This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PureMessage Exchange DAG - double quarantine spam digest?

Hey,

 

we're using PMEX on a DAG environment. We have two server with PMEX installed in a clusted composite. 

Is there a way that we only receive one spam digest e-mail in which we can release messages from both servers?

 

Right now we got two spam digest e-mails from Exchange01 and Exchange02. Messages which arrived by Exchange01 can't be released by the spam digest e-mail gererated from Exchange02.

 

Thanks for your help.



This thread was automatically locked due to age.
Parents
  • I have the exact same issue, Puremessage 4 latest version on Exchange 2016, 2 brand new servers, separate remote SQL server. Clustering for puremessage working fine, can see all servers in the console, but receive 2 separate quarantine emails for each server. The quarantine files are replicated between the two servers I can see all the quarantine files for both servers in the single DFS replicated directory, yet the web digest only shows emails relating to the server the web request is directed to. In the puremessage console all the spam emails for all servers can be seen in one place.

     

    Any one have a fix for this, I've had a request open with Sophos for over a month now and still no response other than having to email them some SDU logs. Shockingly bad service.

  • sounds like the db requirement is not met .. have a quick look here.. chapter 13:

    https://docs.sophos.com/msg/pme/4-0-4/help/en-us/pdf/pme_sg.pdf

     

    In short you may have a cluster, however it sounds like you have separate sql lites on each box.. so they are scanning 2 databases instead of a shared db that would normally be used with a pmex cluster.

    I'm guessing you installed to edge servers in front of your mail box server?

     

    once the cluster is using the same database then your digest should work fine.. otherwise each member will scrape its local database for mail between X and Y time. 

  • Still no response from Support, can you step in at all, this is taking ages to resolve.

  • I made some notes in the case on your behalf Ben, I apologize for any delays.. currently the case is queued in the escalations queue.  I requested that someone get in touch with you asap.

     

    Regards.

  • Hey Ben,

    Did you ever get this fixed?  We seem to have the exact same issue with an Exchange 2016 DAG.

  • Afraid not. I had a support ticket open and was supposed to be running some debug on SQL but I never got around to doing it and my case was closed. It still doesn't work properly. If you find a solution with Sophos please update here.

  • Hey Ben,

    I opened a support ticket and the answer from the support agent is:


    "I've received a response from the Global Escalations team, it isn't doable unfortunately. Puremessage produces one email per server. It is not possible to merge these into one email."

     

    So I'm guessing its not possible.

    Regards

  • Hi SysAdmin,

     

    Sorry I don't buy this, sounds like you were fobbed off. I got quite far up the escalation process and was told this should have worked.

    Why on earth would puremessage collect all spam entries in one database, and also DFS replicate all the spam messages between all cluster members, if then the end user can only see and manage emails on one server.

    What happens in a cluster of 10 servers all receiving inbound mail? Is the user expected to to receive 10 separate emails and manage them all. I don't think so.

     

    I may revisit this with Sophos one day, but the answer you received sounds like nonsense to me.

     

    Thanks.

  • In addition, all the entries of all servers can be viewed in the console as a single list and can all be managed, why wouldn't the end users be able to do the same? If that really is the case this software is not fit for purpose in my opinion.

  • Hi  

    I have checked this with our global escalation team, unfortunately, the feature you are looking for is not available as each server will send a digest email as soon as there is a message in quarantine. Apologies for the inconvenience caused.

    Shweta

    Community Support Engineer | Sophos Technical Support
    Support Videos | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

     

  • Hi Shweta,

    Thank you for the reply. However I have to disagree. A digest email is sent once per day rather every time a message enters the quarantine. I also would expect the global escalation team to have given some explanation why we (administrators) can see the entire quarantine across all servers, but not for the end-users. This makes no sense at all. Why go to all the bother of developing software that can combine data (all held in a central database), and replicate all failed suspected spam messages across ALL servers, to then only present the ones held on one server to the end user. And on top of that send multiple emails to end users if more than one Exchange server exists.

    If this really is the case, yours software is total rubbish and you need to redevelop it. It's been the same since 2013.

    Also I would note that your Puremessage for Unix does this (i.e combines quarantine emails from multiple servers for end users to digest). It does exactly what the software for Windows (Exchange) should do. Perhaps you can get an answer from a developer rather than 1st line global.

    Thanks.

Reply
  • Hi Shweta,

    Thank you for the reply. However I have to disagree. A digest email is sent once per day rather every time a message enters the quarantine. I also would expect the global escalation team to have given some explanation why we (administrators) can see the entire quarantine across all servers, but not for the end-users. This makes no sense at all. Why go to all the bother of developing software that can combine data (all held in a central database), and replicate all failed suspected spam messages across ALL servers, to then only present the ones held on one server to the end user. And on top of that send multiple emails to end users if more than one Exchange server exists.

    If this really is the case, yours software is total rubbish and you need to redevelop it. It's been the same since 2013.

    Also I would note that your Puremessage for Unix does this (i.e combines quarantine emails from multiple servers for end users to digest). It does exactly what the software for Windows (Exchange) should do. Perhaps you can get an answer from a developer rather than 1st line global.

    Thanks.

Children