Email Security Gateway How To's

How to write a Custom Spam Policy

2 views July 28, 2014 June 21, 2018 admin 0

Since Custom Spam Policy Rules are generally not needed, why would you want to use some? Well, the default Policy ruleset is tuned to a somewhat generic sampling of mail that comes from the corpus submitters. If the typical kinds of email coming to your network are significantly different than those used in the corpus, you may get a lot of false positives or false negatives.


Whitelists, blacklists and tweaking scores of the default rules can help, but might not be sufficient in all cases. For this reason Esva Web Interface allows Admins to easly write their own rules. We will describe here some example.


For our first rule, let’s start with the simplest type of rules, the basic “body” rule. These rules search the body of the message with a regular expression and if it matches, the corresponding score is assigned. Body rules also include the Subject as the first line of the body content.


We will play a bit with “Lorem Ipsum” to fill up the content of an email message.


Subject: Custom Spam Policy Test
Content: “Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.” “Neque porro quisquam est qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit…” “There is no one who loves pain itself, who seeks after it and wants to have it, simply because it is pain…” Yep, but no pain no gain!



Now we write a simple rules to intercept every email matching a regular expression in its body.


System -> spam And Quarantine Settings -> Custom Spam Policy -> New




In this sample  we got:


  • Apply to all:  no (“no”apply this rule only to one domain,  “yes” to apply rule to all domians)
  • or limit to domain: (If ‘Apply to all’ is ‘Yes’, this field will simply be ingored!)
  • Rule Type: body
    Here we can chose between:
    # Body: Search for pattern in the content of the email
    # Subject: Search for pattern in the Headers of the email
    #Uri: check if an URL is present.
  • Rule Description: a short description of the rule
  • Header: Enabled only if Rule Type is Header.
    Here we can chose between:
    #Subject: search for pattern in “Subject” header of the email
    #From: search for pattern in “From” header of the email
    #Envelop_From: search for pattern  “Envelop From” of the email
  • Pattern Match: /pain/i
    (This is the pattern matching regular expression).
  • Rule Score: 10 
    (Raise spam score with positive values or decrease it with negative ones.)
  • Active: Yes
    (Rule can be defined but not active)


After hitting “Apply Settings” our new rule, “avoid the pain”, is working.


If we send a test email we verify the new rule behavior



NOTE: By assigning a rule a negative score (e.s -10) it will act as a “Allow” balancing rule.

Was this helpful?