System and method of electronic mail filtering using interconnected nodes
First Claim
1. A method of filtering electronic mail messages, comprising the steps of:
- defining a plurality of nodes, wherein each node identifies an operation and wherein one of the nodes is a filter node which identifies messages to filter;
interconnecting nodes from the plurality of nodes such that the interconnected nodes describe a security policy; and
reassembling an electronic mail message from two or more packets;
passing the electronic mail message through the filter node, wherein the step of passing an electronic mail message through the filter node includes the steps of;
determining if the electronic mail message is one which is to be filtered;
if the electronic mail message is identified as to be filtered, processing the electronic mail message through one or more filter flows; and
otherwise delivering the electronic mail message without filtering.
7 Assignments
0 Petitions
Accused Products
Abstract
A system and method for filtering electronic mail messages is described. A message is received an processed through a one or more filter flows. Each filter flow is comprised of one or more self-contained nodes which can be combined in whatever order is required to enforce a given security policy. Node independence provides a policy-neutral environment for constructing filter flows. A filter flow may be as simple as forwarding the mail to the intended recipient, or may perform one or more checks where it decides whether to forward, reject, return (or some combination thereof) the message. Certain node types are also able to append information on to a mail message, while others are able to modify certain parts of a mail message. Several of the node types are able to generate audit or log messages in concert with processing a mail message.
566 Citations
27 Claims
-
1. A method of filtering electronic mail messages, comprising the steps of:
-
defining a plurality of nodes, wherein each node identifies an operation and wherein one of the nodes is a filter node which identifies messages to filter; interconnecting nodes from the plurality of nodes such that the interconnected nodes describe a security policy; and reassembling an electronic mail message from two or more packets; passing the electronic mail message through the filter node, wherein the step of passing an electronic mail message through the filter node includes the steps of; determining if the electronic mail message is one which is to be filtered; if the electronic mail message is identified as to be filtered, processing the electronic mail message through one or more filter flows; and otherwise delivering the electronic mail message without filtering. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for filtering electronic mail, comprising:
-
means for receiving electronic mail messages, including a first electronic mail message, from one or more sources; an analysis module, for determining whether to filter the first electronic mail message, wherein the analysis module includes; node defining means for defining a plurality of nodes, wherein each node identifies an operation and wherein two of the nodes are filter nodes wherein each filter node includes a filter, for analyzing characteristics of the first electronic mail message; and one or more terminals, including a first terminal, wherein each terminal is connected to a node and wherein the first terminal is connected to one of the filter nodes in order to deliver the first electronic mail message to one or more destinations. - View Dependent Claims (11)
-
-
12. A method of managing a filter map, comprising the steps:
-
identifying one or more nodes to be included in the map, wherein each node defines an operation to be performed on an electronic mail message, wherein the step of identifying includes the step of defining a security policy; defining an order in which operations are to be performed on the electronic mail message; graphically positioning each of the one or more nodes according to the defined order; and graphically identifying connections between the nodes as a function of one or more routing paths available from any one node.
-
-
13. A method for constructing an electronic mail filter having one or more message routing paths, comprising the steps:
-
identifying a policy describing the one or more message routing paths; defining a plurality of filter nodes for analyzing electronic mail messages; defining a plurality of modifier nodes for modifying electronic mail messages; defining one or more terminal nodes for delivering electronic mail messages and other electronic information; and interconnecting the plurality of filter nodes, modifier nodes and terminal nodes so as to implement the policy.
-
-
14. An electronic mail system, comprising:
-
a mail filter having a plurality of filter objects, wherein the filter objects are arranged in a flow which enforces a security policy; and a mail delivery agent connected to the mail filter, wherein the mail delivery agent receives an electronic mail message and routes the electronic mail message based on a mail filter policy, wherein the mail filter policy determines mail to queue and mail to pass on; wherein the mail filter retrieves electronic mail messages queued by the mail delivery agent and filters the retrieved electronic messages according to the security policy. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method of filtering electronic mail messages, comprising the steps of:
-
providing a plurality of node types; defining a security policy wherein defining includes specifying an order in which the plurality of node types are to be connected; connecting the plurality of node types according to the security policy; receiving an electronic mail message; and
analyzing the electronic mail message as a function of the security policy. - View Dependent Claims (24, 25)
-
-
26. An electronic mail filter, comprising:
-
an analysis module for analyzing an electronic mail message, wherein the analysis module includes; node defining means for defining a plurality of nodes, wherein each node identifies an operation and wherein one of the nodes is a filter node which identifies messages to filter; and interconnecting means for interconnecting nodes from the plurality of nodes such that the interconnected nodes describe a security policy; and an output module, connected to the analysis module, for generating a plurality of output messages, wherein one of the plurality of messages is generated as a function of analysis of the electronic mail message by the analysis module. - View Dependent Claims (27)
-
Specification