Name

Lets you provide a unique name for the content filtering rule that you can easily identify in the list of rules and in reports in the event log.

Description

Lets you provide a unique description for the content filtering rule. The description should provide enough detail to remind you what the rule is configured to detect.

Message part to scan

Lets you specify the part of the email message that you want Mail Security to scan for violations.

Use the Message part to scan drop-down list to choose from the following message parts:

Apply rule to

Lets you specify the messages to which you want the rule to apply. You can choose to apply the rule to any combination of inbound, outbound, or internal messages. You must select at least one of these options.

The default setting is Internal messages.

The Apply rule to element only applies to Auto-Protect scanning. Manual and scheduled scans automatically scan internal messages.

See Specifying inbound SMTP domains

Match type

Lets you determine how words and phrases in the Content list and Unless list are interpreted.

The Match Type options are as follows:

Options

Lets you select from the following match options:

Content Pane

Contains

Lets you specify the Contains condition for a content filtering rule.

The Contains conditions are as follows:

The Equals and Does not equal options only apply to the Subject, Sender, and Attachment Name message parts.

Add match list

Lets you specify a match list to use in your content filtering rule. You can also create a new match list or edit an existing match list.

Using a match list in content filtering rule is optional.

See About match lists.

Match any term

Lets you evaluate the specified message part for any term that is contained in the Content list.

For example, assume that the Content list contains the terms: free, confidential, and money. If Mail Security detects any one of these terms in the specified message part, it triggers a violation.

Match all terms

Lets you evaluate the specified message part for all of the terms that are contained in the Content list.

The Match all terms option is only available to use with the terms in the Content list.

For example, assume that the Content list contains the terms: free, confidential, and money. Mail Security must detect all of these terms in the specified message part to trigger a violation.

The Match all terms option is not available when the message part to scan is Any Part.

Template

Lets you add a template to your content filtering rule. You can edit an existing template but cannot create a new template or delete an existing one. You can add a single template to a content filtering rule.

Using a template in a content filtering rule is optional.

See About content filtering policy templates.

Content list

Lets you specify the words or phrases for which you want to evaluate the specified message parts.

The format of the terms that you type in the Content list should mirror that of the match type that you select. For example, if you select literal string from the match type list, format your Content list entries as literal strings.

Attachment size is

Lets you specify Attachment size is as a condition of the content filtering rule. The Attachment size is option can be applied to all message parts to scan, except message body. You can also use Attachment size is by itself if you want Mail Security to detect attachments of a certain size.

When you select the sender or subject message parts and the Match any term or Match all terms conditions, the rule action is applied to the message or the attachment based on the violation that is detected.

For example, assume that you have specified Sender, chosen the Match any term condition, and specified the Attachment size is as = 2MB. Since Mail Security scans messages in parts, if there is a Sender match, dispositions are applied to the message body and the attachment. If the attachment size is the only match, the disposition only applies to the attachment.

Assume for the same example that you change the condition to Match all terms. Mail Security applies a disposition to the attachment only if it detects all of the terms in the Content list AND the specified attachment size.

Unless Pane

Contains

Lets you specify the Contains condition for a content filtering rule.

The Contains conditions are as follows:

The Equals and Does not equal options apply only to the Subject, Sender, and Attachment Name message parts.

Add match list

Lets you specify a match list to use in your content filtering rule Unless condition. You can also create a new match list or edit an existing match list.

Using a match list is optional.

See About match lists.

Unless list

Lets you create exceptions to content filtering rules. You can add words and phrases to the Unless list which Mail Security evaluates as exceptions to the content filtering rule.

All entries in the Unless list are automatically designated with the Match any term (OR condition) option.

The format of the terms that you type in the Unless list should mirror that of the match type that you select. For example, if you select Literal string from the Match Type menu, you should format your Unless list entries as literal strings.

Or attachment size

Lets you specify Attachment size is as a condition of the content filtering rule. The Attachment size is option can be applied to all message parts to scan, except message body. You can also use Attachment size is by itself if you want Mail Security to detect attachments of a certain size.

When you select the sender or subject message parts, the rule action is applied to the message or the attachment based on the violation that is detected. (All Unless conditions are applied as OR conditions between the message part and the attachment.) And the Match any term condition always applies to all Unless conditions.

For example, assume that you have specified Sender and specified the Attachment size is as = 2MB. Since Mail Security scans messages in parts, if there is a Sender match, dispositions are applied to the message body and the attachment because "Match any term" makes this rule an OR condition. However, if the attachment size is the only match, the disposition only applies to the attachment.