IMail - How to use Rules to clean up SPAM mail

Product:

Question/Problem: What can I do about spam mail arriving in my mailbox?

Answer/Solution: Starting with version 8.0, Anti-SPAM is part of IMail. Please see:
IMail Server 8.2 User's Guide - Using Delivery Rules to Filter Spam

You can use Rules on several parts of a message to filter spam mail. 

The syntax below shows the different portions of a message that can be filtered:

B~filtered content in body:spambox
S~filtered content in subject:spambox
H~filtered content in header:spambox
F~filtered content in From address:spambox
T~filtered content in To address:spambox
N~filtered content in Sender:spambox

The expressions for each element of a delivery rule follow:

Message Area
From: F
Subject: S
Sender: N
To: T
entire header (everything preceding the body) H
entire body of message B

Condition Expression
contains ~
does not contain !~
equals =
does not equal !=

Text Pattern Expression
Any character .
Any of the values separated by vertical bars within the parentheses; the 
vertical bar represents "or" (this|that|other)
Any word character (a-z, A-Z, 0-9) \w
Any non-word character \W
Any digit (0-9) \d
Any non-digit \D
Any white space (spaces and/or tabs and/or carriage returns) \s
Any non-white space \S
Any punctuation character (any character other than \w or \s) \p
Any non-punctuation character \P

Quantifier Expression
Zero or more *
One or more +
Exactly 100 {100}
At least n1, but not more than n2 (where n1 and n2 are numbers) {n1,n2}

Note: As shown above, the following characters have special meaning in a rule: {}()|*+,.:\ If you want to use one of these characters in a search string, precede it with a backslash. For example, to search for a plus sign, enter \+ in the search string.

Note that only the first 32,000 bytes of a message is checked. Please see the bottom of this page:

For example, if you wanted to monitor any mail with the subject "Kill Dusty", then you could have a rule like this:

S~kill dusty:spambox

This would catch messages with the subject:

but it would not catch:

"I am going to kill that thar Dusty".

In this example, the ":spambox" sends the message to a subfolder in the user's mailbox called "spambox".

I DON'T WANT THIS MAIL TO GO TO A SUBMAILBOX - I WANT TO DUMP THIS MAIL TO A CENTRAL MAILBOX: if you don't want the user to have access to spambox, but you want to monitor this mail yourself, you must put a forward file in EACH users folder. This file can be created in Notepad and must match the name of the submailbox you define in your rule, i.e. "spambox.fwd".

The only thing that should be in the "spambox.fwd" file is the account you want the filtered message to go to. In one user's example, they forward them to an "abuse" account. Their "spambox.fwd" contains the following:

abuse@your-domain.com

You can now use this "abuse" user account to monitor this type of mail. The batch file in the URL below can be used to copy the .fwd file to all user directories. Make sure if you run this batch file that you DO NOT copy this .fwd file into the "abuse" mailbox directory:

IMail - Batch file to copy rules.ima to all user directories

Now you can log into the "abuse" mailbox and see who is spamming.

I WANT TO DUMP THIS MAIL TO A CENTRAL MAILBOX THAT HAS INFO MANAGER ENABLED SO I CAN TELL THE SENDER THAT THE MAIL HAS BEEN REJECTED:

IMail - Auto Response to Senders whose message was filtered by a rule

I WANT TO FILTER CERTAIN EMAIL ATTACHMENTS:

As .vbs and script viruses are turning up, a customer suggests these rules:

B~name=.{1,64}\.exe:spambox
B~name=.{1,64}\.scr:spambox
B~name=.{1,64}\.vbs:spambox
B~name=.{1,64}\.shs:spambox
B~name=.{1,64}\.com:spambox

(That is, filter messages if name= is followed by .com within the next sixty four characters.)

B~begin 6.{1,64}\.exe":spambox
B~begin 6.{1,64}\.scr:spambox
B~begin 6.{1,64}\.vbs:spambox
B~begin 6.{1,64}\.shs:spambox
B~begin 6.{1,64}\.com:spambox

Note that these rules will filter all incoming messages containing attached files with .vbs .shs .scr .exe and .com extensions. Filtered messages will be directed to a sub-mailbox, (spambox.mbx) in the user's folder for the user to whom the message was addressed. You can point a rule to NUL (instead of a sub-mailbox such as spambox) if you want filtered messages to be deleted.

Starting with version 7.10 Rules can filter to an address directly. If you have a user account named abuse, your rule could filter to abuse@your-domain.com. 

The first rule filters MIME attachments, characterized by the string:
name="filename.ext"
while the second rule filters Uuencoded attachments, characterized by the string: Begin 6

Here is an example for newer SPAM where words have spaces in between the letters. For instance the word test would show up as t<--12-->e<--12-->s<--12-->t. The rule to filter this would be: B~t.{8}e.{8}s.{8}t:junk

It is necessary to stop and restart the SMTP service after modifications to rules.ima to activate the new filter settings. If you are running version 8, you should also stop and restart the Queue Manager service.

IMail Server 8.2 User's Guide - Setting Up Delivery Rules

IMail - Rule that will delete junk messages without routing them to a mailbox

IMail - Rule to filter messages with no Subject