Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 0 subscribers
  • Views 21219 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Return receipts being quarantined?

mrdky

Hello all, I wanted to get some feedback if anyone is having this issue, but a lot of our users have been having their return receipts quarantined.  I checked the logs and they are being quarantined as suspect attachments.  We are running puremessage 5.5.6 on our edge servers and handing off to Exchange.  

Thanks

:570


This thread was automatically locked due to age.
Parents
  • 0

    Hey mrdky,

    Could you post the message_log output for one of these types of messages?  It would be easier for us to help you troubleshoot if we see which rules these are hitting on.

    Here is an example entry from the message log located at /opt/pmx/var/log/message_log:

    2009-12-30T11:49:37 q=4B3BAED1_10419_61_4 f=<10fi@duvall.cc> t=<test747@science.cutter.red.sophos> Size=17923 pmx_reason=Spam g=test747@science.cutter.red.sophos|science b=ok h=URI_CLASS_ABS_DOMAIN h=CANPHARM_4PILLS h=CANPHARM_CN_IMGTBL_NOMSGID h=CANPHARM_PATTERN_CN h=CANPHARM_FROM_PATTERN h=CANPHARM_CN_TLD_HREF h=CANPHARM_PATTERN h=CTYPE_JUST_HTML h=CN_TLD h=CN_TLD_HREF_URI h=TO_IN_SUBJECT h=HTML_70_90 h=FROM_SAME_AS_TO h=MSGID_ADDED_BY_MTA h=BODY_SIZE_2000_2999 h=BODY_SIZE_5000_LESS h=__URI_CLASS_ANY s=?q?Personal_75%_OFF_to_rm4dd@striker.ottawa.on.ca._Pfizer. pmx_action=quarantine,Spam,science,test747@science.cutter.red.sophos,test747@science.cutter.red.sophos vs p=1.000 fur=127.0.0.1 r=localhost tm=0.76 a=d/eom

    Once we look at the h= statements, we can determine which rule is triggering so heavily that it quarantines the message.

    Thanks!

    :595

Reply
  • 0

    Hey mrdky,

    Could you post the message_log output for one of these types of messages?  It would be easier for us to help you troubleshoot if we see which rules these are hitting on.

    Here is an example entry from the message log located at /opt/pmx/var/log/message_log:

    2009-12-30T11:49:37 q=4B3BAED1_10419_61_4 f=<10fi@duvall.cc> t=<test747@science.cutter.red.sophos> Size=17923 pmx_reason=Spam g=test747@science.cutter.red.sophos|science b=ok h=URI_CLASS_ABS_DOMAIN h=CANPHARM_4PILLS h=CANPHARM_CN_IMGTBL_NOMSGID h=CANPHARM_PATTERN_CN h=CANPHARM_FROM_PATTERN h=CANPHARM_CN_TLD_HREF h=CANPHARM_PATTERN h=CTYPE_JUST_HTML h=CN_TLD h=CN_TLD_HREF_URI h=TO_IN_SUBJECT h=HTML_70_90 h=FROM_SAME_AS_TO h=MSGID_ADDED_BY_MTA h=BODY_SIZE_2000_2999 h=BODY_SIZE_5000_LESS h=__URI_CLASS_ANY s=?q?Personal_75%_OFF_to_rm4dd@striker.ottawa.on.ca._Pfizer. pmx_action=quarantine,Spam,science,test747@science.cutter.red.sophos,test747@science.cutter.red.sophos vs p=1.000 fur=127.0.0.1 r=localhost tm=0.76 a=d/eom

    Once we look at the h= statements, we can determine which rule is triggering so heavily that it quarantines the message.

    Thanks!

    :595

Children
No Data
Unfiltered HTML