<< Click to Display Table of Contents >> Navigation: Event and Object Analysis > Capture Results Filtering > Filtration Basics > Rules > Criteria and Conditions > FROM, TO, CC, BCC, ADDRESS, SUBJECT Condition |
Checks the value of one of the following fields: from, to, cc, bcc, subject, address.
Description
This condition checks if the value of the field contains a substring or matches a pattern or a regular expression.
from
Checks the FROM (sender address) field
to
Checks the TO (recipient address) field
cc
Checks the СС field
bcc
Checks the BCC field
address
Checks all address fields (from, to, cc, bcc) If a match is found in any field, the condition is considered true.
subject
Checks the SUBJECT field
Format
<c name="from" op="<operation>" value="<compare pattern>" />
<c name="to" op="<operation>" value="<compare pattern>" />
<c name="cc" op="<operation>" value="<compare pattern>" />
<c name="bcc" op="<operation>" value="<compare pattern>" />
<c name="subject" op="<operation>" value="<compare pattern>" />
<c name="address" op="<operation>" value="<compare pattern>" />
The "name" attribute:
The name attribute specifies the name of the condition: name="from", name="to", name="cc", name="bcc", name="subject" or name="address"
The "op" attribute:
The op="..." attribute specifies the type of the comparison operation and may have the following values:
"eq", = or ==
The condition is considered true if the field value CONTAINS the specified value
"ne", != or <>
The condition is considered true if the field value DOES NOT CONTAIN the specified value
"wc" or "wildcard"
The condition is considered true if the field value matches the specified wildcard pattern
"re", "regex" or "regexp"
The condition is considered true if the field value matches the specified regular expression
The "value" attribute:
The value="..." attribute specifies a string or a pattern to match the value.
Example:
<c name="from" op="eq" value="xxx@mail.ru" />
The condition is considered true if the message FROM field contains "xxx@mail.ru".
<c name="to" op="!=" value="xxx@mail.ru" />
The condition is considered true if the message TO field contains "xxx@mail.ru".
<c name="cc" op="wc" value="*@mail.ru" />
or
<c name="cc" op="wildcard" value="*@mail.ru" />
The condition is considered true if the message CC filed matches "*@mail.ru" pattern.
<c name="address" op="re" value=".+@mail.ru" />
or
<c name="address" op="regexp" value=".+@mail.ru" />
The condition is considered true if any address field (FROM, TO, CC or BCC) of the message matches the "+@mail.ru" regular expression.
<c name="subject" op="re" value=".*((badword1)|(badword2)|(badword3)).*" />
The condition is considered true if the message subject matches the ".*((badword1)|(badword2)|(badword3)).*" regular expression.
In other words, the condition is considered true if the message subject contains any of badword1, badword2 or badword3.
<c name="subject" op="re"
value="(\+?\d([ \-\(])?\d{3}([ \-\)])?)?([ -])?((\d{7})|
(\d{3}([ \-])?\d{2}([ \-])?\d{2})|
(\d{2}([ \-])?\d{3}([ \-])?\d{2}))" />
The condition is considered true if the message subject contains a phone number(a string that matches the regular expression).
A phone number in this case may be in one of the following formats:
1234567
123 45 67
12 345 67
89031234567
8(903)1234567
8-903-123-45-67
8 903 123 45 67
+79031234567
+7(903)1234567
+7-903-123-45-67
+7 903 123 45 67
Example:
Continue processing messages from *@mail.ru address and drop all the rest.
<?xml version="1.0" encoding="utf-8"?>
<filter name="Message filter" version="1.0">
<comment>Message filter.</comment>
<table name="main">
<rule enabled="1">
<match>
<c name="address" op="wildcard" value="*@mail.ru" />
</match>
<action name="accept" />
</rule>
<rule enabled="1">
<action name="drop" />
</rule>
</table>
</filter>