Message Content Protection

• Introduction
• MailScanner.conf settings
• languages.conf settings
• Patching SpamAssassin
• Example

The point of Message Content Protection (MCP) is to allow you to write rules for scanning the text content of email messages so you can trap messages that contain certain numbers of keywords and/or phrases that you don't want leaving your company. It could also be used to ban mail containing pornographic phrases and so on, without having to mess with Spam Actions or have custom spam rules to do it.

Basically what happens is that it is another call to SpamAssassin, but this time using a completely customised set of rules and a separate set of actions. Without any of the RBL checks, Bayes, etc of course. This means that you can create your own rules and give them whatever score you choose. Various different actions are then taken depending on the score.

To enable MCP, you need to set some configuration options in MailScanner.conf file. You may also want to apply patches to SpamAssassin to that MCP can scan the contents of attachments such as Microsoft Word documents.

All the MCP configurations contain "MCP" or "mcp" in their name, so they can easily be found near the end of MailScanner.conf. For documentation describing each of the settings, see the corresponding SpamAssassin setting in MailScanner.conf, and/or read the book.

The "MCP Error Score" setting is there so that you can choose what happens if the MCP system fails for some unknown reason. Set it to 0 and failure will cause mail to be delivered as normal, but a high score would make it get stopped (assuming you set "High Scoring MCP Actions" appropriately.

You need to ensure you have the MCP output strings set in the languages.conf for your language(s). This file can be found in /etc/MailScanner/reports/en/languages.conf (for the language "en"). Ensure the file contains the following:

# Used in MCP checks
MCP = MCP
MCPSpamAssassin = MCP-Checker
MCPnotspam = MCP-Clean
MCPspam = MCP-Trapped
MCPblacklisted = MCP-Blacklisted
MCPwhitelisted = MCP-Whitelisted
MCPsadisabled = MCP disabled
MCPsanoheaders = MCP Message had no headers
MCPsatimedout = MCP timed out

There are patches you need to apply to your copy of SpamAssassin for MCP to be able to examine non-text attachments such as Microsoft Word documents. Without these patches, it is only be able to examine text and HTML sections of email messages.

You need to find your copy of SpamAssassin. You can usually find it with one of these commands:

In that directory, you should find some files, including Conf.pm, Message.pm, PerMsgStatus.pm and Util.pm.

If you are not sure which version of SpamAssassin you have installed, then run this command:

Once you know the version you have, it should be 2.63-2.64, 3.0.4, 3.1.0, 3.1.1, 3.1.7, 3.2.0 to 3.2.3. If it is less than 3.2.3 then I strongly advise that you upgrade to 3.2 (or whatever the latest version now is) if you want to use this feature. If it is more than 3.2.3 then please contact me and request an update for these patches.

If you are running version 3.2.4, then use this single command:

Once that is done, and you have stopped and restarted MailScanner, the MCP features will be able to check inside non-text attachments to messages.

There is a very simple sample rule file in /etc/MailScanner/mcp/*.cf which shows you the basic syntax so you can test the system is working properly. Read the output of "man Mail::SpamAssassin::Conf" for full details of the syntax of the rules you can add. You can place rules in the /etc/MailScanner/mcp directory with any filename that ends in ".cf".

MailScanner would like to thank the following for their support: