Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8094
Views
0
Helpful
3
Replies

How to test the Central Spam Quarantine on M670?

Andres Bohren
Beginner
Beginner

‎04-29-2012 05:19 AM

Hi all,

We have two new Ironport C370. I want to test the Central SpamQuarantine on the M670.

How can i flag or tag a Message, so that this is transfered to the Central Spam Quarantine?

Is there a way with a Message Filer?

Regards

Andres

Labels:
0 Helpful
3 Replies 3

Andres Bohren
Beginner
Beginner

‎05-01-2012 01:55 PM

Hi all,

I have created an Incoming Content Filter
BOA_Quarantine  BOA_Quarantine: if (mail-from == a.bohren@somwhere.com) { insert-header("X-Ironport-Quarantine", "Quarantine"); }

i created a Inconming Mail Policy "test_SPAM_BOA" witch uses incoming Content Filter "BOA_Quarantine"  

And this is what is on the Message Tracking Log
01 May 2012 22:30:06 (GMT +02:00)  Message 6 matched per-recipient policy test_SPAM_BOA for inbound mail policies. 
01 May 2012 22:30:06 (GMT +02:00)  Message 6 scanned by Anti-Virus engine Sophos. Interim verdict: CLEAN 
01 May 2012 22:30:06 (GMT +02:00)  Message 6 scanned by Anti-Virus engine. Final verdict: Negative 
01 May 2012 22:30:06 (GMT +02:00)  Message 6 queued for delivery. 
01 May 2012 22:30:08 (GMT +02:00)  Remote procedure call connection (RCID 81) started for message 6 to local Spam Quarantine. 
01 May 2012 22:30:09 (GMT +02:00)  Message 6 quarantined in Spam Quarantine. 


Seems to be, that the Message goes to the Local Spam Quarantine instead of the Central Quarantine on M670. Any Ideas?

Regards Andres

0 Helpful

Andres Bohren
Beginner
Beginner
In response to Andres Bohren

‎05-02-2012 06:15 PM

Hi all,

I think i found the Answer

The local Quarantine on the C370 has to be disabled.

03 May 2012 02:43:35 (GMT +02:00)  Start message 8 on incoming connection (ICID 27). 

03 May 2012 02:43:35 (GMT +02:00)  Message 8 enqueued on incoming connection (ICID 27) from

A.Bohren@source.com

03 May 2012 02:43:35 (GMT +02:00)  Message 8 on incoming connection (ICID 27) added recipient (

andres.bohren@target.com

). 

03 May 2012 02:43:35 (GMT +02:00)  Message 8 contains message ID header '<

8B7839D15D4B244291456383B03369CC5DF6801C@ICESRV01.source.com>'

03 May 2012 02:43:35 (GMT +02:00)  Message 8 original subject on injection: Test SPAM 03.05.2012 02:41 

03 May 2012 02:43:35 (GMT +02:00)  Message 8 (7695 bytes) from

A.Bohren@source.com

ready. 

03 May 2012 02:43:35 (GMT +02:00)  Message 8 matched per-recipient policy test_SPAM_BOA for inbound mail policies. 

03 May 2012 02:43:35 (GMT +02:00)  Message 8 scanned by Anti-Virus engine Sophos. Interim verdict: CLEAN 

03 May 2012 02:43:35 (GMT +02:00)  Message 8 scanned by Anti-Virus engine. Final verdict: Negative 

03 May 2012 02:43:35 (GMT +02:00)  Message 8 queued for delivery. 

03 May 2012 02:44:35 (GMT +02:00)  (DCID 87) Delivery started for message 8 to

andres.bohren@target.com

to offbox Spam Quarantine 

03 May 2012 02:44:35 (GMT +02:00)  (DCID 87) Delivery details: Message 8 sent to

andres.bohren@target.com

delivered to external ISQ. 

03 May 2012 02:44:35 (GMT +02:00)  Message 8 to

andres.bohren@target.com received remote SMTP response 'ok: Message 4 accepted'.

03 May 2012 03:06:05 (GMT +02:00)  Start message 9 on incoming connection (ICID 28). 

03 May 2012 03:06:05 (GMT +02:00)  Message 9 enqueued on incoming connection (ICID 28) from

A.Bohren@source.com

03 May 2012 03:06:05 (GMT +02:00)  Message 9 on incoming connection (ICID 28) added recipient (

andres.bohren@target.com

). 

03 May 2012 03:06:06 (GMT +02:00)  Message 9 contains message ID header '<

8B7839D15D4B244291456383B03369CC5DF6805C@ICESRV01.corp.icewolf.ch>'

03 May 2012 03:06:06 (GMT +02:00)  Message 9 original subject on injection: SPAMTEST 03.05.2012 03:05 

03 May 2012 03:06:06 (GMT +02:00)  Message 9 (7693 bytes) from

A.Bohren@source.com

ready. 

03 May 2012 03:06:06 (GMT +02:00)  Message 9 matched per-recipient policy DEFAULT for inbound mail policies. 

03 May 2012 03:06:06 (GMT +02:00)  Message 9 encountered CASE down (1/10). Retry scanning in 12 seconds. 

03 May 2012 03:06:26 (GMT +02:00)  Message 9 scanned by Anti-Spam engine: CASE. Interim verdict: Positive 

03 May 2012 03:06:26 (GMT +02:00)  Message 9 scanned by Anti-Spam engine: CASE. Final verdict: Positive 

03 May 2012 03:06:26 (GMT +02:00)  Message 9 aborted: Dropped by CASE 

03 May 2012 02:43:35 (GMT +02:00)  Start message 8 on incoming connection (ICID 27). 
03 May 2012 02:43:35 (GMT +02:00)  Message 8 enqueued on incoming connection (ICID 27) from A.Bohren@source.com
03 May 2012 02:43:35 (GMT +02:00)  Message 8 on incoming connection (ICID 27) added recipient (andres.bohren@target.com). 
03 May 2012 02:43:35 (GMT +02:00)  Message 8 contains message ID header '<8B7839D15D4B244291456383B03369CC5DF6801C@ICESRV01.source.com>'
03 May 2012 02:43:35 (GMT +02:00)  Message 8 original subject on injection: Test SPAM 03.05.2012 02:41 
03 May 2012 02:43:35 (GMT +02:00)  Message 8 (7695 bytes) from A.Bohren@source.com ready. 
03 May 2012 02:43:35 (GMT +02:00)  Message 8 matched per-recipient policy test_SPAM_BOA for inbound mail policies. 
03 May 2012 02:43:35 (GMT +02:00)  Message 8 scanned by Anti-Virus engine Sophos. Interim verdict: CLEAN 
03 May 2012 02:43:35 (GMT +02:00)  Message 8 scanned by Anti-Virus engine. Final verdict: Negative 
03 May 2012 02:43:35 (GMT +02:00)  Message 8 queued for delivery. 
03 May 2012 02:44:35 (GMT +02:00)  (DCID 87) Delivery started for message 8 to andres.bohren@target.com to offbox Spam Quarantine 
03 May 2012 02:44:35 (GMT +02:00)  (DCID 87) Delivery details: Message 8 sent to andres.bohren@target.com delivered to external ISQ. 
03 May 2012 02:44:35 (GMT +02:00)  Message 8 to andres.bohren@target.com received remote SMTP response 'ok: Message 4 accepted'.

For testing if SPAM Messages are blocked - this test can be made with GTUBE - Generic Test for Unsolicited Bulk Email http://spamassassin.apache.org/gtube/

Just insert this String into a Message

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

03 May 2012 03:06:05 (GMT +02:00)  Start message 9 on incoming connection (ICID 28). 

03 May 2012 03:06:05 (GMT +02:00)  Message 9 enqueued on incoming connection (ICID 28) from

A.Bohren@source.com

03 May 2012 03:06:05 (GMT +02:00)  Message 9 on incoming connection (ICID 28) added recipient (

andres.bohren@target.com

). 

03 May 2012 03:06:06 (GMT +02:00)  Message 9 contains message ID header '<

8B7839D15D4B244291456383B03369CC5DF6805C@ICESRV01.corp.icewolf.ch>'

03 May 2012 03:06:06 (GMT +02:00)  Message 9 original subject on injection: SPAMTEST 03.05.2012 03:05 

03 May 2012 03:06:06 (GMT +02:00)  Message 9 (7693 bytes) from

A.Bohren@source.com

ready. 

03 May 2012 03:06:06 (GMT +02:00)  Message 9 matched per-recipient policy DEFAULT for inbound mail policies. 

03 May 2012 03:06:06 (GMT +02:00)  Message 9 encountered CASE down (1/10). Retry scanning in 12 seconds. 

03 May 2012 03:06:26 (GMT +02:00)  Message 9 scanned by Anti-Spam engine: CASE. Interim verdict: Positive 

03 May 2012 03:06:26 (GMT +02:00)  Message 9 scanned by Anti-Spam engine: CASE. Final verdict: Positive 

03 May 2012 03:06:26 (GMT +02:00)  Message 9 aborted: Dropped by CASE 

Works like a charm

Regards

Andres

0 Helpful

gregskigregski
Beginner
Beginner
In response to Andres Bohren

‎06-04-2012 03:33 PM

Good to know, and glad you figured it out, we will be doing something similar with our C660 and our M650. 

Do you have the steps you need to take on both appliances to make this work?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents