Configuration: Mail Traps (filter spam mails)

Hamster Playground's "Mail Traps" are filters for mails, that are checked when fetching new mails from a remote mailserver.

Unlike the filters in file MailFilt.hst, these "Mail Traps" are always global and do not depend on any accounts or mailboxes. Every mail has to pass this entrance before it is actually passed on to the mail-filters of MailFilt.hst and finally reaches any user mailbox, so it's a good point to filter out unwanted mails like spam, known viruses or whatever you want to filter.

The "Mail Traps" support two different strategies for filtering out unwanted mails. First one is the classic approach of using strict rules for classifying a message ("accept mails from friends", "delete if sender is a known spammer"), second one is known as "scoring", where the message gets points for "good" and "bad" words and the final total of these points decides, if the message as a whole should be treated as a "good" or "bad" one.

Mail Traps to filter spam mails

List of Mail Traps (upper left area)

This list shows all active traps in the same sequence, in which they will be tested when a new mail is fetched.

Functions (upper right area)

Add Adds a new, empty trap.
Add Copy Adds a copy of the currently marked trap.
Move Up/Down Moves the marked trap up/down one position.
Delete Deletes the marked trap.
Test Opens a new window to test all traps with a given mail message. This test window is described in a separate section below.
Score Limits If scoring is used, these values give the limits for special actions:
Accept: If the score reaches or goes beyond this value while checking the traps, the mail is accepted immediately and no further traps will be checked.
Delete: If the final score of all traps is below this limit, the mail is deleted. This is the only way, a mail might be deleted due to score values.

Mail Trap settings (lower area)

Action:

This setting defines what happens, if a trap matches the headers or body of a new mail:

If a trap with "ACCEPT mail immediately" matches, the mail is accepted immediately and no further traps are tested. It's a good idea to add such accept traps for friends, subscribed newsletters etc. to protect such mails from accidentally being filtered out by other (spam-) traps.

If a trap with "DELETE mail immediately" matches, the mail is deleted immediately and no further traps are tested. Such delete traps may be used to filter out well known spam, virus or worm mails.

If a trap with "Change SCORE by ..." matches, the given value is added to the score value of the mail, that initially starts with a score value of 0.
If the new score has reached or has gone beyond the value given at "Score Limits: Accept", the mail is loaded immediately and no further traps are tested, otherwise the testing continues with the following traps.
If the final score value (i. e. after testing all traps) is below the value given at "Score Limits: Delete", the mail is deleted, otherwise it will be accepted.

If "Disabled, i. e. ignore this trap" is marked, the trap is still stored but will be ignored.

Header:

This setting defines which parts of the mail should be tested, either the value of a specific header like "Subject" and "From" or any of the special placeholders written within parenthesis:

(contents) This placeholder selects the Subject and all text parts of the mail, i. e. all information for filtering on the contents of a message.
If a text part of the message ("text/plain" or "text/html") is base64 encoded, this part is converted into readable text before testing it with the given pattern.
Additionally, any HTML tags of "text/html" parts are removed, so only the visible text of an HTML message is used for filtering.[1] This also reveals the typical spammer words that are mostly "hidden" by dummy HTML tags and comments nowadays.
[1] One exception: Links are not removed completely but are converted to " [ http://whatever/ ] " so they remain visible for the filters.
(raw contents) Like (contents) above, but leaves HTML parts intact and does not strip any HTML tags.
   
(any header) This placeholder selects all values of all headers.
(any sender) This placeholder selects all values of all headers, that may contain information about the sender of the mail.
Headers included are: From, Apparently-From, Sender, Reply-To, X-Sender, Envelope-From, X-Envelope-From, Return-Path, Received
(any recipient) This placeholder selects all values of all headers, that may contain information about the receiver of the mail.
Headers included are: To, Apparently-To, Cc, Bcc, Envelope-To, X-Envelope-To, Original-Recipient, X-Resent-For, X-Resent-To, Resent-To
   
(body+subject) This placeholder selects all available body lines of the mail like "(message body)" and additionally the value of its "Subject:" header.
(message headers) This placeholder selects all header lines of the mail, including the leading name of the header.
(message body) This placeholder selects all available body lines of the mail.
Please note, that only the top 20 lines of the message body are loaded for filtering by default.
(whole message) This placeholder selects all available lines of the message, i. e. "(message headers)" and "(message body)".

If a selected header occurs multiple times in the headers of the mail (e. g. Received), all of these occurances are tested.

If the value of a selected header contains MIME encoded words, it is tested both in raw format and in decoded format.
Please note, that no decoding is done when selecting message parts, i. e. the three "(...message...)" placeholders are always tested in raw format only.

Comparison:

contains-word Matches, if the text given in the Pattern field is contained anywhere in the selected values.
Unlike "contains" below, only matches at word boundaries are considered in this case.
contains Matches, if the text given in the Pattern field is contained anywhere in the selected values.
equals Matches, if the text given in the Pattern field equals any selected value.
matches-regex Matches, if the regular expression given in the Pattern field matches any selected value.

If "not" is marked, the result of the comparison is inverted, e. g. a test for "equals" actually becomes a test for "not equals".

If "case-sensitive" is marked, upper- and lowercase of characters is meaningful, otherwise "a" is treated like "A".
Please note, that caseless comparison only works with ASCII letters A to Z, not with any other characters like , , .

Pattern:

This field contains the characters, words, phrases or patterns, that should be looked for in the selected mail parts.

Comment:

This field may be used to add a small reminder for the purpose of the trap.

If the comment contains an underscore character ("_"), a separator line is drawn above the item.

Mail Trap Test

Mail Traps to filter spam mails

Upper page "Message to test":

This is the raw text of the mail including all header lines, that is used to test the mail traps with.

You can enter or change this text manually or Paste a message from the clipboard.

Upper page "Message details":

This page gives the opportunity to clarify, which parts of the mail are actually tested with the various (header-) selections. It exactly shows the text, that is used for filtering.

Lower page "Matches ...":

This list shows all traps, that would match the given test message.

The "Virtual score:" shows the sum of all matching SCORE traps, regardless if they would have been counted in reality or not.

Lower page "Result ...":

This area shows the real result for the message, i. e. the final decision, if the mail would have been accepted or deleted.

The "Actual score:" shows the sum of all matching SCORE traps that were actually tested, i. e. until the final decision was clear or all traps have been tested.

 

[www.elbiah.de Hamster Playground Documentation]