Keyword Filtering
Keyword Filtering enables you to set up rules that filter emails with particular keywords or a combination of keywords in the body or subject of the email. A rule is composed of:
- Keywords to block in the email body, subject or attachment
- Actions to take when a keyword is found
- The users to which a rule applies.
To configure content rules, navigate to Content Filtering > Keyword Filtering. This page allows you to view, create, enable, disable or delete rules.
Creating a Keyword Filtering rule
To create a Keyword filtering rule follow the steps listed below:
Step 1: Configuring basic rule settings
- Go to Content Filtering > Keyword Filtering and select Add Rule...
- Specify a name for the rule in the Rule name text box.
- Select whether to scan inbound, outbound and/or internal emails.
Option | Description |
---|---|
Scan Inbound SMTP Email | Select this option to scan incoming emails |
Scan Outbound SMTP Email | Select this option to scan outgoing emails |
Check Internal emails |
Select this option to scan internal emails. NOTE This option is only available when GFI MailEssentials is installed on the Microsoft® Exchange server |
- To block emails encrypted using PGP technology, select Block PGP encrypted emails.
NOTE
PGP encryption is a public-key cryptosystem often used to encrypt emails.
Step 2: Configuring terms to block
- Select the Body tab to specify the keywords in the email body to block.
- Select Block emails if content is found matching these conditions (message body/attachments) checkbox to enable scanning of body for keywords.
- From the Condition entry area, key in keywords to block in the Edit condition box. You can also use conditions AND, OR, AND NOT and OR NOT to use a combinations of keywords.
- To add the keyword or combination of keywords keyed in, click Add Condition.
To modify an entry in the Conditions list, select it and make the required changes in the Condition entry box. To remove an entry from the Conditions list, select it and click Remove.
Click Update to apply changes.
- (Optional) From the Options area, configure the following settings:
Option | Description |
---|---|
Match whole words only | Block emails when the keywords specified match whole words. |
Apply above conditions to attachments | Select this option to apply this rule also to text in attachments. In the Attachment filtering area specify the attachments' file extension (for example, .doc ) to apply or exclude from this rule. |
- Select the Subject tab to specify keywords to block in the email subject.
- From the Condition entry area, key in keywords to block in the Edit condition box. You can also use conditions AND, OR, AND NOT and OR NOT to use a combinations of keywords.
- To add the keyword or combination of keywords keyed in, click Add Condition.
To modify an entry in the Conditions list, select it and make the required changes in the Condition entry box. To remove an entry from the Conditions list, select it and click Remove.
Click Update to apply changes.
- From the Options area, configure how keywords are matched. Select Match whole words only to block emails where the keywords specified match whole words in the subject
Step 3: Configuring the actions to take on detected emails
- Click the Actions tab to configure what should be done when this rule is triggered.
- To block an email that matches the rule conditions, select Block email and perform this action and select one of the following options:
Option | Description |
---|---|
Quarantine email | Stores blocked emails in the Quarantine Store. You can subsequently review (approve/delete) all the quarantined emails. For more information refer to Quarantine. |
Delete email | Deletes blocked emails. |
Move to folder on disk | Moves the email to a folder on disk. Key in the full folder path where to store blocked emails. |
IMPORTANT
Actions always affect the whole email containing the blocked content, even if there is other content (such as attachments) that do not trigger this rule.
- Select Send a sanitized copy of the original email to recipient(s) to choose whether to send a copy of the blocked email to the recipients but with the malicious content removed.
- To send email notifications whenever an email gets blocked, check any of the following options:
Option | Description |
---|---|
Notify administrator |
To notify the administrator whenever this engine blocks an email. For more information refer to Administrator email address. For more information refer to Administrator email address. |
Notify local user | To notify the email local recipients about the blocked email. |
- To log the activity of this engine to a log file, check Log rule occurrence to this file and specify the path and file name to a custom location on the disk to store the log file. By default, log files are stored in:
<GFI MailEssentials installation path>\GFI\MailEssentials\EmailSecurity\Logs\<EngineName>.log
Step 4: Specifying users to whom this rule applies
- By default, the rule is applied to all email users. GFI MailEssentials, however, allows you to apply this rule to a custom list of email users specified in the Users / Folders tab.
- Specify the users to apply this rule to.
Option | Description |
---|---|
Only this list | Apply this rule to a custom list of email users, groups or public folders. |
All except this list | Apply this rule to all email users except for the users, groups or public folders specified in the list. |
- To add email users, user groups and/or public folders to the list, click Add.
- In the User Lookups window, specify the name of the email user/user group or public folder that you wish to add to the list and click Check Names. Matching users, groups or public folders are listed underneath.
NOTE
You do not need to input the full name of the users, groups or public folder. It is enough to enter part of the name. GFI MailEssentials will list all the names that contain the specified characters. For example, if you input sco
, GFI MailEssentials will return names such as Scott Adams
and Freeman Prescott
, if they are available.
- Select the check box next to the name(s) that you want to add to the list and click OK.
NOTE
To remove entries from the list, select the user/user group/public folder you want to remove and click Remove.
- Repeat steps 3 to 5 to add all the required users to the list.
- Click Apply.
Enabling/disabling Rules
To enable/disable content filtering rules:
- Go to Content Filtering > Keyword Filtering.
- From the Content Filtering page, select the checkbox of the rule(s) to enable or disable.
- Click Enable Selected or Disable Selected accordingly
Removing content filtering rules
WARNING
Deleted rules are not recoverable. If in doubt, it is recommended to disable a rule.
- Go to Content Filtering > Keyword Filtering.
- From the Content Filtering page, select the checkbox of the rule(s) that you want to remove.
- Click Remove Selected.
Modifying an existing rule
- Go to Content Filtering > Keyword Filtering.
- From the Content Filtering page, click the name of the rule to modify.
- Perform the required changes in the rule properties and click Apply.
Changing rule priority
Content Filtering rules are applied in the same order, from top to bottom as they are listed in the Content Filtering page (that is, rule with priority value 1 is checked first). To change the sequence/priority of rules:
- Go to Content Filtering > Keyword Filtering.
- From the Content Filtering page, click the (up) or (down) arrows to respectively increase or decrease the priority of the selected rule.
- Repeat step 2 until rules are placed in the desired sequence.