Customise Actions

Use this feature to create custom actions to be taken against specific types of message. For example, for messages that receive a specific classification (a specific main class, sub class and extra class combination), to treat them in a non-system default manner, accept Phish messages.

Creating custom actions here can cause major changes in mail handling and may expose users to dangerous messages.

Add rules manually or use the Add Customised Action Using Log Search to apply an action change to messages.

  1. Login to Spam Experts to the Admin or Domain Level Control Panel select Incoming - Protection Settings > Customise actions
  2. Use the Query Rules panel to filter existing customised actions and click Show Results to display matches

Add Customised Action

  1. Click + Add at the top of the page to open the Add a new custom action for emails dialog

  2. Fill in the following fields:
    • Domain (only displayed at the Admin Level) - Select the domain to apply custom action to

      • This will not display if you are already logged in as the Domain level user.

    • Order - the order number you want this rule to be placed in e.g. 1 to run this rule as a top priority over other rules
    • Main class rule (optional) - The log search results show the main class e.g. phish
    • Sub class rule (optional) - Further restrict the rule e.g. spf
    • Extra class rule (optional)- Further restrict the rule if required

      The main, sub, and extra classes are regular expressions which allow you to match more than one class with a single custom action.

    • Action:
      • Permanently reject - message will be permanently rejected and will not be quarantined
      • Quarantine - message will be quarantined (550 SMTP response code)
      • Accept - message will be accepted by the filter
      • Accept and notate spam - message will be accepted and delivered to the recipient, with the subject being notated as a spam message
      • Blackhole - message will be dropped without informing the sender
      • Accept and notate - message will be accepted and delivered to the recipient, with the subject being notated
      • Temporary reject - message will be temporarily rejected and will not be quarantined
      • Fake Accept - message will be quarantined but the sender will not be informed (250 SMTP response code)
      • Quarantine (hidden) - message will be quarantined but cannot be released (550 SMTP response code)
    • Notation - This is to be filled in only if using the Accept and Notate action and will be the text added to the subject when delivered
  3. Click Save

It is much quicker and easier to add these new rules using the Log Search. See Add Customised Action Using Log Search.

Examples:

These are purely examples of how you can deal with questionably mail you receive and should not be applied to your system blindly.

If you wish for all messages where the Main Class has been determined to be Spam to be permanently rejected:

If you wish for all messages where the Main Class has been determined to be Spam due to an heuristic issue within the EHLO to be permanently rejected:

If you wish for all messages where the Main Class has been determined to be Spam due to an invalid recipient to be fake accepted:

Edit

  1. In the Admin or Domain Level Control Panel select Incoming - Protection Settings > Customise actions
  2. Find the action to edit
  3. Click the dropdown arrow to the left of the action
  4. Select Edit
  5. The Edit custom action window will be displayed where you can edit the following fields:
    • Domain (only displayed at the Admin Level) - Select the domain to apply custom action to

      • This will not display if you are already logged in as the Domain level user.

    • Order - the order number you want this rule to be placed in e.g. 1 to run this rule as a top priority over other rules
    • Main class rule (optional) - The log search results show the main class e.g. phish
    • Sub class rule (optional) - Further restrict the rule e.g. spf
    • Extra class rule (optional)- Further restrict the rule if required

      The main, sub, and extra classes are regular expressions which allow you to match more than one class with a single custom action.

    • Action:
      • Permanently reject - message will be permanently rejected and will not be quarantined
      • Quarantine - message will be quarantined (550 SMTP response code)
      • Accept - message will be accepted by the filter
      • Accept and notate spam - message will be accepted and delivered to the recipient, with the subject being notated as a spam message
      • Blackhole - message will be dropped without informing the sender
      • Accept and notate - message will be accepted and delivered to the recipient, with the subject being notated
      • Temporary reject - message will be temporarily rejected and will not be quarantined
      • Fake Accept - message will be quarantined but the sender will not be informed (250 SMTP response code)
      • Quarantine (hidden) - message will be quarantined but cannot be released (550 SMTP response code)
    • Notation - This is to be filled in only if using the Accept and Notate action and will be the text added to the subject when delivered
  6. Click Save

Remove

  1. In the Admin or Domain Level Control Panel select Incoming - Protection Settings > Customise actions
  2. Find the action to delete
  3. Click the dropdown arrow to the left of the action
  4. Select Remove
  5. Confirm the removal of the custom action by clicking Remove