22 webmail_keys_gen()
The command webmail_keys_gen() makes it possible to create GINA user accounts.
Structure o f the co mmand
© 2014 SEPPmail AG
221 webmail_keys_gen(['Recipient address'], ['Password length'],
['NoPwEmailIsSmsSend']);
The command must be terminated by a semicolon.
This command generates a GINA user account and sends the initialization password to the sender of the original email or to a recipient address, if it is specified.
The return value is always positive. The command has three parameters.
»Recipient addres s « parameter
Defines the email address, to which the email with the initialization password should be sent.
»Length o f the pas s wo rd« parameter
Defines the length of the password: 0 for blank password. If the parameter is not specified, the default value will be used. This can be viewed and changed via the configuration interface.
»No P wEmailIs Sms Send« parameter
Option of »No P wEmailIs Sms Send« parameter
Possible values: true or yes or 1
Example: webmail_keys_gen('', '8');
Explanatio n:
In this example, a GINA user account is generated. The sender of the original email will receive an email notification with the initialization password. The password for this GINA user account must have at least 8 characters.
7.6.23 pack_mail()
The pack_mail() command allows to pack an outgoing email for forwarding to a GINA Relay system.
Structure o f the co mmand pack_mail('Email-Addr', ['Domainsignature']);
The command must be terminated by a semicolon.
This command packages an email for forwarding to a GINA relay system. Email Addr defines the email address of the GINA relay system. If the optional domain signature parameter is true, the packed email is also signed. Instead of true, also yes or 1 can be used.
© 2014 SEPPmail AG
222
The return value is po s itiv e if the packing of the email was successful, otherwise negativ e. The command has two parameters.
»Email-Addr« parameter
Defines the email address of the GINA relay systems
»Do mains ignature« parameter
Option for '' »Do mains ignature« parameter
Possible values: true or yes or 1
Example: pack_mail('[email protected]', 'yes');
Explanatio n:
In this example, the outgoing email is packed for forwarding to a GINA relay system. From this, a new email message is generated and sent to the destination email address of the GINA relay system. In addition, this email message is signed with the domain certificate.
7.6.24 unpack_mail()
The command unpack_mail() makes it possible to unpack a packed email for a GINA relay system.
Structure o f the co mmand unpack_mail();
The command must be terminated by a semicolon.
The return value is always po s itiv e. This command has no parameters.
© 2014 SEPPmail AG
223
7.7
LDAP commands (access to external sources)
7.7.1
ldap_compare()
The ldap_compare ldap_compare() makes it possible to compare a value stored in an LDAP directory with a specified attribute.
Structure o f the co mmand ldap_compare('URI;USER;PASSWORD;BASEDN;FILTER', 'ATTR', 'VALUE');
The command must be terminated by a semicolon.
This command establishes a connection to an LDAP server and checks the value of an attribute.
The return value is po s itiv e, if VALUE is present in the attribute, otherwise negativ e. This command has three parameters.
P arameter
P arameter
URI
USER
PASSWORD
BASEDN
FILTER
ATTR
VALUE
Des criptio n
The IP address or the name of the LDAP server. It can be given two comma separated values: In this case, automatic access to the second server, when the first cannot be achieved.
The user, who will be used for accessing
The password of the user
The base DN (distinguished name) for the query
The filter for the query
The attribute, which is to be queried
The value, which should appear in the attribute
Example:
It should be checked, whether the current user of the group belongs to »My group«.
The statement looks like this: ldap_compare('192.168.10.10;CN=Peter Mueller,OU=SBSUsers,OU=Users,
OU=MyBusiness,DC=Firm,DC=local;mypassword;OU=SBSUsers,OU=Users,
OU=MyBusiness,DC=Firm,DC=local;(mail=$sender)','memberOF',Mygroup');
Explanatio n:
© 2014 SEPPmail AG
224
If the specified attribute, or the searched entry does not exist, the return value is negative.
If several entries are found, only the first is evaluated.
If several attributes are to be found, all attributes are evaluated (multi-value).
If none of the specified LDAP servers is reachable, the mail is rejected with a temporary error.
7.7.2
ldap_read
The command ldap_read() makes it possible to read a value stored in an LDAP directory.
Structure o f the co mmand ldap_read('URI;USER;PASSWORD;BASEDN;FILTER' ,'ATTR', 'VAR');
The command must be terminated by a semicolon.
This command establishes a connection to an LDAP server and stores the value of the queried attribute in the variable VAR. The return value is po s itiv e, if a value can be assigned to the variable
VAR , otherwise negativ e. This command has three parameters.
P arameter
P arameter
URI
USER
PASSWORD
BASEDN
FILTER
ATTR
VAR
Des criptio n
The IP address or the name of the LDAP server. You can specify two comma separated values: in this case, the second server is automatically accessed, when the first cannot be acquired.
The user, who will use the access
The password of the user
The Base DN (Distinguished Name) for querying
The filter for the query
The attribute that is to be retrieved
Variable in which the attribute is to be stored
Example:
This is the value of the »name« attribute read from an LDAP directory. This is to be stored in the
»name« variable.
ldap_read('192.168.10.10;CN=Peter Mueller,OU=SBSUsers,OU=Users,
OU=MyBusiness,DC=Firm,DC=local;mypassword;OU=SBSUsers,OU=Users,
OU=MyBusiness,DC=Firm,DC=local; (mail=$sender)','name','name'););
Explanatio n:
© 2014 SEPPmail AG
225
If the specified attribute or searched entry does not exist, the variable is assigned with an empty value.
If multiple entries (objects) are found, only the first is evaluated.
If several attributes are found, all attributes are read and assigned, separated by semicolons ";", to the variable (multi-value attribute).
If none of the specified LDAP servers is reachable, the mail is rejected with a temporary error.
7.7.3
ldap_getcerts()
The command ldap_getcerts() makes it possible to retrieve S/MIME public keys to an LDAP directory service.
Structure o f the co mmand ldap_getcerts('URI;USER;PASSWORD;BASEDN');
The command must be terminated by a semicolon.
This command makes it possible to request S/MIME public key for each recipient of an email with an
LDAP directory service.
The return value is always po s itiv e. This command has one parameter.
P arameter
Example:
URI
USER
: ldap-directory.domain.tld
: User name for logging on to the LDAP directory
PASSWORD : Password to log on to the LDAP directory
BASEDN : ou=pki-participant,dc=pki,dc=domain,dc=tld
P arameter
URI
USER
PASSWORD
BASEDN
Des criptio n
The IP address or the name of the LDAP server. You can specify two comma separated values: in this case, the second server is automatically accessed, when the first cannot be acquired.
The user, who will be used for accessing
The password of the user
The Base DN (Distinguished Name) for querying
Example: ldap_getcerts('ldap-directory.domain.tld;;;ou=pki-participant,dc=pki, dc=domain,dc=tld');
© 2014 SEPPmail AG
226
Explanatio n:
In this example, the S/MIME public key is retrieved with an LDAP directory service for the recipient of an email. Access to this LDAP directory service is public, and therefore no credentials are required.
7.7.4
ldap_getpgpkeys()
The command ldap_getpgpkeys() makes it possible to retrieve PGP public keys with an LDAP directory service.
Structure o f the co mmand ldap_getpgpkeys('URI;USER;PASSWORD;BASEDN');
The command must be terminated by a semicolon.
This command makes it possible to call PGP public key for each recipient of an email with an LDAP directory service.
The return value is always po s itiv e. This command has one parameter.
P arameter
Example:
URI
USER
: ldap-directory.domain.tld
: User name for logging on to the LDAP directory
PASSWORD : Password to log on to the LDAP directory
BASEDN : ou=pki-participant,dc=pki,dc=domain,dc=tld
P arameter
URI
USER
PASSWORD
BASEDN
Des criptio n
The IP address or the name of the LDAP server. It can be specified with two comma separated values: in this case, the second server is automatically accessed, if the first cannot be achieved.
The user, who will be used for accessing
The password of the user
The Base DN (Distinguished Name) for querying
Example: ldap_getpgpkeys('ldap-directory.domain.tld;;;ou=pki-participant,dc=pki, dc=domain,dc=tld');
Explanatio n:
© 2014 SEPPmail AG
227
In this example, the PGP public key for the email recipient is retrieved with an LDAP directory service.
Access to this LDAP directory service is public and therefore no credentials are required.
© 2014 SEPPmail AG
228
7.8
Content management commands
7.8.1
iscalendar()
The command iscalendar() makes it possible to check an email for the presence of the mime type »text/calendar«.
Structure o f the co mmand iscalendar();
The command must be terminated by a semicolon.
The command verifies, whether the email contains the mime type »text/calendar«. If yes, the return value is po s itiv e, otherwise negativ e. This command can be used to prevent emails with calendar entry implications e.g. invitations, appointments, meeting requests becoming signed. Microsoft
Outlook cannot, for example, handle signed calendar entries.
This command has no parameters.
7.8.2
isspam()
The command isspam() makes it possible to check an email for spam.
Structure o f the co mmand isspam('MARKLEVEL', 'TAG', 'REJECTLEVEL');
The command must be terminated by a semicolon.
The return value of this command is always po s itiv e. This command has three parameters.
»MARK LEVEL« parameter
This parameter defines the threshold value, from which an email will be tagged as spam email. For marking the specified TAG will be used.
Range of values
Increment
: 0.5 - 9.5
: 0.5
»TAG« parameter
This parameter defines a word element (TAG) is appended to mark an email as SPAM in the subject.
Example for this parameter: [SPAM]
»REJECTLEVEL« parameter
© 2014 SEPPmail AG
229
This parameter defines the threshold value from which an email is rejected as SPAM.
Range of values
Increment: 0
Example:
: 0.5 - 9.5
.5
isspam('2.5', '[SPAM]', '4.5');
Explanatio n:
In this example, an email is checked for SPAM. The parameter for MARKLEVEL has the value '2 .5 '. If this threshold is reached or exceeded during the SPAM checking, the email will be tagged with the
'[SPAM]' TAG. The TAG is attached to the subject. If the threshold value '4 .5 'for REJECTLEVEL is reached or exceeded, the email is rejected and will not be received.
7.8.3
partoftype()
The command partoftype() makes it possible to determine the file type of email file attachments.
Structure o f the co mmand partoftype('Type', 'Action', 'Check archive content');
The command must be terminated by a semicolon.
This command checks whether the file attachments of an email correspond to a particular Type. The
Action defines, what happens to the data systems, if the test on the Type is positive. The contents of archive files are searched when archive Content check has the Boolean value true. Instead of true can also be used yes or 1.
The return value is always po s itiv e, if the result of at least one check of the file attachments of an email is positive, otherwise it is negativ e. The command has three parameters.
»Ty pe« parameter
More information about the parameter Type can be found in the section
231 .
»Actio n« parameter
For the parameters of Action, the following options are available: info delete
: provides the result for the following commands at your disposal
: additionally removes the file attachment from the email
»Check archiv e co ntents « parameter
Option of »Check archive contents« parameter
© 2014 SEPPmail AG
230
Possible values : true, alternatively yes or 1
Example: partoftype('EXE', 'delete', 'true');
Explanatio n:
In this example, an email is checked for the presence of attachments of the type 'EXE'. If an attachment is found, it is removed from the email. If the email contains an archive file as file attachment, then this is also searched. If the file Type 'EXE' is found inside the archive file, the file is removed from the archive.
7.8.4
vscan()
The vscan() command makes it possible to examine all the data assets of an email for viruses.
Structure o f the co mmand vscan('Email-Addr-for-notification');
The command must be terminated by a semicolon.
This command checks all file attachments of an email for known viruses. If a virus is found, an email notification is sent to Email-Addr-for-notification. A subsequent ruleset command must handle this email on.
The return value is always po s itiv e, if the result of at least one check of the file attachments of an email is positive, otherwise it is negativ e. The command has one parameter.
»Email-Addr-fo r-no tificatio n« parameter
Defines the email address, to which a notification of virus detection will be sent.
Example: vscan('[email protected]');
Explanatio n:
In this example, an email notification is sent to '[email protected]', if a virus was found.
© 2014 SEPPmail AG
231
7.9
File types
7.9.1
List of file types
The following file types can be distinguished:
LHA
LHARC
LWF
MPEG.L3
MPEG.SYS
MPEG.VID
MS.ASF
MS.OFF
MS.XLS
NIFF
PBMPLUS
PCX
PNG
RAR
RIFF.ANI
ID
BMP
BZIP
CAB
COM
EMF
EXE
FAX
GIF
GZIP
ICO
ISO9660
JPEG
JPG2000
RIFF.AVI
RIFF.DIB
RIFF.MID
RIFF.MMF
RIFF.WAV
RTF
TAR
Des criptio n
PC Bitmap
BZIP Compressed
Microsoft CAB file
MSDOS Computable
Enhanced Windows Metafile
MSDOS Executable
G3 Fax
GIF Image
GZIP Compressed
Windows Icon
ISO 9660 CD-ROM
JPEG Image
JPEG 2000 Image
LHa 2.x? Archive
LHarc 1.x Archive
LuraWave Image
MPEG Layer 3
MPEG System Stream
MPEG Video
Microsoft ASF
MS Office document
MS Excel 5.0 Worksheet
NIFF Image
PBMPLUS Bitmap
Z-Soft Image
PDF Document
PNG Image
RAR Archive
MS RIFF Animated Cursor
MS RIFF Audio Video Interleave
MS RIFF DIB Bitmap
MS RIFF MIDI File
MS RIFF Multimedia Movie
MS RIFF Wave Audio
Rich Text Format
TAR Archive
© 2014 SEPPmail AG
232
ID
TARGA
TIFF
ZIP
ZOO
Li s t o f fi le ty p es
Des criptio n
TARGA Bitmap
TIFF Image
PKZIP Archive
Zoo Archive
© 2014 SEPPmail AG
233
7.9.2
Groups of file types
The following groups of file types can be distinguished:
ID
ARCHIVES
EXE
FS
IMAGES
MEDIA
Des criptio n
Archive files
Executable files
File systems
Pictures
Multimedia
Co ntained file ty pes
ZIP ZIP.SFX RAR LHARC LHA SQUISH UC2 ZOO TAR CAB
BZIP GZIP
EXE.PE EXE COM
ISO9660 HISIERRA
JPEG BMP TIFF PNG GIF TARGA PBMPLUS NIFF FAX PCX
LWF ICO JPG2000 EMF
RIFF.WAV RIFF.AVI RIFF.ANI RIFF.MID RIFF.MMF RIFF.DIB
RIFF RIFX MPEG.VID MPEG.SYS MPEG.L3 MS.ASF
OFFICE
Gr o up s o f fi le ty p es
Office documents RTF PDF MS.OFF MS.XLS
© 2014 SEPPmail AG
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement
Table of contents
- 7 Foreword
- 8 Introduction
- 9 Secure email communication through encryption
- 11 Digital email signatures
- 11 Central Business Email Disclaimer
- 12 Email content check by Virus, Spam and Phishing Protection (VSPP)
- 12 Compatibility with other secure email systems
- 12 Remote administration using a web portal
- 13 Commissioning of the Secure Email Gateway Appliance
- 13 Before starting
- 13 Integration of the appliance in your email environment (default configuration)
- 15 Required information for commissioning
- 17 Connecting SEPPmail appliance
- 17 Setting up Firewall / Router
- 19 Network settings and System Registration
- 19 Setting up installation PC
- 20 Logging in as Administrator
- 20 Network settings of the SEPPmail appliance
- 21 Assigning host and domain names
- 21 Checking the network configuration
- 22 Bringing the system to the latest version
- 22 Registering the system
- 23 Important safety measures
- 23 Changing Administrator Password
- 23 Setting the HTTPS protocol for secure access to the system
- 23 Creating backup user
- 24 Next steps
- 24 Converting email data flow
- 26 Using email clients
- 27 Microsoft Outlook Add-In
- 27 Introduction
- 27 System requirements
- 28 Download
- 28 Installation
- 29 Installation with a user interface
- 31 Installation without a user interface
- 32 Uninstallation of Microsoft Outlook Add-In
- 33 Registry entries of the Microsoft Outlook Add-In
- 33 HKEY_LOCAL_MACHINE
- 35 HKEY_CURRENT_USER
- 36 Sending emails
- 37 SEPPmail - IronPort connection
- 40 Reference of the menu items
- 40 Configuration Overview
- 41 "Login" menu item
- 42 "Home" menu item
- 44 "System" menu item
- 44 Overview of "System" menu item
- 50 Forwarding email logs to a central syslog server
- 50 Setting the date and time and setting up NTP synchronization
- 51 Enabling SNMP
- 52 Menu item "Mail System"
- 52 Overview of the "Mail System" menu item
- 58 Setting up for managing email domains
- 58 Controlling outgoing email traffic
- 58 Setting up per domain TLS encryption
- 61 SMTP settings
- 61 Mail Relaying
- 62 Anti-spam settings
- 63 Managing Blacklists / Whitelists
- 65 "Mail Processing" menu item
- 65 GINA web mail interface
- 66 Creating GINA domains
- 66 Deleting GINA domains
- 66 Managing GINA Domains
- 72 Managing GINA Layout
- 75 Managing GINA language support
- 78 GINA self registration through web mail portal
- 79 Managing GINA Accounts
- 80 GINA Self Service Password Management
- 80 GINA internal encryption
- 81 GINA S/MIME and PGP key search via GINA Portal
- 82 Managing rules for the processing of GINA messages
- 84 Managing GINA SMS password transmission
- 87 Managing Disclaimer
- 88 Managing email templates (Templates)
- 89 Managing rulesets
- 102 Viewing and loading rulesets
- 103 "SSL" menu item
- 103 Creating self SSL device certificate
- 105 Requesting SSL device certificate from a public CA
- 106 Using existing SSL Device Certificate
- 106 Backing up SSL device Certificate
- 108 "CA" menu item
- 108 Managing internal CA settings
- 109 Setting up CA certificate
- 109 Securing CA certificate
- 109 Setting up a connection to the external CA S-Trust
- 110 Setting up a connection to the external CA Signtrust
- 110 Setting up a connection to the external CA SwissSign
- 112 "Administration" menu item
- 112 Registering SEPPmail appliance
- 112 Importing license file
- 113 Checking appliance for available updates
- 114 Backup and restore settings of the appliance
- 115 Rebooting or shutting down the appliance
- 116 Reseting the appliance to factory settings
- 116 Import existing user or key
- 117 Establishing Outgoing Support Connection
- 118 "Cluster" menu item
- 118 General
- 118 High Availability Cluster
- 121 Load Balancing Cluster
- 127 Geo Cluster
- 128 Frontend-Backend Cluster
- 129 Setting up a Cluster Configuration
- 131 Overview
- 131 Safety notes
- 133 Configuration of the VMware ESX environment
- 134 Setting up the basic settings of a SEPPmail system
- 134 Setting up the SEPPmail cluster systems
- 134 Downloading cluster identification
- 136 Setting up SEPPmail cluster
- 139 Setting up High Availability Cluster
- 141 Setting up Load Balancing cluster
- 143 Setting up Geo Cluster
- 143 Setting up Frontend-Backend cluster
- 145 "Logs" menu item
- 147 Viewing email messages in the queue
- 148 "Statistics" menu item
- 151 "Users" menu item
- 151 Overview of the "Users" menu item
- 151 Creating internal user
- 152 Managing Internal Users
- 156 "Groups" menu item
- 156 Overview of the "Groups" menu item
- 158 Creating groups
- 158 Managing groups
- 158 Assigning and removing users
- 160 "GINA accounts" menu item
- 160 Overview of the "GINA accounts" menu item
- 162 Blocking GINA user accounts
- 162 Removing GINA user accounts
- 162 Managing GINA user accounts
- 166 "PGP public keys" menu item
- 166 Overview of the "PGP public keys" menu item
- 166 Importing OpenPGP key
- 166 Downloading or deleting OpenPGP key
- 167 "X.509 Certificates" menu item
- 167 Overview of the "X.509 Certificates" menu item
- 167 Importing S/MIME user certificate
- 168 Downloading or deleting S/MIME user certificate
- 169 "X.509 Root Certificates" menu item
- 169 Overview of the "X.509 Root Certificates" menu item
- 170 Importing X.509 root certificates
- 170 Downloading and deleting X.509 root certificates
- 171 Trusting X.509 root certificates
- 171 Automatically importing X.509 root certificates
- 172 "Domain keys" menu item
- 172 Overview of the "Domain Keys" menu item
- 173 Importing OpenPGP domain keys
- 173 Downloading or deleting OpenPGP domain keys
- 174 Importing S/MIME domain keys
- 174 Downloading or deleting S/MIME domain keys
- 174 Managing domain keys
- 175 "Customers" menu item
- 176 Creating new customers
- 176 Managing existing customers
- 178 Deleting existing customers
- 179 Reference of the set of rules statements
- 179 Control structures - if/else statements
- 180 General commands
- 180 add_rcpt()
- 181 authenticated()
- 182 compare()
- 184 compareattr()
- 185 comparebody()
- 185 disclaimer()
- 186 from_managed_domain()
- 187 incoming()
- 188 log()
- 189 logheader()
- 190 normalize_header()
- 191 notify()
- 192 replace_rcpt()
- 193 replace_sender()
- 194 rmatch()
- 195 rmatchsplit()
- 196 rmheader()
- 197 setheader()
- 198 logsubject()
- 198 tagsubject()
- 200 User management commands
- 200 createaccount()
- 201 member_of()
- 201 setuserattr()
- 203 Certificate management commands
- 203 attachpgpkey()
- 203 has_smime_key()
- 203 smime_create_key()
- 204 smime_revoke_keys()
- 204 swisssign_create_key()
- 206 Message handling commands
- 206 archive()
- 206 bounce()
- 207 deliver()
- 208 drop()
- 209 reprocess()
- 211 Encryption and decryption commands
- 211 decrypt_pgp()
- 211 decrypt_domain_pgp()
- 211 domain_pgp_keys_avail()
- 212 decrypt_smime()
- 212 decrypt_domain_smime()
- 212 domain_smime_keys_avail()
- 213 delete_smime_sig()
- 213 encrypt_pgp()
- 214 encrypt_domain_pgp()
- 215 encrypt_smime()
- 215 encrypt_domain_smime()
- 216 encrypt_webmail()
- 216 pgp_encrypted()
- 217 pgp_keys_avail()
- 217 pgp_secret_keys_avail()
- 217 smime_keys_avail()
- 218 sign_smime()
- 218 smime_signed()
- 219 smime_encrypted()
- 219 validate_smime_sig()
- 220 webmail_keys_avail()
- 220 webmail_keys_gen()
- 221 pack_mail()
- 222 unpack_mail()
- 223 LDAP commands (access to external sources)
- 223 ldap_compare()
- 224 ldap_read
- 225 ldap_getcerts()
- 226 ldap_getpgpkeys()
- 228 Content management commands
- 228 iscalendar()
- 228 isspam()
- 229 partoftype()
- 230 vscan()
- 231 File types
- 231 List of file types
- 233 Groups of file types