Query Kerio Custom rules


2012/07/22

This script will query Kerio mailserver custom rules or list by type. Written for Linux or Mac, but partially useful on Windows with Perl or Cygwin.


Does your Kerio Connect mailserver have a large number of custom rules? I actually only have a half dozen or so on my server, but I have customers who have over 400! That's a lot of rules and it can become annoying to search through them if you are trying to understand why a particular piece of email was either rejected or let through.

First, let's be clear on when custom rules come into play. If you see "CUSTOM_" in the X-Spam-Status header, a custom rule was applied:


X-Spam-Status: No, hits=0.8 required=3.0 tests=AWL: -2.467,BAYES_00:
-1.665,CUSTOM_PERSON_RESPONSIBLE: 2, CUSTOM_TEXT_LINK:
1.5,CUSTOM_WEBMASTER: 1.5,HTML_MESSAGE: 0.001, TOTAL_SCORE:
0.869,autolearn=no
 

You CAN turn on Spamassasin Processing in the debug log and get details like this:

[22/Jul/2012 15:01:01][11730] {spam} Message from <[email protected]>
to <[email protected]> matched body SCORE (1.0) rule: "article"
test matched.

[22/Jul/2012 15:01:01][11730] {spam} Spam Filter: Custom spam rules
check finished, adding score 0.00

[22/Jul/2012 15:01:01][11730] {spam} Spam Filter: Message
500c4deb-000017c4 from <[email protected]> to <[email protected]>
got 0.00 hits, total spam score is -0.997
 

However, that only helps if you leave it on constantly and is useless for a message received while that debugging was not on.

By itself, the raw headers may not be enough information to let you figure out exactly which rule matched and pawing through hundreds of rules isn't much fun. That's where my little Perl script can help.

Note that this is just something I dashed off quickly this morning. I haven't tested it extensively and there are obvious improvements that could be made. Still, even as it is, you may find it useful.

The basic usage is:

customrulecheck.pl word1 word2 ..
 

The script will search through your Kerio Connect custom rules and look for matches to the words you provided. Note that just because it lists something doesn't mean that rule would match - this doesn't distinguish whether the actual rule looked at the To: header or anything else: it just matches the content.

If you simply do "customrulecheck.pl .", you'll get all your rules, which means that (on a Linux system) you can do things like:

checkcustomrules.pl  . | grep Allow | sort -k3
 

Which will give you a nicely sorted list of your "Allow" rules.

As I said, this is rough, but feel free to adapt it for your own needs.

#!/usr/bin/perl
use strict;
use warnings;
my ($foundrules,$in_item,$header,$content,$action,$display);
my @actions;
$actions[0]="Reject";
$actions[1]="Allow";
$actions[2]="Change score";
chdir("/opt/kerio/mailserver") or die "$! Can't find Keriodir";
open(I,"mailserver.cfg") or die "$! mailserver.cfg";
$foundrules=0;
$in_item=0;
while (<I>) {
 chomp;
 chop;
 $foundrules=1 if /<list name="HeaderFilter">/;
 $foundrules=0 if /<.list>/;
 next if not $foundrules;
 $in_item=0 if /<.listitem>/;
 if (not $in_item) {
 if ($header) {
   $header=~ s/<[^<]*>//g;
   $content=~ s/<[^<]*>//g;
   $action=~ s/<[^<]*>//g;
   $display="Header $header $content $actions[$action]";
   $display=~s/\s\s*/ /g;
   
   foreach(@ARGV) {
     chomp;
     print "Match $display  $_\n" if $_ =~ /$content/i;
     print "Match $display  $_\n" if $content =~ /$_/i;
   }
 }
    $header="";
    $content="";
    $action="";
 }
 $in_item=1 if /<listitem>/;
 next if not $in_item;
 $header=$_ if /variable name="Header">/;
 if (not $header and /<variable name="Type">/) {
    print "I'm confused - at $_\n";
    $in_item=0; next;
    }
 
  $content=$_ if /<variable name="Content">/;
  $action=$_ if /<variable name="Action">/;
}
 

As usual, use at your own risk, read and understand the code and all the rest..



Got something to add? Send me email.





(OLDER) <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Query Kerio Mailserver Custom rules


1 comment



Increase ad revenue 50-250% with Ezoic


More Articles by

Find me on Google+

© Anthony Lawrence







Mon Jul 23 12:28:11 2012: 11215   TonyLawrence

gravatar


If you DO turn debugging on and find the noise level a bit much, this can help:

(Linux, Mac, Cygwin)
cd to STORE/logs
cd to the store/logs directory and

grep "spam.*matched.*rule:" debug.log




------------------------
Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





I love deadlines. I love the whooshing noise they make as they go by. (Douglas Adams)

The computer is a moron. (Peter Drucker)








This post tagged: