06-27-2016 12:53 PM
I have a C160 Email Security Appliance with a content filter that is triggered (condition) by attachments with filenames ending with specific patterns. (.exe, .cmd, etc.) The rule takes the following action(s) on triggered messages:
1.) Quarantines the message and duplicates the message (sending a copy to the quarantine and processing the original.)
2.) Strips the attachments from the original with filenames ending with the specified pattern.
3.) Delivers the message minus the attachment to the user.
For some reason an .xlsx document recently triggered the rule, and a user who was expecting the message notified us that the attachment was from a trustworthy source and they needed the message released from quarantine.
I released the message from the policy quarantine and I see in the text mail log where it was manually released from the quarantine and then handed off to our mail server, but the recipient never received it. When I look at the email server's traffic logs, it shows the message was delivered with the same MessageID as the copy and I guess it's routed to the proverbial bit bucket. How can I configure the process to prevent released messages from being delivered as DUPLICATES?
Thanks,
C. W.
08-17-2016 09:44 AM
Hi BWSppt
The Message ID header should be unique for each instance of a message.
I tested the the filter mentioned above on one of our lab devices and confirmed that the Message ID for the original email was different to the email released from quarantine.
If you have observed this recently then we could certainly compare the email headers from the two emails to see if the header was same in this instance.
Regards
Libin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide