Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 0 subscribers
  • Views 21217 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Return receipts being quarantined?

mrdky

Hello all, I wanted to get some feedback if anyone is having this issue, but a lot of our users have been having their return receipts quarantined.  I checked the logs and they are being quarantined as suspect attachments.  We are running puremessage 5.5.6 on our edge servers and handing off to Exchange.  

Thanks

:570


This thread was automatically locked due to age.
Parents
  • 0

    Hi markJD, its actually not tripping h statements.  It is getting flagged by one of our siv rules.  Here was the message log rule hits.  I also attached a piece of our siv.  My theory is it could be getting flagged by Sophos true file detection?

    2010-01-04T12:52:34 q=4B4238F2_12377_381_1 f=<someone@somedomain.com> t=<mrky@mydomain.com> external pmx_action=quarantine,-,-,mrky@mydomain.com,mrky@mydomain.com external_inbound_suspect_attachment vs fur=74.47.47.32 Size=7362 r=somebox.somedomain.com tm=0.15 a=d/eom

     # attr NAME=Quarantine mail containing suspicious attachments

        if pmx_suspect_attachment :tft {

            pmx_quarantine "suspect";

            pmx_mark1 "external_inbound_suspect_attachment";

            pmx_notify :recipients :file "/opt/pmx/etc/templates/en/virus.d/suspect.tmpl";

            stop;

        }

    Thanks for the help

    :619
Reply
  • 0

    Hi markJD, its actually not tripping h statements.  It is getting flagged by one of our siv rules.  Here was the message log rule hits.  I also attached a piece of our siv.  My theory is it could be getting flagged by Sophos true file detection?

    2010-01-04T12:52:34 q=4B4238F2_12377_381_1 f=<someone@somedomain.com> t=<mrky@mydomain.com> external pmx_action=quarantine,-,-,mrky@mydomain.com,mrky@mydomain.com external_inbound_suspect_attachment vs fur=74.47.47.32 Size=7362 r=somebox.somedomain.com tm=0.15 a=d/eom

     # attr NAME=Quarantine mail containing suspicious attachments

        if pmx_suspect_attachment :tft {

            pmx_quarantine "suspect";

            pmx_mark1 "external_inbound_suspect_attachment";

            pmx_notify :recipients :file "/opt/pmx/etc/templates/en/virus.d/suspect.tmpl";

            stop;

        }

    Thanks for the help

    :619
Children
No Data
Unfiltered HTML