The default inbound conditional rules that are supplied by CMS can be seen below in the opening screen of the Praetor administration immediately after installing the software.
Rules list
These rules can be divided into different types, which are ordered below in increasing theoretical processing time.
A Global rule is a rule that has no condition placed on it, just one or more actions that are applied to the message depending on the direction: inbound to the LAN recipients or outbound to the Internet. The selected action will always be performed based upon Praetor's determination of the message direction.
For efficiency and safety reasons, there are only three optional actions that can be applied, with two that involve the addition of text to the message.
PREPEND to insert text before the original message body,
APPEND to insert text after the original message body, and
ARCHIVE to save a copy of the message in the Praetor Archive sub-directory.
FORWARD message copy to an email address.
Global rules take precedence over normal rules and are the first items to be executed by Praetor's scripting engine. Thus these actions occur before any others found in conditional rules.
These are some of the rules formulated after profiling countless spam samples. They require no maintenance by the administrator, as they are completely self-sufficient, testing for the existence of certain message header fields or comparing one field with the value found in another.
A few examples of such rules that are available by default include tests for:
when the sender and recipient addresses are identical
when the From field is blank or non-existent
when the To and Cc fields are blank or non-existent
when the Message-ID field is missing
These are relatively quick string comparisons on a given message header field. The strings are entered via a dialog box shown below.
Also, this type of rule typically has a small number of different strings, and thus those strings can be listed in the details of the rules shown in the bottom window.
Rules of this type have to search a pre-defined list that may contain a large number of strings. Thus a rule that involves any of these lists are of this rule type.
The pre-defined lists are for:
approved and suspicious domains
approved and suspicious sender addresses
banned recipient addresses
banned subject
banned body text
banned and suspicious attachment names
The strings in the list are entered through the dialog box that appears after clicking the underlined list name within the rule details (lower) window.
Praetor has one other variation of a pre-defined list, one without selection checkboxes. These apply to the last three pre-defined lists for banned subject, body text, and suspicious attachment names.
For more information on list searching, click here.
A few rules may involve external sources of information needed to perform its function. A good example of this is any rule that queries on a DNS server to verify the existence of a domain name. Depending on the response time from the DNS server, this rule may take a long time to complete.
The slowest response time is for domains that are non-existent, typically evident in spam messages that most sites fortunately still find in the minority. The reason for the slow DNS server response time is that typically your ISP's server will not have the fictitious domain name cached. Thus it needs to pass the query on to the next higher domain authority, possibly reaching the top-level DNS server.
For valid domain names, the probability is good that your ISP DNS server has the information needed. Thus the response times for these domain names will be much quicker.