<bypass/><header/>

A training bypass header directive describes a header that might be found in a message. If that header is found then the directive is activated and GBUdb training is temporarily turned off for that message.

The following example is usually commented out in the default configuration file. The example describes a fictional spam reporting address where a system's users might forward spam. In such a case, we would not want GBUdb to learn the customer's IP addresses as spam sources:

<header name='To:' find='spam@example.com'/> 

The name='To:' attribute describes the name of the header to inspect (if it exists). In this case we're looking for the To header. Note that by default the first instance of the header (ordinal 0) is assumed.

The find='spam@example.com' attribute describes a string that must be found in the header in order for the header directive to be activated. In this case, the directive will be activated if the first To header contains our fictional spam reporting address (spam@example.com).

Another example might be a directive to bypass training for a problematic or perhaps a friendly SMTP client. In the case of a friendly host, you may wish to use a drilldown header directive which would allow GBUdb to look past that host to IP sources on the other side by treating the host as infrastructure. In this case, using a bypass header directive disables GBUdb training when the host is recognized so that GBUdb will be inert when messages are received from the host.

We use the bypass feature in this fictional case because we don't want GBUdb to identify any IP source beyond "friendlyhost.com". We simply want GBUdb turned off for messages from friendlyhost.com. We've also described this fictonal case presuming we have an intervening gateway between the SNF scanning system and our friendly host. We use ordinal 1 to search for our friendly host because we expect that the Received header at ordinal 0 (the top header) will represent the interventing gateway.

<header name='Received:' ordinal='1' find='friendlyhost.com'/>

The name='Received:' attribute establishes that we are looking for a Received header.

The ordinal='1' attribute establishes that we are looking for the second (ordinal 1) such header. In this case, we're looking for a Received header but if we were looking for a header of any other name then we would still be looking for the second instance of that header.

The find='friendlyhost.com' attribute establishes that we must find the string friendlyhost.com in order to activate this directive.

Please email support@armresearch.com with any questions.

Related Topics