SEPPmail User Manual

179

7 Reference of the set of rules statements

7.1

Control structures - if/else statements

The if/else statements are control structures and serve within the rulesets to the control flow. They are a fundamental part of the rules. If a condition is met, an action is executed, otherwise an alternative action is executed. The action to be performed, can only be one command. If multiple commands are to be executed as an action, such individual commands can be summarized in a statement block. A statement block is written within curly braces.

Using if determines which conditions are to be satisfied to perform an action. With else, an alternative action is initiated, if the required if condition is not satisfied. An if/else statement do not have to be terminated by a semicolon. if/else statements can be nested.

Structure o f the co mmand if (condition) { statement block 1;

} or if (condition) { statement block 1;

} else { statement block 2;

}

The if statement determines reason on the return value of the condition for the further course in the program sequence. The condition consists of a single instruction, which has at least one return value.

Statement block 1 is executed only, when the result is po s itiv e. Otherwise, if present, only the statement block 2 is executed.

Example: if (authenticated()) {

} else { createaccount('@CREATEGPGKEYS@'); log(1, 'user account generated');

}

Explanatio n:

The example evaluates the return value of the command authenticated(). If the internal internal

© 2014 SEPPmail AG

180 sender of the email is successfully authenticated, the return value is true, and then proceeding in the program sequence continues without further action. If the authentication was not successful, a user account is created for the sender.

7.2

General commands

Parameters, which are shown in square brackets, e.g. [OLDRECIPIENT] are optional and do not need to be specified. If not specified, a predefined default value or default behavior is applied.

The following variables are available inside the templates:

Variable Des criptio n

$header_from

$from

$header_to

$to

$header_cc

$mailid

$subject

From header

From

To header

To

CC

Message ID

Subject

7.2.1

add_rcpt()

The command add_rcpt() makes it possible to add an additional recipient email address.

Structure o f the co mmand add_rcpt('email address');

The command must be terminated by a semicolon.

This command is used to add an additional recipient email address. The email address is added to the envelope.

The return value is always po s itiv e. This command has one parameter.

»Email address« parameter

This parameter defines an email address that is added as an additional recipient in the envelope.

Example:

© 2014 SEPPmail AG

181 add_rcpt('[email protected]');

Explanatio n:

In this example, an additional recipient is added. At the recipient, the email appears in the inbox as, if it was sent via BCC. The original recipient will not be changed.

7.2.2

authenticated()

The command authenticated() checks the identification status of the sender of the email. The identification status of the sender comprises the identity and authentication.

Structure o f the co mmand authenticated(['header']);

The command must be terminated by a semicolon. The return value of this command is po s itiv e, if the sender has been successfully authenticated, otherwise negativ e. This command has one parameter.

No te:

Authenticated means, that either the user has been authenticated via SMTP, or that the email comes from an email server that has a relay authority. The relay authority is added in the menu »Mail Sy s tem« -> section »Relay ing«.

As a user, the locals Named User will be designated on the appliance.

»header« parameter

If header is specified as a value, the user will be re-authenticated. In addition, the email address of the header's FROM field is used.

Example 1: if (authenticated()) {


}

Explanatio n:

This example evaluates the return value of the authenticated(). If the internal sender of the email is successfully authenticated, the return value is true, and operation proceeds without further action in the program sequence. If the authentication was not successful, a user account is created for the sender.

© 2014 SEPPmail AG

182

Example 2: if (authenticated(['header'])) {


}

Explanatio n:

This example evaluates the return value of the command authenticated(). If the internal sender of the email is successfully authenticated, the return value is true, and operation proceeds without further action in the program sequence. If the authentication was not successful, a user account is created for the sender.

7.2.3

compare()

The command compare() compares values in header fields.

Structure o f the co mmand compare('Header field', 'Operator', 'Value');


This command compares the contents of the header field parameter with help of the operator parameter with the value parameter.

The return value of this command is po s itiv e, if the parameter value occurs at least once, otherwise negativ e. This command has three parameters.

»Header field« parameter

Specifies the header field, whose content is to be compared against the contents of the parameter's value. All headers in an email can be used as header fields.

Examples o f the »Header field« parameter: return-path from to subject envelope-to etc..

»Operato r« parameter equal : compares for equality

© 2014 SEPPmail AG

183 match : checks analogy of a regular expression substit : is the same as match, but removes the relevant part of value from header field ute

No te:

Coded fields are decoded before comparison. The special characters tabulator, carriage return, line feed and line end are removed before comparison with the equal operator.

»Value« parameter

Specifies the value to compare against. This value can also be a regular expression.

Example 1: compare('x-smenc', 'equal', 'yes');

Explanatio n:

This example checks, if the header field x-smenc includes exactly the value 'yes'. This does not mean, that only the value of 'yes' exists, but that the value 'yes' is included.

Example 2: if (compare('to', 'match', '\@customer\.com')) { tagsubject('[nosign]');

} else {}

Explanatio n:

This example checks for an outgoing email in the header field to with the operator match for the presence of the domain '@customer.com' within the recipient's email address. If the recipient's email address contains the string '@customer.com', then the return value from compare() is true, the tag

'[nosign]' is added in the subject. Depending on the basic configuration of the ruleset, this means, that this email is not signed.

Example 3: compare('subject', 'substitute', '(\s)*\[secure\]');

Explanatio n:

This example checks the subject, header field subject, of an email for the presence of the regular expression '(\s)*\[secure\]'. This expression is evaluated in the string '[secure]'. If this string is found within the subject, it is removed.

© 2014 SEPPmail AG

184

7.2.4

compareattr()

The compareattr() command makes it possible to examine attributes / system variables.

Structure o f the co mmand compareattr('Attribute', 'Operator', 'Value');


This command compares, with the help from the operator, the content of the header field with the value.

The return value is po s itiv e, provided that at least one occurrence exists, otherwise negativ e. The command has three parameters.

»Attribute« parameter

Attribute can address the variable connect_from or variables that have been written with ldap_read() or setuserattr().

»Operato r« parameter

The operator has two different operators to choose from: equal match

: compare identity.

: checked for analogy of a regular expression.


Value to be compared against.

Example: if (compareattr('connect_from','equal','172.16.161.1')) {

log(1,'Message comes from 172.16.161.1'); } else {

log(1,'Message does NOT come from 172.16.161.1');

}

Explanatio n:

In this example, it is examined, whether the email to be processed is coming from server specified in an email server. It is evaluated against the system variable connect_from.

© 2014 SEPPmail AG

185

7.2.5

comparebody()

The command comparebody() makes it possible to search through an email for a specified value.

Structure o f the co mmand comparebody('Value');


This command searches the message body of an email for the specified value.

The return value of this command is po s itiv e, if the parameter value occurs at least once, otherwise negativ e. This command has one parameter.


The Value parameter defines the search term, that will be sought for in the email. Value has the format of a regular expression.

Example: if (comparebody('(\d{1,3}\.){3}\d{1,3}')) {

log(1, 'Mail contains an IP address');

} else {

log(1, 'Mail does not contain an IP address');

}

Explanatio n:

In this example, the message body of an email is examined for an IP address. If at least one IP address is found, the log entry 'Mail contains an IP address' is written in the system logger. If no IP address is found, the log entry 'Mail does not contain an IP address' is written in the system logger.

7.2.6

disclaimer()

The command disclaimer() adds a text attachment to an existing email.

Structure o f the co mmand disclaimer(['Template'], ['Position'], ['force']);


This command adds a text attachment from the template of an existing email. If an empty string is specified as a template, an attempt is made using the options of the "Managed Do mains " to choose the correct disclaimer. For this purpose, the respective email domains associated disclaimers are evaluated.

© 2014 SEPPmail AG

186

If force is set to true, then each outgoing email is added to a text attachment. This is regardless of whether or not it is in a reply email. If force is not specified, then the »Als o add dis claimer to

replies (in-reply -to header s et) « parameter and »Add dis claimer to all o utgo ing emails « in the »Mail P ro ces s ing« menu -> »Rules et Generato r« section -> pane -> »General Settings « are evaluated. Instead of true, also yes or 1 can be used.

The return value is always po s itiv e. This command has three parameters.

»Template« parameter

Defines the name of the template which is to be used as a text attachment. Templates can be managed in the »Mail P ro ces s ing« menu -> »Edit Dis claimer« section.

»P o s itio n« parameter top bottom

: above the email body

: under the email body

Default : bottom

»fo rce« parameter

This parameter will force adding a text attachment to an outgoing email.

Option to »fo rce« parameter

Possible values: true or yes or 1

Example: disclaimer('', 'bottom', 'yes');

Explanatio n:

In this example, the default text attachment is selected using the options within the »Managed

Do mains « and appended to the end of every email. It does not matter whether or not it is a reply email.

7.2.7

from_managed_domain()

The command from_managed_domain() makes it possible to check, if an email was sent from a sender of a »Managed Do main«.

Structure o f the co mmand from_managed_domain();


© 2014 SEPPmail AG

187

The return value is po s itiv e, if the email was sent from a sender of a »Managed Do main«, otherwise negativ e.

The command has no parameters.

Example: if (from_managed_domain()) {

log('1', 'Email is from managed domain');

} else {

log('1', "Email isn't from managed domain");

}

Explanatio n:

In this example, it is checked whether an email was sent from an email address registered under

»Managed Domains«.

7.2.8

incoming()

The command incoming incoming() makes it possible to determine the delivery destination of an email.

Structure o f the co mmand incoming();


This command verifies, if an email is delivered locally. If all the recipients of the email are not

exclusively local or exclusively non-local, two groups are formed.

No te:

The delivery of an email exclusive locally means, that this email can be forwarded to a recipient who has been defined under »Managed Do mains «. Email to these recipients are viewed as exclusively local recipients and treated by the statement block 1 .

The delivery of an email not exclusively locally means, that the email will be forwarded to an external recipient. This email will be treated as an outgoing email and handled by the statement block 2.

The return value is po s itiv e for the group of local recipients. For the group of non-local recipients, the return value is negativ e. This command has no parameters.

Example: if (incoming()) {

.

Ruleset statements for all emails that can be locally delivered

.

© 2014 SEPPmail AG

188

Statement block 1 - Return value: positive

.

} else {

.

Ruleset statements for all emails, that cannot be locally delivered

.

Statement block 2 - Return value: negative

}

Explanatio n:

In this example, the statement block 1 is executed for an incoming email. For an outgoing email the statement block 2 is executed.

7.2.9

log()

The command log() makes it possible to record a message in the syslog.

Structure o f the co mmand log ('step', 'entry');


This command sends the value of the entry parameter in the system logger. An identifier (message

ID) is attached to the entry in parentheses. The value of the step parameter can take a value from 0 to 7, and determines the importance of the entry.

The recorded log messages can be viewed in the »Lo gs « menu.

The return value is always po s itiv e. This command has two parameters.

»Step« parameter n

0

1

2

3

Significance

Debug

Info

Notice

Warning n

4

5

6

7

Significance

Error

Critical

Alert

Emerg

»Entry « parameter

Enter the text that is to be recorded as a log entry in syslog.

Example:

© 2014 SEPPmail AG

189 log ('1', 'Hello World');

Header of the email:

Date: Fri, 05 Aug 2013 11:40:00 +0200

From: [email protected]

To: [email protected]

Subject: Some Topic

Content-Type: text/plain;

Message-Id: <E0D4DE42-DCB5-11D7>

Recording in the log:

Aug 05 11:40:04 test gateway: <E0D4DE42-DCB5-11D7> Hello World

Explanatio n:

The string 'Hello World' is recorded with the info priority in the syslog.

7.2.10 logheader()

The command logheader() makes it possible to send the contents of a header to the system logger.

Structure o f the co mmand logheader('HEADER');


This command is used for debugging the processing of email through the RuleEngine. It is sent to the content of the HEADER in the system logger.

The return value is always po s itiv e. This command has no parameters.

Example: logheader('Message-ID');

Explanatio n:

In this example, the contents of the 'Message-ID' header is sent in the system logger.

© 2014 SEPPmail AG

190

7.2.11 normalize_header()

The command normalize_header() makes it possible to replace all special characters in a header by normal ASCII characters.

Structure o f the co mmand normalize_header('HEADER');


This command replaces all special characters in HEADER by normal ASCII characters. Special characters can be, for example, German umlauts like ä, ö, ü or?.

The return value of this command is always po s itiv e. This command has one parameter.

»header« parameter

Specifies the name of the HEADER.

Examples o f the »HEADER« parameter: return-path from to subject envelope-to etc..

Example 1: normalize_header('subject');

Explanatio n:

In this example, the header field of the subject string 'Herr Müller' becomes in the normalized form as 'Herr Mueller'.

Example 2: normalize_header('to');

Explanatio n:

In this example, the header field in the to string '<Bernd Hänsel> [email protected]' becomes in normalized form '<Bernd Haensel> [email protected]'.

© 2014 SEPPmail AG

191

7.2.12 notify()

The command notify() makes it possible to send an email notification regarding an email processed by SEPPmail.

Structure o f the co mmand notify('recipient address', 'Template', ['From: "System Admin"

<[email protected]>;X-MyHeader: Test']);


This command generates an email notification and sends it to the recipient address.

The recipient address can, beside an email address also, be the sender variable for sender email address or the admin variable for the email address of the local administrator.

The appearance of the email is defined by the template.

The third parameter allows you to insert additional own header. Several headers can be separated with » ; «.

The return value is always po s itiv e. This command has three parameters.

»Recipient addres s « parameter

This parameter may include the following values: [email protected]

: email address, e.g. [email protected]

Variables sender admin

: represents the sender address of the processed original email

: represents the email address of the local SEPPmail administrator

No te:

The placeholder admin refers to the local administrator of the appliance. You define this in the »Mail Sy s tem« menu -> »SMTP s ettings « section ->

»P o s tmas ter addres s « parameter.


Defines the appearance and content of the email notification. Templates can be managed in the »Mail

P ro ces s ing« menu -> »Edit Dis claimer« section.

»Own Header« parameter

This parameter allows you to define and attach your own header. Several headers can be separated by a semicolon » ; «.

Example o f o wn header:

© 2014 SEPPmail AG

192

From : "System Admin" <[email protected]>

X-MyHeader : MyOwnHeaderValue

Summarized notation of the parameter with multiple additional headers:

'From: "System Admin" <[email protected]>;X-MyHeader: MyOwnHeaderValue'

The subject of an email, defined by the Subject header, cannot be changed. This value is always

Notification and is fixed.

Example 1: notify('sender', 'bounce_noenc', 'From: "System Admin"

<[email protected]>;X-MyHeader: Test');

Explanatio n:

When processing an email, an additional email notification is generated. This is sent to the sender of the processed email. The email address of the sender is available above the variable sender. As message content, the content of the template bounce_noenc is used. There the From header and X-

MyHeader are inserted in addition with the respective values.

Example 2: notify('[email protected]', 'monit_rev', 'From: "System Admin"

<[email protected]>;X-MyHeader: Revision');

Explanatio n:

When processing an email, an additional email notification is generated. This is sent to the email address [email protected]. As message content, the content of the template monit_rev is used. There the From header and X-MyHeader are inserted in addition to the respective values.

7.2.13 replace_rcpt()

The command replace_rcpt() makes it possible to change the recipient of an email.

Structure o f the co mmand replace_rcpt(['OLDRECIPIENT'], 'NEWRECIPIENT');


The recipient of the processed email may be changed depending on the parameters used. Each parameter corresponds to a regular expression, that must provide an email address as a result of an email address or a part of an email address. If the value for the parameter OLDRECIPIENT of the value

© 2014 SEPPmail AG

193

' [email protected]

' it is assumed, that this is the original recipient in the email, and ' [email protected]

' is defined for the value of the parameter, and then the email is sent to the new recipient ' [email protected]

'.

Also parts of the two parameters can be described as a regular expression. It can, for example, search for the domain portion within the parameter and this will be replaced by a new value.

Multiple recipients can be separated with » ; « semicolons.


»OLDRECIP IENT« parameter

Regular expression, that describes the original email address or any part thereof.

»NEWRECIP IENT« parameter

Regular expression, that describes the new email address or any part thereof.

Example: replace_rcpt('\@mydomain\.com', '\@customer\.ch');

Explanatio n:

In this example, the parameter OLDRECIPIENT of the domain portion of the original email address of the recipient of the '@mydomain.com' in the value of the parameter NEWRECIPIENT, '@customer.ch', is changed. The part of the email address before the '@' remains thus unchanged. If OLDRECIPIENT is specified, only this recipient or the part of the recipient is adjusted.

If more than one email recipient addresses are present, all the recipient addresses of '@mydomain.

com' to '@mydomain.ch' would be changed.

7.2.14 replace_sender()

The command replace_sender() allows you to change the sender in the envelope of an email.

Structure o f the co mmand replace_sender('new sender', ['subst']);


This command replaces the original sender of an email in the envelope by new_sender. The value for From is not changed. The subst parameter corresponds to a regular expression. If subst is specified, that to subst corresponding part of the original sender is replaced by the value of new_sender .


© 2014 SEPPmail AG

194

»new s ender« parameter

This parameter is the value by which the original sender email address is replaced in the envelope. If subst is specified, the new_sender character string, that is used for the part of the email address, is applied to the subst.

»s ubs t« parameter

Regular expression, that is applied to the original sender email address.

Example 1: replace_sender('[email protected]');

Explanatio n:

In this example, the email address in the envelope of the email, is replaced by ' [email protected]'.

Example 2: replace_sender('@customer.com', '\@customer\.org');

Explanatio n:

In this example, the part of the email address in the envelope of the email will be replaced though the regular expression '\@customer\.org' applied through '@customer.com'.

7.2.15 rmatch()

The command rmatch() makes it possible to check, if a regular expression applies to all recipients.

Structure o f the co mmand rmatch('REGEXP');


The return value of this command is po s itiv e, if the email was successfully tested to contain REGEXP

, otherwise negativ e. This command has one parameter.

»REGEXP « parameter

Defines the regular expression to be tested for.

Example 1:

© 2014 SEPPmail AG

195 if (rmatch('\@customer\.org')) {

notify ('sender', 'info_send_email');

} else {}

Explanatio n:

In this example, it is checked whether the email address of all recipients of an email, has the domain component '@customer.org'. If this is the case, then an email notification is sent to the sender.

Example 2: if (rmatch('\@customer\.org')) {

notify ('sender', 'info_send_email', 'From: "System Admin"

<[email protected]>');

} else {}

Explanatio n:

In this example, it is checked whether the email address of all recipients of an email, have the domain component '@customer.org'. If this is the case, then an email notification is sent to the sender. In addition, a new value is set to the From header.

7.2.16 rmatchsplit()

The command rmatchsplit() makes it possible to split an email with a regular informal term.

Structure o f the co mmand rmatchsplit('REGEXP');


The regular expression is applied to the entire email. This includes all the headers and the entire body of the email. An email will be divided into several groups, if it was successfully tested for the regular expression. A group that matches the regular informal term and another group, that does not match the regular expression. By the regular expression can also a plurality of groups be generated. The command rmatchsplit() is classically used within the if/else control structure.

The return value of this command is po s itiv e, if the email was successfully tested to contain REGEXP

, otherwise negativ e. This command has one parameter.

»REGEXP « parameter

This parameter defines the regular expression, for which the email is checked.

Example: if (rmatchsplit('sales@customer\.com|Invoice')) {

© 2014 SEPPmail AG

196

log(1, 'regex test successful');

} else {

log(1, 'regex test not successful');

}

Explanatio n:

In this example, the email is checked for the presence of the text components sales@customer.

com or Invoice. If one of these textual elements is found within the entire email, then the statement log(1, 'regex test successful') is executed, otherwise the statement log(1, 'regex test not successful') is executed.

7.2.17 rmheader()

The command rmheader() makes it possible to delete a header line in an email.

Structure o f the co mmand rmheader('HEADER');


No te:

If multiple headers with the name HEADER exist, all headers are deleted.

Deletes the header line specified with HEADER in the email.

The return value is always po s itiv e. The command has one parameter.

»Header« parameter

Specifies the header field, that is to be deleted.

Examples o f the »Header field« parameter: return-path from to subject envelope-to etc..

Example: rmheader('X-Greylist');

© 2014 SEPPmail AG

197

Explanatio n:

In this example, all X-Greylist headers are removed.

7.2.18 setheader()

The command setheader() makes it possible to add or to change a header line in an email.

Structure o f the co mmand setheader('HEADER', 'TEXT');


This command adds an email a HEADER with a VALUE. If this header already exists, it will be changed to the specified VALUE.

No te:

If multiple headers with the name HEADER exist, the first respective header found is adapted.


»Header« parameter

Indicates the header field, which is to be added or changed.

Examples o f the parameter »Header field«: return-path from to subject envelope-to etc..

Example 1: setheader('x-smenc','yes');

Explanatio n:

In this example, an additional x-smenc header with the value 'yes' is added to an email.

Example 2:

© 2014 SEPPmail AG

198 setheader('from','[email protected]');

Explanatio n:

In this example, the from header field in an email is changed to the value '[email protected]'.

7.2.19 logsubject()

The command logsubject() makes it possible to monitor the contents of the subject line of an email.

Structure o f the co mmand logsubject();


This command sends the contents of the subject line as log info to the system logger.


7.2.20 tagsubject()

The command tagsubject() makes it possible to attach to the subject of an email a text component.

Structure o f the co mmand tagsubject('TEXT');


The specified TEXT is to be added in the subject line of an email.


»TEXT« parameter

The parameter specifies the text (character string), which is appended to the subject line.

Example: tagsubject('[priv]');

Explanatio n:

© 2014 SEPPmail AG

In this example, the string '[priv]' will be appended to the contents of the subject line of an email.

199

© 2014 SEPPmail AG

200

7.3

User management commands

7.3.1

createaccount()

The command createaccount() makes it possible to create new user accounts.

Structure o f the co mmand createaccount(['KEYS'],['USERID'],['NAME']);


A local user account SEPPmail is designated as user account. This account can be found in the

»Us ers « menu. This command is classically used within an LDAP connection for user management.

The return value of this command is always po s itiv e. This command has three parameters.

»K EYS« parameter

This parameter specifies which keying material is to be generated automatically, when creating the user account. Formatted according to a bit mask in octal notation.

The following values are available:

Bit 0

Bit 1

Bit 2

: generate OpenPGP key pair

: generate S/MIME certificate with own CA

: generate S/MIME certificate via CA Connector

Bit 0: OpenPGP

Bit 1: S/MIME with own CA

Bit 2: S/MIME via CA connector

Value for KEYS

Mask Mask Mask Mask Mask x x x x x

1 3 x

5 x

4 2

»USERID« parameter

This parameter specifies the user's UID.

»NAME« parameter

This parameter specifies the user's name.

No te:

Variables, that were set by ldap_read(), can be used for USERID and NAME.

Special characters in USERID and NAME will be automatically replaced.

© 2014 SEPPmail AG

201

7.3.2

member_of()

The command member_of() makes it possible to examine whether sender is associated to a particular group.

Structure o f the co mmand member_of('group');


A locale SEPPmail group is referred as a group. These groups are managed in the »Gro ups « menu.

The return value is po s itiv e, if the sender is associated with the specified group, otherwise negativ e

. This command has one parameter.

»Gro up« parameter

Defines the name of the group to which the email address of the sender is to be tested for membership.

Example: if (member_of('support')) {

setheader('x-smenc','yes');

} else {}

Explanatio n:

In this example, it is tested whether the sender is member of the 'support' group. If yes, the return value is true, and the command setheader() is executed. If not, return value will be fals e.

7.3.3

setuserattr()

The command setuserattr() makes it possible to store additional information for the current user.

Structure o f the co mmand setuserattr('ATTR', 'VALUE');


It will set an additional variable for the current user. The user must be authenticated.

The return value is always po s itiv e. The command has two parameters.

© 2014 SEPPmail AG

202

No te:

Variables, that have been set through ldap_read() for VALUE, can be used.

It can be used for all the attributes of inetOrgPerson.

The attributes can be displayed in the GUI.

»ATTR« and »VALUE« parameters

The following system attributes are available:

ATTR VALUE accountOptions Bit 0: User must not encrypt

Bit 2: User must not sign

Bit 0: User must not encrypt

Bit 1: not assigned

Bit 2: User must not sign

Value for VALUE

Mark Mask Mask x x

-

1

x

4

x

5

Sn userPassword

Uid

Name of the user

User's password for GUI access

User ID

© 2014 SEPPmail AG

203

7.4

Certificate management commands

7.4.1

attachpgpkey()

The command attachpgpkey() makes it possible to attach the OpenPGP public key of the sender to an email.

Structure o f the co mmand attachpgpkey();


This command attaches the OpenPGP public key of the sender of an email as an attachment.

The return value is always po s itiv e. The command has no parameters.

7.4.2

has_smime_key()

The command has_smime_key() makes it possible to check whether the user has a valid S/MIME private key component.

Structure o f the co mmand has_smime_key();


The return value is po s itiv e, if the user has a valid S/MIME private key component, otherwise

negativ e. The command has no parameters.

No te:

The return value is negative, when the user's S/MIME certificate has just expired.

The return value is negative, when the status of the user is set to »may no t

encry pt«.

7.4.3

smime_create_key()

The command smime_create_key() makes it possible to generate an S/MIME certificate for a user.

Structure o f the co mmand smime_create_key(['SUBJECT']);

© 2014 SEPPmail AG

204


This command generates an S/MIME certificate for a user by the local CA. Optionally, the SUBJECT for the certificate can be specified.


»SUBJECT« parameter

Defines the subject for the generated S/MIME certificate.

Within the SUBJECT, the variable $sender is available. This variable is available for the sender of the email.

Example: smime_create_key('/C=CH/OU=Department/O=Company/emailAddress=$sender');

Explanatio n:

In this example, an S/MIME certificate is generated by the local CA. The optional SUBJECT is also given.

7.4.4

smime_revoke_keys()

The command smime_revoke_keys() makes it possible to revoke all unexpired S/MIME certificates of a user.

Structure o f the co mmand smime_revoke_keys();


The return value is po s itiv e, if all certificates could be revoked or have expired. The return value is

negativ e, if at least one certificate could not be revoked, e.g. because it is an imported certificate.

This command has no parameters.

7.4.5

swisssign_create_key()

The command swisssign_create_key() makes it possible to obtain an S/MIME certificate for a user from the SwissSign certification body.

Structure o f the co mmand swisssign_create_key();

© 2014 SEPPmail AG



205

© 2014 SEPPmail AG

206

7.5

Message handling commands

7.5.1

archive()

The command archive() makes it possible to reprocess an email.

Structure o f the co mmand archive('EMAIL ADDRESS');


The email will be sent within the processing additionally to the EMAIL ADDRESS, or the email will add the EMAIL ADDRESS as an additional recipient.


»EMAIL ADDRESS« parameter

Email address of the additional recipient

Example: archive('[email protected]');

Explanatio n:

In this example, the currently processed email is also sent to the recipient '[email protected]'.

7.5.2

bounce()

The command bounce() makes it possible to refuse the processing of an email.

Structure o f the co mmand bounce('Template', 'Header as an attachment');


This command generates a »Bounce« email and deletes the original email. The appearance of the

»Bounce« email is defined by the template. The sender of this email is »admin«. The email will attach the Header of the original email as a file attachment, when Header attachment has the

Boolean value true. Instead of true, also yes or 1 can be used.

The command has no return value. This command has two parameters.

© 2014 SEPPmail AG

207

No te:

All subsequent commands will be ignored.

This command cannot be the condition of an if/else statement (see chapter

if/ else statements

179 ).


Defines the template to use. Templates can be managed in the »Mail P ro ces s ing« menu -> »Edit

Dis claimer« section.

»Header as attachment« parameter

Option to the »Header as attachment« parameter

Possible values : true, alternatively yes or 1

Example: bounce('bounce', 'yes');

Explanatio n:

Delivery of the email should be denied and an email to be sent to the sender. The content of the email is defined in the bounce template. The email should be attached to the Header of the undelivered email as an attachment. The statement looks like this:

7.5.3

deliver()

The command deliver() makes it possible to immediately deliver an email.

Structure o f the co mmand deliver(['Mailserver[:Port]'|'loop'|'queueless'|'']);


This command delivers the email from the specified email server / port. If no parameter is specified, the email is delivered to the local mail transport agent (MTA).

No te:

All subsequent commands are ignored.


if/ else statements

179 ).

The return value is always po s itiv e. The parameter has one parameter.

P arameter

© 2014 SEPPmail AG

208

Options for the parameter loop queueless no option

: The email is returned to the mail server from which it was assumed.

: This setting causes, that mails are not stored to individual recipients during the processing. Instead, the incoming connection is acknowledged only, if the outgoing connection has been acknowledged. If the assumption for some recipients are not acknowledged, when sending to multiple recipients, these mails stay briefly on the appliance, until it acknowledged by the receiving mail server.

The command is called without parameters.

Example 1: deliver('relay.customer.com:587');

Explanatio n:

In this example, the email is sent to the specified email server with the destination port TCP/587.

Example 2: deliver();

Explanatio n:

In this example, the email is delivered directly via its own local mail transport agent (MTA).

7.5.4

drop()

The command drop() allows an email to be rejected.

Structure o f the co mmand drop(['CODE'], ['ERROR']);


This command will cause an email to not be processed, and to optionally return an error code.

The command has no return value. The command has two parameters.

No te:

Neither a »Bounce« email to the sender nor a message to the recipient is generated.

All subsequent commands are ignored.

This command cannot be the condition of an if/else statement (see section

if/ else statements

179 ).

© 2014 SEPPmail AG

209

Alternative error codes can also be set using CODE and ERROR.

If no parameters are specified, the default error code is returned to the corresponding message text.

Default: CODE = '555', ERROR = 'mail not accepted'

»CODE« parameter

Specifies the error code in the form of a numerical value to, for example, 420

»ERROR« parameter

Returns the error code in the form of a character string, e.g. system temporarily unavailable.

Example: drop('420', 'system temporarily unavailable');

Explanatio n:

The email will be rejected with temporary error »420 system temporarily unavailable«.

7.5.5

reprocess()

The command reprocess() makes it possible to reprocess an email.

Structure o f the co mmand reprocess();


All to an email attached emails are reprocessed and sent back to the sender. This may be necessary, if still encrypted email messages are in a user's inbox. These can be sent to re-decryption to the appliance and might be processed or decrypted.

The command has no return value. This command has no parameters.

No te:

The original Message-ID is removed from the newly decrypted emails.

There will be no »Bounce« email created at the sender.

All subsequent commands will be ignored.


if/ else Statements

179 ).

Example:

© 2014 SEPPmail AG

210 if (compare('to', 'match', '(?i)reprocess\@decrypt\.reprocess')) {

log(1, 'reprocess recipient found - Re-injecting attached messages');

reprocess();

drop('220', 'message reprocessed');

} else {}

Explanatio n:

In this example, an internal user sends an encrypted email as an attachment in a non-encrypted email to the system-specific email address [email protected]. The encrypted email, in the attachment is reprocessed, or the email is attempted to be deciphered. It creates a log entry. After running reprocess(), the original email is deleted with drop().

© 2014 SEPPmail AG

211

7.6

Encryption and decryption commands

7.6.1

decrypt_pgp()

The command decrypt_pgp() makes it possible to decrypt PGP-encrypted and signed emails.

Structure o f the co mmand decrypt_pgp();


This command attempts to decrypt all PGP encrypted and signed texts and attachments of an email and to check their signatures.

The return value is po s itiv e, if at least one text or an attachment was decrypted or its signature was successfully verified. Otherwise, the return value is negativ e. This command has no parameters.

7.6.2

decrypt_domain_pgp()

The command decrypt_domain_pgp() makes it possible to decrypt domain encrypted and signed

PGP emails.

Structure o f the co mmand decrypt_domain_pgp();


This command attempts to decrypt all PGP encrypted and signed texts and attachments of an email and to check their signatures, that have been encrypted by the sender via domain encryption.

The return value is po s itiv e, if at least one text or an attachment was decrypted or its signature was successfully verified. Otherwise, the return value is negativ e. This command has no parameters.

7.6.3

domain_pgp_keys_avail()

The command domain_pgp_keys_avail() makes it possible to verify the availability of PGP public domain keys.

Structure o f the co mmand domain_pgp_keys_avail('Usage');


© 2014 SEPPmail AG

212

This command verifies whether email domain PGP public keys in the local certificate store are available to all recipients.

The return value is po s itiv e, if the email domain PGP public keys are available for all recipients present and, if the usage parameter value was specified strict, otherwise the return value is

negativ e. If the value auto is specified for the usage parameter, the receivers are divided into two groups. The group of recipients, for whom the domain PGP public keys are available, receives a

po s itiv e return value. The group of recipients for which no domain PGP public keys are present, receives a negativ e return value.

The command has one parameter.

7.6.4

decrypt_smime()

The command decrypt_smime() makes it possible to decrypt S/MIME encrypted emails.

Structure o f the co mmand decrypt_smime();


This command attempts to decrypt an S/MIME encrypted email.

The return value is po s itiv e, if the email has been decrypted, otherwise negativ e. This command has no parameters.

7.6.5

decrypt_domain_smime()

The command decrypt_domain_smime() makes it possible to decrypt domain encrypted S/MIME emails.

Structure o f the co mmand decrypt_domain_smime();


This command attempts to decrypt a domain encrypted S/MIME email.

The return value is po s itiv e, if the email has been decrypted, otherwise negativ e. This command has no parameters.

7.6.6

domain_smime_keys_avail()

The command domain_smime_keys_avail() makes it possible to check the availability of S/

MIME domain public keys.

Structure o f the co mmand

© 2014 SEPPmail AG

213 domain_smime_keys_avail('Usage');


This command checks if domain S/MIME public keys in the local certificate store are available to all recipients of an email.

The return value is po s itiv e, if the email domain S/MIME public keys are available for all recipients and if the value of the usage parameter was specified strict, otherwise the return value is

negativ e. If the value auto is specified for the Usage parameter, the receivers are divided into two groups. The group of recipients, for whom the domain S/MIME public keys are available, receives a

po s itiv e return value. The group of recipients for whom no domain S/MIME public keys are present, receives a negativ e return value.


7.6.7

delete_smime_sig()

The command delete_smime_sig() makes it possible to delete the S/MIME signature of an email.

Structure o f the co mmand delete_smime_sig();


This command deletes a signature from the signed email.

The return value is po s itiv e, if the email was signed by the S/MIME method. Otherwise, the return value is negativ e. This command has no parameters.

No te:

The validity of the S/MIME signature is not checked.

7.6.8

encrypt_pgp()

The command encrypt_pgp() makes it possible to encrypt and to sign emails by PGP.

Structure o f the co mmand encrypt_pgp('Signature' [, 'Address']);


© 2014 SEPPmail AG

214

This command encrypts all text and attachments of the email. In addition, they are signed, if the signature has the Boolean value true. Instead of true, also yes or 1 can be used. If the address is specified, the PGP public key of this recipient is used to encrypt all emails for all recipients exclusively.

If PGP public keys are not available for all recipients, two groups are formed.

The return value is po s itiv e for the group of recipients, that could be encrypted. For the group of recipients, that could not be encrypted, the return value is negativ e. This command has two parameters.

»Signature« parameter

Option of the »Signature« parameter


»Addres s « parameter

Email address of the recipient, whose PGP public key is to be used for encryption.

Example: encrypt_pgp('yes', '[email protected]');

Explanatio n:

In this example, it is attempted to encrypt all texts and attachments of an email and to sign as signature to value 'yes'. The PGP public key of the specified recipient address will be used to encrypt. In our case '[email protected]'.

7.6.9

encrypt_domain_pgp()

The command encrypt_domain_pgp() makes it possible to encrypt emails via PGP domain encryption.

Structure o f the co mmand encrypt_domain_pgp();


This command encrypts all texts and attachments of the email via PGP domain encryption. If domain

PGP public keys are not available for all recipients, two groups are formed.

The return value is po s itiv e for the group of recipients that could be encrypted. For the group of recipients that could not be encrypted, the return value is negativ e. This command has no parameters.

© 2014 SEPPmail AG

215

Example: encrypt_domain_pgp();

Explanatio n:

In this example, all texts and systems of an email are attempted to be encrypted via PGP domain encryption.

7.6.10 encrypt_smime()

The command encrypt_smime() makes it possible to encrypt emails via S/MIME.

Structure o f the co mmand encrypt_smime();


This command encrypts an email according to the S/MIME standard. If S/MIME certificates are not available for all recipients, two groups are formed.

The return value is po s itiv e for the group of recipients that could be encrypted. For the group of recipients that could not be encrypted, it is negativ e. This command has no parameters.

7.6.11 encrypt_domain_smime()

The command encrypt_domain_smime()makes it possible to encrypt emails via S/MIME domain encryption.

Structure o f the co mmand encrypt_domain_smime();


This command encrypts all text and attachments in email via S/MIME domain encryption. If domain S/

MIME public keys are not available for all recipients, two groups are formed.

The return value is po s itiv e for the group of recipients that could be encrypted. For the group of recipients that could not be encrypted, the return value is negativ e. This command has no parameters.

Example: encrypt_domain_smime();

© 2014 SEPPmail AG

216

Explanatio n:

In this example all texts and systems of an email are attempted to be encrypted via S/MIME domain encryption.

7.6.12 encrypt_webmail()

The command encrypt_webmail() makes it possible to encrypt an email using the GINA technology.

Structure o f the co mmand encrypt_webmail(['TEMPLATE']);


This command encrypts a message via GINA technology for the delivery address. The encrypted message can then be further processed in the RuleEngine.

Reco mmendatio n:

The GINA sends the message directly with deliver().

The recipient address is taken from the currently processed message.

If TEMPLATE is specified, a special template is used for the GINA message. If not, the template is selected based on the sender address. The template is in this case the applied to GINA profile or applied to the GINA domain called.


»TEMP LATE« parameter

Defines the applied GINA profile or the applied GINA domain.

7.6.13 pgp_encrypted()

The command pgp_encrypted() makes it possible to check an email for PGP encryption.

Structure o f the co mmand pgp_encrypted();


This command checks whether the given email is encrypted with the PGP method.

© 2014 SEPPmail AG

217

The return value is po s itiv e, if the email is PGP encrypted, otherwise negativ e. The command has no parameters.

7.6.14 pgp_keys_avail()

The command pgp_keys_avail() makes it possible to check the availability of PGP public keys.

Structure o f the co mmand pgp_keys_avail('Usage');


This command checks, whether a PGP public key in the local certificate store is available to all recipients of an email.

The return value is po s itiv e, if the email PGP public keys are available for all recipients and the usage parameter for the application was specified strict, otherwise the return value is negativ e. If the auto value specified for the usage parameter, the receivers are divided into two groups. The group of recipients, to whom PGP public keys are available, receives a po s itiv e return value. The group of receivers, to whom no PGP public keys are available, receives a negativ e return value.


7.6.15 pgp_secret_keys_avail()

The command pgp_secret_keys_avail() makes it possible to check the availability of PGP private keys.

Structure o f the co mmand pgp_secret_keys_avail();


This command checks, whether a PGP private key is available to all recipients of an email.

The return value is po s itiv e, if a PGP private keys is available for the sender, otherwise negativ e.


7.6.16 smime_keys_avail()

The command smime_keys_avail() makes it possible to check the availability of S/MIME public keys.


© 2014 SEPPmail AG

218 smime_keys_avail('Usage');


This command checks, whether S/MIME public keys are available to all recipients of an email in the local certificate store.

The return value is po s itiv e, if S/MIME public keys are available to all recipients of the email, and for the usage parameter value was specified strict, otherwise the return value is negativ e. If the value auto is specified for the Usage parameter, the receivers are divided into two groups. The group of recipients, to whom the S/MIME public keys are available for, gets a po s itiv e return value.

The group of recipients for which no S/MIME public keys are available receives a negativ e return value.


7.6.17 sign_smime()

The command sign_smime() makes it possible to provide an email with the S/MIME signature of the sender.

Structure o f the co mmand sign_smime();


The return value is po s itiv e, if the message is successfully signed, otherwise negativ e. This command has no parameters.

Example: if (sign_smime()) {

log(1, 'sign smime successful');

} else { }

Explanatio n:

In this example, an email will be provided with the S/MIME signature of the sender. It is further checked, whether this operation was successfully performed. If so, the return value is true and a log info is sent to the system logger.

7.6.18 smime_signed()

The command smime_signed() makes it possible to check an email for the presence of an S/MIME signature.


© 2014 SEPPmail AG

219 smime_signed();


This command checks, if the present email is signed with the S/MIME method.

The return value is po s itiv e, if the email S/MIME is signed, otherwise negativ e. This command has no parameters.

7.6.19 smime_encrypted()

The command smime_encrypted() makes it possible to check an email for S/MIME encryption.

Structure o f the co mmand smime_encrypted();


This command checks, whether the present email is encrypted using the S/MIME method.

The return value is po s itiv e, if the email is S/MIME encrypted, otherwise negativ e. This command has no parameters.

7.6.20 validate_smime_sig()

The command validate_smime_sig() makes it possible to examine the S/MIME signature of an email for validity.

Structure o f the co mmand validate_smime_sig('Store vertificate');


This command checks the S/MIME signature of an email for validity. In addition to the signature verification, the certificate can be imported into the certificate store of the appliance, when the store certificate parameter value true is set. Instead of true, also yes or 1 can be used.

The return value is po s itiv e, if all of the following are true:

The email was signed with the S/MIME method.

The email is complete and unchanged.

The email was signed with an S/MIME certificate, that has been issued by a classified trusted

Certificate Authority (CA).

The S/MIME certificate, that is used to attach the signature, is neither listed on one by the

© 2014 SEPPmail AG

220 appliance known "revocation list" (CRL), nor has its expiration date is passed.

If any of the above is not true, the return value is negativ e. This command has one parameter.

»Sav e certificate« parameter

Option of »Sav e certificate« parameter


Example: if (validate_smime_sig('true')) {

log(1, 'smime signed valid');

} else {

log(1, 'smime signed, but signature invalid');

}

Explanatio n:

In this example, the S/MIME signature of an email will be checked for validity. If the return value from validate_smime_sig() is po s itiv e, then the log entry 'smime signed valid' is written. Otherwise, the log entry 'smime signed, but signature invalid' is written.

7.6.21 webmail_keys_avail()

The command webmail_keys_avail() command allows to check, if a GINA user account is available.

Structure o f the co mmand webmail_keys_avail('Usage');


This command checks, whether a GINA user account is available to all recipients of an email. If the

Usage of the command is strict, the return value is po s itiv e only, if GINA user accounts are available for all recipients. If the Usage is auto, the command divides the recipients into two groups and gives each group the appropriate return value.

This command has one parameter.

7.6.22 webmail_keys_gen()

The command webmail_keys_gen() makes it possible to create GINA user accounts.


© 2014 SEPPmail AG

221 webmail_keys_gen(['Recipient address'], ['Password length'],

['NoPwEmailIsSmsSend']);


This command generates a GINA user account and sends the initialization password to the sender of the original email or to a recipient address, if it is specified.

The return value is always positive. The command has three parameters.

»Recipient addres s « parameter

Defines the email address, to which the email with the initialization password should be sent.

»Length o f the pas s wo rd« parameter

Defines the length of the password: 0 for blank password. If the parameter is not specified, the default value will be used. This can be viewed and changed via the configuration interface.

»No P wEmailIs Sms Send« parameter

Option of »No P wEmailIs Sms Send« parameter


Example: webmail_keys_gen('', '8');

Explanatio n:

In this example, a GINA user account is generated. The sender of the original email will receive an email notification with the initialization password. The password for this GINA user account must have at least 8 characters.

7.6.23 pack_mail()

The pack_mail() command allows to pack an outgoing email for forwarding to a GINA Relay system.

Structure o f the co mmand pack_mail('Email-Addr', ['Domainsignature']);


This command packages an email for forwarding to a GINA relay system. Email Addr defines the email address of the GINA relay system. If the optional domain signature parameter is true, the packed email is also signed. Instead of true, also yes or 1 can be used.

© 2014 SEPPmail AG

222

The return value is po s itiv e if the packing of the email was successful, otherwise negativ e. The command has two parameters.

»Email-Addr« parameter

Defines the email address of the GINA relay systems

»Do mains ignature« parameter

Option for '' »Do mains ignature« parameter


Example: pack_mail('[email protected]', 'yes');

Explanatio n:

In this example, the outgoing email is packed for forwarding to a GINA relay system. From this, a new email message is generated and sent to the destination email address of the GINA relay system. In addition, this email message is signed with the domain certificate.

7.6.24 unpack_mail()

The command unpack_mail() makes it possible to unpack a packed email for a GINA relay system.

Structure o f the co mmand unpack_mail();



© 2014 SEPPmail AG

223

7.7

LDAP commands (access to external sources)

7.7.1

ldap_compare()

The ldap_compare ldap_compare() makes it possible to compare a value stored in an LDAP directory with a specified attribute.

Structure o f the co mmand ldap_compare('URI;USER;PASSWORD;BASEDN;FILTER', 'ATTR', 'VALUE');


This command establishes a connection to an LDAP server and checks the value of an attribute.

The return value is po s itiv e, if VALUE is present in the attribute, otherwise negativ e. This command has three parameters.

P arameter

P arameter

URI

USER

PASSWORD

BASEDN

FILTER

ATTR

VALUE

Des criptio n

The IP address or the name of the LDAP server. It can be given two comma separated values: In this case, automatic access to the second server, when the first cannot be achieved.

The user, who will be used for accessing

The password of the user

The base DN (distinguished name) for the query

The filter for the query

The attribute, which is to be queried

The value, which should appear in the attribute

Example:

It should be checked, whether the current user of the group belongs to »My group«.

The statement looks like this: ldap_compare('192.168.10.10;CN=Peter Mueller,OU=SBSUsers,OU=Users,

OU=MyBusiness,DC=Firm,DC=local;mypassword;OU=SBSUsers,OU=Users,

OU=MyBusiness,DC=Firm,DC=local;(mail=$sender)','memberOF',Mygroup');

Explanatio n:

© 2014 SEPPmail AG

224

If the specified attribute, or the searched entry does not exist, the return value is negative.

If several entries are found, only the first is evaluated.

If several attributes are to be found, all attributes are evaluated (multi-value).

If none of the specified LDAP servers is reachable, the mail is rejected with a temporary error.

7.7.2

ldap_read

The command ldap_read() makes it possible to read a value stored in an LDAP directory.

Structure o f the co mmand ldap_read('URI;USER;PASSWORD;BASEDN;FILTER' ,'ATTR', 'VAR');


This command establishes a connection to an LDAP server and stores the value of the queried attribute in the variable VAR. The return value is po s itiv e, if a value can be assigned to the variable

VAR , otherwise negativ e. This command has three parameters.

P arameter

P arameter

URI

USER

PASSWORD

BASEDN

FILTER

ATTR

VAR

Des criptio n

The IP address or the name of the LDAP server. You can specify two comma separated values: in this case, the second server is automatically accessed, when the first cannot be acquired.

The user, who will use the access


The Base DN (Distinguished Name) for querying

The filter for the query

The attribute that is to be retrieved

Variable in which the attribute is to be stored

Example:

This is the value of the »name« attribute read from an LDAP directory. This is to be stored in the

»name« variable.

ldap_read('192.168.10.10;CN=Peter Mueller,OU=SBSUsers,OU=Users,

OU=MyBusiness,DC=Firm,DC=local;mypassword;OU=SBSUsers,OU=Users,

OU=MyBusiness,DC=Firm,DC=local; (mail=$sender)','name','name'););

Explanatio n:

© 2014 SEPPmail AG

225

If the specified attribute or searched entry does not exist, the variable is assigned with an empty value.

If multiple entries (objects) are found, only the first is evaluated.

If several attributes are found, all attributes are read and assigned, separated by semicolons ";", to the variable (multi-value attribute).

If none of the specified LDAP servers is reachable, the mail is rejected with a temporary error.

7.7.3

ldap_getcerts()

The command ldap_getcerts() makes it possible to retrieve S/MIME public keys to an LDAP directory service.

Structure o f the co mmand ldap_getcerts('URI;USER;PASSWORD;BASEDN');


This command makes it possible to request S/MIME public key for each recipient of an email with an

LDAP directory service.


P arameter

Example:

URI

USER

: ldap-directory.domain.tld

: User name for logging on to the LDAP directory

PASSWORD : Password to log on to the LDAP directory

BASEDN : ou=pki-participant,dc=pki,dc=domain,dc=tld

P arameter

URI

USER

PASSWORD

BASEDN

Des criptio n

The IP address or the name of the LDAP server. You can specify two comma separated values: in this case, the second server is automatically accessed, when the first cannot be acquired.




Example: ldap_getcerts('ldap-directory.domain.tld;;;ou=pki-participant,dc=pki, dc=domain,dc=tld');

© 2014 SEPPmail AG

226

Explanatio n:

In this example, the S/MIME public key is retrieved with an LDAP directory service for the recipient of an email. Access to this LDAP directory service is public, and therefore no credentials are required.

7.7.4

ldap_getpgpkeys()

The command ldap_getpgpkeys() makes it possible to retrieve PGP public keys with an LDAP directory service.

Structure o f the co mmand ldap_getpgpkeys('URI;USER;PASSWORD;BASEDN');


This command makes it possible to call PGP public key for each recipient of an email with an LDAP directory service.


P arameter

Example:

URI

USER

: ldap-directory.domain.tld

: User name for logging on to the LDAP directory

PASSWORD : Password to log on to the LDAP directory

BASEDN : ou=pki-participant,dc=pki,dc=domain,dc=tld

P arameter

URI

USER

PASSWORD

BASEDN

Des criptio n

The IP address or the name of the LDAP server. It can be specified with two comma separated values: in this case, the second server is automatically accessed, if the first cannot be achieved.




Example: ldap_getpgpkeys('ldap-directory.domain.tld;;;ou=pki-participant,dc=pki, dc=domain,dc=tld');

Explanatio n:

© 2014 SEPPmail AG

227

In this example, the PGP public key for the email recipient is retrieved with an LDAP directory service.

Access to this LDAP directory service is public and therefore no credentials are required.

© 2014 SEPPmail AG

228

7.8

Content management commands

7.8.1

iscalendar()

The command iscalendar() makes it possible to check an email for the presence of the mime type »text/calendar«.

Structure o f the co mmand iscalendar();


The command verifies, whether the email contains the mime type »text/calendar«. If yes, the return value is po s itiv e, otherwise negativ e. This command can be used to prevent emails with calendar entry implications e.g. invitations, appointments, meeting requests becoming signed. Microsoft

Outlook cannot, for example, handle signed calendar entries.


7.8.2

isspam()

The command isspam() makes it possible to check an email for spam.

Structure o f the co mmand isspam('MARKLEVEL', 'TAG', 'REJECTLEVEL');


The return value of this command is always po s itiv e. This command has three parameters.

»MARK LEVEL« parameter

This parameter defines the threshold value, from which an email will be tagged as spam email. For marking the specified TAG will be used.

Range of values

Increment

: 0.5 - 9.5

: 0.5

»TAG« parameter

This parameter defines a word element (TAG) is appended to mark an email as SPAM in the subject.

Example for this parameter: [SPAM]

»REJECTLEVEL« parameter

© 2014 SEPPmail AG

229

This parameter defines the threshold value from which an email is rejected as SPAM.

Range of values

Increment: 0

Example:

: 0.5 - 9.5

.5

isspam('2.5', '[SPAM]', '4.5');

Explanatio n:

In this example, an email is checked for SPAM. The parameter for MARKLEVEL has the value '2 .5 '. If this threshold is reached or exceeded during the SPAM checking, the email will be tagged with the

'[SPAM]' TAG. The TAG is attached to the subject. If the threshold value '4 .5 'for REJECTLEVEL is reached or exceeded, the email is rejected and will not be received.

7.8.3

partoftype()

The command partoftype() makes it possible to determine the file type of email file attachments.

Structure o f the co mmand partoftype('Type', 'Action', 'Check archive content');


This command checks whether the file attachments of an email correspond to a particular Type. The

Action defines, what happens to the data systems, if the test on the Type is positive. The contents of archive files are searched when archive Content check has the Boolean value true. Instead of true can also be used yes or 1.

The return value is always po s itiv e, if the result of at least one check of the file attachments of an email is positive, otherwise it is negativ e. The command has three parameters.

»Ty pe« parameter

More information about the parameter Type can be found in the section

List of file types

231 .

»Actio n« parameter

For the parameters of Action, the following options are available: info delete

: provides the result for the following commands at your disposal

: additionally removes the file attachment from the email

»Check archiv e co ntents « parameter

Option of »Check archive contents« parameter

© 2014 SEPPmail AG

230

Possible values : true, alternatively yes or 1

Example: partoftype('EXE', 'delete', 'true');

Explanatio n:

In this example, an email is checked for the presence of attachments of the type 'EXE'. If an attachment is found, it is removed from the email. If the email contains an archive file as file attachment, then this is also searched. If the file Type 'EXE' is found inside the archive file, the file is removed from the archive.

7.8.4

vscan()

The vscan() command makes it possible to examine all the data assets of an email for viruses.

Structure o f the co mmand vscan('Email-Addr-for-notification');


This command checks all file attachments of an email for known viruses. If a virus is found, an email notification is sent to Email-Addr-for-notification. A subsequent ruleset command must handle this email on.

The return value is always po s itiv e, if the result of at least one check of the file attachments of an email is positive, otherwise it is negativ e. The command has one parameter.

»Email-Addr-fo r-no tificatio n« parameter

Defines the email address, to which a notification of virus detection will be sent.

Example: vscan('[email protected]');

Explanatio n:

In this example, an email notification is sent to '[email protected]', if a virus was found.

© 2014 SEPPmail AG

231

7.9

File types

7.9.1

List of file types

The following file types can be distinguished:

LHA

LHARC

LWF

MPEG.L3

MPEG.SYS

MPEG.VID

MS.ASF

MS.OFF

MS.XLS

NIFF

PBMPLUS

PCX

PDF

PNG

RAR

RIFF.ANI

ID

BMP

BZIP

CAB

COM

EMF

EXE

FAX

GIF

GZIP

ICO

ISO9660

JPEG

JPG2000

RIFF.AVI

RIFF.DIB

RIFF.MID

RIFF.MMF

RIFF.WAV

RTF

TAR

Des criptio n

PC Bitmap

BZIP Compressed

Microsoft CAB file

MSDOS Computable

Enhanced Windows Metafile

MSDOS Executable

G3 Fax

GIF Image

GZIP Compressed

Windows Icon

ISO 9660 CD-ROM

JPEG Image

JPEG 2000 Image

LHa 2.x? Archive

LHarc 1.x Archive

LuraWave Image

MPEG Layer 3

MPEG System Stream

MPEG Video

Microsoft ASF

MS Office document

MS Excel 5.0 Worksheet

NIFF Image

PBMPLUS Bitmap

Z-Soft Image

PDF Document

PNG Image

RAR Archive

MS RIFF Animated Cursor

MS RIFF Audio Video Interleave

MS RIFF DIB Bitmap

MS RIFF MIDI File

MS RIFF Multimedia Movie

MS RIFF Wave Audio

Rich Text Format

TAR Archive

© 2014 SEPPmail AG

232

ID

TARGA

TIFF

ZIP

ZOO

Li s t o f fi le ty p es

Des criptio n

TARGA Bitmap

TIFF Image

PKZIP Archive

Zoo Archive

© 2014 SEPPmail AG

233

7.9.2

Groups of file types

The following groups of file types can be distinguished:

ID

ARCHIVES

EXE

FS

IMAGES

MEDIA

Des criptio n

Archive files

Executable files

File systems

Pictures

Multimedia

Co ntained file ty pes

ZIP ZIP.SFX RAR LHARC LHA SQUISH UC2 ZOO TAR CAB

BZIP GZIP

EXE.PE EXE COM

ISO9660 HISIERRA

JPEG BMP TIFF PNG GIF TARGA PBMPLUS NIFF FAX PCX

LWF ICO JPG2000 EMF

RIFF.WAV RIFF.AVI RIFF.ANI RIFF.MID RIFF.MMF RIFF.DIB

RIFF RIFX MPEG.VID MPEG.SYS MPEG.L3 MS.ASF

OFFICE

Gr o up s o f fi le ty p es

Office documents RTF PDF MS.OFF MS.XLS

© 2014 SEPPmail AG

No results