The point of Message Content Protection (MCP) is to allow you to write rules for scanning the text content of email messages so you can trap messages that contain certain numbers of keywords and/or phrases that you don't want leaving your company. It could also be used to ban mail containing pornographic phrases and so on, without having to mess with Spam Actions or have custom spam rules to do it.
Basically what happens is that it is another call to SpamAssassin, but this time using a completely customised ruleset and a separate set of actions. Without any of the RBL checks, Bayes, etc of course. This means that you can create your own rules and give them whatever score you like. Then take various different actions depending on the score.
To enable MCP, you need to add some configuration options to your MailScanner.conf file. You may also want to apply 2 patches to SpamAssassin to that MCP can scan the contents of attachments such as Microsoft Word documents.
# Configuration directory containing files related to MCP # (Message Content Protection) %mcp-dir% = /etc/MailScanner/mcp # # MCP (Message Content Protection) # ----------------------------- # # This scans text and HTML messages segments for any banned text, using # a 2nd copy of SpamAssassin to provide the searching abilities. # This 2nd copy has its own entire set of rules, preferences and settings. # When used together with the patches for SpamAssassin, it can also check # the content of attachments such as office documents. # MCP Checks = no MCP Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error Score = 1 MCP Header = X-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = deliver High Scoring MCP Actions = deliver Is Definitely MCP = no Is Definitely Not MCP = no Definite MCP Is High Scoring = no Always Include MCP Report = no Detailed MCP Report = yes Include Scores In MCP Report = no Log MCP = yes MCP Max SpamAssassin Timeouts = 20 MCP Max SpamAssassin Size = 100000 MCP SpamAssassin Timeout = 10 MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf MCP SpamAssassin User State Dir = MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP Report = %report-dir%/recipient.mcp.report.txt Sender MCP Report = %report-dir%/sender.mcp.report.txt
The "MCP Error Score" setting is there so that you can choose what happens if the MCP system fails for some unknown reason. Set it to 0 and failure will cause mail to be delivered as normal, but a high score would make it get stopped (assuming you set "High Scoring MCP Actions" appropriately.
You need to ensure you have the MCP output strings set in the languages.conf for your language(s). This file can be found in /etc/MailScanner/reports/en/languages.conf (for the language "en"). Ensure the file contains the following:
# Used in MCP checks MCP = MCP MCPSpamAssassin = MCP-Checker MCPnotspam = MCP-Clean MCPspam = MCP-Trapped MCPblacklisted = MCP-Blacklisted MCPwhitelisted = MCP-Whitelisted MCPsadisabled = MCP disabled MCPsanoheaders = MCP Message had no headers MCPsatimedout = MCP timed out
There are 3 patches you need to apply to your copy of SpamAssassin for MCP to be able to examine non-text attachments such as Microsoft Word documents. Without these patches, it is only be able to examine text and HTML sections of email messages.
You need to find your copy of SpamAssassin. You can usually find it with one of these commands:
In that directory, you should find some files, including Conf.pm and PerMsgStatus.pm.
If you are not sure which version of SpamAssassin you have installed, then run this command:
Once you know the version you have, it should be 2.63-2.64, 3.0.4 or 3.1.0. If it is less than 3.0 then I suggest you upgrade to 3.0 if you want to use this feature. If it is more than 3.1.0 then please contact me and request an update for these patches.
Once that is done, and you have stopped and restarted MailScanner, the MCP features will be able to check inside non-text attachments to messages.
There is a very simple sample rule file in /etc/MailScanner/mcp/*.cf which shows you the basic syntax so you can test the system is working properly. Read the output of "man Mail::SpamAssassin::Conf" for full details of the syntax of the rules you can add. You can place rules in the /etc/MailScanner/mcp directory with any filename that ends in ".cf".