MCP checks

Peter H. Lemieux mailscanner at replies.cyways.com
Mon Sep 19 20:37:51 UTC 2016 

# this contains the usual list of addresses to check or not to check
MCP Checks = /etc/MailScanner/rules/mcp_checks.rules

First Check = MCP

MCP Required SpamAssassin Score = 5
MCP High SpamAssassin Score = 9
MCP Error Score = 1

# we use "PHI" for "patient health information"
MCP Header = X-XXCHC-PHI-Monitor:
Non MCP Actions = deliver

MCP Actions = store-nonmcp
High Scoring MCP Actions = store-mcp
Bounce MCP As Attachment = no

MCP Modify Subject = no
MCP Subject Text =
High Scoring MCP Modify Subject = no
High Scoring MCP Subject Text = {PHI}

Is Definitely MCP = no
Is Definitely Not MCP = no
Definite MCP Is High Scoring = no
Always Include MCP Report = yes
Detailed MCP Report = yes
Include Scores In MCP Report = yes

In /etc/MailScanner/mcp I have rulesets like this one:

File: /etc/MailScanner/mcp/20_Numbers_and_Codes.cf

### Patient Identification Codes

header      SUBJ_XXID1      Subject =~ /\b005[4-8]\d{4}\b/
describe    SUBJ_XXID1      XXCHC Patient ID with 0054-8 in Subject Header
score       SUBJ_XXID1      10

header      SUBJ_XXID2      Subject =~ /\b1005[89]\d+\b/
describe    SUBJ_XXID2      XXCHC Patient ID with 10058-9 in Subject Header
score       SUBJ_XXID2      10

header      SUBJ_XXID3      Subject =~ /\b1006[0123]\d+\b/
describe    SUBJ_XXID3      XXCHC Patient ID with 10060-63 in Subject Header
score       SUBJ_XXID3      10

header      SUBJ_XXID4      Subject =~ /\b00000\d{3}\b/
describe    SUBJ_XXID4      Possible XXCHC Patient ID in Subject Header
score       SUBJ_XXID4      5

# They use some pretty generic patient IDs like 00001234.
header      SUBJ_XXID5      Subject =~ /\b0000\d{4}\b/
describe    SUBJ_XXID5      Possible XXCHC Patient ID in Subject Header
score       SUBJ_XXID5      5

header      SUBJ_SSN1       Subject =~ /\b\d{3}-\d{2}-\d{4}\b/
describe    SUBJ_SSN1       Likely Social Security Number in Subject Header
score       SUBJ_SSN1       10

[etc.]

A score of ten results in the message being quarantined and a notice 
sent to the administrator and the message sender.  A score of five sends 
notices but permits the message to be sent to its recipient.

Hope this helps, Jerry!

Peter



On 09/19/2016 03:21 PM, Jerry Benton wrote:
> What do your settings look like?
>
>
> -
> Jerry Benton
> www.mailborder.com
> +1 - 844-436-6245
>
>
> -----Original Message-----
> From: Peter H. Lemieux <mailscanner at replies.cyways.com>
> Reply: MailScanner Discussion <mailscanner at lists.mailscanner.info>
> Date: September 19, 2016 at 3:18:27 PM
> To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
> Subject:  Re: MCP checks
>
>> I do, but I'm using 4.85,2. We use MCP at a health center to intercept
>> outbound messages that may contain "patient health information" as
>> defined by the US HIPAA laws. Works as advertised.
>>
>> I haven't tried version 5 yet so I can't help with that.
>>
>> Peter
>>
>>
>> On 09/19/2016 02:51 PM, Jerry Benton wrote:
>>> Anyone using MCP? I can’t seem to get it to fire on any rules, but the
>>> same rules will fire in regular spamassassin checks.
>>>
>>>
>>> -
>>> Jerry Benton
>>> www.mailborder.com
>>> +1 - 844-436-6245
>>>
>>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>
>
>

More information about the MailScanner mailing list